|
|
 |
| |
|
|
|
Data Governance and Security Assurance in ISO27001 Programs: A Context Study on Quality and Compliance in Middle Eastern Organizations |
|
|
|
PP: 253-265 |
|
|
doi:10.18576/amis/200117
|
|
|
|
Author(s) |
|
|
|
S. A. Badawi,
M. Takruri,
K. Salameh,
D. Guessoum,
I. ElBadawi,
Aws Al-Qaisi,
|
|
|
|
Abstract |
|
|
| The rapid digital revolution in the Middle East has increased organizational awareness of information security; nonetheless, significant inconsistencies persist in the implementation and governance of ISO 27001 controls. This research assesses the quality and maturity of security programs within regional organizations by analyzing survey data from diverse industries and organizational sizes, while comparing the results to global benchmarks. The findings reveal a clear disparity: technological safeguards, encompassing password management, data center access, and network defense, are relatively sophisticated, while governance-focused measures, including records management, telework policies, and employee awareness training, are growing. Medium-sized organizations are the ones implementing controls, while educational institutions demonstrate excellence in terms of resources and governance. Still, the question is “are they following a systematic way to build and manage information security systems that ensure the effectiveness of their information security program?” Unfortunately, until now, different organizations have been approaching information security management in various ways. When they implement it, they don’t have a clear idea about the quality of the implemented Information Security investment. In this paper, we have surveyed the quality of controls implemented in information security programs in the Middle East and analyzed the results to target optimization in their future information security investments. |
|
|
|
|
|
|
|
