Authors
Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia
Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia
Cybersecurity Department, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia
Abstract
The study, which targeted SMEs, aims to determine the risks to cybersecurity in these institutions and implement countermeasures to reduce these risks, such as regulatory, material and technical measures.
The study relied on the method of applied research, through a comprehensive questionnaire consisting of several departments targeting more than 60 institutions. For the purpose of data analysis, we used the Information Security Governance (ISG) assessment tool to measure the extent of conformity of implementation and actual documentation the requirements of the standard specification for SMEs in Saudi Arabia.
The study reached several results, the most important of which is that cybersecurity in SMEs is exposed to many risks and threats, and that there is a weakness in legislation and laws that protect cybersecurity and the lack of written policies of most institutions participating in the questionnaire confirms the extent of this weakness.
We have seen that the role of the national cybersecurity authority in the Kingdom of Saudi Arabia is good but needs to make more practical efforts to enhance cybersecurity inside and outside institutions.
At the end of the study, we presented a framework that contains the most prominent international standards for building safe cyber institutions, which include standards for risk management, risk reduction and response, work environment security, access control, communication security, physical security, external relations, and employee awareness training.