Abstract
This paper presents selective results of a survey conducted to find out the much needed insight into the status of information security in Saudi Arabian organizations. The purpose of this research is to give the state of information assurance in the Kingdom and to better understand the prevalent ground realities. The survey covered technical aspects of information security, risk management and information assurance management. The results provide deep insights in to the existing level of information assurance in various sectors that can be helpful in better understanding the intricate details of the prevalent information security in the Kingdom. Also, the results can be very useful for information assurance policy makers in the government as well as private sector organizations. There are few empirical studies on information assurance governance available in literature, especially about the Middle East and Saudi Arabia, therefore, the results are invaluable for information security researchers in improving the understanding of information assurance in this region and the Kingdom.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Halliday, S., Badenhorst, K., Solms, R.V.: A business approach to effective information technology risk analysis and management. Information Management & Computer Security 4, 19–31 (1996)
Eloff, J.H.P., Labuschagne, L., Badenhorst, K.P.: A comparative framework for risk analysis methods. Comput. Secur. 12, 597–603 (1993)
Corporate Governance Task Force: Information security governance: a call to action (2004), http://www.cyber.st.dhs.gov/docs/Information-Security-Governance-A-Call-to-Action.pdf
Whitman, M.E.: Enemy at the gate: threats to information security. Communications of the ACM 46, 91–95 (2003)
Hagen, J.M., Albrechtsen, E., Hovden, J.: Implementation and effectiveness of organizational information security measures. Information Management & Computer Security 16, 377–397 (2008)
Freeman, E.H.: Holistic Information Security: ISO 27001 and Due Care. Information Systems Security 16, 291–294 (2007)
Hong, K., Chi, Y., Chao, L.R., Tang, J.: An integrated system theory of information security management. Information Management & Computer Security 11, 243–248 (2003)
Dlamini, M., Eloff, J., Eloff, M.: Information security: The moving target. Computers & Security 28, 189–198 (2009)
Siponen, M.T., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. SIGMIS Database 38, 60–80 (2007)
Summerfield, M.: Evolution of Deterrence Crime Theory (2006), http://mobile.associatedcontent.com/article/32600/evolution_of_deterrence_crime_theory.html
Straub, D.W.: Effective IS Security: An Empirical Study. Information Systems Research 1, 255–276 (1990)
Stanfford, M.C., Warr, M.: A Reconceptualization of General and Specific Deterrence. Journal of Research in Crime and Delinquency 30, 123–135 (1993)
Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8, 31–41 (2000)
Leonard, L.N.K., Cronan, T.P., Kreie, J.: What influences IT ethical behavior intentions: planned behavior, reasoned action, perceived importance, or individual characteristics? Information and Management 42, 143–158 (2004)
Abu-Musa, A.A.: Exploring Information Technology Governance (ITG) in Developing Countries: An Empirical Study. International Journal of Digital Accounting Research 7, 71–120 (2007)
Abu-Musa, A.A.: Exploring the importance and implementation of COBIT processes in Saudi organizations: An empirical study. Information Management & Computer Security 17, 73–95 (2009)
Alnatheer, M., Nelson, K.: A proposed framework for understanding information security culture and practices in the Saudi context. In: Proceedings of the 7th Australian Information Security Management Conference, pp. 6–17. SECAU - Edith Cowan University, Australia, Perth, Australia (2009)
Siponen, M., Pahnila, S., Mahmood, M.: Compliance with Information Security Policies: An Empirical Investigation. Computer 43, 64–71 (2010)
Puhakainen, P., Siponen, M.T.: Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly 34 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nabi, S.I., Mirza, A.A., Alghathbar, K. (2010). Information Assurance in Saudi Organizations – An Empirical Study. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-17610-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)