Governance, Access Control, and Risk: A Conceptual Framework for Data Integrity in Malaysian Educational Systems
DOI:
https://doi.org/10.24191/jcrinn.v11i1.620Keywords:
Access control, Data integrity, ICT Security Governance, Malaysian Educational Institutions, Risk ManagementAbstract
This study proposes a standards-based framework that links governance, access control, and risk to data integrity in Malaysian education. Governance maturity strengthens access-control effects, while risk management acts independently on integrity. Constructs map to ISO/IEC 27001:2022, ISO 31073:2022, and NIST CSF 2.0 (Govern). We specify a small indicator set—MFA coverage, standing-privilege hours, orphan-account rate, hash-mismatch rate, and detect-to-correct time—and a prioritised roadmap for MOE. Validation will use pre-post or difference-in-differences pilots; moderation will be tested with SEM or multilevel models.Downloads
References
Al-Ibrahim, H., Kamarudin, N. H., Abu Bakar, K. A., Shukur, Z. B., & Hasan, M. K. (2024). Cybersecurity awareness in schools: A systematic review of practices, challenges, and target audiences. International Journal of Advanced Computer Science and Applications, 15(12), 469–480. https://doi.org/10.14569/IJACSA.2024.0151249
Dioubate, B. M., et al. (2023). The role of cybersecurity on the performance of higher education institutions in Malaysia. Jurnal Pengurusan, 67, 31–41. https://doi.org/10.17576/pengurusan-2023-67-03
European Union Agency for Cybersecurity (ENISA). (2023). ENISA threat landscape 2023 (July 2022–June 2023). Publications Office of the European Union. https://doi.org/10.2824/782573
Hasson, F., Keeney, S., & McKenna, H. (2025). Revisiting the Delphi technique-Research thinking and reporting standards: A discussion paper. International Journal of Nursing Studies, 168, 105119. https://doi.org/10.1016/j.ijnurstu.2025.105119
International Organization for Standardization (ISO). (2022). ISO 31073:2022—Risk management—Vocabulary. https://www.iso.org/standard/79630.html
International Organization for Standardization/International Electrotechnical Commission. (2022). ISO/IEC 27001:2022—Information security, cybersecurity and privacy protection—Information security management systems—Requirements. https://www.iso.org/standard/82875.html
Medeiros, T., Araújo, A., Silva, J., & Silva, A. (2025). Data governance in education: Addressing challenges and unlocking opportunities for effective data management. In Proceedings of the 27th International Conference on Enterprise Information Systems (ICEIS 2025): Vol 1 (pp. 367–374). SciTePress. https://doi.org/10.5220/0013468300003929
Moreira, F. R., Canedo, E. D., Nunes, R. R., Serrano, A. L. M., Abbas, C. J. B., Pereira Júnior, M. L., & Lopes de Mendonça, F. L. (2025). Cybersecurity risk assessment through Analytic Hierarchy Process: Integrating multicriteria and sensitivity analysis. In Proceedings of ICEIS 2025: Vol. 2 (pp. 117–128). SciTePress. https://doi.org/10.5220/0013197300003929
National Institute of Standards and Technology (NIST). (2024). The NIST Cybersecurity Framework (CSF) 2.0. (NIST Cybersecurity White Paper 29). https://doi.org/10.6028/NIST.CSWP.29
Prümmer, J., van Steen, T., & van den Berg, B. (2024). Assessing the effect of cybersecurity training on end-users: A meta-analysis. Computers & Security, 150, 104206. https://doi.org/10.1016/j.cose.2024.104206
Romero Jeldres, M., Díaz Costa, E., & Faouzi Nadim, T. (2023). A review of Lawshe’s method for calculating content validity in the social sciences. Frontiers in Education, 8, 1271335. https://doi.org/10.3389/feduc.2023.1271335
Saxena, U. R., & Alam, T. (2023). Provisioning trust-oriented role-based access control for maintaining data integrity in cloud. International Journal of System Assurance Engineering and Management, 14(6), 2559–2578. https://doi.org/10.1007/s13198-023-02112-x
UNESCO. (2023). Global Education Monitoring Report 2023: Technology in education—A tool on whose terms? UNESCO. https://www.unesco.org/gem-report/en/publication/technology
