Information security awareness is human and organizational attitudes which can be described as a behavior or an attitude of an organization and/or its members towards protecting the organization's information assets. The goal of this paper is to understand the state of the information security awareness at some of the Saudi Arabians' organizations, i.e., governments and privates by investigating the perception of their information technology's employees. The author believes that understanding the state of information security awareness of IT employees can give a better understanding of the level of awareness at the entire organization. The results of this study show that most of the IT employees at the surveyed organizations have some misconceptions about information security practices. In addition, many responses indicated that many IT employees are not aware of the internal information security threats. Such results required very urgent actions from the top management of these organizations to consider the information security awareness programs within their public relations and training programs.
[1]
Herbert J. Mattord,et al.
Principles of Information Security
,
2004
.
[2]
Michael Siegel,et al.
The House of Security: Stakeholder Perceptions of Security Assessment and Importance
,
2007
.
[3]
Mark Wilson,et al.
SP 800-16. Information Technology Security Training Requirements: a Role- and Performance-Based Model
,
1998
.
[4]
Ahmad A. Abu-Musa.
Investigating the Perceived Threats of Computerized Accounting Information Systems in Developing Countries: An Empirical Study on Saudi Organizations
,
2006,
J. King Saud Univ. Comput. Inf. Sci..
[5]
Sami M. Alageel.
Development of an information security awareness training program for the Royal Saudi Naval Forces (RSNF)
,
2003
.
[6]
Hennie A. Kruger,et al.
A prototype for assessing information security awareness
,
2006,
Comput. Secur..
[7]
D. Cooke,et al.
A Basic Course in Statistics
,
2000
.