The paper aims to identify behavioural theories that influence information security policies compliance behaviour. A systematic review of empirical studies from eleven online databases (ACM digital library, Emerald Insight, IEEE Xplore digital library, Springer link, Science direct, Scopus, Web of Science, Oxford academic journals, SAGE journals, Taylor & Francis and Wiley online library) are conducted. This review identified 29 studies met its criterion for inclusion. The investigated theories were extracted and analysed. Total of 19 theories have been identified and studied concerning to security policy compliance behaviour. The result indicated that the most established theories in information security compliance behaviour studies are the Theory of Planned Behavior and Protection Motivation theory. Meanwhile, General Deterrence Theory, Neutralization theory, Social Bond Theory / Social Control Theory are used moderately in this research area. Less explored theories are namely Self Determination Theory, Knowledge, Attitude, and Behavior, Social Cognitive Theory, Involvement Theory, Health belief model, Theory of Interpersonal Behavior, Extended Parallel Processing Model, Organisational Control Theory, Psychological Reactance Theory, Norm Activation Theory, Organizational Behaviour Theory, Cognitive Evaluation Theory and Extended Job Demands-Resources. The results from this review may guide the development and evaluation of theories promoting information security compliance behaviours. This will further contribute in the development of an integrated theory of information security compliance behaviour.

Data centers are primarily the main targets of cybercriminals and security threats as they host various critical information and communication technology (ICT) services. Identifying the threats and managing the risks associated with data centers have become a major challenge as this will enable organizations to optimize their resources to focus on the most hazardous threats to prevent the potential risks and damages. The objective of this paper is to identify major ICT security threats to data centers in the Malaysian public sector and their causes. The data for this study was collected through interview sessions. A total of 33 respondents from various government organizations were interviewed. The results revealed that the technical threats, spyware, phishing, bluesnarfing threats, social engineering and virus, trojan, malware, ransomware, viral websites threats are the major categories of threats often encountered by the malaysian public sector organizations. The causes for these threats are lack of budget, competent personnel, and manpower for security tasks, user awareness; lack of compliances and monitoring; insufficient security policies and procedures as well as deliberate cyber attacks. The outcome of this study will give a greater degree of awareness and understanding to the ICT security officers, who are entrusted with data center security. © 2021 Institute of Advanced Engineering and Science. All rights reserved.

Insider threat is a most worrying threat that haunts many organizations today that cause enormous financial losses and damages. As a frontline, Information Technology (IT) organizations has to implement necessary countermeasures to protect critical infrastructure. Although, many approaches proposed before to detect and mitigate insider threat, significant rise of cases in past few years and unavailability of a widely accepted solution paves way to conduct more researches. Moreover, the pandemic situation has brought in a new challenge for IT organizations to review the existing safeguards. This paper aims to contribute an interdisciplinary approach at proposing a multidimensional model that scrutinize factors from multiple dimensions such as psychological, behavioral, technological, organizational and environmental dimension that triggers insider threat. The constructed model coordinates organizations to counter insider threat by addressing issues in more effective and efficient way by applying the multidimensional approach for mitigation.

The data quality evaluation is essential towards designing a data assessment method for any company because data is an important asset. Therefore, the purpose of this study is to develop the data quality evaluation method for a transportation agency in Malaysia in order to quantify the quality of data in the SIKAP licensing system. This can benefit the transportation agency to improve the quality of data for the use of reporting, forecasting business operations and data integration with other agency's systems. The relevant data evaluation dimensions have been identified from literature study and relative data evaluation framework which are necessarily required by the transportation agency to maintain high data quality in the SIKAP system. The process design for the proposed method involves data dimension identification, capturing the relevant database structure, subjective evaluation with a questionnaire and objective evaluation with data profiling. From the design process, the result shows that data evaluation method for a transportation agency must have a minimum of six data quality dimensions. SIKAP, the legacy system is in the process to revamp into a new system. Thus, this research contributes to enhance the current system's data quality during revamping process and data migration into the new system.

Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800-30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process.

The term "Cloud Computing" has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the traditional information security risk assessment methods' ability to assess the security risks in cloud computing environments.