The Saudi Information System Law and its Effectiveness (A Study of the Degree to Which Major Saudi Organizations Apply the Best Practices of Information Systems)

Abstract

Information Security Law is the body of legal rules, codes, and standards that require companies to protect that information and the information systems that process it from unauthorized access. The government's development, issuance, and maintenance of law requirements help to ensure that standards are met, which, in turn, supports the country's safety, productivity, and economic development. The purpose of this paper is to assess the adequacy of the current Saudi laws and regulations related to information security and the extent to which information security laws impacted companies' application of information security best practices. The Saudi laws related to information security were studied and compared with the American information security regulations in the first part of the research. Then the experimental setting was used to perform the search by designing an electronic questionnaire to reveal the impact of Saudi information security laws on the reality of information security in companies. The questionnaire consists of 3 general questions and 11 questions regarding corporate practices that support the application of information security laws. The questionnaire was distributed to a random sample of information security workers in a number of major Saudi companies, and forty participants responded, and the largest proportion of respondents were executives, and the respondents' years of experience ranged between 1 and 40 years. It is concluded from the research that having stricter and flawless information security laws provides a strong foundation for corporate policies, and a safe investment environment.