Users' perception of the information security policy at Universiti Teknologi Malaysia

Abstract

Securing information is essential for safeguarding the organization business operations as information is a business asset to any organization including education sector. One of the most imperative information security (InfoSec) controls identified is InfoSec policy. The purpose of this study is to gauge the level of enforcement and effectiveness of Universiti Teknologi Malaysia's (UTM) InfoSec policy from the users perspective. This study involved three phases of data collection, namely preliminary study, interview and survey. The preliminary study allows an exploratory activity in understanding the information technology (IT) arrangement and organizational structural practices in UTM environment. Next, an interview with an IT-expert aimed to understand the establishment of the InfoSec in UTM. Then, a survey questionnaire is distributed to post-graduate and non-IT staff of UTM, International Campus, Kuala Lumpur to gauge the level of users perception on the institution's security policy. The study had found that that nearly half of the users perceived that they are aware, understand and accept the UTMs policy, with more than half of the them agreed that the UTMs policy is effective. The study also proposed a theoretical framework model for the effectiveness of the institutions InfoSec policy. The model which consists of enforcement, users awareness, users understanding and users acceptance identified as the independent variables, whereas an effectiveness of InfoSec policy identified as dependant variable. This proposed framework model may be useful as a basis for reference not only for researchers in this field but also for practitioner in developing the InfoSec policy.