Main Article Content
This study aims to reveal the reality of the Human Resources Management Units contribution to achieving information security at Saudi government universities by examining their compliance with the international standard of the Information Security Management System (ISO/IEC 27002:2013).
The study was based on qualitative research methods, where a checklist was designed to collect the data needed for the study, using semi-structured interviews, direct observation, and documents examination which used in Human Resources management units. The gap analysis method has also been used to analyse data in order to determine range of the compliance of the Universities Human Resources Management Units that participated in the study to the information security controls provided by the international standard (ISO/IEC 27002:2013).
The study reached a number of results, the most important of which was the commitment of the participating universities in different rates ranging from medium to high in the application of international standard (ISO/IEC 27002:2013) controls concerning human resources management processes (prior to employment, during employment, termination or change of employment).
In the light of those findings, the study made several recommendations that guide universities towards full compliance with controls of that international standard in order to raise the level of the contribution of human resources management processes to achieve a full information security.
JEL Classification: M15.
Copyright (c) 2020 Mo'ath Y. Al-Thunaibat, Adnan A . Al-shawabkeh, Khiro K . Al-baqor
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
a) Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a (CC BY-NC 4.0) that allows others to share and adapt the work with an acknowledgement of the work's authorship and initial publication in this journal.
b) Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work . Where authors include such a work in an institutional repository or on their website , we request that they include a statement that acknowledges the Management & Economics Resaerch journal including the name of the journal, the volume and issue and a web-link to the journal item.
c) Authors should be aware that the Creative Commons Attribution (CC-BY) License permits readers to share (copy and redistribute the work in any medium or format) and adapt (remix, transform, and build upon the work) for any purpose, even commercially, provided they also give appropriate credit to the work, provide a link to the license, and indicate if changes were made. They may do these things in any reasonable manner, but not in any way that suggests you or your publisher endorses their use.
- Alshehri, M., , Drew, S., & Alfarraj, O. (2012). A Comprehensive Analysis of E-government services adoption in Saudi Arabia: Obstacles and Challenges. (IJACSA) International Journal of Advanced Computer Science and Applications, 3(2), 1-6.
- Ansen, J. B. (2014). Information Security Management in a Human Resource Information System of a Selected University of Technology. (master), Cape Peninsula University of Technology of South Africa,
- Beirami, N., Modiri, N., & Eshlaghi, A. T. (2016). Reviewing the Implementation of Information Security Management System
- Requirements in Hospitals in Tabriz in East Azarbaijan. Journal of Management and Accounting Studies, 4(1), 74-80.
- Bongiovanni, I. (2019). The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, 86, 350-357.
- Calder., A., & Watkins. (2008). IT Governance – A Manager’s Guide to Data Security and ISO 27001 and ISO 27002 (4th edition. ed.): Kogan Page.
- Da Veiga, A. (2016). Comparing the information security culture of employees who had read the information security policy and those who had not. Information & Computer Security, 24(2), 139-151. doi:10.1108/ICS-12-2015-0048
- Daniel, A. U. (2019). Human factor security: evaluating the cybersecurity capacity of the industrial workforce. Journal of Systems and Information Technology, 21(1), 2-35. doi:10.1108/JSIT-02-2018-0028
- Hina, S., & & Dominic, D. D. (2016). Information security policies: Investigation of compliance in universities. Paper presented at the the 2016 3rd International Conference on Computer and Information Sciences.
- Kehoe, D. (2016). The Role of Human Resources in Managing Cybersecurity. Retrieved from https://www.telstra.com.au/content/dam/tcom/business-enterprise/campaigns/workforce-of-the-future/the-role-of-human-resources%20in-managing-cybersecruity.pdf
- Kumah, P., Winfred, Y., & Charles, B.-A. (2018). Identifying HRM Practices for Improving Information Security Performance: An Importance-Performance Map Analysis. International Journal of Human Capital and Information Technology Professionals (IJHCITP), 9(4), 23-43. doi:10.4018/IJHCITP.2018100102
- Kumah, P., Yaokumah, W., & Okai, E. (2019). A conceptual model and empirical assessment of HR security risk management. information and Computer Security, 27(3), 411-433. doi:https://doi-org.sdl.idm.oclc.org/10.1108/ICS-05-2018-0057
- Li, Y., & S, S., M. (2011). A Call for Research on Home Users' Information Security Behavior. Paper presented at the Pacific Asia Conference on Information Systems, Brisbane, Queensland, Australia.
- Ma, Q., Schmidth, M. B., & Pearson, J. M. (2009). An integrated framework of information security management. Review of Business, 30(1), 58–69.
- Malekolkalami, K. (2014). Evaluation of the central libraries information security management at governmental universities located in Tehran, according to the international standard ISO/IEC 27002 Journal of Information Processing and Management, 28(4), 895-916.
- Sewuster, P. (2012). Information security in practice : The practice of using ISO 27002 in the public sector (master master), University of Nijmegen,
- Shaaban, H. K. (2014). Enhancing The Governance Of Information Security In Developing Countries: The Case Of Zanzibar,. (Doctor Doctor ), University of Bedfordshire, UK.
- Singh, A.N,, & Gupta, M. P. (2019). Information Security Management Practices: Case Studies from India. Global Business Review, 20(1), 253-271.
- Stewart, H. (2017). Information security management and the human aspect in organizations. Information & Computer Security, 25(5), 494-534. doi:10.1108/ICS-07-2016-0054
- Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information Security Management System Standards: A Comparative Study of the Big Five. International Journal of Electrical & Computer Sciences, 11(5), 23-29.
- Topa, I., & Karyda, M. (2019). From theory to practice: guidelines for enhancing information security management. Information & Computer Security, 27(3), 326-342. doi:10.1108/ICS-09-2018-0108
- Tsohou, A. (2010). A security standards' framework to facilitate best practices' awareness and conformity. Information Management & Computer Security, 18(5), 350-365. doi:10.1108/09685221011095263
- Wipawayangkool, K. (2010, 12-15 August). Strategic Role of Human Resource Management in Information Security Management. Paper presented at the the Sixteenth Americas Conference on Information Systems, Lima, Peru.
- العربي، أ. ع. (2015). معيار المنظمة الدولية للتوحيد القياسي آيزو 27002: لسياسات أمن المعلومات دراسة وصفية تحليلية لمواقع الجامعات العربية. مجلة جامعة طيبة للآداب والعلوم الإنسانية (7), 661-738.