Security Management: Investigating the Challenges and Success Factors in Implementation and Maintenance of Information Security Management Systems

Abstract: This research aims to investigate the challenges and success factors associated with the implementation and maintenance of Information Security Management Systems (ISMS) in organizations. Despite the increasing importance of information security in today's digital age, research shows that organizations continue to struggle with effectively implementing ISMS and maintaining it up to date. The study will explore the various cultural, strategic, tactical, and operational factors that affect the performance of organizational ISMS. The research will provide insight into the challenges and factors contributing to a successful ISMS implementation and maintenance, filling a gap in the existing literature. In this study, the qualitative survey method was utilized as the research strategy, complemented by semi-structured interviews for data collection. A total of 11 interviews were held with Senior Information Security professionals who have experience in implementing and maintaining Information Security Management Systems. Thematic analysis was then employed to analyze the data from the interviews. The study identified 15 themes related to challenges and success factors within implementation and maintenance of ISMS. Four themes related to implementation challenges, four relating to implementation success factors, three to maintenance challenges and four to maintenance success factors. The themes are Misconceptions of Security, Lack of Top Management Support, Resistance to Change, ISMS Design, Communication, Internal Security Culture, Top Management Support, ISMS Design, Resource Constraints, Continuous Administration, Employee Attitudes, Relationships, Ownership, Accessibility and Compliance.