Article Info
Development of a Governance-Based Strategic Information Security Policy Implementation Framework for the Malaysian Public Sector
Surayahani Hasnul Bhaharin, Umi Asma' Mokhtar, Maryati Mohd Yusof, Rossilawati Sulaiman, Megat Zuhairy Megat Tajuddin, Nuraishah Mokhtar
dx.doi.org/10.17576/apjitm-2026-1501-07
Abstract
Strategic information security has become a critical priority for organizations as senior management bears the responsibility for protecting organizational information assets. Despite the proliferation of international information security frameworks and standards, organizations continue to struggle with effective implementation due to the lack of practical guidance. This study addresses key gaps in information security management research by developing a comprehensive strategic information security policy implementation framework. Through systematic analysis of six established information security governance frameworks and validation by five information security experts using a case study approach, this research employs process mapping methodology grounded in Activity Theory and information governance theory. The proposed framework identifies core governance processes, stakeholder groups, and critical success factors for implementation. The framework integrates four key design principles: organizational-wide governance aligned with business objectives, risk management as the foundation, clearly defined processes and stakeholder responsibilities, and iterative processes for continuous improvement. The study contributes both theoretically and practically by providing an empirically validated, process-oriented framework that bridges the gap between policy formulation and effective implementation, specifically addressing the unique contextual requirements of strategic information security management.
keyword
strategic information security implementation framework, activity theory, case study, information security, implementation
Area
Strategic Information Systems

