To search, Click below search items.


All Published Papers Search Service


A Framework to ensure Information Security Awareness in the Middle East


Fatima A Almarshad, Abdullah I A Alzahrani, and Gary Wills


Vol. 22  No. 1  pp. 581-587


The reliance on information systems within busi?ness in all societies, brings about the need for trust and securi?ty in their use. Technology is considered to be the foundation for securing such systems. However, technology alone is not enough, since users make mistakes, both in unwittingly and intentionally, which is why there is a need for well-defined information security awareness policies and practices that re?duce the risk of incidents through continual assurance. Culture has been found to play a significant role when implementing awareness strategies, since the impact of information security awareness programmes has varied in their impact, and is in?fluenced by national culture. This paper defines the essential factors that have to be maintained in Middle-Eastern organisations in order to implement effec?tive awareness strategies. In considering culture, we present a synthesis of features and components highlighted in the literature. This was supplemented by interviews with experts in information secu?rity about attitudes and behaviours among employees in their institutions. Current information security management systems standards were checked for security awareness in their poli?cies. A framework of factors was created by applying thematic analysis to characterise information security awareness. The significant components of the framework were the factors that frame awareness in the light of cultural and environmental perspectives: Knowledge, Attitude, and Behav?iour.


Awareness strategy, cultural impact, information security awareness, information security culture, user behaviour