Staff Directory


Nurul Nuha Binti Abdul Molok

Academic Qualification

  • DOCTOR OF PHILOSOPHY (INFORMATION SYSTEM SECURITY) - Doctor of Philosophy, University of Melbourne
  • Master of Computer Science - Masters Degree, Universiti Malaya (UM)
  • Bachelor of Computer Science - Bachelor Degree, Universiti Malaya (UM)
  • International Baccalaureate Bilingual Diploma - Diploma, Kolej MARA Banting, Selangor

Nurul Nuha Binti Abdul Molok (Dr.)

Assistant Professor
IIUM Gombak Campus

KULLIYYAH OF INFORMATION AND COMMUNICATION TECHNOLOGY


nurulnuha@iium.edu.my
NA


Expert Profile


Dr. Nurul Nuha Abdul Molok is an Assistant Professor at the Department of Information Systems, Kulliyyah of Information and Communication Technology (KICT). She obtained her BSc in Computer Science (Artificial Intelligence) and MSc in Computer Science (Information Systems) from Universiti Malaya. She studied PhD at the University of Melbourne, Australia. Her PhD research focused on the use of social media amongst employees, looking at the potential for leakage of organisational information and its impact to organisations. 

Previously, she had a short stint (1 year) in the IT industry before joining Malaysian Centre for Remote Sensing (MACRES), Ministry of Science, Technology & Innovation (MOSTI) as a Research Officer (Feb 2003 - Oct 2006). Besides doing research and managing ICT projects in MACRES, her main task was coordinating the ISO 27001 Information Security Management Systems (ISMS) certification project for the organization and it was the first government agency in Malaysia to be certified to ISO/IEC 27001:2005. During that time, she obtained a certificate for ISO 27001 ISMS Lead Auditor from EQS Asia - Excel UK.

To satisfy her passion for teaching and knowledge sharing, she joined the academia in November 2006. Since then, her taught courses are IT Security, Risk Management, Control and Audits of Information Systems, Business Continuity & Disaster Recovery and Management Information Systems. She has supervised (and currently supervising) both undergraduate (Final Year Projects) and postgraduate (Master of IT, Master of Protective Security Management and PhD) students. For research, she is the Leader for Information Assurance and Security research group and, an associate member of CyberSecurity Centre of Excellence (COE), Information Systems, Internet and Governance (ISIG) and Islamic Fintech and Blockchain research groups, at IIUM. She is also a member of Malaysian Chapter for Association of Information Systems (MyAIS), Internet Society (ISOC) Malaysia Chapter and GlobalRisk Community. 

Her research works were published in journals (ISI Q1 and Scopus), conference proceedings and books, locally and globally. She has presented at international and local conferences and seminars, both for academia and industry, and she has become information security trainer for government and private agencies. As part of community services, she has conducted cybersecurity awareness programs for teachers, parents and students at local schools. 

Apart from teaching and doing research, she is currently the secretary for ISO 27001 ISMS Task Force at IIUM and Academic Coordinator for Center for IT Advancement (CITA), KICT. From June 2008 to August 2009, she was a Working Group member in the ISO/IEC JTC 1/SC 27/ WG 1 “Information Security Management Systems”, Information Security Technical Committee, within the Department of Standards Malaysia, MOSTI. This group is responsible to provide feedback in regard to the development and/or revision of the international standards for information security management. After PhD study leave, she continued her participation in this Working Group from December 2015 until now. Other than certified ISMS Lead Auditor, she is also a certified Cyber Defender Associate from Cyber Range Malaysia.


Area of Specialisation


  • Economics, Business And Management ~ Economics, Business And Management ~ Management ~ Management Information System
  • ICT ~ Information, Computer And Communications Technology (ICT) ~ Security System ~ Other Security System n.e.c. - Organizational Information Security
  • Social Science ~ Social Science ~ Social Issues and Problems ~ At-Risk Behaviour - Managing the risk of the digital world - Cyberetics, Cybersafety and Cybersecurity
  • ICT ~ Information, Computer And Communications Technology (ICT) ~ Other Information, Computer and Communication Technology (ICT) n.e.c. - Social media use among employees and its impacts to organizational information security
  • Economics, Business And Management ~ Economics, Business And Management ~ Technology Management ~ Ethics, Security and Safety - Risk Management


Professional Membership


  • 2016: Member of Profesional Body / Association: (Lifetime Member), Malaysia Chapter of the Association for Information Systems
  • 2017: Member of Profesional Body / Association: (Academic Member), Internet Society
  • 2018: Member of Profesional Body / Association: (Academic Member), Association for Information Systems


Teaching Responsibilities


BUSINESS CONTINUITY AND DISASTER RECOVERY 2021/2022 2018/2019
CONTROL AND AUDIT OF INFORMATION SYSTEMS 2017/2018
DISSERTATION 2014/2015
FINAL YEAR PROJECT 1 2019/2020
FINAL YEAR PROJECT I 2022/2023 2021/2022 2020/2021 2017/2018 2016/2017 2014/2015 2013/2014 2008/2009 2007/2008
FINAL YEAR PROJECT II 2021/2022 2020/2021 2019/2020 2016/2017 2015/2016 2008/2009 2007/2008
INDUSTRIAL ATTACHMENT 2017/2018 2016/2017 2015/2016 2014/2015 2013/2014
INFORMATION SECURITY 2015/2016
INFORMATION SECURITY GOVERNANCE 2022/2023 2021/2022 2020/2021 2019/2020 2018/2019 2017/2018 2016/2017 2015/2016
IT SECURITY I 2015/2016 2008/2009 2007/2008
MANAGEMENT INFORMATION SYSTEM 2018/2019 2015/2016 2014/2015 2013/2014 2008/2009 2007/2008 2006/2007
MANAGEMENT INFORMATION SYSTEMS 2021/2022
MANAGEMENT OF INFORMATION SECURITY 2022/2023 2021/2022 2020/2021 2019/2020
PRACTICAL TRAINING 2008/2009 2007/2008 2006/2007
PRINCIPLES OF IT SECURITY 2016/2017
RISK MANAGEMENT 2022/2023 2021/2022 2020/2021 2019/2020 2018/2019 2014/2015 2013/2014
USRAH IN ACTION 1 2021/2022
USRAH IN ACTION 2 2022/2023


Research Projects


Completed
2020 - 2022 Kajian Hukum Mengenai Kesan Permainan Digital Terhadap Masyarakat
2019 - 2022 The Development of Cybersecurity Awareness Model using CTC ? Chaos Theory of Careers for Secondary Schools.
2014 - 2017 A Model for Information Security Risk Management and Auditing Processes in Malaysian Universities
2011 - 2013 Exploring the use of Online Social Networking among Employees in Malaysian Organizations: Looking Potential Threats to Information Security
2007 - 2020 Managing IT Outsourcing Partnership in Malaysia Organizations: Exploring the Perspectives of the Service Receivers Using the Multiple Case Studies Approach
On-Going
2021 - Present INFORMATION SECURITY RISK MANAGEMENT
2008 - Present Intelligent Cyberspace Security


Award & Recognition


28 Aug, 2020 The best system development project: Cybersecurity Incident Response for SMEs - Bachelor of IT, KICT Final Year Project KCDIO
24 Nov, 2015 Best Paper Award - International Islamic University Malaysia National


Publications


Article

2020 A systematic literature review of cyber security education models’ implementations. Malaysian Journal of Youth Studies, Edisi Khas 1 (1) pp. 1-20
2020 Cyber security awareness among secondary school students in Malaysia. Journal of Information Systems and Digital Technologies, 2 (2) pp. 28-41
2020 Socio-technical mitigation effort to combat cyber propaganda: a systematic literature mapping. IEEE Access, 8 () pp. 92929-92944
2020 Underlying Structure of Online Risks and Harm among Bangladeshi Teenagers. Applied Information Systems and Management, 3 (1) pp. 7-14
2019 Assessing the risks of social media and profiling the behavior of potential victims among youth. Malaysian Journal Of Youth Studies, 1 (2) pp. 21-34
2019 Incorporating Islamic principles in information security behaviour: a conceptual framework. Journal of Information Systems and Digital Technologies, 1 (2) pp. 24-39
2019 Persuasive technology in the Islamic perspective: the principles and strategies. International Journal on Perceptive andCognitive Computing (IJPCC), 5 (2) pp. 107-115
2018 A case analysis of securing organisations against information leakage through online social networking. International Journal of Information Management, 43 () pp. 351-356
2016 Unintentional information security behavior from the Qur’an and Hadith’s perspective. International Journal on Islamic Applications in Computer Science And Technology, 4 (3) pp. 1-10
2015 Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10 (23) pp. 17607-17613
2012 Online social networking: a source of intelligence for advanced persistent threats. International Journal of Cyber Warfare and Terrorism, 2 (1) pp. 1-13
2011 Information Leakage through online social networking: opening the doorway for advanced persistence threats. The Journal of the Australian Institute of Professional Intelligence Officers (AIPIO), 19 (2) pp. 38-55
Conference or Workshop Item

2021 Parents’ roles in mitigating cyber threats to children in the new norm. In: Persidangan Kependudukan Kebangsaan (PERKKS 21),
2019 A comparative review of ISMS implementation based on ISO 27000 series in organizations of different business sectors. In: 1st International Conference Computer Science and Engineering (IC2SE 2019),
2019 A comparative review of ISMS implementation based on ISO 27000 Series in organizations of different business sectors. In: International Conference Computer Science and Engineering (IC2SE),
2019 Advanced persistent threats awareness and readiness: a case study in Malaysian financial institutions. In: 2018 Cyber Resilience Conference (CRC 2018),
2019 Exploring staff perception of InfoSec policy compliance: Palestine Universities empirical study. In: 1st International Conference of Intelligent Computing and Engineering (ICOICE 2019),
2019 Information security policy perceived compliance among staff in Palestine universities: An empirical pilot study. In: 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT),
2018 Persuasive technology from Islamic perspective. In: 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M),
2018 Responsibility-value alignment in information security governance. In: 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M),
2017 Exploring the factors influencing top management involvement and participation in information security. In: Pacific Asia Conference on Information Systems 2017 (PACIS 2017),
2016 Information security behavior among employees from the Islamic perspective. In: 2016 6th International Conference on Information and Communication Technology for The Muslim World (ICT4M 2016),
2016 Persuasive technology for improving information security awareness and behavior: literature review. In: 2016 6th International Conference on Information and Communication Technology for The Muslim World (ICT4M 2016),
2015 A conceptual framework for measuring the acceptance of pervasive learning. In: 5th International Conference on Computing and Informatics (ICOCI 2015),
2015 Information security awareness through the use of social media. In: 5th International Conference on Information & Communication Technology for The Muslim World (ICT4M 2014),
2015 Protecting youth from social media risks through information security practices and Islamic principles. In: 3rd International Conference on Islamic Applications in Computer Science And Technology,
2015 Unintentional information security behavior from the Qur’an and hadith’s perspective. In: International Conference on Islamic Applications in Computer Science and Technology,
2014 Inadvertent Leakage of Organisational Information through Online Social Networking. In: International Research Invention & Innovation Exhibition 2014,
2013 Disclosure of organizational information on social media: Perspectives from security managers. In: Pacific Asia Conference on Information Systems,
2011 Disclosure of organizational information by employees on Facebook: Looking at the potential for information security risks. In: 22nd Australasian Conference on Information Systems (ACIS),
2011 Exploring the use of online social networking by employees: Looking at the potential for information leakage. In: Pacific Asia Conference on Information Systems,
2010 Information leakage through online social networking: Opening the doorway for advanced persistence threats. In: Australian Information Security Management Conference,
2010 Understanding the factors of information leakage through online social networking to safeguard organizational information. In: Australasian Conference for Information Systems,
Book

2017 A case study of advanced persistent threats on financial institutions in Malaysia. IIUM Press, ISBN: 9789674187903
2010 The information systems integration plan: for satellite remote sensing subsystems. VDM Verlag Dr. Muller, ISBN: 3639219635
Monograph

2022 Kajian hukum mengenai kesan permainan digital terhadap masyarakat. In: ,
2013 Exploring the use of online social networking among employees in Malaysian organizations: looking potential threats to information security. In: s.n,