INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VO`LUME 10, ISSUE 02, FEBRUARY 2021 ISSN 2277-8616 314 IJSTR©2021 www.ijstr.org Information Security Management System Success Measurement Indicator Nurazean Maarop, Deden Witarsyah, Surya Sumarni Hussein, Ganthan Narayana Samy, Noor Hafizah Hassan, Doris Wong Hooi Ten, Roslina Mohammad, Norziha Megat Mohd Zainuddin Abstract: Information security matter has become significant element to support digital transformation. The concern is even more vital in organizations as they need to warrant that their information systems are appropriately secured. Hence, the Information Security Management System (ISMS) has been formed to offer many benefits in improving overall organizational security performance, efficiency and management of information. Nevertheless, there is still limited indicator to be applied when assessing ISMS implementation success in organization. In most literature within the Information Systems domain, the success or failure of the implementation of technology is fundamentally measured by the indicator known as net benefit of individual or organization. This study presents the development of ISMS success measurement indicators based on the procedures and the statistical analysis of pilot study. The overall aim is to validate the items relevancy of ISMS implementation success. This study occupies an acceptable pilot sample size of thirty eight respondents through quantitative survey distributed purposively among Malaysian government agencies’ employees who have experienced with ISMS implementation and application. As a result, this study proposes ISMS success model measurement indicators comprising thirty five measurement items. Index Term: Information Security Management System; Success Model; Information Systems Success; Survey Indicator Development ——————————  —————————— 1. INTRODUCTION Nowadays, security measures and standards have been adopted widely in both private and government organization. A number of standard and best practice have been employed in assisting organization to measure their associated security issue including risk, control, compliance, privacy, information security and security regulations (Saint-G). The ISMS standard has been adopted worldwide. A statistic survey performed by International Standards Organization (ISO) in 2012 [1] regarding the ISMS implementation shows that at the end of December 2016, at least 33290 organization have been ISO/IEC 27001:2005 or ISMS certified compared to 27536 in 2015, thus a growth of 21%, had been issued in 103 countries [2]. The ISMS implementation in Malaysia also shows a significant growth from 2008 to 2016. In 2008 it was reported that only 34 agencies were ISMS certified [2]. An ISMS is a standard of information security that was originally established from the BS7799 that are published by the British Standards Institution (BSI) in 1995. Later, ISMS was used by the International Organization for Standardization (ISO) after a revision at the international level and was given the new ISO code which named as ISO/IEC 17799:2000 in the year of 2003. The latest version was published in 2013 with the code ISO 27001:2013. The previous version of ISMS emphasizes on the Plan-Do- Check-Act (PDCA) management approach [4]. However, the latest version of ISMS did not emphasize on it anymore. The user of the standard is now given more freedom in choosing their management approach [2]. In broad terms, the ISMS is a part of the overall management system aimed to develop, operationalize, monitor, evaluate, maintain and improve the security of information in organization [2]. It is also regarded as a method in handling the risks of assets that is used in the business’s information management, processing and storing [2]. An ISMS involves the collaboration and integration of the information security and business policy, establishment of an enterprise information security policy, and decision making on personal management and handling in organization. Among the advantages of ISMS are enabling focus on proactive measures, reducing client audit requirements, resulting in fewer incidents and disruption of services, less resource spent on finding new customers and investors, greater productivity, increasing the effectiveness of incident response management, resulting in less time and money spent on damage limitation measures, better understanding of business information processes and reassuring customers and internal parties [5-6]. However, despite of these benefits, there is still lack of assessment indicators to measure the success implementation of ISMS. Among the critical aspects in ISMS implementation are identifying the human elements in socio-technical context that affect the effectiveness of ISMS as this can minimize the weaknesses [7]. Thus, Maarop et al. [2] urge the need to identify these critical factors of ISMS in ensuring success of the project thus there is a need to establish ISMS implementation measurement indicators. Therefore, the aim of this study is to identify and propose the relevant indicators that can be used to measure ISMS success in organization thus exploring the reliability and validity of the identified items. Hence, this study has executed a pilot study occupying acceptable sample size incorporating all procedures deemed essential in pilot data analysis [8]. Pilot study yields reliability and validity of the measures which later can be used in the main study. Accordingly, in this study context, the reason of conducting the pilot work is to develop ISMS success measurement indicators which can be used to validate the ISMS success ———————————————— • Nurazean Maarop, Lecturer of Razak Faculty of Technology & Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia. E-mail : nurazean.kl@utm.my • Deden Witarsyah, Lecturer of Department of Information System, Telkom University, Indonesia. E-mail : dedenw@telkomuniversity.ac.id • Surya Sumarni Hussein, Lecturer of Razak Faculty of Technology & Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia. • Ganthan Narayana Samy, Lecturer of Razak Faculty of Technology & Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia. • Noor Hafizah Hassan, Lecturer of Razak Faculty of Technology & Informatics, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia. • Doris Wong Hooi Ten • Roslina Mohammad • Norziha Megat Mohd Zainuddin