UNIVERSITI TEKNOLOGI MARA CAWANGAN SELANGOR

KAMPUS PUNCAK PERDANA

BACHELOR OF INFORMATION SCIENCE (HONS)

INFORMATION SYSTEM MANAGEMENT (CDIM262)

DATA CENTER OPERATIONS AND INFRASTRUCTURE (IMS552)

ARTICLE REVIEW
(INFORMATION SYSTEM SECURITY PRACTICE IN SOCIAL MEDIA SOFTWARE
APPLICATION)

BY:
MUHAMMAD AIMAN FIKRI BIN SHAHROL AMIN (2023190389)

CDIM2625A

PREPARED FOR:
DR. AHMAD NADZRI MOHAMAD

29 MAY 2024
 ARTICLE REVIEW
(INFORMATION SYSTEM SECURITY PRACTICE IN SOCIAL MEDIA SOFTWARE
APPLICATION)

BY:
MUHAMMAD AIMAN FIKRI BIN SHAHROL AMIN (2023190389)

COLLEGE OF COMPUTING, INFORMATICS AND MATHEMATICS

29 MAY 2024
 ACKNOWLEDGEMENT

First and foremost, I would like to send my gratitude and prayers to Allah SWT for giving
me chance to experience and successfully finish this assignment for this semester.

Not to mention, I want to express my heartfelt gratitude to the lecturer, Dr. Ahmad Nadzri
Mohamad who has been a constant guide throughout the process of creating this project, study,
and research, as well as for his patience and vast expertise.

Also, I would like to thank the rest of my friends for the help and support while making this
assignment. I realized that making an assignment is not an easy task, I need to become alert for
every possible mistake that I might make and remind myself not to repeat them.

Finally, I would like to thank my family members for supporting me spiritually throughout my life.
Tamrin, S. I., Norman, A. A., & Hamid, S. (2017). Information Systems Security Practices in
social software applications. Aslib Journal of Information Management, 69(2), 131–157.
https://doi.org/10.1108/ajim-08-2016-0124

Introduction

This paper, “Information Systems Security Practices in Social Software

Applications: A systematic literature review” by Tamrin, Norman and Hamid (2017),
reviews the current knowledge on the practices and issues faced in maintaining
information systems security (ISS) in social software applications (SSAs). This systematic
literature review paper gathers the existing knowledge to determine the factors for
success and likely future trends in ISS practices. The authors selected 39 peer-reviewed
papers from academic databases from 2010 to 2015 in this paper. The authors
considered the protection of data confidentiality, integrity, and availability in SSAs, which
people widely used for socialising and communicating with friends and business
purposes. They have highlighted four main ISS factors in SSAs: protection tools,
ownership and user behaviour, and user behaviour and security policies.

Content Review

The main strength of this article is the breadth and depth of the literature review
on the ISS practices in SSAs. The authors have adopted a systematic literature review
(SLR) methodology for selecting the papers, ensuring that the selection of papers in this
review is rigorous and unbiased. The four main ISS factors, namely protection tools,
ownership and user behaviour, user behaviour and security policy, identified in this paper,
are very structured and help understand the various aspects that play essential roles in
ensuring effective ISS in SSAs. Such structured insight allows us to focus on particular
areas for enhancement. Also, it is very evident from this review that ISS is not only
dependent on technical aspects but also heavily deals with users’ behaviour and the
existing policies.

Additionally, this article provides an excellent summary of the existing research, its
gaps, and future research directions, which helps the researchers get a bigger picture of
where we are and where to head to fill the existing gaps. The subsections for each factor
give excellent insights, which can be helpful in academia and industry.

Although this article has many strengths, it also has specific weaknesses. One
main drawback is the narrow search scope based on the literature. The authors have
missed many of the latest research articles and possibly valuable ideas from the lesser
cited but relevant journals based on their criteria of considering only the articles cited at
least once and selecting the high-impact journals. Such selection bias may make the
review less inclusive and comprehensive.
 Moreover, this paper deals with the theoretical side of ISS practices and needs to
discuss the issues faced in implementing those theoretical ISS practices. Therefore,
readers may need assistance to apply the outcomes in practical scenarios. Empirical
studies are needed to gather practical examples of ISS practices in SSAs and analyse
their efficiencies.

First, the literature selection criteria used in the paper could be broadened. Grey
literature, conference papers, and recent studies without citations should be considered.
This would make the review of ISS practices in SSA more comprehensive and inclusive.
It would allow the grasping of broader insights and innovations that may not be yet widely
recognised or cited.

Furthermore, the article could benefit from more practical aspects and case
studies. Concrete analyses of practical implementation issues and lessons learned from
the introduction and use of ISS in SSAs would be highly appreciated by practitioners. Are
there any SSAs that introduced ISS but did not work (and why)? How did some SSAs
successfully introduce and use ISS? A short case study could be a practical implication
of any theoretical or conceptual discussion. Mixed-methods (i.e. quantitative and
qualitative) research and analysis may also add more depth to the analysis of ISS
practices.

The paper has some strong points. It's super methodologically sound and does a
great job of bringing together all the existing research. It dives deep into the core factors
that influence Information Security Systems (ISS) practices, giving us some seriously
valuable guidance for both research and practice. But there are a couple of things that
could be better. By only focusing on cited journal articles, the paper kind of misses out on
other perspectives that could be found in the wider academic world. And it could use a bit
more real-world applicability, like some practical implementation examples and case
studies. To fix these issues, future reviews should cast a wider net when it comes to
selecting what to include. It would also be awesome to see some empirical studies or
case studies that specifically look at how ISS is implemented in Sub-Saharan Africa
(SSA). That way, we can get some practical insights and see if the theoretical
contributions of this review hold up in the real world. Oh, and it would be cool to explore
how ISS adapts to new technology and emerging threats. That's an area worth digging
into in future research.

The body of findings has practical implications for practitioners in information

systems security. Key factors influencing ISS practices could guide the development of
more efficient security policies and tools that tackle specific issues in SSAs. Practitioners
can leverage lessons learnt to improve training programmes on user behaviour,
ownership, and governance structures and devise effective security policies considering
technical and human factors.

For instance, the key factors highlighting the importance of user behaviour for
maintaining ISS could guide the development of training programmes for users to be
aware of best practices and potential security threats. Moreover, ownership and
governance structure could be improved by assigning responsibility for ISS to specific
individuals or groups. Security policies could consider technical and human factors in
more detail and include various aspects such as prevention, detection and response.
Continuous monitoring systems and regular internal and external audit practices could be
implemented to reflect technical, environmental, and organisational changes and adapt
to emerging threats and technological advancements.

This research paper stresses the importance of dynamic ISS, considering the
rapidly changing nature of SSAs. It also emphasises that ISS should be continuously
monitored and updated to accommodate emerging threats and technological
advancements. User behaviour and security policies are highly relevant to ISS practices
and emphasise that ISS in SSAs requires focus other than technical aspects.

Moreover, the trends and success factors highlighted in the article effectively guide
future research and practices. As highlighted in the study, protection tools, ownership,
user behaviour, and security policies demand an equal emphasis on human and
organisational aspects rather than just technical ISS. This suggests that a holistic
approach considering both technical and non-technical aspects of ISS should be adopted
to tackle the intricate and multifaceted character of security challenges in SSAs.

Also, this article could further deliberate the effects of regulations and compliance
on ISS practices in SSAs. It would be interesting to know how different regulatory
requirements affect security practices and the challenges organisations face in complying
with such provisions. This would give a more comprehensive understanding of ISS in
SSAs.

Conclusion

To conclude, the article by Tamrin, Norman and Hamid (2017) are an excellent
attempt to present a systematic review of ISS practices and the factors and trends
influencing security outcomes in SSAs. Although the study has limitations concerning
literature selection and applicability, the results guide future research and practical
implementations of ISS in social software applications. The identified gaps and
shortcomings of the study could be tackled effectively by adopting a holistic and
multifaceted approach considering both technical and non-technical aspects of ISS in
SSAs. Future researchers and practitioners should focus on incorporating more practical
aspects and field data for further improvement.
 References

Tamrin, S. I., Norman, A. A., & Hamid, S. (2017). Information Systems Security Practices in
social software applications. Aslib Journal of Information Management, 69(2), 131–157.
https://doi.org/10.1108/ajim-08-2016-0124