Modern strategies for information security and protection of the digital identity of individuals in the Sultanate of Oman
Prepared by the researcher
- a JABER HAMOOD HAMDOON AL-NAUMANI– Sultanate of Oman
- The Professor Supervisor – Prof. Dr. Latifa Ben Arfa Rabai– Universite de Tunis, Institut Superieur de Gestion de Tunis, SMART Laboratory
Democratic Arab Center
Journal of Media Studies : Twenty-third Issue – May 2023
A Periodical International Journal published by the “Democratic Arab Center” Germany – Berlin
:To download the pdf version of the research papers, please visit the following link
Abstract
The study aimed to identify the effectiveness of modern strategies for information security and the protection of the digital identity of individuals in the Sultanate of Oman. It used the descriptive approach in the sampling survey method as a tool for data collection, The sample consisted of (130) individual from theemployee of the Omani government departments, Show results: that the arithmetic averages for (the reality of protecting individuals in the government information departments in the Sultanate of Oman from the point of view of the employees of the information departments) ranged between (3.48-3.83), where the reality got a total arithmetic mean (3 .63), which is from the intermediate level, and Paragraph No. (12) obtained the highest arithmetic mean, reaching (3.73), with a standard deviation of (0.94), which is from the high level, and the paragraph stipulates (the employee who violates Information security procedures in government information departments in the Sultanate of Oman), and in the second place came paragraph No. (11) with an arithmetic mean of (3.69) and a standard deviation of (0.88), which is from the high level, where we mean the paragraph on (employees are required not to disclose security and control measures).
Introduction:
In today’s digital age, information security has become an essential aspect of our lives. With an increasing amount of personal and sensitive data being stored and transmitted online, it has become crucial to protect individuals’ digital identities from various forms of cyber attacks. To achieve this, modern strategies have been developed that focus on securing networks, systems, and data to prevent unauthorized access and ensure confidentiality, integrity, and availability.
One of the key modern strategies for information security is the implementation of multi-factor authentication (MFA) systems. MFA involves using more than one method of verifying an individual’s identity before granting access to a system or data. This approach reduces the risk of a cyber attack by making it more difficult for hackers to gain unauthorized access. According to a study by Google, implementing MFA can prevent up to 99.9% of account takeover attacks.
Another strategy is the use of encryption technologies to protect sensitive data. Encryption involves converting data into a code that is unreadable without the appropriate decryption key. This helps to ensure that sensitive data remains confidential and cannot be accessed by unauthorized parties. Additionally, encryption can be used to secure communication channels, such as email or instant messaging, to prevent eavesdropping and ensure privacy.
Furthermore, implementing cybersecurity awareness training for employees is another essential strategy for protecting digital identities. This involves educating employees on how to identify and avoid potential cyber threats, such as phishing scams and social engineering attacks. By providing employees with the knowledge and skills needed to recognize and respond to cyber threats, organizations can significantly reduce the risk of cyber attacks.([1]).
In conclusion, protecting digital identities is a critical aspect of information security in the modern era. Implementing strategies such as MFA, encryption, and cybersecurity awareness training can significantly reduce the risk of cyber attacks and ensure the confidentiality, integrity, and availability of sensitive data. ([2])
Research Problem:
Despite the availability of modern strategies for information security and protecting the digital identity of individuals, cyber attacks continue to be a significant threat to personal and sensitive data. What are the factors that hinder the adoption and implementation of these strategies, and how can they be addressed to improve information security?
Several studies have highlighted the challenges faced in implementing modern strategies for information security. A study by the Ponemon Institute found that the biggest barrier to implementing strong authentication methods is the cost and complexity of implementation. Another study by Microsoft found that despite the availability of encryption technologies, only 40% of companies use them to protect sensitive data.
Furthermore, there is a lack of cybersecurity awareness among individuals and organizations, which leaves them vulnerable to cyber attacks. A study by the University of Phoenix found that nearly half of the respondents were not aware of the risks associated with sharing personal information online. ([3])
Therefore, there is a need for research to identify the factors that hinder the adoption and implementation of modern strategies for information security and protecting the digital identity of individuals. Such research can help identify the barriers to implementation and provide recommendations to address these challenges. By addressing these challenges, individuals and organizations can better protect their digital identities and sensitive data.
The importance of studying:
Firstly, the increasing reliance on digital technology has resulted in a significant amount of personal and sensitive data being stored and transmitted online. This data includes personal information, financial information, and intellectual property, among others. The loss or unauthorized access to this data can have severe consequences, including financial losses, reputational damage, and legal repercussions. By studying modern strategies for information security, individuals and organizations can better protect their digital identities and sensitive data from various forms of cyber attacks.
Secondly, the threat of cyber attacks is continually evolving, and cybercriminals are becoming increasingly sophisticated in their methods. Therefore, it is essential to stay up-to-date with the latest strategies and technologies to combat these threats effectively. Studying modern strategies for information security can help individuals and organizations keep up with the latest trends in cybersecurity and develop effective security measures to mitigate these threats.
Finally, with the increasing number of cyber attacks and data breaches, there is a growing demand for cybersecurity professionals. Studying modern strategies for information security can provide individuals with the skills and knowledge required to pursue a career in this field. As organizations place greater emphasis on cybersecurity, there is a need for professionals who can develop and implement effective information security strategies.
Studying modern strategies for information security and protecting the digital identity of individuals is critical in today’s digital age for several reasons:
- Protecting Sensitive Data: The increasing reliance on digital technology has resulted in a significant amount of personal and sensitive data being stored and transmitted online. Studying modern strategies for information security can help individuals and organizations better protect their digital identities and sensitive data from various forms of cyber attacks.
- Keeping Up with Evolving Threats: The threat of cyber attacks is continually evolving, and cybercriminals are becoming increasingly sophisticated in their methods. Therefore, it is essential to stay up-to-date with the latest strategies and technologies to combat these threats effectively. Studying modern strategies for information security can help individuals and organizations keep up with the latest trends in cybersecurity and develop effective security measures to mitigate these threats.
- Meeting Career Demands: With the increasing number of cyber attacks and data breaches, there is a growing demand for cybersecurity professionals. Studying modern strategies for information security can provide individuals with the skills and knowledge required to pursue a career in this field. As organizations place greater emphasis on cybersecurity, there is a need for professionals who can develop and implement effective information security strategies.
- Mitigating the Consequences of Cyber Attacks: The loss or unauthorized access to sensitive data can have severe consequences, including financial losses, reputational damage, and legal repercussions. Studying modern strategies for information security can help individuals and organizations develop effective security measures to mitigate the risks of cyber attacks and minimize the potential consequences
- Enhancing Compliance with Regulations: Many countries have enacted laws and regulations that require individuals and organizations to protect sensitive data adequately. Studying modern strategies for information security can help individuals and organizations understand these regulations and develop compliance strategies to avoid legal penalties
The research objectives:
Based on the research problem presented earlier, the following are potential research objectives that can be used to guide a study on modern strategies for information security and protecting the digital identity of individuals:
- To identify the current state of adoption and implementation of modern information security strategies among individuals and organizations.
- To explore the factors that hinder the adoption and implementation of modern information security strategies, including cost, complexity, and lack of cybersecurity awareness.
- To examine the effectiveness of modern information security strategies, such as multi-factor authentication, encryption, and identity and access management.
- To assess the impact of cyber attacks on individuals and organizations, including financial losses, reputational damage.
- To provide recommendations for improving the adoption and implementation of modern information security strategies, including strategies for addressing cost and complexity barriers, increasing cybersecurity awareness, and developing effective security measures.
Study Approach:
In presenting this study, we relied on the descriptive approach in the first place, considering that a better understanding of the phenomena requires placing them in their temporal and spatial surroundings and analyzing the various phenomena related to the subject of the study.
Terminology of study:
- Information security: refers to the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves implementing various technologies, processes, and policies to ensure that information is secure and only accessible to authorized users. The goal of information security is to protect the confidentiality, integrity, and availability of information.([4])
- Digital identity: refers to the digital representation of an individual’s identity. It includes all the personal information associated with an individual, such as their name, address, phone number, date of birth, social security number, and other personally identifiable information. Digital identity can also include other digital attributes, such as usernames, passwords, and biometric data, that are used to authenticate individuals online.
- Study Approach: In presenting this study, we relied on the descriptive approach in the first place, considering that a better understanding of the phenomena requires placing them in their temporal and spatial surroundings and analyzing the various phenomena related to the subject of the study.
- Information security: refers to the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves implementing various technologies, processes, and policies to ensure that information is secure and only accessible to authorized users. The goal of information security is to protect the confidentiality, integrity, and availability of information.
- Digital identity: refers to the digital representation of an individual’s identity. It includes all the personal information associated with an individual, such as their name, address, phone number, date of birth, social security number, and other personally identifiable information. Digital identity can also include other digital attributes, such as usernames, passwords, and biometric data, that are used to authenticate individuals online.
Theoretical framework:
The first axis: information security .The concept of information security:
Information security can be defined as a term used in the processing and transfer of data through computer technology. Information security is the group of businesses necessary to secure information and manage the risks associated with the use, processing, storage and transfer of information in addition to securing the systems and devices used and the procedures necessary to secure them. The term information security It includes the protection of information from loss or modification and ensures the availability of information. It also depends on the appropriate techniques and devices, as well as administrative procedures. Although this term has emerged in the field of digital or other information, no specific definition of information security has been reached, and there are attempts by some jurists to clarify the concept of information security.([5])
It is to maintain the confidentiality and integrity of information in the stages of processing, transmission and preservation. This is achieved through the actual application of security policies and through the promotion of awareness, learning and training.([6])
Defining information security from an academic perspective: It is the science that examines theories and strategies for providing protection for information from risks and from attacking it, and working to liberate the means, tools and procedures that must be provided to protect information from Notifications during trading to prevent information from reaching the hands of unauthorized persons through communications to ensure its authenticity.
Information security from a technical perspective: It is the means, tools and procedures that must be provided to ensure the protection of information from internal and external dangers.
Information security from a legal perspective: It is the field of studies and measures to protect the confidentiality and integrity of the content and availability of information and combating the activities of attacking it or the independence of its systems in committing the crime.
Judicial cyber security: It is the set of rules set by security in any place, which must be adhered to by all persons who can access it. In addition, it is only one of the components of security in society in general, and it is the main pillar for achieving confidence in the growth and prosperity of the information society. That is why cybersecurity has risen to the first ranks in the interests of public policy makers at the international, regional and local levels, whether in terms of individuals or groups, especially in the commercial, financial and governmental fields. Most developed countries have tended to adopt preventive and defensive policies against cyberattacks and the stability of space. The cyber.
The importance of information security strategy:
The importance of information security and protection lies in the fact that it is used by multiple parties, as it is used by companies, banks, individuals, and countries, because each of these parties has its own privacy that seeks to preserve it against penetration, and what is remarkable is that all of these parties are vulnerable to penetration and may be a target. For one of them ([7]), and this can be justified that the goal of each party is to achieve profit and avoid loss, and information is the cornerstone between gain or loss ([8]),and may determine the fate of banks, companies and individuals and may play an important role in the failure of some And another rise, so the process of protecting information became a concern for its owners, especially after the spread of virus programs and the multiplicity of spying methods, and the role of some was limited to dealing with security companies with the aim of developing a guaranteed anti-virus mechanism, but this method is not comprehensive because it is positioned as a means of protection.([9])
Information security components:
There are several components of information security that can be highlighted as follows Software protection: It is the protection associated with programs and computers from hacking. Programs associated with programs and computers can be used against hacking. Programs related to hacking can be used, and they must be reorganized and developed continuously.([10])
- Physical protection, which represents the protection of buildings, property and sources associated with information, and thus must be protected and preserved from illegal access.
- Protection related to individuals: which are the groups and individuals who have the right to access information, and thus their skills and experience must be improved, by involving them in specialized training courses.
Basic principles of information security:
There are several basic principles of information security, which can be summarized as follows:([11])
- Confidentiality: It is the secure system that guarantees confidentiality and privacy in order to access data, and thus access to this data is only for its owners.
- Integrity and Complementarity: It means that the system provides security and integrity for shameful information, and protects data from sabotage and deletion.
- Availability and Availability: This is the feature that guarantees users’ access to their information away from delay.
Basic principles of information security:
The main objectives of information security and risk management:
There are several objectives of information security management, which can be summarized as follows:([12])
- The ability to access information and discover unauthorized activities. – Physical environmental security, which represents the guarantee against unauthorized access to the information system or physical damage to it The safety of employees through reducing security incidents and reducing human errors, theft or misuse. Organizing security, through maintaining and managing information security within the company.
- Developing and maintaining the system, which is the process of protecting the company’s assets and fortifying its buildings in all aspects of its information technology systems, programs and data.
The basic elements of an information system:
- The purposes of research and strategies of information security means is to ensure the provision of the following elements of any information.
- Confidentiality or reliability: ensuring that information is not disclosed.
- Complementarity and integrity of the content: Ensure the integrity of the content and the correctness of the information and that it has not been modified or tampered with.
- Continuity of providing information: Ensuring the continuity of the work of the information system and the ability to interact with the information and services of the site.
- Non-denial of the luxury associated with the information: It is the guarantee that the person who has acted in connection with the information will not deny it.
- Access control: defining policies, procedures, and powers, and defining areas of use. ([13])
Information security and protection requirements:
The importance of information varies in terms of levels of security, and it should be noted the need to put in place a protection system that reduces as much as possible the possibility of information disclosure and manipulation, according to the level of importance of the information, and the most prominent of what is known.([14])
Maintaining databases, controlling the security of networks against infringement, as well as paying attention to protecting information security from the beginning of use, and all safe measures must be taken to protect computers from the very beginning of operating the information system.[15]
Information security at the level of individuals:
If the right to obtain information is the basis for transparency, ensuring public participation and effective oversight of power, then privacy in general and privacy of information in particular is the head of the whole matter, in terms of freedom, democracy and the means of individuals to prevent the penetration of information technology and the control of its masters over the private life of individuals and This is only because confidential information and documents that carry the secrets of others and their privacy are safeguarded and preserved, and precautions must be taken for them, and practical controls should be put in place to preserve them.
Types of information security:
- Natural security of information systems: By talking about the physical or material security of information systems, it means protecting and securing the building against disasters and risks, securing the devices and various equipment, the assets of the facility, software, containers and media for storing information, and the personnel working in the department. All these things and all the property of the establishment should be secured against the dangers that threaten and surround it as a result of the various circumstances and the need to create a suitable atmosphere for work in the information centers by providing stable electrical energy, safe telephone communications, air conditioning, and distancing from dust and crowding…etc. Environmental factors that will be mentioned later.([16]).
- Technical security: Technical security or electronic control is to secure software from errors or loss Some information by designing programs in a way that ensures that inappropriate or wrong data is not entered and the electronic alert. It is a technical aspect that guarantees the safety of information or alerts the user through voice, optical or read messages, and this technical aspect. Depends on the competence of designers and programmers. Also, there is a monitoring file that records all system events on a tape as a reference in cases of system shutdowns.([17])
Information security components:
The protection of information in all its aspects is very important:
- Identity verification: it is to verify the identity of the person that he is concerned and not another person, or it is to ensure that the user of the system is who he claims to be that user to ensure that the information is in its correct destination and launches authentication boxes that guarantee that the two parties are actually people concerned.
- Access control: It is the control of access to the available resources and comes from the network and not all resources. The access control list is specified for the important resources in the network, and this list identifies only the people who are authorized to use it.
- Confidentiality: Preserving information from access to it. Confidentiality depends on several methods, the most important of which is encryption through complex mathematical algorithms.
- Integrity and integrity of the information: Ensure that the content of the information is correct and has not been modified, deleted or added to it. It may be subject to change even though it is encrypted. This is important to ensure confidence in the information. It means the integrity and integrity of the information.
Challenges facing information security:
- E-commerce requirements.
- Increased attacks on information security.
- Immature information security products.
- The significant shortage of information security personnel
- Government legislation.
The main obstacles to information security and protection:
Technological progress contributed greatly to the spread of information, and its circulation became less time and effort, and it is no secret that this development was reflected in the security and protection of information, due to the dilemmas that accompany the movement of technical progress, especially in the commercial banking sector (Al-Atiwi, 2010), so information became vulnerable to theft, vandalism and change Among the most prominent of these obstacles that stand in the way of the security and confidentiality of information are: ([18])
- The overlapping of the information technology work mechanism (Kandilji, 2005), which includes databases and software, and information technology in its advanced form due to the rapid progress in it, such as computers and their various types, especially with their employment of the Internet and benefiting from local and global networks, and it has become working in a participatory way used as a means of communication Mainly with customers, and the danger here lies in the fact that information technology tools have become insecure in an accurate way, so that it keeps them away from theft, vandalism, and unacceptable use. If these methods are used, banks and companies that rely on information technology will suffer heavy losses.
- Technical obstacles (Al-Najjar, 2006) and these are considered among the wide-ranging obstacles, especially in the banking sector, as banks often lack a scarcity of qualified employees in the field of information systems, and most of them may suffice with the applied theories that were acquired during their enrollment in previous disciplines and rely on them, so it is necessary to Developing the level of job performance of employees by enrolling them in training programs that keep pace with the movement and developments of information systems security.
- Cultural obstacles (Al-Sheikh, 2004) Here it is necessary for employees to acquire cultural levels related to the nature of their work in terms of the presence and possession of employees of an organized cultural stock that is able to follow up on developments and the ability to innovate and create through the applied side in their field of work and not to finish at a certain stage, but they have to Continue research and keep up with the update because this is reflected in the nature of work outputs in banks.
- Security obstacles (Kazemi, 2012): (This is one of the most prominent and deepest obstacles to information security, because security policies refer to the technical standards and procedures that must be used in order to protect information from accessing it without permission and authorization from its owners, and the danger lies in this regard, which is centered About the impossibility of controlling the confidentiality of information in a definitive manner, especially since the possibility of using personal data for people is available without their knowledge and by various means, especially if it comes to using programs that carry viruses or other means that fall under the so-called electronic crimes.
The second axis: digital identity
- Presentation of privacy: We do not need to highlight the interest represented by the privacy of public figures in contemporary societies. Satisfying the curiosity of those who follow the lives of public figures has become the main engine that feeds newspapers looking for excitement, which in turn led to the expansion of the field of publicity, or in other words, the profitability of what has become public. More than a century ago, with the advent of the photographic image in the press and its industrial development, the principle of publicity in democratic societies extended from the behavior of public affairs to the conduct of private affairs of public figures, to reach today the private life of ordinary people, just as the press has sought since the beginning of the twentieth century to arouse the emotion of The audience towards humanitarian and local issues, thus announcing the emergence of journalistic stories that focus on the humanitarian aspects.([19])
- Privacy, a freedom that is difficult to protect: The concept of privacy differed according to eras, institutions and individuals, as privacy is not a fixed natural fact and its borders are constantly being redefined. Aristotle was able to distinguish classically between the public sphere (the city) and the private sphere ( house), with the background of the idea that the public sphere will be the castle of freedom while the private sphere will represent the kingdom of necessity, however, in the modern era the private sphere provides new functions linked to its value, in the private sphere, specifically within the family, and in isolation from social pressure n freedoms are built And the individual can build his personality, as the gradual disintegration between the private sphere and the public sphere in the nineteenth century led to the recognition that the family is the protective refuge from society as it constitutes a barrier between the self and the outside world, and thus the wall of privacy forms strict borders with spaces The other, which generates some restrictions, but provides a new freedom.([20])
- A life under surveillance: Geolocation and video surveillance devices have become commonplace, and digital communication devices are constantly invading our diaries, which has contributed to the explosion of our digital social practices. Today, we are increasingly accustomed to seeing our actions recorded as we used to live under surveillance. Monitoring continuously, one can notice that efforts are all combined to make surveillance and tracking acceptable and even desirable, for security requirements (unethical pest control and combating Terrorism…) the rationalization of personnel management in all fields (improving management and personalizing services…), and the search feature for coexistence, personal comfort, keeping in touch, exchanging experiences and determining the location.([21])
- Digital literacy Digital management of digital reputation management: The evolution of digital social and ethical practices raises the concern of privacy advocates who fight for the generalization of sound digital education as a reaction to the dismantling of the wall of privacy, based on the premise that in our modern societies we are forced to be visible on the Internet The Internet, just as we cannot leave our traces through the network, but this proposition is not considered an incitement to emigrate to the digital world, but rather an enhancement of private life as one of the aspects of combating digital illiteracy.
- Presenting oneself and the new digital divide: It seems necessary, in my endeavor to overcome the challenges of privacy, to assert privacy bypassing many. Cyberspace, based on the interests of large commercial companies conscious of improving their digital reputation.
Aspects of technical protection for electronic documents: The technical protection of electronic documents means the technical measures that work to protect the database related to the electronic document from being attacked, which necessitated the provision of legal protection to maintain the security of information, so technical solutions were found through the use of encryption technology and digital signature.
First: the digital signature.
It is one of the most important types of electronic signature due to its ability to reveal the identity of the contracting parties, and it is also considered a source of trust and safety as it works to protect the content of the electronic document, as a third party intervenes to issue the electronic certification certificate. It is also a set of data or information related to another data system or system format in the form of a code called the descriptive signature.
Second: encryption.
It is one of the ways to secure data and ensure the exchange of messages as it was edited by the parties. It is used during the stages of concluding a contract. It extends from the expression of management to the end of the contract, as it is one of the most important means that have proven its worth in providing the necessary security and confidentiality in the digital environment. It is also an algorithm-based technology. Intelligent mathematics allows whoever has a secret key to convert a readable message and use the secret key to decode and restore the message to its original state.
Through this study, it was found that the project recognizes electronic documents within the evidence, along with paper documents, provided that the technical requirements referred to in the rules related to the safety of the electronic document are met and signed electronically.([22])
Building the questionnaire:
Questionnaire Parts: The questionnaire consists of:
The first part, and this part included the characteristics and characteristics of the sample, as this part was devoted to knowing the demographic data of the sample, and this data was represented in (education, years of experience, employer, gender).
The second part. This part contained:
- The first axis. In the second part, it included the reality of modern strategies for information security in government departments.
- The second axis. Mechanisms for protecting the digital identity of individuals inside the Sultanate of Oman.
- The third axis: the difficulties facing workers in information departments in order to protect information.
research results:
- Resolution scale: The variable can be measured using an ordinal scale, that is, by finding a kind of arrangement for the degrees of strength or importance of that variable.
Table (1) shows the five-year gradient to strongly agree
Pentagonal Gradient | S | |||||
Strongly Disagree | I Do Not Agree | Neutral | Agree | Strongly Agree | Phrase | 1 |
1 | 2 | 3 | 4 | 5 | The Value | 2 |
- In order to clarify the psychometric characteristics of the questionnaire, the following can be clarified:
- The validity of the questionnaire: The research is considered valid to the degree in which the observed results or variables that occur on the dependent variable result only from controlling the independent variable, so that it can be generalized.
- Structural validity: It is important to know the constructive validity of the questionnaire in order to ensure knowing the extent to which the study axes relate to each other, and to know the extent to which the study axes relate to the total score of the questionnaire.
Table (2) the correlation coefficient between the sub-axes of the questionnaire, as well as between the sub-axes and the total score:
Total marks | Third axis | The second axis | The first axis | S |
0.73* | 0.72* | 65.** | 1 | The first axis |
0.96 ** | 0.75** | 1 | 0.65 ** | The second axis |
0.81** | 1 | 0.75** | 0.72 ** | Third axis |
1 | 0.81** | 0.96 ** | 0.73* | Total marks |
- The validity of the internal consistency: To demonstrate the internal validity of the questionnaire, the Pearson correlation coefficient was calculated between each of the paragraphs and its axis to indicate the extent of the correlation and the significance of the consistency.
Table (3) indicates the extent of the strong correlation between the questionnaire axes to each other, and between the questionnaire axes and the total score for it.
The Third axis |
Phrase
|
The second axis |
Phrase
|
The first axis |
Phrase
|
0.55 | 1 | 0.43 | 1 | 0.92 | 1 |
0.67 | 2 | 0.77 | 2 | 0.86 | 2 |
0.81 | 3 | 0.72 | 3 | 0.59 | 3 |
0.79 | 4 | 0.81 | 4 | 0.71 | 4 |
0.68 | 5 | 0.53 | 5 | 0.62 | 5 |
0.77 | 6 | 0.86 | 6 | 0.55 | 6 |
0.69 | 7 | 0.90 | 7 | 0.46 | 7 |
- The stability of the questionnaire: The stability of the questionnaire was also verified by using Cronbach’s alpha stability coefficient to verify the stability of the study tool, where the stability was calculated for each of the axes of the study tool, and the overall stability of the study tool was calculated. Table (4) shows the stability coefficient:
Table (4) the stability of the study tool (questionnaire).
Alpha coefficient | Number of phrases | The main axes |
0.73 | 7 | The first axis |
0.81 | 7 | The second axis |
0.89 | 7 | Third axis |
0.90 | 21 | Total marks |
- The first question: What is the reality of information security from the point of view of employees?
To answer the first question, the arithmetic means and standard deviations were extracted to identify the responses of the sample of the study about the reality of information security from the point of view of workers in government information departments in the Sultanate of Oman, and Table (5) illustrates this:
Table (5) Arithmetic means and standard deviations of the responses of the sample of the study on the items “The reality of information security from the viewpoint of workers in government information departments in the Sultanate of Oman
N | The axis | SMA | standard deviation | The level |
4 | Computer systems and networks procedures | 3.73 | 0.64 | High |
5 | Control access to information systems | 3.68 | 0.75 | High |
1 | Infrastructure security | 3.61 | 0.62 | Middle |
3 | Electronic data protection | 3.49 | 0.85 | Middle |
2 | Information security policy | 3.32 | 0.82 | Middle |
6 | arithmetic general mean | 3.57 | 0.62 | Middle |
The data in the previous table indicates the following:
- that the arithmetic averages for (the reality of information security from the point of view of workers in government information departments in the Sultanate of Oman) ranged between (3.32-3.73), where the reality obtained a total arithmetic average of (3. 57), with a standard deviation of (0.64), which is from the high level, and the axis was represented in (procedures of computer systems and networks in the library), and in the second place came axis No. (5) with an arithmetic mean of (3.68) and a standard deviation of (0.68). 75) It is from the high level, as it represents the axis in controlling access to information systems).
- And in the last rank, axis No. (2), with an arithmetic mean (3.32) with a standard deviation (0.75), which is from the average level, as the axis stipulates (information security policy).This explains that the reality of information security is medium level from the point of view of workers in government information departments in the Sultanate of Oman.
- In order to identify the arithmetic means and standard deviations of the sub-paragraphs for each of the sub-axes of information security, the arithmetic means and standard deviations were calculated, and the following are the results:
- The reality of infrastructure security: Arithmetic means and standard deviations were extracted for the responses of the study sample to identify the level of infrastructure security from the point of view of workers in government information departments in the Sultanate of Oman, which is represented in each of (physical security, personnel protection, and software security). The following are these results:
- The reality of physical security: Arithmetic means and standard deviations were extracted to identify the level of physical security reality in government information departments in the Sultanate of Oman. Table (6) shows this: Schedule (6) Arithmetic means and standard deviations of the responses of the sample of the study on the paragraphs “The reality of physical security in government information departments in the Sultanate of Oman”.
Table (6) the reality of physical security in government information departments in the Sultanate of Oman)
3- N | The axis | SMA | standard deviation | The level |
4 | Fire detection and alarm devices are available if it occurs | 4.08 | 0.98 | High |
8 | A non-competent employee is prohibited from making any material modification to the equipment. | 3.98 | 0.98 | High |
2 | All power and communication cables that transmit data are protected from tampering or damage | 3.68 | 1.16 | High |
5 | Entrances and exits are secured with electronic alarms | 3.50 | 1.24 | Middle |
7 | There is continuous maintenance of the equipment in a way that guarantees the continuity of its work. | 3.48 | 1.08 | Middle |
The data in the previous table indicates the following:
- that the arithmetic means for (the reality of physical security in government information departments in the Sultanate of Oman) ranged between (3.20-4.08), where the reality got a total arithmetic mean of (3.57), It is from the intermediate level, and Paragraph No. (4) obtained the highest arithmetic average, which reached (4.08), and with a standard deviation (0.98), which is from the high level. The second came Paragraph No. (8) with an arithmetic mean of (3.93) and a standard deviation of (0.98), which is from the high level, as the paragraph was reduced to (the non-competent employee is prohibited from making any material modification to the equipment).
- The last rank came in Paragraph No. (1) with an arithmetic mean of (3.20) and a standard deviation of (1.43), which is from the average level of Paragraph (There is a reserve source of electricity within the government information departments in the Sultanate of Oman).
B- The reality of protecting individuals:
- Arithmetic means and standard deviations were extracted to identify the level of protection of individuals in government information departments in the Sultanate of Oman. Table (7) shows this: Schedule (7)
- Arithmetic means and standard deviations of the study sample’s responses to the items “The reality of protecting individuals in government information departments in the Sultanate of Oman”.
table (7) Arithmetic means and standard deviations of the study sample’s responses to the items “The reality of protecting individuals in government information departments in the Sultanate of Oman”
The axis | SMA | standard deviation | The level |
An employee who violates information security measures will be held accountable | 3.08 | 0.95 | High |
Define the employee’s responsibilities for the information | 3.98 | 0.98 | High |
Recording incidents related to information security within government departments | 3.60 | 1.22 | Middle |
It is required not to disclose the digital identity of the workers | 3.53 | 1.07 | Middle |
The data in the previous table indicates the following:
- that the arithmetic averages for (the reality of protecting individuals in the government information departments in the Sultanate of Oman from the point of view of the employees of the information departments) ranged between (3.48-3.83), where the reality got a total arithmetic mean (3 .63), which is from the intermediate level, and Paragraph No. (12) obtained the highest arithmetic mean, reaching (3.73), with a standard deviation of (0.94), which is from the high level, and the paragraph stipulates (the employee who violates Information security procedures in government information departments in the Sultanate of Oman), and in the second place came paragraph No. (11) with an arithmetic mean of (3.69) and a standard deviation of (0.88), which is from the high level, where we mean the paragraph on (employees are required not to disclose security and control measures).
- And in the last rank came paragraph No. (9) with an arithmetic mean (3.48) and a standard deviation (1.06), which is from the average level where the paragraph was active (on users are followed up and incidents related to information security are recorded within the government information departments in the Sultanate of Oman).
- The reality of software security:
Arithmetic means and standard deviations were extracted to identify the reality level of software security in government information departments in the Sultanate of Oman. Table (8) shows this:
table (8) Arithmetic means and standard deviations of the responses of the sample of the study on the items “The reality of software security in government information departments in the Sultanate of Oman”
N | The axis | SMA | standard deviation | The level |
13 | The entered data is validated | 4.00 | 0.78 | High |
17 | The system is protected by antivirus software | 3.87 | 0.85 | High |
19 | All antivirus, hacking and spyware programs are reliable and licensed | 3.79 | 0.88 | High |
20 | Antivirus, hacking and infiltration software is constantly being updated | 3.61 | 1.05 | Middle |
14 | Encryption mechanisms are used to protect data | 3.57 | 0.92 | Middle |
16 | Standards are available for accepting new or modified systems and conducting tests on them before accepting them | 3.52 | 0.98 | Middle |
18 | Intrusion and intrusion tracking software is available. | 3.38 | 1.00 | Middle |
15 | Instructions are available to ensure that the encryption process is carried out in a secure manner. | 3.37 | 0.93 | Middle |
Arithmetic General Mean | 3.63 | 0.78 | High |
The data in the previous table indicates the following:
- that the arithmetic averages for (the reality of software security in the government information departments in the Sultanate of Oman from the point of view of the employees of the information departments) ranged between (3.37-4.00), where the reality got a total arithmetic average of (3 .63) It is from the intermediate level, and Paragraph No. (13) has the highest arithmetic average, reaching (4.00), with a standard deviation (0.78), which is from the high level, and the paragraph stipulates (the validity of the data is verified Input), and in the second place came Paragraph No. (17) with an arithmetic mean of (3.87) and a standard deviation of (0.85), which is from the high level as the paragraph stipulates (the system is protected by anti-virus software).
- And in the last place came Paragraph No. (15) with an arithmetic mean (3.37) and a standard deviation (0.93), which is from the high level, as the paragraph stipulates (instructions are available that include procedures for the encryption process in a safe way).
2-The reality of information security policy:
Arithmetic means and standard deviations were extracted to identify the level of reality of the information security policy in government information departments in the Sultanate of Oman. Table (9) shows this:
Table (9) Arithmetic means and standard deviations of the responses of the sample of the study on the paragraphs “The reality of information security policy in government information departments in Q.
The axis | SMA | standard deviation | The level |
This policy defines the responsibilities and powers, such as the power to prevent the user from accessing the network | 3.56 | 0.88 | Middle |
A written and approved information security policy is available | 3.33 | 1.06 | Middle |
This policy includes risk prevention measures. | 3.29 | 0.90 | Middle |
It is required not to disclose the digital identity of the workers | 3.27 | 0.96 | Middle |
The information security policy is discussed and developed periodically. | 3.14 | 1.08 | Middle |
Arithmetic General Mean | 3.32 | 0.82 | Middle |
The data in the previous table indicates the following:
- that the arithmetic averages for (the reality of the information security policy in the government information departments in the Sultanate of Oman from the point of view of the employees of the information departments) ranged between (3.14-3.56), where the reality got a total arithmetic average (3.32), which is from the intermediate level, and Paragraph No. (22) obtained the highest arithmetic mean, which reached (3.56), with a standard deviation of (0.88), which is from the average level, and the paragraph stipulated (this defines Policy responsibilities and powers such as the power to prevent the user from entering the network), and in the second place came Paragraph No. (21) with an arithmetic mean of (3.33) and a standard deviation of (1.06), which is from the average level, as the paragraph stipulates (available in information departments The government in the Sultanate of Oman has a written and multiple policy for information security).
- And in the last place came paragraph No. (25) with an arithmetic mean (3.14) and a standard deviation (1.08), which is from the average level, as the paragraph stipulates (the development of the information security policy is discussed periodically).
- The reality of electronic data protection in government information departments in the Sultanate of Oman: Arithmetic means and variance deviations were extracted to identify the level of reality of electronic data protection in government information departments in the Sultanate of Oman. Table (10) shows this:
Table (10) Arithmetic means and standard deviations of the responses of the sample of the study on the paragraphs “The reality of electronic data protection in government information departments in the Sultanate of Oman”.
5- N | The axis | SMA | standard deviation | The level |
26 | Backup service is available to protect the data on the computer | 3.65 | 1.09 | Middle |
30 | Electronic data media shall be stored in secure external locations | 3.61 | 0.99 | Middle |
29 | Backups are classified according to the time period in which the copying process takes place to facilitate reference. | 3.55 | 1.02 | Middle |
27 | The backup process is monitored to ensure that it is done correctly. | 3.51 | 1.06 | Middle |
28 | When the information stored on the backup means is confidential, it is encrypted according to the policy followed for that. | 3.35 | 1.02 | Middle |
31 | Backup storage media are destroyed in a safe manner when reused. | 3.29 | 0.93 | Middle |
Arithmetic General Mean | 3.94 | 0.85 | Middle |
The data in the previous table indicates the following:
- It is clear from Table (10) that the arithmetic averages for (the reality of electronic data protection in government information departments in the Sultanate of Oman from the point of view of employees in information departments) ranged between (3.29-3.65), where the reality got an arithmetic average The total is (3.49), which is from the average level, and Paragraph No. (26) has the highest arithmetic average, reaching (3.65), with a standard deviation (1.09), which is from the average level, and the paragraph stipulates (available In the government information departments in the Sultanate of Oman, backup service to protect the data on the computer). (Electronic data media shall be stored in a secure external location).
- And in the last place came paragraph No. (31) with an arithmetic mean (3.29) and a standard deviation (0.93), which is from the average level, as the paragraph stipulates (the backup storage media is destroyed in a safe way when reused).
- The reality of procedures for protecting computer systems and networks in the library Arithmetic means and standard deviations were extracted to identify the level of reality of computer systems and networks protection measures in the government information departments in the Sultanate of Oman. Table (11) shows this:
Table (11) Arithmetic means and standard deviations of the responses of the study sample on the paragraphs “The reality of procedures for protecting computer systems and networks in government information departments in the Sultanate of Oman.”
N | The axis | SMA | standard deviation | The level |
33 | Passwords are set to enter the network and are given to authorized persons | 4.08 | 0.78 | High |
37 | Approval is taken before modification to the devices and protection programs | 3.87 | 0.85 | High |
34 | There are devices that support the protection of the internal network, such as intrusion detection and prevention systems, firewalls, and others | 3.80 | 0.86 | High |
35 | The settings of the devices on the networks are adjusted to operate in a safe manner. | 3.79 | 0.95 | High |
32 | Operating systems are updated if necessary (hacked, defective security elements). | 3.68 | 0.88 | High |
40 | Errors occurring in information systems are recorded in reports, and actions taken to correct them are documented. | 3.68 | 1.05 | High |
39 | In the event of failure and interruption in business performance, there is a plan to return business to normal within a planned time frame | 3.61 | 0.97 | Middle |
36 | Periodic reports are submitted showing the security problems encountered on the network. | 3.45 | 0.86 | Middle |
Arithmetic General Mean | 3.73 | 0.64 | High |
The data in the previous table indicates the following:
- that the arithmetic averages for (the reality of procedures for protecting computer systems and networks in government information departments in the Sultanate of Oman from the point of view of employees in information departments) ranged between (3.45-4.08), where the reality got an average My total arithmetic is (3.73), which is from the high level. Paragraph No. (33) has the highest arithmetic mean, which is (4.08), with a standard deviation of (0.78), which is from the high level. The paragraph stipulates ( Passwords are set to enter the network and are given to authorized persons). Modification of hardware and security software).
- And in the last place came paragraph No. (36) with an arithmetic mean (3.45) and a standard deviation (0.86), which is from the average level, as the paragraph stipulates (periodic reports are submitted explaining the security problems encountered on the network).
5- The reality of controlling access to information systems: Arithmetic means and standard deviations were extracted to identify the level of reality of access control of information systems in government information departments in the Sultanate of Oman, and table (12) shows this:
Table (12) Arithmetic means and standard deviations of the study sample’s responses to the items “The reality of access control of information systems in government information departments in the Sultanate of Oman”
N | The axis | SMA | standard deviation | The level |
41 | A set of powers is given to each user according to the administrative level | 4.04 | 0.95 | High |
46 | There are reports on the activities carried out by the user | 3.76 | 0.99 | High |
42 | Each user is given his own identity, as there are no general powers used by several people | 3.75 | 0.98 | High |
45 | The operation performed by the beneficiary is recorded after its execution. | 3.69 | 0.94 | High |
43 | User privileges are closed for information security reasons | 3.62 | 1.05 | High |
44 | There are periodic reviews of users’ powers to access information | 3.61 | 0.97 | Middle |
49 | Performance logs are used to save user activities for information security reasons | 3.61 | 0.99 | Middle |
48 | Some sensitive information systems are isolated in local and independent networks | 3.56 | 1.07 | Middle |
References:
- Al-Nimr, Raed Muhammad Falih. (2019). Protecting the privacy of social media users in light of the legislation in the Kingdom of Bahrain. Refereed International Forum: Privacy in the Information Society, Tripoli, Scientific Research Generation Center, p. 89.
- Abu Dheeb, Qutayba Ahed Muslim, and Al-Mashaqbeh, Muhammad Nasir Musa Hamdan. (2019) The extent to which commitment to accounting information security and protection policies in Jordanian commercial banks (Master’s thesis) Al al-Bayt University. Mafraq.24
- Abdel-Razek, Sahwa Salah, and Ibrahim, Khaled Ahmed. (2017). Strategic planning for information security (unpublished master’s thesis). Omdurman University. p.18
- Abu Bakr Al-Montaser, Faraj Abdel-Qader Ahmed (2015) The impact of management information systems security on the performance of electronic government: an applied study on the Libyan Ministry of Higher Education (PhD thesis) Omdurman Islamic University, Omdurman. 23.
- Ahmed, Al-Rifai Al-Tayeb Haj Al-Imam, and Ali, Amira Muhammad Al-Nama (2012) The impact of information security management on the protection of banking information by applying it to the Sudanese banking system: a case study of Omdurman National Bank and Faisal Islamic Bank of Sudan (PhD thesis) Omdurman Islamic University, Um Derman. 46
- Ali, Prince Khairallah Al-Amin, and Othman, Seif El-Din Fattouh. (2004). Information security and safety (unpublished master’s thesis). Omdurman Islamic University, Omdurman, pg. 4
- Abu Bakr, Abu Bakr Almontaser, Faraj, Abdulqader, Ahmed (2015) The impact of management information systems security on the performance of electronic government: an applied study on the Libyan Ministry of Higher Education (PhD thesis) Omdurman Islamic University, Omdurman, p. 51
- Al-Arqan, Walaa Muhammad, and Operations, Nofan Hamid Muhammad. (2019). The Impact of Accounting Information Security Requirements on the Quality of Accounting Statements in Jordanian Commercial Banks (Unpublished Master’s Thesis) Al-Bayt Mafraq University, Mafraq, pg. 31
- Bouderbala, Abdelkader. (2016) Privacy Challenges via Facebook: Users Between Protecting Private Life and Freedom to Present Oneself. Journal of Human and Social Sciences, p. 27, 695-702, p. 696
- Hossam Mohamed Fahd (2016). And Nashrwan Nasser Hassan Taha. “The reality of information security from a university point of view in a university community in Jordanian universities and the difficulties they face.” Master’s thesis. The University of Jordan, Amman, p. 16.
- Hassan Mahmoud Shrim, Al-Hamamy, Alaa Hussein, and Al-Khafaji, Nima Abbas Khudair. (2013) The impact of information security strategy dimensions on the sustainability of competitive advantage in telecommunications companies (unpublished doctoral dissertation). Amman Arab University, Amman, pg. 32
- Khawalda, Loaig Al-Abouda, and Al-Abadi, Ibrahim Youssef Joivel, (2021). The impact of applying cloud accounting in reducing information security risks: a field study in Jordanian commercial banks (Master thesis), Jerash University, pg. 46
- Ponemon Institute. (2019). The 2019 State of Authentication Report: What We Know About Authentication, but Don’t Practice. https://www.yubico.com –
- Reconciliation, Hossam Muhammad Fahd, Taha, published by Ansar Hassan (2016). The reality of information security from the point of view of workers in the information departments in the libraries of Jordanian universities and the difficulties they face (Master thesis), University of Jordan, Amman.
- Microsoft. (2019). Global Encryption Trends Study https://www.microsoft.com.
- University of Phoenix. (2018). Cybersecurity Survey Report. https://www.phoenix.edu
- Muhammad Nashazli Siddik, and Awad Haj Ali Ahmed (2016). “Biopatches and their uses in information security: an applied case. Passwords as a means to identify users.” PhD thesis, Al-Neelain University, Khartoum, 2016. p. 25.
- Zarrouqi, Khadija (2021). Digital protection as a mechanism to activate the principle of equality between written and electronic evidence. Journal of Ijtihad for Legal and Economic Studies, vol. 10, p. 3, p. 303
[1] Muhammad Nashazli Siddik and Awad Haj Ali Ahmed (2016). Biometric models and their uses in information security: an applied case. Passwords as a means of identifying users. Unpublished PhD thesis, Khartoum: Al-Neelain University, pg. 25
[2] Al-Nimr, Raed Muhammad Falih. (2019). Protecting the privacy of social networking sites in light of the administration of the Kingdom of Bahrain. The International Refereed Forum: Privacy in the Information Society, Tripoli, Scientific Research Generation Center, p. 89.
[3] Hossam Mohamed Fahd (2016). And Nashrwan Nasser Hassan Taha. “The reality of information security from a university point of view in a university community in Jordanian universities and the difficulties they face.” Master’s thesis. The University of Jordan, Amman, p. 16.
[4] Hossam Mohamed Fahd (2016). And Nashrwan Nasser Hassan Taha. “The reality of information security from a university point of view in a university community in Jordanian universities and the difficulties they face.” Master’s thesis. The University of Jordan, Amman, p. 16.
[5] Abdel-Razek, Sahwa Salah, and Ibrahim, Khaled Ahmed. (2017). Strategic planning for information security (unpublished master’s thesis). Omdurman University. p. 17
[6] Hossam Mohamed Fahd (2016). And Nashrwan Nasser Hassan Taha. “The reality of information security from a university point of view in a university community in Jordanian universities and the difficulties they face.” Master’s thesis. The University of Jordan, Amman, p. 16.
[7] Ahmed, Al-Rifai Al-Tayeb Haj Al-Imam, and Ali, Amira Muhammad Al-Nama (2012) The impact of information security management on the protection of banking information by applying it to the Sudanese banking system: a case study of Omdurman National Bank and Faisal Islamic Bank of Sudan (PhD thesis) Omdurman Islamic University, Um Derman. p46
[8] Basic principles of information security: There are several basic principles of information security, which can be summarized as follows: Confidentiality: It is the secure system that guarantees confidentiality and privacy in order to access data, and thus access to this data is only for its owners.
[9] Abdel-Razek, Sahwa Salah, and Ibrahim, Khaled Ahmed. (2017). Strategic planning for information security (unpublished master’s thesis). Omdurman University. p. 19
[10] Khawalda, Loaig Al-Abouda, and Al-Abadi, Ibrahim Youssef Joivel, (2021). The impact of applying cloud accounting in reducing information security risks: a field study in Jordanian commercial banks (Master thesis), Jerash University, pg. 46
[11] Hassan Mahmoud Shrim, Al-Hamamy, Alaa Hussein, and Al-Khafaji, Nima Abbas Khudair. (2013) The impact of information security strategy dimensions on the sustainability of competitive advantage in telecommunications companies (unpublished doctoral dissertation). Amman Arab University, Amman, pg. 32
[12] Ahmed, Al-Rifa’i Al-Tayyib Haj Al-Imam, and Ali, Amira Muhammad Al-Nama (2012), a case study of Faisal Islamic Bank of Sudan (PhD thesis), Omdurman Islamic University, Durman. 46
[13] Abu Dheeb, Qutayba Ahed Muslim, and Al-Mashaqbeh, Muhammad Nasir Musa Hamdan. (2019) The extent to which commitment to accounting information security and protection policies in Jordanian commercial banks (Master’s thesis) Al al-Bayt University. Mafraq.24
[14] Abu Dheeb, Qutayba Ahed Muslim, and Mashaqabeh, Muhammad Nasir Musa Hamdan. (2019) A measure of commitment to policies to enhance financial information in the original commercial banks (Master’s thesis), Al al-Bayt University. Mafraq 24
[15] Al-Rufou’, Ibrahim Aqlah Khalil, and Al-Saadi, Abdul-Malik bin Abdul-Rahman. (2013) Information Security: Its Shari’a Foundation and Jurisprudential Rulings (PhD Thesis). International Islamic Science University. Amman, p. 39
[16] Ali, Prince Khairallah Al-Amin, and Othman, Seif El-Din Fattouh. (2004). Information security and safety (unpublished master’s thesis). Omdurman Islamic University, Durman, p. 4
[17] Ali, Prince Khairallah Al-Amin, and Othman, Seif El-Din Fattouh. (2004). Information security and safety (unpublished master’s thesis). Omdurman Islamic University, Durman, p20.
[18] Hossam Muhammad Fahd, Taha, published by Ansar Hassan (2016). The reality of information security from the point of view of employees of information stars in Jordanian universities and the difficulties they face (Master’s thesis) University of Jordan, Amman. p18
[19] Ahmed, Al-Rifa’i Al-Tayyib Haj Al-Imam, and Ali, Amira Muhammad Al-Nama (2012), The impact of our management of banking information information, the ceremony of the Sudanese banker institution: a case study, national protection, and Faisal Islamic Bank (PhD thesis), Durman Islamic University, Omdurman. p. 30
[20] Bouderbala, Abdelkader. (2016) Privacy Challenges via Facebook: Users Between Protecting Private Life and Freedom to Present Oneself. Journal of Human and Social Sciences, p. 27, 695-702, p. 696
[21] Al-Nimr and Raed Muhammad Fleih. (2019). Protecting the Privacy of Users of the International Arbitrated Forum: Privacy in the Information Society, Tripoli, Al-Jeel Center for Scientific Research, 87-106, p. 101
[22] Zarrouqi, Khadija. (2021). Digital protection as a mechanism to activate the principle of equality between public and environmental morals. Journal of Ijtihad for Legal and Economic Studies, vol. 10, p. 3, pp. 300,301