Computer Science
IT 409 Saudi Electronic University It Security and Policies Research Paper

IT 409

Saudi electronic university

IT

Question Description

I’m trying to study for my Computer Science course and I need some help to understand this question.

  • Each team might contain three students. Each student must conduct an interview as individual with cybersecurity employee from different companies, which mean each group should have three filled questionnaires.
  • Use your analysis skills to analyze all data collected by your team.
  • It is possible to measure the significance of collected data by countering the frequency of each item (i.e. if the item frequent three times, this mean it is very significant)
  • You should answer the questions in this research activity as group.

Unformatted Attachment Preview

College of Computing and Informatics Project Deadline: Thursday 02/04/2020 @ 23:59 [Total Mark for this Project is 9] Student Details: Name: (Leader name) ID: (Leadr ID) CRN: ### Group : (group number) Instructions: • • • • • • • • • • You must submit two separate copies (one Word file and one PDF file) using this Template on Blackboard via the allocated folder. These files must not be in compressed format. It is your responsibility to check and make sure that you have uploaded both the correct files. Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between words, hide characters, use different character sets or languages other than English or any kind of manipulation). Email submission will not be accepted. You are advised to make your work clear and well-presented. This includes filling your information on the cover page. You must use this template, failing which will result in zero mark. You MUST show all your work, and text must not be converted into an image, unless specified otherwise by the question. Late submission will result in ZERO mark. The work should be your own, copying from students or other resources will result in ZERO mark. Use Times New Roman font for all your answers. Special Instructions Pg. 01 Special Instructions To answer the questions effectively, please follow the below instructions: • Each team might contain three students. Each student must conduct an interview as individual with cybersecurity employee from different companies, which mean each group should have three filled questionnaires. • Use your analysis skills to analyze all data collected by your team. • It is possible to measure the significance of collected data by countering the frequency of each item (i.e. if the item frequent three times, this mean it is very significant) • You should answer the questions in this research activity as group. ______________________________________________________________________ Questionnaire Pg. 02 Learning Outcome(s): Questionnaire LO 1, LO2, LO3, Section 1.0: Introduction LO4, LO5, LO6 4 Marks In this era, the revolution of information technology is changing several aspects of enterprises’ practices. One of these changes is many enterprises make their systems available online. This most likely is encouraging cyber criminals to hack these systems. One of the approaches that help to mitigate cybersecurity risks is adopting of Information Security Policy (ISP). However, it is not known to what extent the enterprises in Saudi Arabia are adopting Information Security Policy in general, and in small and medium enterprises’ (SMEs) in particular. This research project aims to discover the success factors for the adoption of Information Security Policy in Saudi SMEs. Student #1 questionnaire Name: ID: Section 2.0: Profile of Responding Manager or Owner Please indicate 1. Your job role: Chief Executive officer (CEO) Owner Manager Other (Please specify): 2. Your gender: Male Female 3. How many years have you been working for the organization? < 1 year 1–5 years 6 – 10 years Over 10 years Questionnaire Pg. 03 Section 3.0: Profile of Responding Enterprise 1. Please indicate the sector of business area of your organization Food & Drink Entertainment/Culture Restaurants Cleaning Commercial & Creative Arts Information Technology Furnishings/Home Products Financial Broker Services Real Estate Services Telecommunication Health & Caring Services Retail/wholesale Automotive Education/Training Clothing, Fashion & Beauty Professional Services Retail/wholesale Other: (Please specify) Entertainment/Culture Employment Agency 2. Please indicate your organization’s approximate revenue < SAR 3 million SAR 3 million - $40 million SAR 40 million - SAR 200 million 3. Number of employees 0–5 6 – 49 50 - 249 Section 4.0: Information Security Policy (ISP) 1. Please indicate when did your enterprise adopt ISP 2. Please indicate how your enterprise developed the ISP By internal team By third party By hiring a consultant Questionnaire Pg. 04 Other: (Please indicate …………………………………….……………..) 3. Please indicate which framework was used to develop your ISP NIST 800- ISO 27002:2013 53 COBIT National Cybersecurity Authority (NCA-KSA) PCIDSS Other: 4. How often do your enterprise review the ISP? Every six months Every three months Every year Other: (Please indicate ……………………………….……………..) 5. Who Authorizes Information Security Policy at your organization? Board of directors Information Security leader Information security committee Other: (Please indicate ……………………..…………………..) 6. Please indicate your enterprise adoption level based on the Capability Maturity Model Scale Level 0 1 2 State Description Non-Existent The organization is unaware of need for policies and processes Ad-hoc There are no documented policies or processes; there is sporadic activity. Repeatable Policies and processes are not fully documented; however, the activities occur on a regular basis. Questionnaire Pg. 05 3 4 5 Defined Process Policies and processes are documented and standardized; there is an active commitment to implementation Managed Policies and processes are well defined, implemented, measured, and tested. Optimized Policies and process are well understood and have been fully integrated into the organizational culture. Section 5.0: Success Factors of ISP Adoption in Saudi SMEs Please use the following scale to rate your answer: Technological (T) Factors 1. Availability of technical Expertise • Availability of cybersecurity consultant facilities the adoption of ISP in our enterprise • Availability of IT staff trained in cybersecurity facilities the adoption of ISP in our enterprise 2. Complexity • Perceived low level of complexity in cybersecurity systems facilities the adoption of ISP in our enterprise • Ease of using cybersecurity systems facilities the adoption of ISP in our enterprise 3. Cybersecurity systems Cost • Low cost of cybersecurity systems facilities the adoption of ISP in our enterprise • Availability of cybersecurity systems vendors help to reduce the cost which in turn facilities the adoption of ISP in our enterprise Organizational (O) Factors 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 Questionnaire Pg. 06 1. Security Concerns • • • The powerful of cybersecurity systems facilities the adoption of ISP in our enterprise Perceived cybersecurity risks encourage our enterprise to adopt ISP Presence of trust in enterprise’s cybersecurity systems help to adopt ISP 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 2. Training • Availability of periodical cybersecurity training help to adopt ISP • Encourage our employees to get professional certificates in cybersecurity that facilitates the adoption of ISP • Conducting cybersecurity training courses for non-IT employee that facilitates the adoption of ISP 3. Top management support • Top management committed to support cybersecurity adoption in our company (enterprise) • Top management in our company (enterprise) is fully aware about the importance of cybersecurity advantages which in turn facilitates the adoption of ISP • Availability of technical background for the top management in our company help the adoption of ISP • The willingness of top management to develop our company help the adoption of ISP 4. Organizational Awareness • The high level of cybersecurity awareness of our employees helps to adopt ISP easily 5. Organizational Culture • Emphasis growth through developing new ideas that facilitates the adoption of ISP • Employee’s loyalty for our company (enterprise) that facilitates the adoption of ISP Questionnaire Pg. 07 • Willingness of our company (enterprise) to achieve its goals that facilitates the adoption of ISP Environmental (E) Factors Cybersecurity Law • The presence of cybersecurity law in Saudi Arabia facilitates the adoption of ISP • Our company (enterprise) awareness about the cybersecurity law facilitates the adoption of ISP 2. External Pressure • Competitors’ pressure encourages our company to adopt ISP • Customers’ pressure encourages our company to adopt ISP • Suppliers’ pressure encourages our company to adopt ISP • Government’s pressure encourages our company to adopt ISP 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1. Other: (Please indicate ……………………..…………………..) Questionnaire Pg. 08 Student #2 questionnaire Name: ID: Section 2.0: Profile of Responding Manager or Owner Please indicate 4. Your job role: Owner Chief Executive officer(CEO) Manager Other (Please specify): 5. Your gender: Male Female 6. How many years have you been working for the organization? < 1 year 1–5 years 6 – 10 years Over 10 years Section 3.0: Profile of Responding Enterprise 4. Please indicate the sector of business area of your organization Food & Drink Entertainment/Culture Restaurants Cleaning Commercial & Creative Arts Information Technology Furnishings/Home Products Financial Broker Services Real Estate Services Health & Caring Services Telecommunication Education/Training Retail/wholesale Automotive Clothing, Fashion & Beauty Questionnaire Pg. 09 Professional Services Retail/wholesale Entertainment/Culture Employment Agency Other: (Please specify) 5. Please indicate your organization’s approximate revenue < SAR 3 million SAR 3 million - $40 million SAR 40 million - SAR 200 million 6. Number of employees 0–5 6 – 49 50 - 249 Section 4.0: Information Security Policy (ISP) 7. Please indicate when did your enterprise adopt ISP 8. Please indicate how your enterprise developed the ISP By internal team By third party By hiring a consultant Other: (Please indicate …………………………….……………..) 9. Please indicate which framework was used to develop your ISP ISO 27002:2013 NIST 80053 National Cybersecurity Authority (NCA-KSA) COBIT PCIDSS Other: 10. How often do your enterprise review the ISP? Every three months Every six months Every year Other: (Please indicate ……………………….……………..) 11. Who Authorizes Information Security Policy at your organization? Questionnaire Pg. 10 Board of directors Information Security leader Information security committee Other: (Please indicate ……………………..…………………..) 12. Please indicate your enterprise adoption level based on the Capability Maturity Model Scale Level 0 1 2 3 4 5 State Description Non-Existent The organization is unaware of need for policies and processes Ad-hoc There are no documented policies or processes; there is sporadic activity. Repeatable Policies and processes are not fully documented; however, the activities occur on a regular basis. Defined Process Policies and processes are documented and standardized; there is an active commitment to implementation Managed Policies and processes are well defined, implemented, measured, and tested. Optimized Policies and process are well understood and have been fully integrated into the organizational culture. Section 5.0: Success Factors of ISP Adoption in Saudi SMEs Please use the following scale to rate your answer: Technological (T) Factors 4. Availability of technical Expertise Questionnaire Pg. 11 • Availability of cybersecurity consultant facilities the adoption of ISP in our enterprise • Availability of IT staff trained in cybersecurity facilities the adoption of ISP in our enterprise 5. Complexity • Perceived low level of complexity in cybersecurity systems facilities the adoption of ISP in our enterprise • Ease of using cybersecurity systems facilities the adoption of ISP in our enterprise 6. Cybersecurity systems Cost • Low cost of cybersecurity systems facilities the adoption of ISP in our enterprise • Availability of cybersecurity systems vendors help to reduce the cost which in turn facilities the adoption of ISP in our enterprise Organizational (O) Factors 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 6. Security Concerns • The powerful of cybersecurity systems facilities the adoption of ISP in our enterprise • Perceived cybersecurity risks encourage our enterprise to adopt ISP • Presence of trust in enterprise’s cybersecurity systems help to adopt ISP 7. Training • Availability of periodical cybersecurity training help to adopt ISP • Encourage our employees to get professional certificates in cybersecurity that facilitates the adoption of ISP • Conducting cybersecurity training courses for non-IT employee that facilitates the adoption of ISP 8. Top management support Questionnaire Pg. 12 • Top management committed to support cybersecurity adoption in our company (enterprise) • Top management in our company (enterprise) is fully aware about the importance of cybersecurity advantages which in turn facilitates the adoption of ISP • Availability of technical background for the top management in our company help the adoption of ISP • The willingness of top management to develop our company help the adoption of ISP 9. Organizational Awareness • The high level of cybersecurity awareness of our employees 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 helps to adopt ISP easily 10. Organizational Culture • Emphasis growth through developing new ideas that facilitates the adoption of ISP • Employee’s loyalty for our company (enterprise) that facilitates the adoption of ISP • Willingness of our company (enterprise) to achieve its goals that facilitates the adoption of ISP Environmental (E) Factors 3. Cybersecurity Law • The presence of cybersecurity law in Saudi Arabia facilitates the adoption of ISP • Our company (enterprise) awareness about the cybersecurity law facilitates the adoption of ISP 4. External Pressure • Competitors’ pressure encourages our company to adopt ISP • Customers’ pressure encourages our company to adopt ISP • Suppliers’ pressure encourages our company to adopt ISP • Government’s pressure encourages our company to adopt ISP Other: (Please indicate ……………………..…………………..) Questionnaire Pg. 13 Student #3 questionnaire Name: ID: Section 2.0: Profile of Responding Manager or Owner Please indicate 7. Your job role: Chief Executive officer (CEO) Owner Manager Other (Please specify): 8. Your gender: Male Female 9. How many years have you been working for the organization? < 1 year 1–5 years 6 – 10 years Over 10 years Section 3.0: Profile of Responding Enterprise 7. Please indicate the sector of business area of your organization Food & Drink Entertainment/Culture Restaurants Cleaning Commercial & Creative Arts Information Technology Furnishings/Home Products Financial Broker Services Real Estate Services Health & Caring Services Professional Services Telecommunication Education/Training Retail/wholesale Retail/wholesale Automotive Clothing, Fashion & Beauty Questionnaire Pg. 14 Employment Agency Entertainment/Culture Other: (Please specify) 8. Please indicate your organization’s approximate revenue < SAR 3 million SAR 3 million - $40 million SAR 40 million - SAR 200 million 9. Number of employees 0–5 6 – 49 50 - 249 Section 4.0: Information Security Policy (ISP) 13. Please indicate when did your enterprise adopt ISP 14. Please indicate how your enterprise developed the ISP By internal team By third party By hiring a consultant Other: (Please indicate …………………………………….……………..) 15. Please indicate which framework was used to develop your ISP ISO 27002:2013 NIST 80053 National Cybersecurity Authority (NCA-KSA) COBIT PCIDSS Other: 16. How often do your enterprise review the ISP? Every three months Every six months Every year Other: (Please indicate ……………………………….……………..) 17. Who Authorizes Information Security Policy at your organization? Board of directors Questionnaire Pg. 15 Information Security leader Information security committee Other: (Please indicate ……………………..…………………..) 18. Please indicate your enterprise adoption level based on the Capability Maturity Model Scale Level 0 1 2 3 4 5 State Description Non-Existent The organization is unaware of need for policies and processes Ad-hoc There are no documented policies or processes; there is sporadic activity. Repeatable Policies and processes are not fully documented; however, the activities occur on a regular basis. Defined Process Policies and processes are documented and standardized; there is an active commitment to implementation Managed Policies and processes are well defined, implemented, measured, and tested. Optimized Policies and process are well understood and have been fully integrated into the organizational culture. Section 5.0: Success Factors of ISP Adoption in Saudi SMEs Please use the following scale to rate your answer: Technological (T) Factors 7. Availability of technical Expertise • Availability of cybersecurity consultant facilities the adoption of ISP in our enterprise 1 2 3 4 5 Questionnaire Pg. 16 • 1 2 3 4 5 • 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 Availability of IT staff trained in cybersecurity facilities the adoption of ISP in our enterprise 8. Complexity Perceived low level of complexity in cybersecurity systems facilities the adoption of ISP in our enterprise • Ease of using cybersecurity systems facilities the adoption of ISP in our enterprise 9. Cybersecurity systems Cost • Low cost of cybersecurity systems facilities the adoption of ISP in our enterprise • Availability of cybersecurity systems vendors help to reduce the cost which in turn facilities the adoption of ISP in our enterprise Organizational (O) Factors 11. Security Concerns • • • The powerful of cybersecurity systems facilities the adoption of ISP in our enterprise Perceived cybersecurity risks encourage our enterprise to adopt ISP Presence of trust in enterprise’s cybersecurity systems help to adopt ISP 12. Training • Availability of periodical cybersecurity training help to adopt ISP • Encourage our employees to get professional certificates in cybersecurity that facilitates the adoption of ISP • Conducting cybersecurity training courses for non-IT employee that facilitates the adoption of ISP 13. Top management support • Top management committed to support cybersecurity adoption in our company (enterprise) Questionnaire Pg. 17 • 1 2 3 4 5 Top management in our company (enterprise) is fully aware about the importance of cybersecurity advantages which in turn facilitates the adoption of ISP 1 2 3 4 5 • Availability of technical background for the top management in our company help the adoption of ISP 1 2 3 4 5 • The willingness of top management to develop our company help the adoption of ISP 14. Organizational Awareness • The high level of cybersecurity awareness of our ...
Purchase answer to see full attachment
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

Final Answer

find attached the final version of your assignment ahead of the deadline. kindly review and complete. Thank you.

College of Computing and Informatics

Project
Deadline: Thursday 02/04/2020 @ 23:59
[Total Mark for this Project is 9]

Student Details:
Name: (Leader name)

ID: (Leadr ID)

CRN: ###

Group : (group number)

Instructions:












You must submit two separate copies (one Word file and one PDF file) using this Template on Blackboard
via the allocated folder. These files must not be in compressed format.
It is your responsibility to check and make sure that you have uploaded both the correct files.

Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between
words, hide characters, use different character sets or languages other than English or any kind of
manipulation).
Email submission will not be accepted.
You are advised to make your work clear and well-presented. This includes filling your information on the cover
page.
You must use this template, failing which will result in zero mark.
You MUST show all your work, and text must not be converted into an image, unless specified otherwise by
the question.
Late submission will result in ZERO mark.

The work should be your own, copying from students or other resources will result in ZERO mark.
Use Times New Roman font for all your answers.

Questionnaire

Pg. 01

See below

Questionnaire

Pg. 02
Learning
Outcome(s):

Questionnaire

LO 1, LO2, LO3,

Section 1.0: Introduction

LO4, LO5, LO6

4 Marks

In this era, the revolution of information technology is changing several aspects of
enterprises’ practices. One of these changes is many enterprises make their systems
available online. This most likely is encouraging cybercriminals to hack these systems.
One of the approaches that help to mitigate cybersecurity risks is adopting of Information
Security Policy (ISP). However, it is not known to what extent the enterprises in Saudi
Arabia are adopting Information Security Policy in general, and in small and medium
enterprises’ (SMEs) in particular. This research project aims to discover the success
factors for the adoption of Information Security Policy in Saudi SMEs.

Student #1 questionnaire
Name:

ID:

Section 2.0: Profile of Responding Manager or Owner
Please indicate
1. Your job
role:

Chief Executive
officer (CEO)

Owner

Manager

Other (Please specify):
2. Your gender:

Male

Female

3. How many years have you been working for the organization?
< 1 year

1–5
years

6 – 10
years

Over 10
years

Questionnaire

Pg. 03
Section 3.0: Profile of Responding Enterprise

1. Please indicate the sector of the business area of your organization
Food & Drink

Entertainment/Culture

Restaurants

Cleaning

Commercial &
Creative Arts

Information Technology

Furnishings/Home
Products

Financial Broker
Services
Real Estate Services

Telecommunication

Health & Caring
Services

Retail/wholesale

Automotive

Education/Training

Clothing, Fashion &
Beauty

Professional Services

Retail/wholesale

Other: (Please
specify)

Entertainment/Culture

Employment Agency

2. Please indicate your organization’s approximate revenue
< SAR 3 million

SAR 3

million - $40 million

SAR 40

million - SAR 200
million

3. Number of employees
0–5

6 – 49

50 - 249

Section 4.0: Information Security Policy (ISP)
1. Please indicate when did your enterprise
adopt ISP

1/1/2008

2. Please indicate how your enterprise developed the ISP
By internal team

By the
third party

By hiring a
consultant

Questionnaire

Pg. 04

Other: (Please indicate …………………………………….……………..)
3. Please indicate which framework was used to develop your ISP
NIST 800-

ISO 27002:2013

53

COBIT

National Cybersecurity Authority (NCA-KSA)

PCIDSS

Other:

4. How often does your enterprise review the ISP?
Every six
months

Every three months

Every year

Other: (Please indicate ……………………………….……………..)
5. Who Authorizes Information Security Policy at your organization?
Board of directors
Information Security leader
Information security committee
Other: (Please indicate ……………………..…………………..)
6. Please indicate your enterprise adoption level based on the Capability
Maturity Model Scale
Level
0
1
2

State

Description

Non-Existent

The organization is unaware of the need for policies
and processes

Ad-hoc

There are no documented policies or processes;
there is sporadic activity.

Repeatable

Policies and processes are not fully documented;
however, the activities occur regularly.

Questionnaire

Pg. 05

3

4
5

Defined
Process

Policies and processes are documented and
standardized; there is an active commitment to the
implementation

Managed

Policies and processes are well defined,
implemented, measured, and tested.

Optimized

Policies and processes are well understood and have
been fully integrated into the organizational culture.

Section 5.0: Success Factors of ISP Adoption in Saudi SMEs
Please use the following scale to rate your answer:
Technological (T) Factors
1. Availability of technical Expertise


Availability of cybersecurity consultant facilities the
adoption of ISP in our enterprise
• Availability of IT staff trained in cybersecurity facilities the
adoption of ISP in our enterprise
2. Complexity


Perceived low level of complexity in cybersecurity systems
facilities the adoption of ISP in our enterprise
• Ease of using cybersecurity systems facilities the adoption
of ISP in our enterprise
3. Cybersecurity systems Cost


Low cost of cybersecurity systems facilities the adoption of
ISP in our enterprise
• Availability of cybersecurity systems vendors help to reduce
the cost which in turn facilities the adoption of ISP in our
enterprise
Organizational (O) Factors

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

Questionnaire

Pg. 06
1. Security Concerns




The powerful of cybersecurity systems facilities the
adoption of ISP in our enterprise
Perceived cybersecurity risks encourage our enterprise to
adopt ISP
Presence of trust in an enterprise’s cybersecurity systems
help to adopt ISP

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

2. Training


Availability of periodical cybersecurity training help to
adopt ISP
• Encourage our employees to get professional certificates in
cybersecurity that facilitates the adoption of ISP
• Conducting cybersecurity training courses for a non-IT
employee that facilitates the adoption of ISP
3. Top management support



Top management committed to support cybersecurity
adoption in our company (enterprise)
• Top management in our company (enterprise) is fully aware
of the importance of cybersecurity advantages which in turn
facilitates the adoption of ISP
• Availability of technical background for the top
management in our company help the adoption of ISP
• The willingness of top management to develop our company
help the adoption of ISP
4. Organizational Awareness


The high level of cybersecurity awareness of our employees

helps to adopt ISP easily
5. Organizational Culture
• Emphasis growth through developing new ideas that
facilitate the adoption of ISP
• Employee’s loyalty for our company (enterprise) that
facilitates the adoption of ISP

Questionnaire

Pg. 07


The willingness of our company (enterprise) to achieve its
goals that facilitates the adoption of ISP
Environmental (E) Factors
Cybersecurity Law
• The presence of cybersecurity law in Saudi Arabia
facilitates the adoption of ISP
• Our company (enterprise) awareness about the cybersecurity
law facilitates the adoption of ISP
2. External Pressure
• Competitors’ pressure encourages our company to adopt ISP
• Customers’ pressure encourages our company to adopt the
ISP
• Suppliers’ pressure encourages our company to adopt an ISP
• Government’s pressure encourages our company to adopt
ISP

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1

2

3

4

5

1.

Other: (Please indicate ……………………..…………………..)

Questionnaire

Pg. 08

Student #2 questionnaire
Name:

ID:

Section 2.0: Profile of Responding Manager or Owner
Please indicate
4. Your job role:

Owner

Chief Executive officer(CEO)

Manager

Other (Please specify):
5. Your gender:

Male

Female

6. How many years have you been working for the organization?
< 1 year

1–5
years

6 – 10
years

Over 10
years

Section 3.0: Profile of Responding Enterprise
4. Please indicate the sector of the business area of your organization
Food & Drink

Entertainment/Culture

Restaurants

Cleaning

Commercial &
Creative Arts

Information Technology

Furnishings/Home
Products

Financial Broker
Services
Real Estate Services
Health & Caring
Services

Telecommunication
Education/Training

Retail/wholesale

Automotive
Clothing, Fashion &
Beauty

Questionnaire

Pg. 09
Professional Services

Retail/wholesale

Entertainment/Culture

Employment Agency

Other: (Please specify)

5. Please indicate your organization’s approximate revenue
< SAR 3 million

SAR 3

million - $40 million

SAR 40

million - SAR 200
million

6. Number of employees
0–5

6 – 49

50 - 249

Section 4.0: Information Security Policy (ISP)
7. Please indicate when did your enterprise
adopt ISP

3/5/2014

8. Please indicate how your enterprise developed the ISP
By internal team

By the
third party

By hiring a
consultant

Other: (Please indicate …………………………….……………..)
9. Please indicate which framework was used to dev...

caralito (7684)
New York University

Anonymous
The tutor was pretty knowledgeable, efficient and polite. Great service!

Anonymous
Heard about Studypool for a while and finally tried it. Glad I did caus this was really helpful.

Anonymous
Just what I needed… fantastic!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4