Improving government IT services security using leadership by example

Abstract

Information security has become an important issue for countries in providing government services for citizens, due to the rapid growth of electric government (e-Government). Many security failures which have occurred are due to internal factors. Even though previous research has emphasised leadership, however, no studies have studied leaders’ capabilities and engagement as a factor in causing internal security failures. This thesis is concerned with issues relating to leadership skills in managing e-Government information security management. Therefore, the aim of the thesis is to invent a relevant key leadership by example concept to perform efficient top-down management that can be applied to e-Government information security management. The main objective of this research is to analyse security strategy in development and management within the Malaysian government and its impact on employees by referring to three different elements of values, observation and assumptions from Zakaria’s security culture (2007). In contradiction with previous research, findings from the case study demonstrate that inappropriate leadership skills, which are due to incompatibility in information security and disorganised security structures, create a lack of motivation in employee security practices. It appears that leadership skills are a root-cause factor in security incidents that occur by insiders. The main contribution is a model of key factors including the 3Ps of ‘People’, ‘Process’ and ‘Product’ as a guide to the concept of leadership by example in improving government IT services security. In conclusion, this research shows that to resolve the problem of security in e-Government, which is caused by internal factors, we need to further improve the quality of leadership skills. The model of key factors defines the quality of leadership skills in e-Government which, in turn, can help to reduce internal security failures.