Adopting Government Cyber Security Initiatives - A study of SMEs in Saudi Arabia

Authors

  • Mohammed Abdulwahab Alghamdi Author
  • Salem Awad Salem Alomari Author
  • Mohammed Alkatheri Author

DOI:

https://doi.org/10.59992/IJSR.2024.v3n10p11

Keywords:

Cybersecurity, Security of SMEs, Cyberspace

Abstract

The study, which targeted SMEs, aims to determine the risks to cybersecurity in these institutions and implement countermeasures to reduce these risks, such as regulatory, material and technical measures.

The study relied on the method of applied research, through a comprehensive questionnaire consisting of several departments targeting more than 60 institutions. For the purpose of data analysis, we used the Information Security Governance (ISG) assessment tool to measure the extent of conformity of implementation and actual documentation the requirements of the standard specification for SMEs in Saudi Arabia.

The study reached several results, the most important of which is that cybersecurity in SMEs is exposed to many risks and threats, and that there is a weakness in legislation and laws that protect cybersecurity and the lack of written policies of most institutions participating in the questionnaire confirms the extent of this weakness.

We have seen that the role of the national cybersecurity authority in the Kingdom of Saudi Arabia is good but needs to make more practical efforts to enhance cybersecurity inside and outside institutions.

At the end of the study, we presented a framework that contains the most prominent international standards for building safe cyber institutions, which include standards for risk management, risk reduction and response, work environment security, access control, communication security, physical security, external relations, and employee awareness training.

Author Biographies

  • Mohammed Abdulwahab Alghamdi

    Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia

  • Salem Awad Salem Alomari

    Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia

  • Mohammed Alkatheri

    Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia

References

1. https://www.eyeofriyadh.com/ar/news/details/1536057726- (11/02/2020)

2. https://www.eyeofriyadh.com/ar/news/details/1536057726- (11/02/2020)

3. Key Concepts in Cyber Security: Towards a Common Policy and Technology Context for Cyber Security Norms; Claire Vishik, Mihoko Matsubara, Audrey Plonk; p1

4. Information Security Risk Assessment Toolkit; Mark Ryan M.Talabis Jason L. Martin Evan Wheeler, Technical Editor; 2013 Elsevier, p114.

5. Global Information Assurance Certification Paper; SANS institute, p4.

6. Introduction to Cyber Security; Jeetendra Pande, p15

7. http://www.tra.gov.lb/Cybersecurity-in-few-words-AR (10/3/2020)

8. https://en.wikipedia.org/wiki/ISO/IEC_27001 (10/3/2020)

9. https://www.tuv.com/turkey/en/iso-27001-certification.html (10/3/ 2020)

10. https://cyberexperts.com/cybersecurity-frameworks/ (10/3/2020)

11. National Cybersecurity Challenges and NIST; Donna F. Dodson, p5

12. https://nca.gov.sa/en/pages/about.html (10/3/2020)

13. https://eng.majalla.com/node/65466/saudi-arabia%E2%80%99s-efforts-to-ensure-cyber-security%C2%A0 (10/3/2020)

14. https://eng.majalla.com/node/65466/saudi-arabia%E2%80%99s-efforts-to-ensure-cyber-security%C2%A0 (10/3/2020)

15. https://nca.gov.sa/pages/about.html (20/3/2020)

16. https://nca.gov.sa/pages/about.html (20/3/2020)

17. https://eng.majalla.com/node/65466/saudi-arabia%E2%80%99s-efforts-to-ensure-cyber-security%C2%A0 (22/3/2020)

18. https://eng.majalla.com/node/65466/saudi-arabia%E2%80%99s-efforts-to-ensure-cyber-security%C2%A0 (22/3/2020)

19. https://nca.gov.sa/pages/about.html (23/3/2020)

20. https://nca.gov.sa/pages/about.html (23/3/2020)

21. https://nca.gov.sa/pages/about.html (23/3/2020)

22. https://www.semanticscholar.org/paper/Enterprise-oriented-cybersecurity-management-Chmielecki-Cho%C5%82da/14d08e6f36314c8a10b69ff0d2e539e63a75dd1e/figure/7 (9/3/2020)

23. https://www.najm.sa/en/about-us (1/4/2020)

24. The CIS Critical Security Controls for Effective Cyber Defense ," Council on Cyber Security CSC 2-2 ", May 2015 , p20.

25. The CIS Critical Security Controls for Effective Cyber Defense ," Council on Cyber Security CSC 2-2 ", May 2015 , p20.

26. How to Implement Security Controls for an Information Security Program at CBRN Facilities , NRECA Cyber Security p20.

27. How to Implement Security Controls for an Information Security Program at CBRN Facilities , NRECA Cyber Security plan 48 p20.

28. The CIS Critical Security Controls for Effective Cyber Defense ," Council on Cyber Security CSC 14-7 ", May 2015 , p30.

29. "Council on Cyber Security CSC 2-5 - Inventory of Authorized and Unauthorized Software", May 2015 , p27.

30. The NRECA Guide to Developing a Cyber Security and Risk Mitigation Plan," NRECA Cyber Security Plan 125", p62.

31. NRECA Guide to Developing a Cyber Security and Risk Mitigation Plan," Unique Security Requirements and Controls For Each Smart Grid Activity Type, Supervisory Control and Data Acquisition (SCADA)",2011, p97.

32. NRECA Guide to Developing a Cyber Security and Risk Mitigation Plan," Addressing Process Risks,

33. Operational Risks",2011, p37.

34. NRECA Guide to Developing a Cyber Security and Risk Mitigation Plan," The NRECA Cyber Security" Plan 21 p32.

Downloads

Published

2024-10-15

Issue

Section

Articles

How to Cite

Adopting Government Cyber Security Initiatives - A study of SMEs in Saudi Arabia. (2024). The International Journal for Scientific Research, 3(10). https://doi.org/10.59992/IJSR.2024.v3n10p11