Integrating information quality dimensions into information security risk management (ISRM)

This research strives to serve as a fundamental stepping stone for triggering the attention of researchers and information security practitioners on the needs of integrating information quality dimension in the ISRM field.This research contributes to the field of information quality by applying information quality theory into ISRM field. ISRM field also needs information quality dimensions in order to ensure the information gathered for ISRM is considered of quality and can lead information security practitioners to make evidence-based decision.Information quality dimensions can ensure that an organization has a good level of information quality to support the information they gathered throughout the ISRM activities. Information security is becoming an important entity to most organizations due to current trends in information transfer through a borderless and vulnerable world. This gives more concerns and aware organization to apply information security risk management (ISRM) to develop effective and economically-viable control strategies. Even though there are numerous ISRM methods that are readily available, most of the ISRM methods prescribe a similar process that leads to establish a scope of the assessment, collecting information, producing intermediary information, and finally using the collected information to identify their security risks and provide a measured, analyzed security profile of critical information assets. Based on the garbage in-garbage out phenomenon, the success of ISRM planning tremendously depends on the quality of input information. However, with the amount, diversity and variety of information available, practitioners can easily deflects with grown information and becoming unmanageable. Therefore this paper contribute as a stepping stone to determine which IQ dimensions constitute the quality of the information throughout the process of gathering information during ISRM. Seems to accurately define the attributes of IQ dimensions, IQ needs to be assessed within the context of its generation. Thus, papers on IQ web were assessed and comparative analysis was conducted to identify the possible dimensions for ISRM. Then, online survey using likert structured questionnaire were distributed among a group of information security practitioners in Malaysia (N=150). Partial least square (PLS) analysis revealed that dimension accuracy, amount of data, objective, completeness, reliability and verifiability are significantly influence the quality of information gathering for ISRM. These IQ dimensions can guide practitioners in the process of gathering quality and complete information in order to make a plan that leads to a clear direction, and ultimately help to make decisions that lead to success.