Skip to main content
SpringerLink
Log in

Information Security Risk Awareness Survey of Non-governmental Organization in Saudi Arabia

  • Conference paper
  • First Online:
Research and Innovation Forum 2022 (RIIFORUM 2022)

Part of the book series: Springer Proceedings in Complexity ((SPCOM))

Included in the following conference series:

  • 529 Accesses

Abstract

Nowadays, the adoption of digital technology for NGOs (Non-Governmental Organizations) has become essential and unavoidable no matter how small the NGO are. Using technology come with its risk and opportunities; to control the risk an appropriate information security risk assessment methodology should be adopted. It helps to assess the risks and identify security requirements to protect information as well as maintain its confidentiality, integrity and availability. Furthermore, discovering vulnerabilities on the systems and defending threats help reduce risks and control the level of uncertainty NGOs facing. However, complying with information system risk assessments standards requires knowledge and experience on information security management which is a challenge for most of NGOs in Saudi Arabia as often lack resources. This paper contributes to demonstrates an analysis approach providing insight into the current awareness of information security risks in NGOs in Saudi Arabia. A survey was conducted on a sample of 168 NGOs accredited by the Ministry of Human Resources and Social Development (MHRSD) in Saudi Arabia were selected using a multi-stage stratified sampling approach. The results show a lack of security awareness in terms of protecting information security and the need for a straightforward tool to help assisting the information security risk with limited expertise and recourses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Carey-Smith, M., Nelson, K., May, L.: Improving information security management in nonprofit organisations with action research. In: Proceedings of the 5th Australian Information Security Management Conference, pp. 38–46 (2007b).

    Google Scholar 

  2. Nações Unidas.: Handbook on Non-profit institutions in the System of National Accounts (2003). http://unstats.un.org/unsd/publication/seriesf/seriesf_91e.pdf

  3. Akingbola, K., Rogers, S.E., Baluch, A.: Change management in nonprofit organizations. In: Change Management in Nonprofit Organizations (2019). https://doi.org/10.1007/978-3-030-14774-7

  4. Development, M. of H. R. and S.: Ministry of Human Resources and Social Development (2019). https://hrsd.gov.sa/

  5. Lin, Y.: Government Management Model of Non-profit Organizations Based on E-government, pp. 164–168 (2019). https://doi.org/10.1145/3348445.3348464

  6. Authority, N.C. (n.d.).: National Cybersecurity Authority. Retrieved November 14, 2019. https://nca.gov.sa/en/index.html

  7. Anthopoulos, L.G.: Smart government: a new adjective to government transformation or a trick? In: Public Administration and Information Technology, vol. 22, pp. 263–293. Springer. https://doi.org/10.1007/978-3-319-57015-0_6

  8. Bernardo, D.V.: Security risk assessment: Toward a comprehensive practical risk management. Int. J. Inf. Comput. Secur. 5(2), 77–104 (2012). https://doi.org/10.1504/IJICS.2012.051775

    Article  Google Scholar 

  9. Wangen, G., Hallstensen, C., Snekkenes, E.: A framework for estimating information security risk assessment method completeness: core unified risk framework CURF. Int. J. Infor. Secur. 17(6), 681–699 (2018). https://doi.org/10.1007/s10207-017-0382-0

    Article  Google Scholar 

  10. ISO/IEC.: ISO/IEC 27001:2005, Information security management systems-requirements. Infor. Syst. (2005)

    Google Scholar 

  11. Bowen, P., Hash, J., Wilson, M.: Information Security Handbook: A Guide for Managers NIST Special Publication 800–100. NIST Special Publication 800–100, October, 137 (2006). https://doi.org/10.6028/NIST.SP.800-100

  12. Mierzwa, S., Scott, J.: Cybersecurity in Non-Profit and Non-Governmental Organizations Cybersecurity View project (2017). https://www.researchgate.net/publication/314096686

  13. Ngamboé, M., Berthier, P., Ammari, N., Dyrda, K., Fernandez, J.M.: Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED). Int. J. Infor. Secur. https://doi.org/10.1007/s10207-020-00522-7

  14. Carey-Smith, M., Nelson, K., May, L.: Improving Information Security Management in Nonprofit Organisations with Action Improving Information Security Management in Nonprofit Organisations with Action Research (2007a). https://doi.org/10.4225/75/57b52bb243e30

  15. ENISA. (n.d.).: ENISA. Retrieved February 11, 2020. https://www.enisa.europa.eu/

  16. Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology (2002)

    Google Scholar 

  17. Tufan, E., Tezcan, C., Acartürk, C.: Anomaly-based intrusion detection by machine learning: a case study on probing attacks to an institutional network. IEEE Access 9, 50078–50092 (2021). https://doi.org/10.1109/ACCESS.2021.3068961

    Article  Google Scholar 

  18. Al Achkar, Z.: Achieving Safe Operations through Acceptance: challenges and opportunities for security risk management Digital Risk: How New Technologies Impact Acceptance and Raise New Challenges for NGOs (2021)

    Google Scholar 

  19. Moist, R.: Giuliana Sorce (Ed.). Global perspectives on NGO communication for social change. Studies Commu. Sci. 22(1), 277–279 (2022). https://doi.org/10.24434/j.scoms.2022.01.042

  20. Rice, L.E.: Non-profit organizations’ need to address security for effective government. 4(4), 53–71 (2012)

    Google Scholar 

  21. Kolb, N., Abdullah, F.: Developing an information security awareness program for a non-profit organization. Int. Manag. Rev. 5(2), 103 (2009)

    Google Scholar 

  22. Imboden, T.R.: How are nonprofit organizations influenced to create and adopt information security policies? Issues Infor. Syst. 14(2), 166–173 (2013)

    Google Scholar 

  23. Yeniman Yildirim, E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int. J. Inf. Manage. 31(4), 360–365 (2011). https://doi.org/10.1016/j.ijinfomgt.2010.10.006

    Article  Google Scholar 

  24. Ghani, E.K., Hassin, N.H.N., Muhammad, K.: Effect of employees’ understanding on risk management process on risk management: a case study in a non-profit organisation. Int. J. Finan. Res. 10(3), 144–152 (2019). https://doi.org/10.5430/ijfr.v10n3p144

    Article  Google Scholar 

  25. Of, I., By, A.: V Oluntary D Isclosure of S Ales By S Mall and M Edium S Ized E Nterprises : I (2002)

    Google Scholar 

  26. Sarstedt, M., Schloderer, M.P.: Developing a measurement approach for reputation of non-profit organizations. Inter. J. Nonprofit Voluntary Sector Marketing), 276–299 (2010). 15(January 2009. https://doi.org/10.1002/nvsm

  27. Montenegro, C., Moncayo, D., Provemovil, S.A.: Information Security Risk in SMEs : a Hybrid Model compatible with IFRS Evaluation in two Ecuadorian SMEs of Automotive Sector Information Security Risk in SMEs : a Hybrid Model compatible with IFRS Evaluation in two Ecuadorian SMEs of Automotive Sector. October 2016 (2017). https://doi.org/10.1109/INFOCOMAN.2016.7784226

  28. Valdevit, T., Mayer, N.: A gap analysis tool for SMES targeting ISO/IEC 27001 compliance. In: ICEIS 2010 - Proceedings of the 12th International Conference on Enterprise Information Systems, 3 ISAS, pp. 413–416. https://doi.org/10.5220/0002865504130416

  29. Valdevit, T., Mayer, N., Barafort, B.: Tailoring ISO/IEC 27001 for SMEs: a guide to implement an information security management system in small settings. Commun. Comp. Infor. Sci. 42, 201–212 (2009). https://doi.org/10.1007/978-3-642-04133-4_17

    Article  Google Scholar 

  30. Richard Henson, W.B.S., Daniel Dresner, H.I.A.N., David Booth, I.S.C. (n.d.).: IASME: Information Security Management evolution for SMEs

    Google Scholar 

  31. Ponsard, C., Grandclaudon, J.: Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs. Springer International Publishing (2019). https://doi.org/10.1007/978-3-030-25109-3_13

  32. Kumar, R.: Research methodology a step-by-step guide for beginners. In: Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis, vol. 53, Issue 9 (2015). http://publications.lib.chalmers.se/records/fulltext/245180/245180.pdf

  33. Department for Digital, Culture, M. & S. (DCMS).: Cyber security skills in the UK labour market 2020 (2020). https://www.gov.uk/government/publications/cyber-security-skills-in-the-uk-labour-market-2020/cyber-security-skills-in-the-uk-labour-market-2020

  34. Fatokun Faith, B., Hamid, S., Norman, A., Fatokun Johnson, O., Eke, C.I.: Relating factors of tertiary institution students’ cybersecurity behavior. In: 2020 International Conference in Mathematics, Computer Engineering and Computer Science, ICMCECS 2020, pp. 0–5. https://doi.org/10.1109/ICMCECS47690.2020.246990

  35. Jarques, C.: Chapter 4 stratified sampling. Stratified Sampling, pp. 1–27 (2014)

    Google Scholar 

  36. Ronald N. Forthofer, Eun Sul Lee, M.H.: Biostatistics (2544)

    Google Scholar 

  37. Monshaat. (n.d.).: Monshaat. Retrieved December 2, 2020. https://www.monshaat.gov.sa/

  38. Singh, A.S., Masuku, M.B.: Fundamentals of applied research and sampling techniques. Int. J. Medical Appl. Sci. 2(4), 124–132 (2013)

    Google Scholar 

  39. Bartlett II, J.E., Kotrlik, J.W., Higgins, C.C.: Determing appropriate sample size in survey research. Infor. Technol. Learning Perform J. 19(1), 43–50 (2001). https://www.opalco.com/wp-content/uploads/2014/10/Reading-Sample-Size1.pdf

  40. Size, D.S. (n.d.).: Using Published Tables Using Formulas To Calculate A Sample Size Using A Census For Small Populations

    Google Scholar 

  41. Kanpur, I.: Chapter 10 two stage sampling (subsampling). Sampling Theory, Two Stage Sampling, pp. 1–21 (2013)

    Google Scholar 

  42. Pandey, R., Verma, M.R.: Samples allocation in different strata for impact. Rev. Bras. Biom. 26(4), 103–112 (2008). http://jaguar.fcav.unesp.br/RME/fasciculos/v26/v26_n4/A7_Artigo_Verma.pdf

  43. Norris, D.F., Mateczun, L., Joshi, A., Finin, T.: Cyberattacks at the grass roots: american local governments and the need for high levels of cybersecurity. Public Adm. Rev. 79(6), 895–904 (2019). https://doi.org/10.1111/puar.13028

    Article  Google Scholar 

  44. Six, M.: Quality in Multisource Statistics Quality Guidelines for. 07112, 1–93

    Google Scholar 

  45. Sudman, S., Lessler, J.T., Kalsbeek, W.D.: Nonsampling error in surveys. J. Mark. Res. 30(3), 392 (1993). https://doi.org/10.2307/3172891

    Article  MATH  Google Scholar 

  46. Shenton, A.K.: Strategies for ensuring trustworthiness in qualitative research projects.: University of Liverpool Library. Educ. Infor. 22, 63–75. https://pdfs.semanticscholar.org/cbe6/70d35e449ceed731466c316cd273032b28ca.pdf

Download references

Author information

Authors and Affiliations

  1. Information Systems Department, King Abdulaziz University, Jeddah, Saudi Arabia

    Mariyam Hassan, Kawther Saeedi, Haya Almagwashi & Suaad Alarifi

Authors
  1. Mariyam Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kawther Saeedi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haya Almagwashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Suaad Alarifi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mariyam Hassan .

Editor information

Editors and Affiliations

  1. SGH Warsaw School of Economics, Warsaw, Poland

    Anna Visvizi

  2. University of Salerno, Fisciano, Italy

    Orlando Troisi

  3. University of Salerno, Fisciano, Italy

    Mara Grimaldi

Appendix

Appendix

1.1 Appendix A: Survey Questions

figure a
figure b
figure c
figure d
figure e
figure f
figure g
figure h

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hassan, M., Saeedi, K., Almagwashi, H., Alarifi, S. (2023). Information Security Risk Awareness Survey of Non-governmental Organization in Saudi Arabia. In: Visvizi, A., Troisi, O., Grimaldi, M. (eds) Research and Innovation Forum 2022. RIIFORUM 2022. Springer Proceedings in Complexity. Springer, Cham. https://doi.org/10.1007/978-3-031-19560-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19560-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19559-4

  • Online ISBN: 978-3-031-19560-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation