Search results

Information security of an organization is influenced by the deployed policy and procedures. Information security policy reflects the organization’s attitude to the protection of its information assets. The purpose of this paper is to investigate the status of the information security policy at a subset of Saudi’s organizations by understanding the perceptions of their information technology’s employees.

A descriptive and statistical approach has been used to describe the collected data and characteristics of the IT employees and managers to understand the information security policy at the surveyed organizations. The author believes that understanding the IT employees’ views gives a better understanding of the organization’s status of information security policy.

It has been found that most of the surveyed organizations have established information security policy and deployed fair technology; however, many of such policies are not enforced and publicized effectively and efficiently which degraded the deployed technology for such protection. In addition, the clarity and the comprehensibility of such policies are questionable as indicated by most of the IT employees’ responses. A comparison with similar studies at Middle Eastern and European countries has shown similar findings and shares the same concerns.

The findings of this research suggest that the Saudi Communications and Information Technology Commission should develop a national framework for information security to guide the governmental and non-governmental organizations as well as the information security practitioners on the good information security practices in terms of policy and procedures to help the organizations to avoid any vulnerability that may lead to violations on the security of their information.

In Saudi Arabia, technical education is managed by Technical and Vocational Training Corporation. However, there is no independent accrediting body to accredit the technical institutes and assure its quality, which causes the lack of unified quality assurance standards and manageable quality improvement processes. The purpose of this paper is to propose self-evaluation standards to help the technical institutes to evaluate their performance.

The author has used a brainstorming technique of local practitioners in quality assurance. Such technique was performed by adopting DACUM that stands for “Developing A CurriculUM”. The author has used a heuristic educational and training process as the foundation of the standards and processes development, namely; curriculum, environment, training managements, and instructors. A team has been established that has been trained locally and abroad on the quality assurance standards and processes. The team studied several quality frameworks of the different countries to come up with guidelines for quality self-evaluation and standards.

The author has found that such an approach is a very effective tool for improving the institutes' performance and gives them the flexibility to decide about their missions. Most of institutes' staff is reluctant to participate in the self-evaluation process because of the fear it may reveal their weaknesses, but with encouragement and motivation especially from the top management they tend to participate in such a process. Self-evaluation helps the educational institutes to be benchmarked with other international institutions, in which good practices may be adopted by the institutes' managements to achieve their vision.

The proposed approach can help the technical education institutes to manage their quality system. In addition, the implementation of such an approach might be the starting point to develop a quality system framework for the technical education in Saudi Arabia. However, further investigation is needed to measure whether applying such standards may help the technical education institutes to meet the required quality standards to attain an accreditation from the international quality agencies.

The proposed guidelines for quality standards and processes is a contribution in the accreditation and quality assurance processes for many public and private institutions in Saudi Arabia. In addition, it is an important step to standardize the quality processes.