Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Filters

2023 - 20252

Settings

Start date: 2023Subject: search.filters.subject.Organisational culture

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    ItemRestricted
    Cultivating Compliance: Building a Robust Information Security Culture in Higher Education Institutions Through Organisational Culture
    (Saudi Digital Library, 2025) ALSHAREEF, ASMA AHMED F; Craggs, Barnaby; Ramokapane, Marvin
    Information security threats have been seen to severely impact higher education institutions (HEIs), with over 61 major incidents 2020-2023 in the UK alone, with numerous accounts of attacks globally on the sector. These implications might manifest in adverse effects on the institutions, such as reputational damage and financial loss, or on employees, such as disruptions to workflow, research projects, or mental well-being. HEIs have invested heavily in advanced technology to mitigate or eliminate these security threats. However, it is well known that the primary role in safeguarding organisations from such threats lies with employees in terms of their compliance with information security policies (ISPs). Unfortunately, HEIs worldwide still face an alarming pattern of noncompliance among their employees. The literature has suggested that cultivating a robust information security culture can improve employees' compliance with ISPs. Despite this, recent data shows that this culture remains relatively weak in HEIs. Further, the literature indicates that there is still uncertainty regarding which factors are essential to build and nurture a desirable security culture at HEIs, possibly exacerbating the problem. Moreover, the role of the broader organisational culture that underlies the security culture has not been investigated in the higher education setting. To address gaps in the literature, through a mixed-methods approach with participants in the United Kingdom (UK) and Saudi Arabia (SA), the two primary locations of this research, this thesis identifies the key factors of the culture of information security within HEIs, examines the relationships between this culture and the organisational culture, and examines the potential impact of both cultures on employees' compliance behaviours within the HEI setting. This thesis offers three key contributions to the literature, being: 1- validation of seven key factors, previously attributed in other geographies, that are present in developing an information security culture among HEI employees in the UK and SA, 2- evidence of the true positive impact of organisational culture upon the inherent security culture within HEIs, and 3- a model of compliance behaviour which integrates cultural aspects and explains their effects on shaping HEI employee compliance with security policies. This thesis, in its conclusion, offers up practical guidance to leaders and security professionals on how to implement the seven key factors of information security culture along with a how to approach organisational culture with appropriate strategies to help foster a robust information security culture within HEIs and promote good compliance with security policies and procedures.
    18 0
  • Thumbnail Image
    ItemRestricted
    Impact of Culture on Cybersecurity Awareness in the GCC Region
    (Saudi Digital Library, 2023-08-22) Almalki, Riyadh; Khan, Imran
    Due to the increasing complexity of technology and the proliferation of global networks, cybersecurity threats pose a serious problem for businesses and governments worldwide. The purpose of this study is to examine the role that national and organisational culture plays in shaping cybersecurity in two GCC countries—Saudi Arabia and the United Arab Emirates. The study used secondary data using a narrative literature review strategy to identify peer-reviewed and grey literature focusing on culture and its impact on cybersecurity. A total of 12 articles were identified through a systematic search process. The following key observations are made. Cybersecurity practises are thought to be influenced by national cultural characteristics in both Saudi Arabia and the United Arab Emirates. There is clear evidence of a high-power chasm between the two nations, with decisions on cybersecurity and related policies being made at the highest levels of management. This has caused people's lack of confidence and their ignorance on how to better their own cybersecurity habits. Both nations have a collectivist culture that encourages the use of weak passwords and the sharing of passwords and devices amongst friends and relatives. Evidence also suggests that few organisations have a thorough policy for protecting sensitive data. Top-down decision making is encouraged, which limits employees' participation in cybersecurity conversations. There is also worry that workers are not receiving adequate resources or training. Overall, the culture and support of the organisation are moderate to low in terms of cybersecurity.
    62 0

Copyright owned by the Saudi Digital Library (SDL) © 2025