Staff Directory


Nurul Nuha Binti Abdul Molok

Academic Qualification

  • DOCTOR OF PHILOSOPHY (INFORMATION SYSTEM SECURITY) - Doctor of Philosophy, University of Melbourne
  • Master of Computer Science - Masters Degree, Universiti Malaya (UM)
  • Bachelor of Computer Science - Bachelor Degree, Universiti Malaya (UM)
  • International Baccalaureate Bilingual Diploma - Diploma, Kolej MARA Banting, Selangor

Nurul Nuha Binti Abdul Molok (Dr.)

Assistant Professor
IIUM Gombak Campus

KULLIYYAH OF INFORMATION AND COMMUNICATION TECHNOLOGY


nurulnuha@iium.edu.my
6430


Expert Profile


Dr. Nurul Nuha Abdul Molok is an Assistant Professor at the Department of Information Systems, Kulliyyah of Information and Communication Technology (KICT). She obtained her BSc in Computer Science (Artificial Intelligence) and MSc in Computer Science (Information Systems) from Universiti Malaya. She studied PhD at the University of Melbourne, Australia. Her PhD research focused on the use of social media amongst employees, looking at the potential for leakage of organisational information and its impact to organisations. 

Previously, she had a short stint (1 year) in the IT industry before joining Malaysian Centre for Remote Sensing (MACRES), Ministry of Science, Technology & Innovation (MOSTI) as a Research Officer (Feb 2003 - Oct 2006). Besides doing research and managing ICT projects in MACRES, her main task was coordinating the ISO 27001 Information Security Management Systems (ISMS) certification project for the organization and it was the first government agency in Malaysia to be certified to ISO/IEC 27001:2005. During that time, she obtained a certificate for ISO 27001 ISMS Lead Auditor from EQS Asia - Excel UK.

To satisfy her passion for teaching and knowledge sharing, she joined the academia in November 2006. Since then, her taught courses are IT Security, Risk Management, Control and Audits of Information Systems, Business Continuity & Disaster Recovery and Management Information Systems. She has supervised (and currently supervising) both undergraduate (Final Year Projects) and postgraduate (Master of IT, Master of Protective Security Management and PhD) students. For research, she is the Leader for Information Assurance and Security research group and, an associate member of CyberSecurity Centre of Excellence (COE), Information Systems, Internet and Governance (ISIG) and Islamic Fintech and Blockchain research groups, at IIUM. She is also a member of Malaysian Chapter for Association of Information Systems (MyAIS), Internet Society (ISOC) Malaysia Chapter and GlobalRisk Community. 

Her research works were published in journals (ISI Q1 and Scopus), conference proceedings and books, locally and globally. She has presented at international and local conferences and seminars, both for academia and industry, and she has become information security trainer for government and private agencies. As part of community services, she has conducted cybersecurity awareness programs for teachers, parents and students at local schools. 

Apart from teaching and doing research, she is currently the secretary for ISO 27001 ISMS Task Force at IIUM and Academic Coordinator for Center for IT Advancement (CITA), KICT. From June 2008 to August 2009, she was a Working Group member in the ISO/IEC JTC 1/SC 27/ WG 1 “Information Security Management Systems”, Information Security Technical Committee, within the Department of Standards Malaysia, MOSTI. This group is responsible to provide feedback in regard to the development and/or revision of the international standards for information security management. After PhD study leave, she continued her participation in this Working Group from December 2015 until now. Other than certified ISMS Lead Auditor, she is also a certified Cyber Defender Associate from Cyber Range Malaysia.


Area of Specialisation


  • ICT ~ Information, Computer And Communications Technology (ICT) ~ Other Information, Computer and Communication Technology (ICT) n.e.c. - Social media use among employees and its impacts to organizational information security
  • ICT ~ Information, Computer And Communications Technology (ICT) ~ Security System ~ Other Security System n.e.c. - Organizational Information Security
  • Economics, Business And Management ~ Economics, Business And Management ~ Management ~ Management Information System
  • Social Science ~ Social Science ~ Social Issues and Problems ~ At-Risk Behaviour - Managing the risk of the digital world - Cyberetics, Cybersafety and Cybersecurity
  • Economics, Business And Management ~ Economics, Business And Management ~ Technology Management ~ Ethics, Security and Safety - Risk Management


Professional Membership


  • 2016: Member of Profesional Body / Association: (Lifetime Member), Malaysia Chapter of the Association for Information Systems
  • 2017: Member of Profesional Body / Association: (Academic Member), Internet Society
  • 2018: Member of Profesional Body / Association: (Academic Member), Association for Information Systems


Teaching Responsibilities


BUSINESS CONTINUITY AND DISASTER RECOVERY 2021/2022 2018/2019
CONTROL AND AUDIT OF INFORMATION SYSTEMS 2017/2018
DISSERTATION 2014/2015
FINAL YEAR PROJECT 1 2019/2020
FINAL YEAR PROJECT I 2021/2022 2020/2021 2017/2018 2016/2017 2014/2015 2013/2014 2008/2009 2007/2008
FINAL YEAR PROJECT II 2021/2022 2020/2021 2019/2020 2016/2017 2015/2016 2008/2009 2007/2008
INDUSTRIAL ATTACHMENT 2017/2018 2016/2017 2015/2016 2014/2015 2013/2014
INFORMATION SECURITY 2015/2016
INFORMATION SECURITY GOVERNANCE 2023/2024 2021/2022 2020/2021 2019/2020 2018/2019 2017/2018 2016/2017 2015/2016
IT SECURITY I 2015/2016 2008/2009 2007/2008
MANAGEMENT INFORMATION SYSTEM 2018/2019 2015/2016 2014/2015 2013/2014 2008/2009 2007/2008 2006/2007
MANAGEMENT INFORMATION SYSTEMS 2021/2022
MANAGEMENT OF INFORMATION SECURITY 2023/2024 2022/2023 2021/2022 2020/2021 2019/2020
PRACTICAL TRAINING 2008/2009 2007/2008 2006/2007
PRINCIPLES OF IT SECURITY 2016/2017
RISK MANAGEMENT 2023/2024 2022/2023 2021/2022 2020/2021 2019/2020 2018/2019 2014/2015 2013/2014
USRAH IN ACTION 1 2023/2024 2022/2023 2021/2022
USRAH IN ACTION 2 2023/2024 2022/2023


Supervision


An Integrated Persuasive Technology Model For Information Security Awareness.
Ph.D Completed 2021 Co-supervisor
Information Security Behavior In Organizations: Influencing Factors And Management Strategies.
Ph.D Completed 2020 Main Supervisor
Information Security Policy Perceived Compliance Model For Staff In Palestine Universities.
Ph.D Completed 2020 Co-supervisor
An Integrated Model Of Acceptance For Pervasive Learning From Students’ Perspective.
Ph.D Completed 2017 Co-supervisor
The Factors Influencing Top Management Participation In Information Security .
Ph.D In Progress Member Supervisory Committee
Investigating Legal Framework To Develop Malaysia'S Cyber Resilience.
Ph.D In Progress Main Supervisor
Essential Digital Skills Framework For Workforce In Malaysia Public Sector: A Delphi Study.
Ph.D In Progress Co-supervisor
Factors Influencing The Information Security Awareness In The Royal Malaysian Air Force.
Master Completed 2023 Main Supervisor
Safe City Program: A Case Study On Landed Gated Community In Majlis Bandaraya Iskandar Puteri.
Master Completed 2023 Main Supervisor
Privacy And Security Impacts Of Social Media On Military Cadets In Malaysia.
Master Completed 2021 Main Supervisor
Privacy And Security Concerns On Information Disclosure Through Social Media: A Case Study On Iium Students.
Master Completed 2020 Main Supervisor
Information Security Awareness Amongst Students In Iium.
Master Completed 2018 Co-supervisor
Data Leakage Prevention System: Protection Of Classified Information In Chief Government Security Office.
Master Completed 2017 Main Supervisor
Combined Risk Assessment Model (C-Ram) For Organizational Information Security.
Master Completed 2017 Main Supervisor
A Case Study Of Advanced Persistent Threats On Financial Institutions In Malaysia.
Master Completed 2017 Main Supervisor
Exploring Cyber Risk Management Strategies In The Malaysian Public Sector: A Path To Cyber Resilience.
Master In Progress Main Supervisor


Research Projects


Completed
2022 - Kajian Rang Undang-Undang Keselamatan Siber
2020 - 2022 Kajian Hukum Mengenai Kesan Permainan Digital Terhadap Masyarakat
2019 - 2022 The Development of Cybersecurity Awareness Model using CTC ? Chaos Theory of Careers for Secondary Schools.
2014 - 2017 A Model for Information Security Risk Management and Auditing Processes in Malaysian Universities
2011 - 2013 Exploring the use of Online Social Networking among Employees in Malaysian Organizations: Looking Potential Threats to Information Security
2007 - 2020 Managing IT Outsourcing Partnership in Malaysia Organizations: Exploring the Perspectives of the Service Receivers Using the Multiple Case Studies Approach
On-Going
2023 - Present Developing Malaysia's Cyber Resilience through Standards-based Training in Strategic Thinking and Cyber Leadership
2023 - Present Kajian Perundangan Ke Arah Penggubalan Draf Rang Undang-Undang Perkongsian Data
2021 - Present INFORMATION SECURITY RISK MANAGEMENT
2008 - Present Intelligent Cyberspace Security


Award & Recognition


02 Aug, 2023 Special Recognition Award - International Islamic University Malaysia University
18 Jul, 2023 Finalist for Benifitting Society Category - International Green Gowns Award 2023 International
30 Nov, 2022 Gold Medal - Ministry of Higher Education National
03 Nov, 2022 Gold Medal - Ministry of Higher Education National
28 Aug, 2020 The best system development project: Cybersecurity Incident Response for SMEs - Bachelor of IT, KICT Final Year Project KCDIO
24 Nov, 2015 Best Paper Award - International Islamic University Malaysia National


Publications


Article

2023 Information security governance issues In Malaysian government sector. Journal of Information Systems and Digital Technologies, 5 (2) pp. 1-18
2023 Smart Ctzen: a digital storytelling app to empower youth’s awareness in cyber safety and security. Journal of Information Systems and Digital Technologies, 5 (2) pp. 108-120
2023 SmartParents: empowering parents to protect children from cyber threats. International Journal on Perceptive and Cognitive Computing (IJPCC), 9 (2) pp. 73-79
2022 The effects of persuasive technology for influencing end-users’ information security awareness. Journal of Information Systems and Digital Technologies, 4 (1) pp. 56-81
2020 A systematic literature review of cyber security education models’ implementations. Malaysian Journal of Youth Studies, Edisi Khas 1 (1) pp. 1-20
2020 Cyber security awareness among secondary school students in Malaysia. Journal of Information Systems and Digital Technologies, 2 (2) pp. 28-41
2020 Socio-technical mitigation effort to combat cyber propaganda: a systematic literature mapping. IEEE Access, 8 () pp. 92929-92944
2020 Underlying Structure of Online Risks and Harm among Bangladeshi Teenagers. Applied Information Systems and Management, 3 (1) pp. 7-14
2019 Assessing the risks of social media and profiling the behavior of potential victims among youth. Malaysian Journal Of Youth Studies, 1 (2) pp. 21-34
2019 Incorporating Islamic principles in information security behaviour: a conceptual framework. Journal of Information Systems and Digital Technologies, 1 (2) pp. 24-39
2019 Persuasive technology in the Islamic perspective: the principles and strategies. International Journal on Perceptive andCognitive Computing (IJPCC), 5 (2) pp. 107-115
2018 A case analysis of securing organisations against information leakage through online social networking. International Journal of Information Management, 43 () pp. 351-356
2016 Unintentional information security behavior from the Qur’an and Hadith’s perspective. International Journal on Islamic Applications in Computer Science And Technology, 4 (3) pp. 1-10
2015 Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10 (23) pp. 17607-17613
2012 Online social networking: a source of intelligence for advanced persistent threats. International Journal of Cyber Warfare and Terrorism, 2 (1) pp. 1-13
2011 Information Leakage through online social networking: opening the doorway for advanced persistence threats. The Journal of the Australian Institute of Professional Intelligence Officers (AIPIO), 19 (2) pp. 38-55
Conference or Workshop Item

2022 Pendekar Siber: empowering young people to combat cyber threats. In: International Conference on Cyber Resilience (ICCR) 2022,
2021 Parents’ roles in mitigating cyber threats to children in the new norm. In: Persidangan Kependudukan Kebangsaan (PERKKS 21),
2019 A comparative review of ISMS implementation based on ISO 27000 series in organizations of different business sectors. In: 1st International Conference Computer Science and Engineering (IC2SE 2019),
2019 A comparative review of ISMS implementation based on ISO 27000 Series in organizations of different business sectors. In: International Conference Computer Science and Engineering (IC2SE),
2019 Advanced persistent threats awareness and readiness: a case study in Malaysian financial institutions. In: 2018 Cyber Resilience Conference (CRC 2018),
2019 Exploring staff perception of InfoSec policy compliance: Palestine Universities empirical study. In: 1st International Conference of Intelligent Computing and Engineering (ICOICE 2019),
2019 Information security policy perceived compliance among staff in Palestine universities: An empirical pilot study. In: 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT),
2018 Persuasive technology from Islamic perspective. In: 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M),
2018 Responsibility-value alignment in information security governance. In: 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M),
2017 Exploring the factors influencing top management involvement and participation in information security. In: Pacific Asia Conference on Information Systems 2017 (PACIS 2017),
2016 Information security behavior among employees from the Islamic perspective. In: 2016 6th International Conference on Information and Communication Technology for The Muslim World (ICT4M 2016),
2016 Persuasive technology for improving information security awareness and behavior: literature review. In: 2016 6th International Conference on Information and Communication Technology for The Muslim World (ICT4M 2016),
2015 A conceptual framework for measuring the acceptance of pervasive learning. In: 5th International Conference on Computing and Informatics (ICOCI 2015),
2015 Information security awareness through the use of social media. In: 5th International Conference on Information & Communication Technology for The Muslim World (ICT4M 2014),
2015 Protecting youth from social media risks through information security practices and Islamic principles. In: 3rd International Conference on Islamic Applications in Computer Science And Technology,
2015 Unintentional information security behavior from the Qur’an and hadith’s perspective. In: International Conference on Islamic Applications in Computer Science and Technology,
2014 Inadvertent Leakage of Organisational Information through Online Social Networking. In: International Research Invention & Innovation Exhibition 2014,
2013 Disclosure of organizational information on social media: Perspectives from security managers. In: Pacific Asia Conference on Information Systems,
2011 Disclosure of organizational information by employees on Facebook: Looking at the potential for information security risks. In: 22nd Australasian Conference on Information Systems (ACIS),
2011 Exploring the use of online social networking by employees: Looking at the potential for information leakage. In: Pacific Asia Conference on Information Systems,
2010 Information leakage through online social networking: Opening the doorway for advanced persistence threats. In: Australian Information Security Management Conference,
2010 Understanding the factors of information leakage through online social networking to safeguard organizational information. In: Australasian Conference for Information Systems,
Book

2017 A case study of advanced persistent threats on financial institutions in Malaysia. IIUM Press, ISBN: 9789674187903
2010 The information systems integration plan: for satellite remote sensing subsystems. VDM Verlag Dr. Muller, ISBN: 3639219635
Book Section

2023 Pendekar Siber: empowering youth to combat cyber threats. In: Sejahtera Centre of Sustainability and Humanity, ISBN: 978-967-19408-3-9, pp. 52-61
Monograph

2022 Kajian hukum mengenai kesan permainan digital terhadap masyarakat. In: ,
2013 Exploring the use of online social networking among employees in Malaysian organizations: looking potential threats to information security. In: s.n,