Cybersecurity risk management has been applied to many aspects of modern life, including banking, finance, health, life, business ventures, and project management. It is currently gaining much attention in universities for operation safety reasons. Higher education institutions have to face new challenges and increasing information technology threats more sophisticatedly. Therefore, this study will investigate the current cybersecurity risk management frameworks used in Malaysian public universities. The qualitative research method will be applied to collect data by interviewing experts in cybersecurity risk management. The literature review showed the primary constructs of the cybersecurity risk management framework for Malaysian universities. Moreover, the results show the factors that lead to risks and benefits obtained when the stakes are managed. The researchers will clarify the method or mechanisms for risk management in a university environment. This research shows a greater understanding and knowledge of risk management. The future direction of this study is to propose a cybersecurity risk management framework based on the reviews of the existing frameworks used in Malaysian public universities.
Gordon, C. J. (2015). Addressing Security Risks for Mobile Devices: What Higher Education Leaders Should Know by Presented to the Faculty of the Graduate College at the University of Nebraska In Partial Fulfillment of Requirements For the Degree of Doctor of Philosophy Major
Talet, A. N., Mat-Zin, R., & Houari, M. (2014). Risk management and information technology projects. International Journal of Digital Information and Wireless Communications (IJDIWC), 4(1), 1–9.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers & Security, 44, 1–15.
Kang, C. M., Josephng, P. S., & Issa, K. (2015). A study on integrating penetration testing into the information security framework for Malaysian higher education institutions. 2015 International Symposium on Mathematical Sciences and Computing Research, iSMSC 2015 - Proceedings, 156–161.
Boranbayev, A., Mazhitov, M., & Kakhanov, Z. (2015). Implementation of Security Systems for Prevention of Loss of Information at Organizations of Higher Education. 2015 12th International Conference on Information Technology - New Generations, (Itng), 802–804.
Siponen, M. T. (2000), “Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practice”, Information Management & Computer Security, Vol. 8 No. 5, pp. 197-209.
Spears, J. L., and Barki, H. (2010), “User participation in information systems security risk management”, MIS Quarterly, pp. 503-522.
Hommel, W., Metzger, S., & Steinke, M. (2015). Information Security Risk Management in Higher Education Institutions: From Processes to Operationalization.
Bustamante, F., Fuertes, W., Diaz, P., & Toulkeridis, T. (2016). A methodological proposal concerning to the management of information security in Industrial Control Systems. 2016 IEEE Ecuador Technical Chapters Meeting (ETCM), 1–6.
Mubarak, S. (2016). Developing a theory-based information security management framework for human service organizations. Journal of Information, Communi, cation and Ethics in Society, 14(3), 254–271.
Grama, J. L., & Dahlstrom, E. (2016). Higher Education Information Security Awareness Programs.
Waddell, S. A. (2013). A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions. ProQuest LLC, 190.
ISO/IEC. (2018). Information technology — Security techniques — Information security risk management, ISO/IEC 27005:2018 (E). Joanna Grama. (2017). Understanding IT GRC in Higher Education: IT Risk | EDUCAUSE.
Kotulic, A. G., & Clark, J. G. (2004). Why there aren’t more information security research studies. Information and Management, 41(5), 597–607.
ISO/IEC. (2011). Information technology — Security techniques — Information security risk management. Retrieved from
http://nsa.wkall.se/litteratur /iso_iec_27005-2011.pdf
ISO/IEC. (2009). Standard Risk Management — Principles and Guidelines on Implementation.
Clinch, J. (2009). ITIL V3 and Information Security. Best Management Practice.
Vucetic, S. R. W. J. (2016). Information Security Awareness in Higher Education: A Qualitative Case Study Investigation, (August).
Ahmad, A., & Maynard, S. (2014). Teaching information security management: reflections and experiences. Information Management & Computer Security, 22(5), 513–536.
Anzaldua, J. R. (2016). Does Information Security Training Change Hispanic Students' Attitudes toward the Perception of Risk in the Management of Data Security (Doctoral dissertation, Northcentral University)
Karanja, E. (2017). The role of the chief information security officer in the management of IT security. Information and Computer Security, 25(3), 300–329.
Pomerantz, J., & Brooks, D. C. (2016). The Higher Education IT Workforce Landscape, 2016. Educause Review.
Bricki, N., & Green, J. (2007). A guide to using qualitative research methodology.
Ahlan, A. R., & Arshad, Y. (2016). Information Technology Risk Management: The case of the International Information Technology Risk Management: The case of the International Islamic University Malaysia, (June 2014).
Faris, S., Medromi, H., Hasnaoui, S. El., Iguer, H., & Sayouti, A. (2014). Toward an effective information security risk management of universities’ information systems using multi-agent systems, ITIL, ISO 27002, ISO 27005. International Journal of Advanced Computer Science and Applications, 5(6), 114–118.
Bandara, I., Ioras, F., & Maher, K. (2014). Cyber Security Concerns in E-Learning Education. Proceedings of ICERI2014 Conference, (November), 728–734.
Ismail, Z., Masrom, M., Sidek, Z. M., & Hamzah, D. S. (2010). Framework to Manage Information Security for Malaysian Academic Environment, 2010.
Grajek, S. (2020). TOP 10 IT ISSUES 2020: The Drive to Digital Transformation Begins. EDUCAUSE Review, 4.
Lane, T. (2007). Information security management in Australian universities - an exploratory analysis. January, 269.
Chamorro, J., and Pino, F. (2011). Modelo para la evaluacio?n en seguridad informa?tica a productos software, basado en el esta?ndar ISO/IEC 15408 common criteria Sistemas & Telemática 9(19) 69–92
Hanson, J. L., Balmer, D. F., & Giardino, A. P. (2011). Qualitative research methods for medical educators. Academic pediatrics, 11(5), 375-386.
Thomson, S. B. (2011). Research Note Research Method / Research Note. Joaag, 5(1), 45–52.
Gale, N. K., Heath, G., Cameron, E., Rashid, S., & Redwood, S. (2013). Using the framework method for the analysis of qualitative data in multi-disciplinary health research. BMC Medical Research Methodology, 13, 117.
Martínez, R. O. (2014). Marco para el Gobierno de la Seguridad de la Infornación en servicios Cloud Computing.
In-Text Citation: (Dioubate & Wan Daud, 2022)
To Cite this Article: Dioubate, B. M., & Wan Daud, W. N. (2022). A Review of Cybersecurity Risk Management Framework in Malaysia Higher Education Institutions. International Journal of Academic Research in Business and Social Sciences, 12(5), 1081 – 1093.
Copyright: © 2022 The Author(s)
Published by Human Resource Management Academic Research Society (www.hrmars.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non0-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode
