Management attitudes toward information security in Omani public sector organisations

The incorporation of ICT in public sector organisations is progressing rapidly in Oman where the government sees this as a means to enhance the delivery of online services. In this context, preserving the security of information, and making Information Security a core organisational aspect in public sector organisations, requires attention from management. Our research is the first known attempt to gauge management attitudes toward Information Security in Oman. We also consider how such attitudes influence Information Security governance. In addressing these issues, we review current compliance with Information Security procedures in Omani public sector organisations, review management attitudes toward Information Security governance practices, and explore how management attitudes toward Information Security impact upon these aspects

Information security and digital divide in the Arab world

The so-called ‘Digital Divide’ is a discrepancy in access to Information and Communication Technology (ICT). In recent years, the meaning of this expression has become more nuanced and is no longer dependent on inability to have the new ICT which has become increasingly available, but depends more on the control of resources that guarantee the security of information. As with other developing countries around the world, the Digital Divide exists both within and between countries in the Arab world. Factors that determine the Divide are connectivity, knowledge, education, and economic capacity. Furthermore, there is a mutual impact between such a Digital Divide and information security in Arab countries. The International Telecommunication Union (ITU) in its 2013 report, gave a comprehensive global analysis of the Digital Divide. The present paper uses this ITU report as a basis to explore the Digital Divide in the Arab world and seeks to fill the absence of recent sub-skills data through review of relevant literature, toward a clearer appreciation of the mutual influence of Information Security and Digital Divide

Exploring the organisational, social and cultural factors influencing those employee attitudes and behaviours that impact the implementation of an information security culture within Omani organisations

Research has strongly established that the success of an information security program is heavily dependent upon the actions of the members of organisations that interact with the information security program. An appropriate information security culture is required to effectively influence and control the actions of the members within an organisation because of this interaction between people and the information security program.This thesis seeks to explore and study the current state of information security behaviour and discipline in public and private organisations in the context of Oman and investigates the challenges in developing an information security culture within these organisations. The key focus of the study is on an investigation and identification of the critical socio-cultural and organisational factors that affect the successful development and maintenance of a culture of information security within public organisations in the context of Oman. The study also aims to examine the difference between public andprivate organisations in Oman regarding information security practices.;Although many organisations in Oman have implemented technical solutions to protect information resources from adverse events, internal security breaches continue to occur.For this reason an emphasis on a culture of information security within organisations is required in order to make security an integral part of employees' daily work routines.Although, it is important in practice to address both technical and non-technical aspects when dealing with information security, the research described in this thesis concentrates upon non-technical approaches, and excludes consideration of the technological aspects.To achieve the study aim, the research reviewed and compared the roles of national culture; information security culture; organisational culture and employee behaviour within organisations, in order to determine the socio-cultural and organisational factors that potentially hinder an organisation in implementing, integrating, and maintaining a successful organisational information security culture. A review of related academic work was undertaken. In addition, the research used both quantitative and qualitative research methods to collect, analyse and integrate data from a survey questionnaire of 155 respondents semi-randomly selected from different Omani public and private organisations. The survey results formed the basis of hypotheses about the critical factors in developing effective information security practices in these organisations.;The IBM Statistical Package for the Social Sciences (SPSS version 22) with multiple regression was used to analyse the relationship between a dependent variable and several independent variables. To validate the identified critical factors further, thematic analysis was carried out using semi-structured open-ended interviews with specialist Information Technology (IT) and Information Security (IS) senior managers in fifteen selected public and private organisations.The data analysis indicates that security of information in Omani public organisations is not optimal. The findings show in general that these organisations have inadequate information security cultures. These organisations are facing several challenges. These include the remoteness of those in power from the issue and therefore a lack of senior management support and involvement. There is a lack of training and awareness. There is an absence of policies to develop a respect for collectivism, avoiding uncertainty and building a high level of trust, which would all help to support security of information.;The current study contributes in a number of ways to discussions and actions around these issues. Firstly, the findings can serve as a basis for Omani public organisations to reform their information security programs. The study identifies and investigates the most critical factors influencing the effectiveness of information security practices.There has been little research conducted to date that assists an understanding and management of the culture of information security within Omani public organisations.The researcher hope that this study will expand the body of knowledge in this area.Furthermore, this study is the first and only one to my knowledge that explores the influences of critical socio-cultural and organisational factors on employee behaviours and attitudes regarding the security of information in Omani organisations. However,further research is needed to improve our insight into information security in the context of Omani organisations. In addition, research which compares Omani organisations with other Gulf country organisations would provide further insight into information security in Oman.Research has strongly established that the success of an information security program is heavily dependent upon the actions of the members of organisations that interact with the information security program. An appropriate information security culture is required to effectively influence and control the actions of the members within an organisation because of this interaction between people and the information security program.This thesis seeks to explore and study the current state of information security behaviour and discipline in public and private organisations in the context of Oman and investigates the challenges in developing an information security culture within these organisations. The key focus of the study is on an investigation and identification of the critical socio-cultural and organisational factors that affect the successful development and maintenance of a culture of information security within public organisations in the context of Oman. The study also aims to examine the difference between public andprivate organisations in Oman regarding information security practices.;Although many organisations in Oman have implemented technical solutions to protect information resources from adverse events, internal security breaches continue to occur.For this reason an emphasis on a culture of information security within organisations is required in order to make security an integral part of employees' daily work routines.Although, it is important in practice to address both technical and non-technical aspects when dealing with information security, the research described in this thesis concentrates upon non-technical approaches, and excludes consideration of the technological aspects.To achieve the study aim, the research reviewed and compared the roles of national culture; information security culture; organisational culture and employee behaviour within organisations, in order to determine the socio-cultural and organisational factors that potentially hinder an organisation in implementing, integrating, and maintaining a successful organisational information security culture. A review of related academic work was undertaken. In addition, the research used both quantitative and qualitative research methods to collect, analyse and integrate data from a survey questionnaire of 155 respondents semi-randomly selected from different Omani public and private organisations. The survey results formed the basis of hypotheses about the critical factors in developing effective information security practices in these organisations.;The IBM Statistical Package for the Social Sciences (SPSS version 22) with multiple regression was used to analyse the relationship between a dependent variable and several independent variables. To validate the identified critical factors further, thematic analysis was carried out using semi-structured open-ended interviews with specialist Information Technology (IT) and Information Security (IS) senior managers in fifteen selected public and private organisations.The data analysis indicates that security of information in Omani public organisations is not optimal. The findings show in general that these organisations have inadequate information security cultures. These organisations are facing several challenges. These include the remoteness of those in power from the issue and therefore a lack of senior management support and involvement. There is a lack of training and awareness. There is an absence of policies to develop a respect for collectivism, avoiding uncertainty and building a high level of trust, which would all help to support security of information.;The current study contributes in a number of ways to discussions and actions around these issues. Firstly, the findings can serve as a basis for Omani public organisations to reform their information security programs. The study identifies and investigates the most critical factors influencing the effectiveness of information security practices.There has been little research conducted to date that assists an understanding and management of the culture of information security within Omani public organisations.The researcher hope that this study will expand the body of knowledge in this area.Furthermore, this study is the first and only one to my knowledge that explores the influences of critical socio-cultural and organisational factors on employee behaviours and attitudes regarding the security of information in Omani organisations. However,further research is needed to improve our insight into information security in the context of Omani organisations. In addition, research which compares Omani organisations with other Gulf country organisations would provide further insight into information security in Oman