| 3 | 2016 | [18] | Throughout the study, a comprehensive exploration of management practices of information security policy had been undertaken, and the development of a practice-based model about addressing the four deficiencies noted above was also addressed. | Establish information security policy development team, determine the security needs of the organization, compiling the security policy document, and the implementation and maintenance stage |
| 4 | 2017 | [19] | The purpose of this study was to propose a framework that Institutions of Higher Education can consider during the process of developing and implementing a security policy. As a result of the proposed framework, comprehensive and sustainable information security policies could be developed. | Policy Initiation, Policy Drafting, Policy Implementation, Policy Review, and Policy Maintenance |
| 5 | 2017 | [20] | In this study, the purpose was to examine whether Analytic Hierarchy Process (AHP) can be used as a method to support the analysis of information security decision making in Indonesian e-government systems using the Analytic Hierarchy Process. | information security; policy; decision making |
| 6 | 2018 | [21] | This study aimed at identifying and suggesting a formal, encoded description of the strategic environment of cyber security to establish an ontology of cyber security. In addition, it also proposed to develop an ontology that will be able to support the implementation of the kind of policy that is suggested in this study. | Cyber Security, Cyber Security Policy, Implementation |
| 7 | 2018 | [22] | The purpose of this chapter is to examine some of the cybersecurity issues that have been faced by the Kingdom of Saudi Arabia over the last couple of years. Moreover, it discusses the concept of cybersecurity in the country and how it is being used to protect the country. | Cybersecurity, assess threats |
| 8 | 2018 | [65] | It is the purpose of this study to identify how employees’ attitudes toward the information security policies vary in relation to their behavior concerning information security. | Construct, Construct, Compliance, Information Security Practice Behaviors |
| 9 | 2022 | [4] | The purpose of this study was to examine the aspects that affect information security risk management and develop an information security risk management model for large Saudi Arabian companies. | Risk identification, risk assessment, risk control, risk monitoring and response, and risk communication |
| 10 | 2022 | [23] | According to this study, a model was proposed to explore employees’ differences as well as identify factors that can influence their perceptions and intentions toward compliance, to identify what drives employee behavior. The model was examined and validated using partial least square structural equation models within a government organization in Saudi Arabia. | Monitoring, Measurement, Compliance, Information security controls |
| 11 | 2023 | [16] | The purpose of this study was to demonstrate an analysis approach based on the current awareness of information security risks in Saudi Arabian non-governmental organizations. | Information security risk assessment, implementation of security controls, monitoring, and review |
| 12 | 2023 | [70] | This research emphasizes the broadening attack surface for threat actors due to IoT firmware security risks. Denial-of-service and brute-force attacks, which are common in diverse smart home environments, can no longer be countered by firewall rules that prevent denial-of-service attacks or brute force attacks. | Internet of Things, Cybersecurity, Firmware, Entropy, Hardcoded, Attack Vector |