Improving government IT services security using leadership by example

 Information security has become an important issue for countries in providing government services for citizens, due to the rapid growth of electric government (e-Government). Many security failures  which have occurred are due to internal factors. Even though previous research has emphasised leadership, however, no studies have studied leaders’ capabilities and engagement as a factor in causing internal security failures. This thesis is concerned with issues relating to leadership skills in managing e-Government information security management. Therefore, the aim of the thesis  is  to  invent a relevant  key leadership by example  concept  to  perform  efficient  top-down  management  that  can  be  applied  to  e-Government information security management. The main objective of this research is to analyse  security  strategy  in  development  and  management  within  the  Malaysian government and its impact on employees by referring to three different elements of values, observation and assumptions from Zakaria’s security culture (2007). In contradiction with previous research, findings from the case study demonstrate that inappropriate leadership skills, which are due to incompatibility in information security and disorganised security structures,  create  a  lack  of  motivation  in  employee  security  practices.  It  appears  that leadership skills are a root-cause factor in security incidents that occur by insiders. The main contribution is a model of key factors including the 3Ps of ‘People’, ‘Process’ and ‘Product’ as a guide to the concept of leadership by example in improving government IT services security. In conclusion, this research shows that to resolve the problem of security in  e-Government,  which  is  caused  by  internal  factors,  we  need  to  further  improve  the quality of leadership skills. The model of key factors defines the quality of leadership skills in e-Government which, in turn, can help to reduce internal security failures.