{"id":12100,"date":"2026-06-21T21:05:53","date_gmt":"2026-06-22T01:05:53","guid":{"rendered":"https:\/\/maqasid.org\/?post_type=blog&#038;p=12100"},"modified":"2026-06-22T15:10:39","modified_gmt":"2026-06-22T19:10:39","slug":"maqa%e1%b9%a3id-al-shari%ca%bfah-as-a-methodological-framework-for-cybersecurity-governance-a-new-approach-for-islamic-organisations","status":"publish","type":"blog","link":"https:\/\/maqasid.org\/ar\/blog\/maqa%e1%b9%a3id-al-shari%ca%bfah-as-a-methodological-framework-for-cybersecurity-governance-a-new-approach-for-islamic-organisations\/","title":{"rendered":"Maq\u0101\u1e63id al-Shar\u012b\u02bfah as a Methodological Framework for Cybersecurity Governance: A New Approach for Islamic Organisations"},"content":{"rendered":"\n<h3 class=\"wp-block-heading has-text-align-left has--font-size\">By Dr. <em>Rumaizi bin Ahmad<\/em><br><\/h3>\n\n\n\n<p class=\"has-text-align-left\"><em>Chairman of the Muslim Scholars Association of Malaysia, Selangor Chapter (PUMSel), a Certified Preacher (Penceramah Bertauliah) under the Selangor Islamic Religious Department (JAIS), a Syarie Lawyer, and holds a Doctorate in Business Administration (DBA)<\/em><br><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-top is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>As I was doing my Masters thesis on cyber security for Islamic organisations, I realised that the issues we are facing today are not just technical and that the challenges we are facing are challenges to the <em>am\u0101nah<\/em> that Allah has placed on us as those who have a responsibility in these institutions. It is here that the relevance of <em>Maq\u0101\u1e63id al-Shar\u012b\u02bfah<\/em> is not only highlighted but also demonstrated to be essential as a methodological framework.<\/p>\n\n\n\n<p>This article is based on two sources that I have found to dovetail into one another in remarkable coherence; first the <em>Maq\u0101\u1e63id<\/em> based Corporate Cybersecurity Framework (MCCF) I developed in my Master&#8217;s thesis and second the intellectual vision that is presented by Professor Jasser Auda in Re-envisioning Islamic Scholarship: <em>Maq\u0101\u1e63id<\/em> Methodology as a New Approach (Claritas Books, 2021), a foundational text for the Advance Certificate in<em> Maq\u0101\u1e63id<\/em> that I am currently completing.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\"><style>.kb-image12100_32d6f2-3b.kb-image-is-ratio-size, .kb-image12100_32d6f2-3b .kb-image-is-ratio-size{max-width:346px;width:100%;}.wp-block-kadence-column > .kt-inside-inner-col > .kb-image12100_32d6f2-3b.kb-image-is-ratio-size, .wp-block-kadence-column > .kt-inside-inner-col > .kb-image12100_32d6f2-3b .kb-image-is-ratio-size{align-self:unset;}.kb-image12100_32d6f2-3b{max-width:346px;}.image-is-svg.kb-image12100_32d6f2-3b{-webkit-flex:0 1 100%;flex:0 1 100%;}.image-is-svg.kb-image12100_32d6f2-3b img{width:100%;}.kb-image12100_32d6f2-3b .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<figure class=\"wp-block-kadence-image kb-image12100_32d6f2-3b size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"793\" height=\"528\" src=\"https:\/\/maqasid.org\/wp-content\/uploads\/2026\/06\/Maqasid-Cybersecurity-2.png\" alt=\"\" class=\"kb-img wp-image-12101\" srcset=\"https:\/\/maqasid.org\/wp-content\/uploads\/2026\/06\/Maqasid-Cybersecurity-2.png 793w, https:\/\/maqasid.org\/wp-content\/uploads\/2026\/06\/Maqasid-Cybersecurity-2-300x200.png 300w, https:\/\/maqasid.org\/wp-content\/uploads\/2026\/06\/Maqasid-Cybersecurity-2-768x511.png 768w\" sizes=\"(max-width: 793px) 100vw, 793px\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>What Is the Real Problem?<\/strong><\/h3>\n\n\n\n<p>As the Chairman of the Muslim Scholars Association of Malaysia, Selangor Chapter (<em>Persatuan Ulama Malaysia Cawangan Selangor<\/em> \u2014 PUMSel), I have sensitive data that includes financial data, religious publications, membership registration and constitutional documents, all of which are managed digitally. However, what is evident from PUMSel&#8217;s Digital Strategic Plan 2026-2028 is that none of the committee members have cybersecurity skills.&nbsp;<\/p>\n\n\n\n<p>It&#8217;s not just a lack of IT skill. It is a deficiency in <em>am\u0101nah.<\/em> Yet, however, apart from the technical aspect there is a much bigger issue with how we, as Islamic scholars and organisational leaders, tackle the contemporary issues. In the book mentioned above, Jasser Auda lists five basic flaws in current Islamic studies: <em>taql\u012bd <\/em>(imitation), <em>tajz\u012b\u02be<\/em> (partialism), <em>tabr\u012br<\/em> (apologism), <em>tan\u0101qu\u1e0d<\/em> (contradiction) and<em> tafk\u012bk <\/em>(deconstructionism). I would like to observe with this diagnostic lens the current state of Islamic organisations in the way they are dealing with \u2014 or mishandling \u2014 their cybersecurity duties.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><em>Tajz\u012b\u02be<\/em> and <em>Tabr\u012br<\/em>: Two Ailments That Must Be Addressed<\/strong><\/h3>\n\n\n\n<p>I find the idea of<em> tajz\u012b\u02be<\/em> (the tendency to look at something in bits and pieces without seeing the big picture) to be an almost perfect description of the approach most Islamic organisations take to cybersecurity. They install anti-virus software, maybe they require more stringent passwords, but there is no overarching framework that provides meaning and direction to these discrete steps.&nbsp;<\/p>\n\n\n\n<p><em>Tajz\u012b\u02be<\/em> in digital governance is: We secure our email accounts but not our cloud storage, we secure our organisational bank account but not how we treat data privacy of our members, we worry about being hacked but we don&#8217;t build a culture of mur\u0101qabah in our teams. There&#8217;s also<em> tabr\u012br <\/em>\u2014 apologism \u2014 the tendency to justify what is and to avoid an honest assessment of weaknesses and the need to change. The tabr\u012br surfaces when Islamic organisational leaders say: \u201cWe are just a small NGO \u2014 who would bother to hack us?\u201d or \u201c<em>Insha\u2019Allah<\/em>, Allah will protect us.\u201d This is not<em> tawakkul.<\/em> It&#8217;s piety in the guise of negligence. The <em>Maq\u0101\u1e63id <\/em>Methodology is exactly conceived to address these limitations by three orientations: future orientation, critical orientation and comprehensive orientation, argues Auda. Such three orientations are the ones that are required to establish a credible and principled framework for digital governance in Islamic institutions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The MCCF: From Concept to <\/strong><strong><em>Shar\u012b\u02bfah <\/em><\/strong><strong>Commitment<\/strong><\/h3>\n\n\n\n<p>In my thesis, I developed the <em>Maq\u0101\u1e63id<\/em>-based Corporate Cybersecurity Framework (MCCF), which systematically maps the five <em>\u1e0car\u016briyy\u0101t al-Khams<\/em> \u2014 the Five Essential Objectives of Islamic Law \u2014 onto the principal domains of corporate cybersecurity:<\/p>\n\n\n\n<p><strong><em>\u1e24if\u1e93 al-D\u012bn<\/em><\/strong>: protection of religion \u2014 in the corporate environment equates to the protection of the integrity of the organisation, the ethical management of data and the preservation of the organisation&#8217;s reputation in line with <em>Shar\u012b\u02bfah<\/em>. If the data of the members of PUMSel is lost, not only does it lose information, but also the credibility of the <em>\u02bfulam\u0101<\/em>\u02be institution as a trusted institution in the custody of religious knowledge is also lost. This is an attack straight on <em>\u1e24if\u1e93 al-D\u012bn.<\/em><\/p>\n\n\n\n<p><strong><em>\u1e24if\u1e93 al-Nafs <\/em><\/strong><strong>\u2014<\/strong> protection of life \u2014 is business continuity making sure that the programmes and services that communities rely on are not disrupted by cyber incidents. The digital operations are a lifeline for PUMSel&#8217;s many community activities, includ\u012bng Jelajah Masjid,<em> Tafaqquh Fidd\u012bn<\/em>, Ziarah Dakwah and Akademi PUMSel. The threat of<em> \u1e24if\u1e93 al-Nafs <\/em>in its institutional sense is an attack by a ransomware on the access to the cloud repositories of the organisation.<\/p>\n\n\n\n<p><strong><em>\u1e24if\u1e93 al-\u02bfAql<\/em><\/strong><strong> \u2014 <\/strong>protection of the intellect \u2014 is information integrity and awareness of information security. Auda states that the true meaning of fiqh is \u201ca deep understanding in all the branches of knowledge.\u201d Security Awareness Training is thus not just an IT program, but an attempt to maintain the rational agency and cognitive integrity of each individual in the organization.<\/p>\n\n\n\n<p><strong><em>\u1e24if\u1e93 al-Nasl <\/em><\/strong><strong>\u2014 <\/strong>protection of lineage \u2014 is manifested today in the protection of personal identity and privacy in the digital realm. Member registrations, the personal and professional data of Islamic scholars, the information of families, etc, all of these are <em>am\u0101nah<\/em>, which comes under the category of <em>\u1e24if\u1e93 al-Nasl<\/em>. A direct violation of this objective is digital identity theft.<\/p>\n\n\n\n<p><strong><em>\u1e24if\u1e93 al-M\u0101l<\/em><\/strong> \u2014 protection of wealth \u2014 Financial fraud, bank account compromise and manipulation of digital donation platforms are among the threats that require a response, not only in terms of technical risk management, but also as a <em>Shar\u012b\u02bfah<\/em> duty.<\/p>\n\n\n\n<p><strong>Why the <\/strong><strong><em>Maq\u0101\u1e63id<\/em><\/strong><strong> Methodology Is More Than Symbolic Mapping<\/strong><\/p>\n\n\n\n<p>A common deficiency in traditional efforts to use <em>Maq\u0101\u1e63id<\/em> in the modern context is that they are superficial, merely \u201cmapping\u201d Islamic terminology on existing secular practices without changing the methodological foundations. This is, ironically, academic form of <em>tajz\u012b<\/em>\u02be.<\/p>\n\n\n\n<p>Auda makes a good distinction between \u201cmethodology\u201d and \u201cframework.\u201d A methodology is a set of principles that direct the way to solve a problem. A framework is the analytical tool that is the product of the methodology. He is of the opinion that the <em>Maq\u0101\u1e63id<\/em> Methodology starts with a purpose that is motivated by one of the objectives of Islam and then goes through Cycles of Reflection on the Quran and Sunnah to arrive at a complete analytical framework that is not borrowed from secular paradigms, rather it is based on revelation.<\/p>\n\n\n\n<p>If we apply this to the MCCF, it should be the other way around \u2013 don&#8217;t start with \u201cHow do we configure a firewall?\u201d The proper question to ask is, \u201cWhat is it that we are to protect, why should <em>Shar\u012b\u02bfah <\/em>protect it, and what in the real world does it mean to protect it?\u201d It is only from those answers that we then choose the right technical instruments.<\/p>\n\n\n\n<p>The animating principle of the MCCF is <em>jalb al-ma\u1e63\u0101li\u1e25 wa dar\u02be al-maf\u0101sid<\/em> \u2014 the promotion of benefit and the prevention of harm. This aligns directly with Auda\u2019s critical orientation: we cannot be content with defend\u012bng the status quo, but must continuously evaluate our present reality against the objectives of the Revelation, and act accord\u012bngly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><em>Mur\u0101qabah<\/em><\/strong><strong><em> <\/em><\/strong><strong>as the Core of a Security Culture<\/strong><\/h3>\n\n\n\n<p>Perhaps the greatest gift the <em>Maq\u0101\u1e63id<\/em> approach has to offer cybersecurity is culture. The idea of <em>mur\u0101qabah<\/em> means that Allah is always watching. It is a motivational underpinning for security-conscious behavior that no compliance policy can duplicate. The committee member who knows that he has broken the<em> am\u0101nah<\/em> of Allah by clicking a phishing link or by taking a weak password will take care of that in a different way from someone who only fears a reprimand from management. This is what Auda is saying when he talks of the comprehensive orientation of the <em>Maq\u0101\u1e63id <\/em>Methodology, that <em>Maq\u0101\u1e63id<\/em> is not just an analytical tool, but it also changes the way we live our responsibilities in all aspects of life including our digital lives. This understanding is the basis of the Digital Amanah Programme that was proposed in the MCCF. Cybersecurity isn&#8217;t reserved for IT professionals. It is the obligation of all mukallaf\u012bn who have a digital trust in an Islamic organisation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The <\/strong><strong><em>Ma\u1e63\u0101li\u1e25<\/em><\/strong><strong> Hierarchy and Security Control Prioritisation<\/strong><\/h3>\n\n\n\n<p>One of the practical advantages of the <em>Maq\u0101\u1e63id<\/em> framework is that it provides a principled and rational system for prioritising limited resources. As with most Islamic NGOs, the finances of PUMSel are limited. If the budget is small, how do you know what to focus on when it comes to digital security training? The answer is to be found in the three-tiered hierarchy of the <em>ma\u1e63\u0101li\u1e25<\/em>.<\/p>\n\n\n\n<p>Multi-Factor Authentication (MFA), the 3-2-1 data backup strategy and a documented Incident Response Plan are all examples of <em>\u1e0car\u016briyy\u0101t<\/em>-level controls, which are controls that if they were not in place, the entire system would fail catastrophically. These are non-negotiable minimum obligations that are not to be excused.<\/p>\n\n\n\n<p><em>\u1e24\u0101jiyy\u0101t<\/em>-level controls, which are not necessarily immediately catastrophic but rather prevent significant harm, include phishing awareness training, periodic vulnerability assessments and regulatory compliance management. These are next priority as resources allow.<\/p>\n\n\n\n<p><em>Ta\u1e25s\u012bniyy\u0101t<\/em>-level controls are higher level threat intelligence solutions, AI-driven behavior analytics, comprehensive Zero Trust Architecture, and other aspirations that are longer-term and can be implemented in a phased and planned manner.<\/p>\n\n\n\n<p>This helps the leaders of Islamic organisations to make decisions on resources that are not only sound but also Shar\u012b\u02bfah-compliant, and not merely because of the latest technology craze.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Conclusion: Re-envisioning Islamic Scholarship in the Digital Age<\/strong><\/h3>\n\n\n\n<p>Auda concludes his elaboration of the <em>Maq\u0101\u1e63id <\/em>Methodology with a vision that has real power: that this project is to revitalise the original and far reaching notions of fiqh, <em>fuqah\u0101\u02be<\/em>,<em> d\u012bn <\/em>and <em>\u0101y\u0101t <\/em>in the present day. The great scholars of the Islamic civilisation, such as Ibn Rushd, al-Kindi, al-Khawarizmi and Ibn al-Haytham, did not distinguish between religious knowledge and scientific inquiry. They were <em>fuqah\u0101<\/em>\u02be in the truest sense: scholars of profound knowledge in all the fields of knowledge and their scientific investigations were acts of reflection on the signs (<em>\u0101y\u0101t) <\/em>of Allah.<\/p>\n\n\n\n<p>In the digital era, it is the obligation of Islamic scholars and organisational leaders to regain that breadth. The field of cybersecurity is not unfamiliar to the religious field, but is a dimension of the responsibility of<em> \u1e25if\u1e93 <\/em>that Allah has given us as His stewards on earth. The lack of cybersecurity competency among the leadership of PUMSel currently is a symptom of the broader situation in the Muslim world. It&#8217;s also a chance, though. Each measure taken to ensure digital governance is ethical and secure, whether it&#8217;s enabling MFA for organisational accounts or creating a Digital Governance Policy based on the principles of <em>am\u0101nah<\/em> and <em>mur\u0101qabah<\/em>, is a manifestation of the <em>i\u1e63l\u0101\u1e25 <\/em>to which Auda and the <em>Maq\u0101\u1e63id <\/em>tradition summons us.&nbsp;<\/p>\n\n\n\n<p>The digital <em>am\u0101nah<\/em> is real and present. The <em>Maq\u0101\u1e63id <\/em>Methodology provides us with the motivation, but also with the methodological rigour to fulfil it.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Key References<\/strong><\/h3>\n\n\n\n<p>Auda, Dr Jasser. (2021). <em>Re-envisioning Islamic Scholarship: Maq\u0101\u1e63id Methodology as a New Approach<\/em>. Claritas Books.<\/p>\n\n\n\n<p>Al-Raysuni,Dr Ahmad. (2016). <em>Madkhal ila Maq\u0101\u1e63id al-Shar\u012b\u02bfah<\/em> (4th ed.). Dar al-Kalimah.<\/p>\n\n\n\n<p>Al-Shatibi, Ibrahim Ibn Musa. (1997). <em>Al-Muw\u0101faq\u0101t fi Usul al-Shar\u012b\u02bfah<\/em> (Vol. 2). Dar Ibn Affan.<\/p>\n\n\n\n<p>Ibn \u2018Ashur, Muhammad Al-Tahir (2006). <em>Maq\u0101\u1e63id al-Shar\u012b\u02bfah al-Isl\u0101miyyah<\/em>. Dar al-Naf<em>\u0101<\/em>\u2019is.<\/p>\n\n\n\n<p>Persatuan Ulama Malaysia Cawangan Selangor. (2025). <em>Digital Strategic Management Plan PUMSel 2026\u20132028<\/em>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":12103,"parent":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_kadence_starter_templates_imported_post":false,"_kad_post_transparent":"","_kad_post_title":"show","_kad_post_layout":"normal","_kad_post_sidebar_id":"","_kad_post_content_style":"boxed","_kad_post_vertical_padding":"","_kad_post_feature":"default","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":""},"class_list":["post-12100","blog","type-blog","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/maqasid.org\/ar\/wp-json\/wp\/v2\/blog\/12100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maqasid.org\/ar\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/maqasid.org\/ar\/wp-json\/wp\/v2\/types\/blog"}],"replies":[{"embeddable":true,"href":"https:\/\/maqasid.org\/ar\/wp-json\/wp\/v2\/comments?post=12100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maqasid.org\/ar\/wp-json\/wp\/v2\/media\/12103"}],"wp:attachment":[{"href":"https:\/\/maqasid.org\/ar\/wp-json\/wp\/v2\/media?parent=12100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}