Enhancement of information security management system by embedding corporate ethical virtue as ethical issues solution

Abstract

The effectiveness and successful of the Information Security (IS) can be influences by many factors such as the human, process, technology and organizational. Hence, the Information Security Management System (ISMS) is an appropriate approach for handling and managing the information security. However, there are issues of an ethical among human and organizational cultures which affect the successful of the information security. This is because of only focusing on the technical aspect rather than human and organizational solution. The small implementing of the ethics within the information security management leads to leakage of the information in the organization. Thus, the information must be protected by highlight the important of the ethical to make the information valuable assets to the organization. Due to these issues, there are several ethical issues in information security management such as human factor as illegal behaviour and human error, the technology, the process of information security management as accountability and responsibility and also the management and organizational culture factors of information security. In this research, the PDCA is an approach used as the Information Security Management (ISM) which consist of the plan, do, check and act phase. In order to evaluate the enhancement of the ISMS process, the selected Corporate Ethical Virtue (CEV) component is embedded toward the processes as an ethical issues solution. The selected CEV components are Supportability, Clarity, Discussability, Transparency, Sanctionability, Feasibility and Congruency. The proposed of enhancement ISMS process by embedding CEV as an ethical issues solution is validate by the credibility experts.