Degree Name

Doctor of Philosophy


School of Infomation Systems and Technology


While the Web, cell phone ‘apps’ and cloud computing put a world of information at our fingertips, that information is under constant threat from cyber vandals and hackers. This thesis examines the level of Information Security Awareness (ISA) among the general public and Information Security (InfoSec) practices among IT departments in organizations in Saudi Arabia. This examination was conducted using an online survey that was based on instruments produced by organizations specializing in information security, such as the Malaysian Cyber Security Organization, the Excellence of Information Assurance Centre, and Alelm organization in Saudi Arabia. Due to cultural constraints, it would ordinarily be difficult to gather data from female respondents in Saudi Arabia, however, the use of an online survey helped to collect the data successfully. The ISA survey attracted 462 respondents from the general public and the InfoSec survey attracted 124 respondent organizations. Results indicated that information security awareness and practices in Saudi Arabia are quite low. Several of the areas of weakness in InfoSec appear to be related to the level of censorship or the patriarchal and tribal nature of Saudi culture. A new information security model (InfoSec CAP) has been designed based on the findings of the research results. This model provides appropriate solutions and improvements for ISA and InfoSec practices in Saudi Arabia. It will also help embed the identified concepts in information security practice globally.