ISSN Print: 2472-9450  ISSN Online: 2472-9469
International Journal of Psychology and Cognitive Science  
Manuscript Information
 
 
Organizational Factors Affecting Information Security Management Practices in Private Sector Organizations
International Journal of Psychology and Cognitive Science
Vol.5 , No. 1, Publication Date: Jan. 31, 2019, Page: 9-23
859 Views Since January 31, 2019, 422 Downloads Since Jan. 31, 2019
 
 
Authors
 
[1]    

Abdulrahman Ali Mohsen Al-Harethi, Department of Project Management, Limkokwing University of Creative Technology, Cyberjaya, Malaysia.

[2]    

Abdullah Hussein Abdullah Al-Amoodi, Department of Computing, Universiti Pendidikan Sultan Idris (UPSI), Tanjong Malim, Malaysia.

 
Abstract
 

The objective of this study is to address a comprehensive framework for managers and IT employees towards better information security management which boosts their awareness to a better level. A quantitative survey is conducted in order to investigate the information security element in technical IT departments of the private sector organizations in the kingdom of Saudi Arabia and to boost the security awareness among managers and IT staff of those chosen organizations. The results suggest that the more experienced and aware the staff get, the less of damages that will occur in the company, also it will enhance the organization overall information security policies. The research limitations are lack of ISM analysis Studies conducted in Saudi Arabia considering the private sector. Some respondents refused to cooperate in filling the survey, while some thought that their participation will reflect on their job and it might show to others their inexperience skills. The study only covered private sector organizations in Jeddah, Saudi Arabia. A proposed framework will be detailed and evaluated. Recommendations will be addressed to the staff and managers to help them evolve their awareness of IS and managing it. Findings are aimed to benefit IS managers; enable them to realize ways to boost security awareness. The study will add some contribution to ISM researches and the main body of knowledge.


Keywords
 

Information Security Awareness (ISA), Information Security Management (ISM), Private Sector Organizations, Saudi Arabia, Security Components


Reference
 
[01]    

Kruger, H., and Kearney, W. (2006), A prototype for assessing information security awareness, Computers & Security, 25 (4), pp. 289-296.

[02]    

Flowerday, S., and Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. Computers & Security, 61, pp. 169-183.

[03]    

Kritzinger, E. and Smith, E. (2008). Information security management: An information security retrieval and awareness model for the industry. Computers & Security, 27 (5-6), pp. 224-231.

[04]    

Blakley, B., McDermott, E., and Geer, D. (2001). Information security is information risk management. Proceedings of the 2001 workshop on new security paradigms - NSPW '01.

[05]    

Go-gulf. (2016). Social Media in Saudi Arabia - Statistics and Trends. [online] Available at: http://www.go-gulf.com/blog/social-media-saudi-arabia/ [Accessed 2 Feb. 2017].

[06]    

Global Media Insight. (2016). Saudi Arabia Social Media Statistics 2016 - Official GMI Blog. [online] Available at: http://www.globalmediainsight.com/blog/saudi-arabia-social-media-statistics/ [Accessed 2 Feb. 2017].

[07]    

National Transformation Program 2020. (2016). pp. 32-33.

[08]    

Dhillon, G. and Backhouse, J. (2000). Technical opinion: Information system security management in the new millennium. Communications of the ACM, 43 (7), pp. 125-128.

[09]    

Eminağaoğlu, M., Uçar, E. and Eren, Ş. (2009). The positive outcomes of information security awareness training in companies – A case study. Information Security Technical Report, 14 (4), pp. 223-229.

[10]    

Raymond, L. (1990). Organizational context and information systems success: A contingency approach. Journal of Management Information Systems, 6 (4), 5-20.

[11]    

Dutta, A. and McCrohan, K. (2002). Management's Role in Information Security in a Cyber Economy. California Management Review, 45 (1), pp. 67-87.

[12]    

Alsaif, M., Aljaafari, N. and Khan, A. (2015). Information Security Management in Saudi Arabian Organizations. Procedia Computer Science, 56, pp. 213-216.

[13]    

Frühwirth, C. (2009). On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards, and Research Work. Lecture Notes in Business Information Processing, pp. 375-385.

[14]    

Peltier, T. (2005). Information security risk analysis. 2nd ed. Boca Raton: Auerbach Publications.

[15]    

Taylor, A. (2008). Information Security Management Principle. 1st ed. Swindon: The British Computer Society.

[16]    

Safa, N. and Von Solms, R. (2016). An information security knowledge sharing model in organizations.

[17]    

Sameera Mubarak, (2016), "Developing a theory-based information security management framework for human service organizations", Journal of Information, Communication, and Ethics in Society, Vol. 14 Iss 3 pp.

[18]    

Järveläinen, J. (2012). Information security and business continuity management in inter-organizational IT relationships. Information Management & Computer Security, 20 (5), pp. 332-349.

[19]    

Abhishek Narain Singh M. P. Gupta Amitabh Ojha, (2014), "Identifying factors of “organizational information security management”, Journal of Enterprise Information Management, Vol. 27 Iss 5 pp. 644-667.

[20]    

Chander, M., Jain, S. and Shankar, R. (2013). Modeling of information security management parameters in Indian organizations using ISM and MICMAC approach. Journal of Modeling in Management, 8 (2), pp. 171-189.

[21]    

Li-Hsing Ho Ming-Tsai Hsu Tieh-Min Yen, (2015), "Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL", Information &Computer Security, Vol. 23 Issue 2 pp. 161-177.

[22]    

Alavi, R., Islam, S. and Mouratidis, H. (2016). An information security risk-driven investment model for analyzing human factors.

[23]    

Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C. and Giannakopoulos, G. (2014). The Human Factor of Information Security: Unintentional Damage Perspective. Procedia - Social and Behavioral Sciences, 147, pp. 424-428.

[24]    

Da Veiga, A. (2016). Comparing the information security culture of employees who had read the information security policy and those who had not.

[25]    

European Network and Security Agency, (2007). Information security awareness initiatives Current practice and the measurement of success. [online] Available at: http://intug.org/2007/08/enisa-presents-report-on-information-security-awareness/ [Accessed 27 Feb. 2017].

[26]    

Hansche, S. 2001, designing a security awareness program: part 1, Information Systems Security, January/February, pp. 14-22.

[27]    

Finextra. UK phishing fraud losses double. Available from: ; 2006 [accessed February 2017].

[28]    

Cone, B., Irvine, C., Thompson, M. and Nguyen, T. (2007). A video game for cybersecurity training and awareness. Computers & Security, 26 (1), pp. 63-72.

[29]    

Ahlan, A., Lubis, M., and Lubis, A. (2015). Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures. Procedia Computer Science, 72, pp. 361-373.

[30]    

Ahlan, A. and Lubis, M. (2011). Information security awareness in university: Maintaining learnability, performance, and adaptability through roles of responsibility. 2011 7th International Conference on Information Assurance and Security (IAS).

[31]    

Tsohou, A., Karyda, M., Kokolakis, S. and Kiountouzis, E. (2012). Analyzing the trajectories of information security awareness.

[32]    

Ki-Aries, D., Faily, S. and Beckers, K. (2016). Persona-Driven Information Security Awareness. [online] Bournemouth, BISL. Available at: http://eprints.bournemouth.ac.uk/23808/1/kifa16.pdf [Accessed 27 Mar. 2017].

[33]    

Alarifi, A., Tootell, H. and Hyland, P. (2012). A study of information security awareness and practices in Saudi Arabia. 2012 International Conference on Communications and Information Technology (ICCIT).

[34]    

Ngoqo, B. and Flowerday, S. (2015). Exploring the relationship between student mobile information security awareness and behavioral intent.





 
  Join Us
 
  Join as Reviewer
 
  Join Editorial Board
 
share:
 
 
Submission
 
 
Membership