Skip to main content
SpringerLink
Log in
Book cover

Security Technology, Disaster Recovery and Business Continuity pp 18–28Cite as

Information Assurance in Saudi Organizations – An Empirical Study

  • Conference paper

  • 1289 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 122))

Abstract

This paper presents selective results of a survey conducted to find out the much needed insight into the status of information security in Saudi Arabian organizations. The purpose of this research is to give the state of information assurance in the Kingdom and to better understand the prevalent ground realities. The survey covered technical aspects of information security, risk management and information assurance management. The results provide deep insights in to the existing level of information assurance in various sectors that can be helpful in better understanding the intricate details of the prevalent information security in the Kingdom. Also, the results can be very useful for information assurance policy makers in the government as well as private sector organizations. There are few empirical studies on information assurance governance available in literature, especially about the Middle East and Saudi Arabia, therefore, the results are invaluable for information security researchers in improving the understanding of information assurance in this region and the Kingdom.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Halliday, S., Badenhorst, K., Solms, R.V.: A business approach to effective information technology risk analysis and management. Information Management & Computer Security 4, 19–31 (1996)

    Article  Google Scholar 

  2. Eloff, J.H.P., Labuschagne, L., Badenhorst, K.P.: A comparative framework for risk analysis methods. Comput. Secur. 12, 597–603 (1993)

    Article  Google Scholar 

  3. Corporate Governance Task Force: Information security governance: a call to action (2004), http://www.cyber.st.dhs.gov/docs/Information-Security-Governance-A-Call-to-Action.pdf

  4. Whitman, M.E.: Enemy at the gate: threats to information security. Communications of the ACM 46, 91–95 (2003)

    Article  Google Scholar 

  5. Hagen, J.M., Albrechtsen, E., Hovden, J.: Implementation and effectiveness of organizational information security measures. Information Management & Computer Security 16, 377–397 (2008)

    Article  Google Scholar 

  6. Freeman, E.H.: Holistic Information Security: ISO 27001 and Due Care. Information Systems Security 16, 291–294 (2007)

    Article  Google Scholar 

  7. Hong, K., Chi, Y., Chao, L.R., Tang, J.: An integrated system theory of information security management. Information Management & Computer Security 11, 243–248 (2003)

    Article  Google Scholar 

  8. Dlamini, M., Eloff, J., Eloff, M.: Information security: The moving target. Computers & Security 28, 189–198 (2009)

    Article  Google Scholar 

  9. Siponen, M.T., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. SIGMIS Database 38, 60–80 (2007)

    Article  Google Scholar 

  10. Summerfield, M.: Evolution of Deterrence Crime Theory (2006), http://mobile.associatedcontent.com/article/32600/evolution_of_deterrence_crime_theory.html

  11. Straub, D.W.: Effective IS Security: An Empirical Study. Information Systems Research 1, 255–276 (1990)

    Article  Google Scholar 

  12. Stanfford, M.C., Warr, M.: A Reconceptualization of General and Specific Deterrence. Journal of Research in Crime and Delinquency 30, 123–135 (1993)

    Article  Google Scholar 

  13. Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8, 31–41 (2000)

    Article  Google Scholar 

  14. Leonard, L.N.K., Cronan, T.P., Kreie, J.: What influences IT ethical behavior intentions: planned behavior, reasoned action, perceived importance, or individual characteristics? Information and Management 42, 143–158 (2004)

    Article  Google Scholar 

  15. Abu-Musa, A.A.: Exploring Information Technology Governance (ITG) in Developing Countries: An Empirical Study. International Journal of Digital Accounting Research 7, 71–120 (2007)

    Google Scholar 

  16. Abu-Musa, A.A.: Exploring the importance and implementation of COBIT processes in Saudi organizations: An empirical study. Information Management & Computer Security 17, 73–95 (2009)

    Article  Google Scholar 

  17. Alnatheer, M., Nelson, K.: A proposed framework for understanding information security culture and practices in the Saudi context. In: Proceedings of the 7th Australian Information Security Management Conference, pp. 6–17. SECAU - Edith Cowan University, Australia, Perth, Australia (2009)

    Google Scholar 

  18. Siponen, M., Pahnila, S., Mahmood, M.: Compliance with Information Security Policies: An Empirical Investigation. Computer 43, 64–71 (2010)

    Article  Google Scholar 

  19. Puhakainen, P., Siponen, M.T.: Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly 34 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance (CoEIA), King Saud University, Saudi Arabia

    Syed Irfan Nabi, Abdulrahman A. Mirza & Khaled Alghathbar

  2. Department of Information Systems, College of Computer and Information Science, King Saud University, Saudi Arabia

    Abdulrahman A. Mirza & Khaled Alghathbar

  3. Faculty of Computer Sciences, Institute of Business Administration, Karachi, Pakistan

    Syed Irfan Nabi

Authors
  1. Syed Irfan Nabi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdulrahman A. Mirza
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khaled Alghathbar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, Daejeon, South Korea

    Tai-hoon Kim

  2. National Chiao Tung University, Hsinchu, Taiwan

    Wai-chi Fang

  3. King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  4. Mississippi State University, Mississippi State, MS, USA

    Kirk P. Arnett

  5. Dept. of Computer Engineering, Mokwon University, 800, Doan-dong, Seo-gu, 302-729, Daejeon, Korea

    Heau-jo Kang

  6. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nabi, S.I., Mirza, A.A., Alghathbar, K. (2010). Information Assurance in Saudi Organizations – An Empirical Study. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17610-4_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17609-8

  • Online ISBN: 978-3-642-17610-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation