论文信息 - Information Security Management in Saudi Arabian Organizations

Information Security Management in Saudi Arabian Organizations

Abstract Information security is a growing concern among various organizations and companies worldwide. Though organizations are generally focusing on external security threats but there could be substantial threats within the organization. This paper presents a detailed survey conducted on various organizations of Saudi Arabia to have a deep insight into how the issues of deterrence for the information security violation are dealt with within organizations. It focuses on the awareness and effectiveness of information security policies of the organization among its employees.

[1] Rossouw von Solms,et al. Towards information security behavioural compliance , 2004, Comput. Secur..

[2] Detmar W. Straub,et al. Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[3] Qing Hu,et al. Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[4] Mikko T. Siponen,et al. Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[5] Dennis F. Galletta,et al. User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[6] D. Parker. Computer Security Management , 1981 .

[7] A. B. Ruighaver,et al. Towards Understanding Deterrence: Information Security Managers' Perspective , 2011, ICITCS.