Abstract
Nowadays, the adoption of digital technology for NGOs (Non-Governmental Organizations) has become essential and unavoidable no matter how small the NGO are. Using technology come with its risk and opportunities; to control the risk an appropriate information security risk assessment methodology should be adopted. It helps to assess the risks and identify security requirements to protect information as well as maintain its confidentiality, integrity and availability. Furthermore, discovering vulnerabilities on the systems and defending threats help reduce risks and control the level of uncertainty NGOs facing. However, complying with information system risk assessments standards requires knowledge and experience on information security management which is a challenge for most of NGOs in Saudi Arabia as often lack resources. This paper contributes to demonstrates an analysis approach providing insight into the current awareness of information security risks in NGOs in Saudi Arabia. A survey was conducted on a sample of 168 NGOs accredited by the Ministry of Human Resources and Social Development (MHRSD) in Saudi Arabia were selected using a multi-stage stratified sampling approach. The results show a lack of security awareness in terms of protecting information security and the need for a straightforward tool to help assisting the information security risk with limited expertise and recourses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Carey-Smith, M., Nelson, K., May, L.: Improving information security management in nonprofit organisations with action research. In: Proceedings of the 5th Australian Information Security Management Conference, pp. 38–46 (2007b).
Nações Unidas.: Handbook on Non-profit institutions in the System of National Accounts (2003). http://unstats.un.org/unsd/publication/seriesf/seriesf_91e.pdf
Akingbola, K., Rogers, S.E., Baluch, A.: Change management in nonprofit organizations. In: Change Management in Nonprofit Organizations (2019). https://doi.org/10.1007/978-3-030-14774-7
Development, M. of H. R. and S.: Ministry of Human Resources and Social Development (2019). https://hrsd.gov.sa/
Lin, Y.: Government Management Model of Non-profit Organizations Based on E-government, pp. 164–168 (2019). https://doi.org/10.1145/3348445.3348464
Authority, N.C. (n.d.).: National Cybersecurity Authority. Retrieved November 14, 2019. https://nca.gov.sa/en/index.html
Anthopoulos, L.G.: Smart government: a new adjective to government transformation or a trick? In: Public Administration and Information Technology, vol. 22, pp. 263–293. Springer. https://doi.org/10.1007/978-3-319-57015-0_6
Bernardo, D.V.: Security risk assessment: Toward a comprehensive practical risk management. Int. J. Inf. Comput. Secur. 5(2), 77–104 (2012). https://doi.org/10.1504/IJICS.2012.051775
Wangen, G., Hallstensen, C., Snekkenes, E.: A framework for estimating information security risk assessment method completeness: core unified risk framework CURF. Int. J. Infor. Secur. 17(6), 681–699 (2018). https://doi.org/10.1007/s10207-017-0382-0
ISO/IEC.: ISO/IEC 27001:2005, Information security management systems-requirements. Infor. Syst. (2005)
Bowen, P., Hash, J., Wilson, M.: Information Security Handbook: A Guide for Managers NIST Special Publication 800–100. NIST Special Publication 800–100, October, 137 (2006). https://doi.org/10.6028/NIST.SP.800-100
Mierzwa, S., Scott, J.: Cybersecurity in Non-Profit and Non-Governmental Organizations Cybersecurity View project (2017). https://www.researchgate.net/publication/314096686
Ngamboé, M., Berthier, P., Ammari, N., Dyrda, K., Fernandez, J.M.: Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED). Int. J. Infor. Secur. https://doi.org/10.1007/s10207-020-00522-7
Carey-Smith, M., Nelson, K., May, L.: Improving Information Security Management in Nonprofit Organisations with Action Improving Information Security Management in Nonprofit Organisations with Action Research (2007a). https://doi.org/10.4225/75/57b52bb243e30
ENISA. (n.d.).: ENISA. Retrieved February 11, 2020. https://www.enisa.europa.eu/
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology (2002)
Tufan, E., Tezcan, C., Acartürk, C.: Anomaly-based intrusion detection by machine learning: a case study on probing attacks to an institutional network. IEEE Access 9, 50078–50092 (2021). https://doi.org/10.1109/ACCESS.2021.3068961
Al Achkar, Z.: Achieving Safe Operations through Acceptance: challenges and opportunities for security risk management Digital Risk: How New Technologies Impact Acceptance and Raise New Challenges for NGOs (2021)
Moist, R.: Giuliana Sorce (Ed.). Global perspectives on NGO communication for social change. Studies Commu. Sci. 22(1), 277–279 (2022). https://doi.org/10.24434/j.scoms.2022.01.042
Rice, L.E.: Non-profit organizations’ need to address security for effective government. 4(4), 53–71 (2012)
Kolb, N., Abdullah, F.: Developing an information security awareness program for a non-profit organization. Int. Manag. Rev. 5(2), 103 (2009)
Imboden, T.R.: How are nonprofit organizations influenced to create and adopt information security policies? Issues Infor. Syst. 14(2), 166–173 (2013)
Yeniman Yildirim, E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int. J. Inf. Manage. 31(4), 360–365 (2011). https://doi.org/10.1016/j.ijinfomgt.2010.10.006
Ghani, E.K., Hassin, N.H.N., Muhammad, K.: Effect of employees’ understanding on risk management process on risk management: a case study in a non-profit organisation. Int. J. Finan. Res. 10(3), 144–152 (2019). https://doi.org/10.5430/ijfr.v10n3p144
Of, I., By, A.: V Oluntary D Isclosure of S Ales By S Mall and M Edium S Ized E Nterprises : I (2002)
Sarstedt, M., Schloderer, M.P.: Developing a measurement approach for reputation of non-profit organizations. Inter. J. Nonprofit Voluntary Sector Marketing), 276–299 (2010). 15(January 2009. https://doi.org/10.1002/nvsm
Montenegro, C., Moncayo, D., Provemovil, S.A.: Information Security Risk in SMEs : a Hybrid Model compatible with IFRS Evaluation in two Ecuadorian SMEs of Automotive Sector Information Security Risk in SMEs : a Hybrid Model compatible with IFRS Evaluation in two Ecuadorian SMEs of Automotive Sector. October 2016 (2017). https://doi.org/10.1109/INFOCOMAN.2016.7784226
Valdevit, T., Mayer, N.: A gap analysis tool for SMES targeting ISO/IEC 27001 compliance. In: ICEIS 2010 - Proceedings of the 12th International Conference on Enterprise Information Systems, 3 ISAS, pp. 413–416. https://doi.org/10.5220/0002865504130416
Valdevit, T., Mayer, N., Barafort, B.: Tailoring ISO/IEC 27001 for SMEs: a guide to implement an information security management system in small settings. Commun. Comp. Infor. Sci. 42, 201–212 (2009). https://doi.org/10.1007/978-3-642-04133-4_17
Richard Henson, W.B.S., Daniel Dresner, H.I.A.N., David Booth, I.S.C. (n.d.).: IASME: Information Security Management evolution for SMEs
Ponsard, C., Grandclaudon, J.: Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs. Springer International Publishing (2019). https://doi.org/10.1007/978-3-030-25109-3_13
Kumar, R.: Research methodology a step-by-step guide for beginners. In: Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis, vol. 53, Issue 9 (2015). http://publications.lib.chalmers.se/records/fulltext/245180/245180.pdf
Department for Digital, Culture, M. & S. (DCMS).: Cyber security skills in the UK labour market 2020 (2020). https://www.gov.uk/government/publications/cyber-security-skills-in-the-uk-labour-market-2020/cyber-security-skills-in-the-uk-labour-market-2020
Fatokun Faith, B., Hamid, S., Norman, A., Fatokun Johnson, O., Eke, C.I.: Relating factors of tertiary institution students’ cybersecurity behavior. In: 2020 International Conference in Mathematics, Computer Engineering and Computer Science, ICMCECS 2020, pp. 0–5. https://doi.org/10.1109/ICMCECS47690.2020.246990
Jarques, C.: Chapter 4 stratified sampling. Stratified Sampling, pp. 1–27 (2014)
Ronald N. Forthofer, Eun Sul Lee, M.H.: Biostatistics (2544)
Monshaat. (n.d.).: Monshaat. Retrieved December 2, 2020. https://www.monshaat.gov.sa/
Singh, A.S., Masuku, M.B.: Fundamentals of applied research and sampling techniques. Int. J. Medical Appl. Sci. 2(4), 124–132 (2013)
Bartlett II, J.E., Kotrlik, J.W., Higgins, C.C.: Determing appropriate sample size in survey research. Infor. Technol. Learning Perform J. 19(1), 43–50 (2001). https://www.opalco.com/wp-content/uploads/2014/10/Reading-Sample-Size1.pdf
Size, D.S. (n.d.).: Using Published Tables Using Formulas To Calculate A Sample Size Using A Census For Small Populations
Kanpur, I.: Chapter 10 two stage sampling (subsampling). Sampling Theory, Two Stage Sampling, pp. 1–21 (2013)
Pandey, R., Verma, M.R.: Samples allocation in different strata for impact. Rev. Bras. Biom. 26(4), 103–112 (2008). http://jaguar.fcav.unesp.br/RME/fasciculos/v26/v26_n4/A7_Artigo_Verma.pdf
Norris, D.F., Mateczun, L., Joshi, A., Finin, T.: Cyberattacks at the grass roots: american local governments and the need for high levels of cybersecurity. Public Adm. Rev. 79(6), 895–904 (2019). https://doi.org/10.1111/puar.13028
Six, M.: Quality in Multisource Statistics Quality Guidelines for. 07112, 1–93
Sudman, S., Lessler, J.T., Kalsbeek, W.D.: Nonsampling error in surveys. J. Mark. Res. 30(3), 392 (1993). https://doi.org/10.2307/3172891
Shenton, A.K.: Strategies for ensuring trustworthiness in qualitative research projects.: University of Liverpool Library. Educ. Infor. 22, 63–75. https://pdfs.semanticscholar.org/cbe6/70d35e449ceed731466c316cd273032b28ca.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 Appendix A: Survey Questions
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hassan, M., Saeedi, K., Almagwashi, H., Alarifi, S. (2023). Information Security Risk Awareness Survey of Non-governmental Organization in Saudi Arabia. In: Visvizi, A., Troisi, O., Grimaldi, M. (eds) Research and Innovation Forum 2022. RIIFORUM 2022. Springer Proceedings in Complexity. Springer, Cham. https://doi.org/10.1007/978-3-031-19560-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-19560-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19559-4
Online ISBN: 978-3-031-19560-0
eBook Packages: Computer ScienceComputer Science (R0)