استخدام المواصفة القياسية نظام إدارة أمن المعلومات ISO IEC 27001: 2013 في الجامعات السعودية : دراسة تقييمية

Abstract EN

This study aims at searching the efficiency and effectiveness of measures taken for securing information systems by the Saudi government universities, through exploring the extent of implementing the requirements of isms standard ISO \ IEC 27001 : 2013 in the Saudi government universities.

the researcher used the descriptive approach, as the most suitable approach to achieve the study objectives.

moreover, the researcher designed an electronic questionnaire to collect needed information based on the standard requirements.

after reviewing and arbitrating the study tool, it was sent electronically to directors of information security department at the Saudi government universities, which amount 28 universities.

14 information security managers responded to this questionnaire, each representing a government university, and the study has concluded to a number of results.

the most prominent results are : the Saudi government universities (study society) implement the ISO \ IEC 27001:2013 standard requirements in a very satisfying manner, which indicates an awareness of the importance of protecting their information systems; the researcher recommended a number of recommendation, the most important are: the importance of information security departments’ independence in the Saudi government universities; the information security departments’ policies should be in line with the unified international standards; and they should have regulations consistent with the Saudi vision 2030.