A Novel Security Framework to Mitigate and Avoid Unexpected Security Threats in Saudi Arabia

Authors

  • Ahmad Alshammari Department of Computer Sciences, Faculty of Computing and Information Technology, Northern Border University, Saudi Arabia
Volume: 13 | Issue: 4 | Pages: 11445-11450 | August 2023 | https://doi.org/10.48084/etasr.6091

Abstract

Many organizations around the world suffer large losses due to unexpected risks which can have a profound impact on their survival. This paper presents a novel security framework to address the security needs of Saudi organizations. There are four stages in the security framework: risk assessment and management, security intelligence and analytics, security policies and procedures, and security monitoring. A comprehensive security solution was provided by combining common security frameworks, e.g. ISO/IEC 27001:2013, NIST Cybersecurity Framework, and COBIT. The developed framework was designed to help Saudi organizations identify, assess, and control risks and respond to unexpected events in a timely and effective manner. It is expected to help organizations develop and implement effective security measures to protect their critical assets and operations from security threats. The proposed framework is comprehensive and can cover most organizations' requirements.

Keywords:

security frameworks, security models, ISO/IEC 27001:2013, NIST cybersecurity framework, COBIT

Downloads

Download data is not yet available.

References

R. Saint-Germain, "Information security management best practice based on ISO/IEC 17799; the international information security standard provides a framework for ensuring business continuity, maintaining legal compliance, and achieving a competitive edge," Information Management Journal, vol. 39, no. 4, pp. 60–66, Jul. 2005.

Lynette Mears and R. von Solms, "Corporate Information Security Governance: A Holistic Approach," presented at the ISSA 2004 enabling tomorrow Conference, Johannesburg, South Africa, 2004.

M. Malatji, "Management of enterprise cyber security: A review of ISO/IEC 27001:2022," in 2023 International Conference On Cyber Management And Engineering (CyMaEn), Bangkok, Thailand, Jan. 2023, pp. 117–122.

P. Radanliev, "Review and Comparison of US, EU, and UK Regulations on Cyber Risk/Security of the Current Blockchain Technologies: Viewpoint from 2023," The Review of Socionetwork Strategies, May 2023.

Lilis Griffith Toyner; Sfenrianto Sfenrianto, "Information System Security Evaluation Using COBIT 5 Framework," Journal of Information System Management (JOISM), vol. 4, no. 2, pp. 147–157, 2023.

M. Alsaif, N. Aljaafari, and A. R. Khan, "Information Security Management in Saudi Arabian Organizations," Procedia Computer Science, vol. 56, pp. 213–216, Jan. 2015.

M. Karyda, E. Kiountouzis, and S. Kokolakis, "Information systems security policies: a contextual perspective," Computers & Security, vol. 24, no. 3, pp. 246–260, May 2005.

G. D. Moody, M. Siponen, and S. Pahnila, "Toward a Unified Model of Information Security Policy Compliance," vol. 42, no. 1, pp. 285–311, 2018.

L. Kaušpadienė, S. Ramanauskaitė, and A. Čenys, "Information security management framework suitability estimation for small and medium enterprise," Technological and Economic Development of Economy, vol. 25, no. 5, pp. 979–997, Jun. 2019.

D. M. A. Hassan, "The Role of Secondary Education in Enhancing the Information Security Culture among Students in Saudi Arabia," Journal of Positive Psychology and Wellbeing, vol. 6, no. 2, pp. 1782–1796, Sep. 2022.

"Information Security Issues and Threats in Saudi Arabia: A Research Survey," International Journal of Computer Science Issues, vol. 13, no. 6, pp. 129–135, Nov. 2016.

Z. A. Alzamil, "Information security practice in Saudi Arabia: case study on Saudi organizations," Information & Computer Security, vol. 26, no. 5, pp. 568–583, Jan. 2018.

M. S. Al-Zahrani, "Integrating IS success model with cybersecurity factors for e-government implementation in the Kingdom of Saudi Arabia," International Journal of Electrical and Computer Engineering, vol. 10, no. 5, pp. 4937–4955, Oct. 2020.

A. Alrubaiq and T. Alharbi, "Developing a Cybersecurity Framework for e-Government Project in the Kingdom of Saudi Arabia," Journal of Cybersecurity and Privacy, vol. 1, no. 2, pp. 302–318, Jun. 2021.

Almomani, M. Ahmed, and L. Maglaras, "Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia," PeerJ Computer Science, vol. 7, Sep. 2021, Art. no. e703.

F. Alharbi et al., "The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia," Sensors, vol. 21, no. 20, Jan. 2021, Art. no. 6901.

S. T. Alanazi, M. Anbar, S. A. Ebad, S. Karuppayah, and H. A. Al-Ani, "Theory-Based Model and Prediction Analysis of Information Security Compliance Behavior in the Saudi Healthcare Sector," Symmetry, vol. 12, no. 9, Sep. 2020, Art. no. 1544.

E. Chikhaoui, J. Sarabdeen, and R. Parveen, "Privacy and Security Issues in the Use of Clouds in e-Health in the Kingdom of Saudi Arabia," Communications of the IBIMA, vol. 2017, pp. 1–18, May 2017.

M. Rasool, N. A. Ismail, A. Al-Dhaqm, W. M. S. Yafooz, and A. Alsaeedi, "A Novel Approach for Classifying Brain Tumours Combining a SqueezeNet Model with SVM and Fine-Tuning," Electronics, vol. 12, no. 1, Jan. 2023, Art. no. 149.

A. Agrawal et al., "Evaluating the Security Impact of Healthcare Web Applications Through Fuzzy Based Hybrid Approach of Multi-Criteria Decision-Making Analysis," IEEE Access, vol. 8, pp. 135770–135783, 2020.

J. Alghazo, O. K. M. Ouda, and A. E. Hassan, "E-waste environmental and information security threat: GCC countries vulnerabilities," Euro-Mediterranean Journal for Environmental Integration, vol. 3, no. 1, p. 13, Jan. 2018.

A. M. R. Al- Dhaqm, S. H. Othman, S. Abd Razak, and A. Ngadi, "Towards adapting metamodelling technique for database forensics investigation domain," in 2014 International Symposium on Biometrics and Security Technologies (ISBAST), Kuala Lumpur, Malaysia, Dec. 2014, pp. 322–327.

A. Al-Dhaqm, S. Razak, R. A. Ikuesan, V. R. Kebande, and S. Hajar Othman, "Face Validation of Database Forensic Investigation Metamodel," Infrastructures, vol. 6, no. 2, Feb. 2021, Art. no. 13.

A. Al-Dhaqm et al., "Digital Forensics Subdomains: The State of the Art and Future Directions," IEEE Access, vol. 9, pp. 152476–152502, 2021.

A. Aldhaqm, S. A. Razak, and S. H. Othman, "Common investigation process model for database forensic investigation discipline," presented at the 1st ICRIL-International Conference on Innovation in Science and Technology, Kuala Lumpur, Malaysia, Apr. 2015.

F. M. Alotaibi, A. Al-Dhaqm, and Y. D. Al-Otaibi, "A Novel Forensic Readiness Framework Applicable to the Drone Forensics Field," Computational Intelligence and Neuroscience, vol. 2022, Feb. 2022, Art. no. e8002963.

F. M. Ghabban, I. M. Alfadli, O. Ameerbakhsh, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Comparative Analysis of Network Forensic Tools and Network Forensics Processes," in 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE), Cameron Highlands, Malaysia, Jun. 2021, pp. 78–83.

O. Ameerbakhsh, F. M. Ghabban, I. M. Alfadli, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Digital Forensics Domain and Metamodeling Development Approaches," in 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE), Cameron Highlands, Malaysia, Jun. 2021, pp. 67–71.

A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, A. H. M. Emara, S. Bin Abd Razak, and D. S. Khafaga, "A Unified Forensic Model Applicable to the Database Forensics Field," Electronics, vol. 11, no. 9, Jan. 2022, Art. no. 1347.

F. M. Alotaibi, A. Al-Dhaqm, Y. D. Al-Otaibi, and A. A. Alsewari, "A Comprehensive Collection and Analysis Model for the Drone Forensics Field," Sensors, vol. 22, no. 17, Jan. 2022, Art. no. 6486.

W. M. S. Yafooz, A. Al-Dhaqm, and A. Alsaeedi, "Detecting Kids Cyberbullying Using Transfer Learning Approach: Transformer Fine-Tuning Models," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 255–267.

A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, S. B. A. Razak, A.-H. M. Emara, and D. S. Khafaga, "Towards Development of a High Abstract Model for Drone Forensic Domain," Electronics, vol. 11, no. 8, Jan. 2022, Art. no. 1168.

I. M. Alfadli, F. M. Ghabban, O. Ameerbakhsh, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "CIPM: Common Identification Process Model for Database Forensics Field," in 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE), Cameron Highlands, Malaysia, Jun. 2021, pp. 72–77.

S. Abd Razak, N. H. Mohd Nazari, and A. Al-Dhaqm, "Data Anonymization Using Pseudonym System to Preserve Data Privacy," IEEE Access, vol. 8, pp. 43256–43264, 2020.

A. Al-Dhaqm, S. H. Othman, W. M. S. Yafooz, and A. Ali, "Review of Information Security Management Frameworks," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 69–80.

M. Salem, S. H. Othman, A. Al-Dhaqm, and A. Ali, "Development of Metamodel for Information Security Risk Management," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 243–253.

A. Al-Dhaqm, W. M. S. Yafooz, S. H. Othman, and A. Ali, "Database Forensics Field and Children Crimes," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 81–92.

M. Saleh et al., "A Metamodeling Approach for IoT Forensic Investigation," Electronics, vol. 12, no. 3, Jan. 2023, Art. no. 524.

A. Ali, S. A. Razak, S. H. Othman, R. R. Marie, A. Al-Dhaqm, and M. Nasser, "Validating Mobile Forensic Metamodel Using Tracing Method," in Advances on Intelligent Informatics and Computing, 2022, pp. 473–482.

D. S. A. Baras, S. H. Othman, A. Al-Dhaqm, and R. Z. R. M. Radzi, "Information Security Management Metamodel (ISMM) Validation and Verification through Frequency-based Selection Technique," in 2021 International Conference on Data Science and Its Applications (ICoDSA), Bandung, Indonesia, Jul. 2021, pp. 292–297.

A. M. R. Al-Dhaqm, "Simplified Database Forensic Investigation Using Metamodeling Approach," Ph.D. dissertation, Universiti Teknologi Malaysia, Skudai, Malaysia, 2019.

V. R. Kebande and I. Ray, "A Generic Digital Forensic Investigation Framework for Internet of Things (IoT)," in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, Austria, Dec. 2016, pp. 356–362.

V. Kebande and H. Venter, "Requirements for achieving digital forensic readiness in the cloud environment using an NMB solution," in Proceedings of the 11th International Conference on Cyber Warfare and Security, Boston, MA, USA, Mar. 2016, pp. 399–406.

V. R. Kebande and H. S. Venter, "A comparative analysis of digital forensic readiness models using CFRaaS as a baseline," WIREs Forensic Science, vol. 1, no. 6, 2019, Art. no. e1350.

A. Al-Dhaqm, S. Razak, and S. H. Othman, "Model Derivation System to Manage Database Forensic Investigation Domain Knowledge," in 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia, Aug. 2018, pp. 75–80.

A. Al-Dhaqm, S. A. Razak, R. A. Ikuesan, V. R. Kebande, and K. Siddique, "A Review of Mobile Forensic Investigation Process Models," IEEE Access, vol. 8, pp. 173359–173375, 2020.

A. Al-Dhaqm et al., "Categorization and Organization of Database Forensic Investigation Processes," IEEE Access, vol. 8, pp. 112846–112858, 2020.

A. Al-Dhaqm, S. A. Razak, K. Siddique, R. A. Ikuesan, and V. R. Kebande, "Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field," IEEE Access, vol. 8, pp. 145018–145032, 2020.

V. R. Kebande, R. A. Ikuesan, N. M. Karie, S. Alawadi, K.-K. R. Choo, and A. Al-Dhaqm, "Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments," Forensic Science International: Reports, vol. 2, Dec. 2020, Art. no. 100122.

V. R. Kebande, R. A. Ikuesan, and N. M. Karie, "Review of Blockchain Forensics Challenges," in Blockchain Security in Cloud Computing, K. M. Baalamurugan, S. R. Kumar, A. Kumar, V. Kumar, and S. Padmanaban, Eds. Cham, Switzerland: Springer International Publishing, 2022, pp. 33–50.

V. R. Kebande and K.-K. R. Choo, "Finite state machine for cloud forensic readiness as a service (CFRaaS) events," Security And Privacy, vol. 5, no. 1, 2022, Art. no. e182.

S. Makura, H. S. Venter, V. R. Kebande, N. M. Karie, R. A. Ikuesan, and S. Alawadi, "Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring," Security and Privacy, vol. 4, no. 3, 2021, Art. no. e149.

V. R. Kebande, N. M. Karie, R. A. Ikuesan, and H. S. Venter, "Ontology-driven perspective of CFRaaS," WIREs Forensic Science, vol. 2, no. 5, 2020, Art. no. e1372.

A. E. Yahya, A. Gharbi, W. M. S. Yafooz, and A. Al-Dhaqm, "A Novel Hybrid Deep Learning Model for Detecting and Classifying Non-Functional Requirements of Mobile Apps Issues," Electronics, vol. 12, no. 5, Jan. 2023, Art. no. 1258.

R. Al-Mugerrn, A. Al-Dhaqm, and S. H. Othman, "A Metamodeling Approach for Structuring and Organizing Cloud Forensics Domain," in 2023 International Conference on Smart Computing and Application (ICSCA), Hail, Saudi Arabia, Oct. 2023, pp. 1–5.

A. Aldhaqm, S. A. Razak, S. H. Othman, A. Ali, and A. Ngadi, "Conceptual Investigation Process Model for Managing Database Forensic Investigation Knowledge," Research Journal of Applied Sciences, Engineering and Technology, vol. 12, no. 4, pp. 386–394, 2016.

A. M. R. Al-Dhaqm and M. A. Nagdi, "Detection and Prevention of Malicious Activities on RDBMS Relational Database Management Systems," International Journal of Scientific & Engineering Research, vol. 3, no. 9, Sep. 2012.

A. Ali, S. A. Razak, S. H. Othman, and A. Mohammed, "Extraction of Common Concepts for the Mobile Forensics Domain," in Recent Trends in Information and Communication Technology, Johor Bahru, Malaysia, 2018, pp. 141–154.

A. Ali, S. A. Razak, S. H. Othman, and A. Mohammed, "Towards Adapting Metamodeling approach for the Mobile Forensics Investigation Domain," presented at the 1st ICRIL-International Conference on Innovation in Science and Technology, Kuala Lumpur, Malaysia, 2015.

M. A. Saleh, S. Hajar Othman, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Common Investigation Process Model for Internet of Things Forensics," in 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE), Cameron Highlands, Malaysia, Jun. 2021, pp. 84–89.

B. Zawali, R. A. Ikuesan, V. R. Kebande, S. Furnell, and A. A-Dhaqm, "Realising a Push Button Modality for Video-Based Forensics," Infrastructures, vol. 6, no. 4, Apr. 2021.

J. F. Wolfswinkel, E. Furtmueller, and C. P. M. Wilderom, "Using grounded theory as a method for rigorously reviewing literature," European Journal of Information Systems, vol. 22, no. 1, pp. 45–55, Jan. 2013.

A. Al-Dhaqm et al., "CDBFIP: Common Database Forensic Investigation Processes for Internet of Things," IEEE Access, vol. 5, pp. 24401–24416, 2017.

Downloads

How to Cite

[1]
A. Alshammari, “A Novel Security Framework to Mitigate and Avoid Unexpected Security Threats in Saudi Arabia”, Eng. Technol. Appl. Sci. Res., vol. 13, no. 4, pp. 11445–11450, Aug. 2023.

Metrics

Abstract Views: 604
PDF Downloads: 481

Metrics Information

Most read articles by the same author(s)