The Security Culture Readiness Model (SCRM) for Saudi Universities: A Preliminary Structure
Pages 692 - 697
Abstract
Context: In today's interconnected digital landscape, cultivating a robust Information Security culture within organizations is imperative to mitigate data breaches and unauthorized access risks.
Objective: This paper presents the preliminary structure of the Security Culture Readiness Model (SCRM), aimed at assessing and enhancing organizations' preparedness to instill a comprehensive security culture.
Method: Through a systematic Multivocal Literature Review (MLR), we systematically identified pivotal knowledge areas and best practices essential for nurturing a resilient security culture within university settings. Subsequently, the SCRM underwent rigorous evaluation utilizing a case study methodology to refine its structure and applicability.
Results: Our analysis demonstrates the SCRM's efficacy in evaluating universities' readiness levels and pinpointing actionable strategies to foster an information security culture. By serving as a foundational tool, the SCRM empowers universities to elevate security awareness, discern strengths, and address weaknesses, thereby fostering a culture of vigilance and resilience against evolving cybersecurity threats.
Conclusion: This study contributes to advancing security practices within universities, offering invaluable insights into navigating complex security challenges and fortifying readiness for future adversities.
References
[1]
H. K. Alkahtani, “Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework,” 2018.
[2]
A. Al Hogail, “Cultivating and assessing an organizational information security culture; an empirical study,” Int. J. Secur. its Appl., vol. 9, no. 7, pp. 163–178, 2015.
[3]
A. Alhogail and A. Mirza, “Information security culture: A definition and a literature review,” 2014 World Congr. Comput. Appl. Inf. Syst. WCCAIS 2014, 2014.
[4]
A. Nasir, “a Dimension-Based Information Security Culture Model for Information Security Policy Compliance Behavior in Malaysian Public Universities Doctor of Philosophy,” Core.Ac.Uk, 2019, [Online]. Available: https://core.ac.uk/download/pdf/362053010.pdf.
[5]
S. Furnell, “From the Editor-in-Chief: IFIP workshop-Information security culture,” Comput. Secur., vol. 26, no. 1, p. 35, 2007.
[6]
Z. A. Alzamil, “Information security practice in Saudi Arabia: case study on Saudi organizations,” Inf. Comput. Secur., vol. 26, no. 5, pp. 568–583, 2018.
[7]
S. G. Govender, E. Kritzinger, and M. Loock, “A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture,” Pers. Ubiquitous Comput., vol. 25, no. 5, pp. 927–940, 2021.
[8]
S. Al-Janabi and I. Al-Shourbaji, “A Study of Cyber Security Awareness in Educational Environment in the Middle East,” J. Inf. Knowl. Manag., vol. 15, no. 1, 2016.
[9]
V. Garousi, M. Felderer, and M. V. Mäntylä, “Guidelines for including grey literature and conducting multivocal literature reviews in software engineering,” Inf. Softw. Technol., vol. 106, pp. 101–121, 2019.
[10]
V. Braun and V. Clarke, “Using thematic analysis in psychology,” Qual. Res. Psychol., vol. 3, no. 2, pp. 77–101, 2006.
[11]
H. Al-Matouq, S. Mahmood, M. Alshayeb, and M. Niazi, “A Maturity Model for Secure Software Design: A Multivocal Study,” IEEE Access, vol. 8, pp. 215758–215776, 2020.
Recommendations
The impacts of organizational culture on information security culture: a case study
Information security cannot rely solely on technology. More attention must be drawn to the users' behavioral perspectives regarding information security. In this study, we propose that a culture encouraging employees to comply with information policies ...
Information security culture: A management perspective
Information technology has become an integral part of modern life. Today, the use of information permeates every aspect of both business and private lives. Most organizations need information systems to survive and prosper and thus need to be serious ...
A preliminary structure of software outsourcing vendors' readiness model
PROFES '10: Proceedings of the 11th International Conference on Product Focused SoftwareCONTEXT -- Offshore software development outsourcing is a contractual business of high quality software production at offshore destinations with significant cost-saving. Vendor's readiness plays an important role in the successful outcomes of ...
Comments
Information & Contributors
Information
Published In
June 2024
728 pages
ISBN:9798400717017
DOI:10.1145/3661167
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 18 June 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
EASE 2024
EASE 2024: 28th International Conference on Evaluation and Assessment in Software Engineering
June 18 - 21, 2024
Salerno, Italy
Acceptance Rates
Overall Acceptance Rate 71 of 232 submissions, 31%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 19Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)11
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format