Information systems security in special and public libraries: an assessment of status

Ismail, R. and Zainab, A. N. Information systems security in special and public libraries: an assessment of status. Malaysian Journal of Library & Information Science, 2011, vol. 16, n. 2, pp. 45-62. [Journal article (Paginated)]


Download (356kB) | Preview

English abstract

Explores the use of an assessment instrument based on a model named library information systems security assessment model (LISSAM) to assess the 155 status in special and public libraries in Malaysia. The study aims to determine the implementation status of technological and organizational components of the LISSAM model. An implementation index as well as a scoring tool is presented to assess the IS safeguarding measures in a library. Data used was based on questionnaires distributed to a total of 50 individuals who are responsible for the information systems (IS) or IT in the special and public libraries in Malaysia. Findings revealed that over 95 of libraries have high level of technological implementation but 54 were fair poorly on organizational measures, especially on lack of security procedures, administrative tools and awareness creation activities.

Item type: Journal article (Paginated)
Additional information: Ismail, Roesnita Zainab, A. N.
Keywords: Information systems; Information systems security; Security practices; Technological measures; Organizational measures; Countermeasures; Libraries; Malaysia.
Subjects: L. Information technology and library technology
Depositing user: Miss Nur Jannatul Adnin Ahmad Shafawi
Date deposited: 21 Jan 2013 10:21
Last modified: 02 Oct 2014 12:24


Al‐Salihy, W., Ann, J. and Sures, R. 2003. Effectiveness of information systems security in IT organizations in Malaysia. Proceedings of 9th Asia‐Pacific Conference on Communication. 21‐24 Sept 2003.Vol.2:716‐720.

Anderson, K.    2007. Convergence: A holistic approach to risk management. Network  Security, Vol.5: 4‐7.

Berghel, H. 2005. The Two Sides of RoI: Return on Investment vs. Risk of Incarceration, Communications of the ACM, Vol.48, no.4: 15‐20.

Breeding, M. 2003. Protecting your library’s data. Computers in Libraries. Available at   

Conklin, W.A., White, G.B., Cothren, C., William, D. and Davis, R.L. 2005. Principles of Computer Security: Security+ and Beyond. Illinois: McGrawHill Technology Education.  

Dimopoulos, V., Furnell, S., Barlow, I. and Lines, B. 2004. Factors affecting the adoption of IT risk analysis. In Proceedings of 3rd European Conference on Information Warfare and Security, Royal Holloway, University of London, UK, 28‐29 June 2004.

Doherty, N.F. and Fulford, H. 2006. Aligning the information security policy with the strategic information systems plan. Computers & Security, Vol.25, no.1: 55‐63.

Dhillon, G. 2001. Challenges in Managing Information Security in the New Millennium, In, Dhillon, G. (Ed.), Information Security Management: Global Challenges in the New Millennium, Hershey, PA: Idea Group Publishing: pp. 1‐8.  

EDUCAUSE/Internet2 Security Task. 2004. The Information Security Governance (ISG) Assessment Tool for Higher Education. Available at

Eisenberg, J. and Lawthers, C. 2008. Library Computer and Network Security: Library Security Principles. Infopeople Project. Available at: security/basics/index.html.  

Guel, M.D. 2007. A Short Primer for Developing Security Policies.    Available at: policies/Policy_Primer.pdf.

Gupta, M. and Sharman, R. 2008. Social and Human Elements of Information Security: Emerging Trends and Countermeasures. Hershey: PA, IGI Global.

Guttman, B. and Roback, E. 1995. An Introduction to Computer Security: The NIST Handbook. U.S. National Institute of Standards and Technology,    NIST Special Publication 800‐1. Available at‐12/handbook.pdf.

Hagen, J.M., Albrechtsen, E. and Hovden, J. 2008. Implementation and effectiveness of  organizational information security measures. Information Management & Computer Security, Vol.16, no.4: 377‐397.

Hone, K. and Eloff, J.H.P. 2002. Information security policy – what do international security  standards say? Computers & Security, Vol.21, no.5: 402‐409.

Information‐technology Promotion Agency. 2008. Information Security Management Benchmark (ISM‐Benchmark). Available at pdf.  

INTOSAI. 1995. Information System Security Review Methodology: A Guide for Reviewing Information System Security in Government Organizations. Available at,1033)/ISSAI_5310_E.pdf.  

MacCallum, R.C., Widaman, K.F., Zhang, S. and Hong, S. 1999. Sample size in factor analysis. Psychological Methods: 84‐99.

MacCallum, R.C., Widaman, K.F., Preacher, K.J. and Hong, S. 2001. Sample size in factor analysis: The role of model error. Multivariate Behavioral Research, Vol.36:611‐637.

Malhotra, N.K. 2004. Marketing research: an applied orientation, 4 th ed, Pearson Prentice Hall. Available at  

Merkow, M. and Breithaupt, J. 2005. Principles of Information Security: Principles and Practices. Pearson Prentice Hall: Upper Saddle River, New Jersey.

Newby, G.B. 2002. Information Security for Libraries. Available at‐security.pdf.

Pipkin, D.L. 2000. Information Security: Protecting the Global Enterprise. Upper Saddle River, NJ: Prentice Hall.

Powell, A. and Gillet, M. 2007. Controlling Access in the Electronic Library, Ariadne, Vol.7. Available at‐ control.   

Samy, G.N., Rabiah, A. and Zuraini, I. 2009. Security threats in healthcare information systems: A preliminary study. In: Fifth International Conference on Information Assurance and Security. IEEE Computer Society, 18‐20 August, 2009, Xian, China.

Scarfone, K., Souppaya, M., Cody, A. and Orebaugh, A. 2008. Technical Guide to Information Security Testing and Assessment. Technical Report Spec. Publ. 800‐11, (U.S. Department of Commerce, National Institute of Standards and Technology). Available at‐115/SP800‐115.pdf.

Siponen, M.T. and Oinas‐Kukkonen, H. 2007. A review of information security issues and respective research contributions. The Database for Advances in Information Systems, Vol.38, no.1: 60‐81.

Suhazimah, D. 2007. The antecedents of information security maturity in Malaysian public service organizations. Ph.D. thesis. Faculty of Business and Administration, University of Malaya, Malaysia.

Sundt, C. 2006. Information security and the law, Information Security Technical Report, Vol.11, no.1: 2‐9.

Thiagarajan, V. 2002. Information Security Management BS 7799.2:2002 Audit Check List for SANS.  

Volonino, L. and Robinson, S. R. 2004. Principles and Practice of Information Security: Protecting Computers from Hackers and Lawyers. Pearson Education: Upper Saddle River, p.1

Von Solms, B. 2000. Information security – the third wave? Computers & Security, Vol.19, no.7: 615‐620.

Westby, J.R. and Allen, J.H. 20070. Governing for Enterprise Security (GES) Implementation Guide (CMU/SEI‐2007‐TN‐020), Pittsburgh, PA., Software Engineering Institute, Carnegie Mellon University. Available at

Weise, J. and Martin, C.R. 2001. Sample Data Security Policy and Guidelines Template, Sun Blue Prints, 2001) OnLine. Available at  

Williams, R.L. 2001. Computer and network security in small libraries: A guide for planning. Texas State Library & Archives Commission). Available at

Yeh, Q. and Chang, A.J. 2007. Threats and countermeasures for information system security: A cross‐industry study. Information & Management, Vol.44: 480‐491.

Zhao, N. 2009. The Minimum Sample Size in Factor Analysis. Available at   


Downloads per month over past year

Actions (login required)

View Item View Item