Pg. 01
Special Instructions
(
Project
Deadline: Tuesday 31/03/2020 @ 23:59
[Total Mark for this
Project
is
9
]
) (
IT Security and Policies
IT409
)
(
Instructions:
You must submit two separate copies
(one Word file and one PDF file)
using this Template
on Blackboard via the allocated folder. These files
must not be in compressed format
.
It is your responsibility to check and make sure that you have uploaded both the correct files.
Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between words, hide characters, use different character sets or languages other than English or any kind of manipulation).
Email submission will not be accepted.
You are advised to make your work clear and well-presented. This includes filling your information on the cover page.
You must use this template, failing which will result in zero mark.
You MUST show all your work, and text
must not
be converted into an image, unless specified otherwise by the question.
Late submission will result in ZERO mark.
The work should be your own, copying from students or other resources will result in ZERO mark.
Use
Times New Roman
font for all your answers.
) (
Student Details:
Name:
###
CRN
:
###
ID:
###
Group : ###
)
College of Computing and Informatics
Special Instructions
To answer the questions effectively, please follow the below instructions:
· Each team might contain three students. Each student must conduct an interview with cybersecurity employee in the chosen company as individual, which mean each group should have three filled questionnaires.
· Use your analysis skills to analyze all data collected by your team.
· It is possible to measure the significance of collected data by countering the frequency of each item (i.e. if the item frequent three times, this mean it is very significant)
· You should answer the questions in this research activity as group.
______________________________________________________________________
(
Learning Outcome(s):
LO
1, LO2, LO3, LO4, LO5, LO6
) (
4
Marks
)Questionnaire Section 1.0: Introduction
In this era, the revolution of information technology is changing several aspects of enterprises’ practices. One of these changes is many enterprises make their systems available online. This most likely is encouraging cyber criminals to hack these systems. One of the approaches that help to mitigate cybersecurity risks is adopting of Information Security Policy (ISP). However, it is not known to what extent the enterprises in Saudi Arabia are adopting Information Security Policy in general, and in small and medium enterprises’ (SMEs) in particular. This research project aims to discover the success factors for the adoption of Information Security Policy in Saudi SMEs.
Section 2.0: Profile of Responding Manager or Owner
Please indicate
1. Your job role:
Owner
Chief Executiveofficer (CEO)
Manager
Other (Please specify):
2. Your gender:
Male
Female
3. How many y ...
1. Pg. 01
Special Instructions
(
Project
Deadline: Tuesday 31/03/2020 @ 23:59
[Total Mark for this
Project
is
9
]
) (
IT Security and Policies
IT409
)
(
Instructions:
You must submit two separate copies
(one Word file and one PDF file)
using this Template
on Blackboard via the allocated folder. These files
must not be in compressed format
.
It is your responsibility to check and make sure that you have
uploaded both the correct files.
Zero mark will be given if you try to bypass the SafeAssign
(e.g. misspell words, remove spaces between words, hide
characters, use different character sets or languages other than
English or any kind of manipulation).
2. Email submission will not be accepted.
You are advised to make your work clear and well-presented.
This includes filling your information on the cover page.
You must use this template, failing which will result in zero
mark.
You MUST show all your work, and text
must not
be converted into an image, unless specified otherwise by the
question.
Late submission will result in ZERO mark.
The work should be your own, copying from students or other
resources will result in ZERO mark.
Use
Times New Roman
font for all your answers.
) (
Student Details:
Name:
###
CRN
:
###
ID:
###
Group : ###
)
College of Computing and Informatics
3. Special Instructions
To answer the questions effectively, please follow the below
instructions:
· Each team might contain three students. Each student must
conduct an interview with cybersecurity employee in the chosen
company as individual, which mean each group should have
three filled questionnaires.
· Use your analysis skills to analyze all data collected by your
team.
· It is possible to measure the significance of collected data by
countering the frequency of each item (i.e. if the item frequent
three times, this mean it is very significant)
· You should answer the questions in this research activity as
group.
_____________________________________________________
_________________
(
Learning Outcome(s):
LO
1, LO2, LO3, LO4, LO5, LO6
) (
4
Marks
)Questionnaire Section 1.0: Introduction
In this era, the revolution of information technology is changing
several aspects of enterprises’ practices. One of these changes
is many enterprises make their systems available online. This
most likely is encouraging cyber criminals to hack these
systems. One of the approaches that help to mitigate
cybersecurity risks is adopting of Information Security Policy
(ISP). However, it is not known to what extent the enterprises in
Saudi Arabia are adopting Information Security Policy in
general, and in small and medium enterprises’ (SMEs) in
particular. This research project aims to discover the success
factors for the adoption of Information Security Policy in Saudi
SMEs.
4. Section 2.0: Profile of Responding Manager or Owner
Please indicate
1. Your job role:
Owner
Chief Executiveofficer (CEO)
Manager
Other (Please specify):
2. Your gender:
Male
Female
3. How many years have you been working for the organization?
< 1 year
1 – 5 years
6 – 10 years
Over 10 years
Section 3.0: Profile of Responding Enterprise
1. Please indicate the sector of business area of your
organization
Food & Drink
Entertainment/Culture
Retail/wholesale
Restaurants
Cleaning
Commercial & Creative Arts
Financial Broker Services
Information Technology
Furnishings/Home Products
Real Estate Services
Telecommunication
Automotive
Health & Caring Services
Education/Training
Clothing, Fashion & Beauty
Professional Services
Retail/wholesale
5. Other: (Please specify)
Entertainment/Culture
Employment Agency
2. Please indicate your organization’s approximate revenue
<SAR3 million
SAR3 million - $40 million
SAR40 million - SAR200 million
3. Number of employees
0 – 5
6 – 49
50 - 249
Section 4.0: Information Security Policy (ISP)
1. Please indicate when did your enterprise adopt ISP
2. Please indicate how your enterprise developed the ISP
By internal team
By third party
By hiring a consultant
Other:(Please indicate
……………………………………………………………….………
……..)
3. Please indicate which framework was used to develop your
ISP
ISO 27002:2013
NIST 800-53
COBIT
PCI-DSS
National Cybersecurity Authority(NCA-KSA)
Other:
4. How often do your enterprise review the ISP?
Every three months
Every six months
Every year
Other:(Please indicate
6. ……………………………………………………………….………
……..)
5. Who Authorizes Information Security Policy at your
organization?
Board of directors
Information Security leader
Information security committee
Other: (Please indicate
…………………………………………………………..……………
……..)
6.
Please indicate your enterprise adoption level based on the
Capability Maturity Model Scale
Level
State
Description
0
Non-Existent
The organization is unaware of need for policies and processes
1
Ad-hoc
There are no documented policies or processes; there is sporadic
activity.
2
Repeatable
Policies and processes are not fully documented; however, the
activities occur on a regular basis.
3
Defined Process
Policies and processes are documented and standardized; there
is an active commitment to implementation
4
Managed
Policies and processes are well defined, implemented,
measured, and tested.
5
7. Optimized
Policies and process are well understood and have been fully
integrated into the organizational culture.
Section 5.0: Success Factors of ISP Adoption in Saudi SMEs
1
2
3
4
5
Strongly Agee
Agree
Neutral
Disagree
Strongly disagree
Please use the following scale to rate your answer:
Technological (T) Factors
1. Availability of technical Expertise
· Availability of cybersecurity consultant facilities the adoption
of ISP in our enterprise
1
2
3
4
5
· Availability of IT staff trained in cybersecurity facilities the
adoption of ISP in our enterprise
1
2
3
4
5
2. Complexity
· Perceived low level of complexity in cybersecurity systems
facilities the adoption of ISP in our enterprise
1
2
8. 3
4
5
· Ease of using cybersecurity systems facilities the adoption of
ISP in our enterprise
1
2
3
4
5
3. Cybersecurity systems Cost
· Low cost of cybersecurity systems facilities the adoption of
ISP in our enterprise
1
2
3
4
5
· Availability of cybersecurity systems vendors help to reduce
the cost which in turn facilities the adoption of ISP in our
enterprise
1
2
3
4
5
Organizational (O) Factors
1. Security Concerns
· The powerful of cybersecurity systems facilities the adoption
of ISP in our enterprise
1
2
3
9. 4
5
· Perceived cybersecurity risks encourage our enterprise to
adopt ISP
1
2
3
4
5
· Presence of trust in enterprise’s cybersecurity systems help to
adopt ISP
1
2
3
4
5
2. Training
· Availability of periodical cybersecurity training help to adopt
ISP
1
2
3
4
5
· Encourage our employees to get professional certificates in
cybersecurity that facilitates the adoption of ISP
1
2
3
4
5
· Conducting cybersecurity training courses for non-IT
employee that facilitates the adoption of ISP
1
2
3
10. 4
5
3. Top management support
· Top management committed to support cybersecurity adoption
in our company (enterprise)
1
2
3
4
5
· Top management in our company(enterprise) is fully aware
about the importance of cybersecurity advantages which in turn
facilitatesthe adoption of ISP
1
2
3
4
5
· Availability of technical background for the top management
in our company help the adoption of ISP
1
2
3
4
5
· The willingness of top management to develop our
companyhelp the adoption of ISP
1
2
3
4
5
4. Organizational Awareness
· The high level of cybersecurity awareness of our
employeeshelpsto adopt ISP easily
11. 1
2
3
4
5
5. Organizational Culture
· Emphasis growth through developing new ideasthat facilitates
the adoption of ISP
1
2
3
4
5
· Employee’s loyalty for our company(enterprise)that facilitates
the adoption of ISP
1
2
3
4
5
· Willingness of our company (enterprise)to achieve its
goalsthat facilitates the adoption of ISP
1
2
3
4
5
Environmental (E) Factors
1. Cybersecurity Law
· The presence of cybersecurity law in Saudi
Arabiafacilitatesthe adoption of ISP
1
2
3
4
5
12. · Our company(enterprise) awareness about the cybersecurity
lawfacilitates the adoption of ISP
1
2
3
4
5
2. External Pressure
· Competitors’ pressure encourages our company to adopt ISP
1
2
3
4
5
· Customers’ pressure encourages our company to adopt ISP
1
2
3
4
5
· Suppliers’ pressure encourages our company to adopt ISP
1
2
3
4
5
· Government’s pressure encourages our company to adopt ISP
1
2
3
4
5
Other: Please indicate ….
13. (
1
Marks
)Q (
Learning Outcome(s):
LO
2
)uestion One
Write down in more details, how did each member of your team
select the participating company? (
2
Marks
) (
Learning Outcome(s):
LO
4
)Question Two
Based on your analysis for section 2, 3, and 4 of all
questionnaires that were collected by your team, what are the
significant items? Support your answer by providing an example
from your collected data. (
2
Marks
) (
Learning Outcome(s):
LO 5
)Question Three
Identify the significant factors in section 5 of the questionnaires
collected by your team? Discuss the findings from your point of
view?
ITS 832
14. Chapter 16
Analysis of Five Policy Cases in the Field of Energy Policy
Information Technology in a Global Economy
Professor Michael Solomon
1
Overview
Introduction
Theoretical grounds of policy implementation
Approaches to policy implementation
Five case studies
Lessons learned
Conclusion
Introduction
Population and burning fossil fuels
Factors of high pollution
Environmental policy is high priority
Most nations initiated projects to improve climate
Focus
Sustainable energy management
Renewable energy sources
Five case studies on climate change and energy use
Comparative investigation
What approaches are used?
How can implications be measured?
How easily can approaches be applied to other domains?
Theoretical Grounds of Policy Implementation
15. Policy implementation
Turning theory into practice
Gaps often occur / Formulated versus implemented policy
Instruments for climate change policy
Financial measures
Legal / regulatory instruments
Organizational measures
Certificates or marketable permits / quotas
Policy instruments for renewable energy
Regulations and standards
Quantity instruments
Price instruments
Public procurement
Auction
Approaches to Policy Implementation
Top-down
Policies are communicated from policy-makers
Bottom-up
Focus is on policy implementers
Macro- and micro-implementation
Macro - Government -> local authorities
Micro – Local government -> local polices
Principal-agent theory
Policy makers (principals) delegate responsibility to officials
(agents)
Investigating Five Case Studies
Assessing the EU Policy Package in Climate Change and
Renewables
German Nuclear Phase-Out and Energy Transition Policy
KNOWBRIDGE: Cross-Border Knowledge Bridge in the RES
Cluster in East Slovakia and North Hungary
16. KSR’s Strategy for the Use of Renewable Energy Sources
MODEL: Management of Domains Related to Energy in Local
Authorities
Lessons Learned
Main common focus
Renewable energy sources
Some projects defined clear goals
Dates
Quantifiable targets
Others focused on long-term strategies
Precise targets versus investigating issues
Biggest takeaway
Involving consumers in policy making increases implementation
success
Conclusion
Climate change and transition to RES is a serious issue
Awareness is growing
But not fast enough
Public policy is necessary to move away from fossil fuels
Projects show how RES can be possible and sustainable
However
Transition to RES is expensive
One reason for slow adoption