While the Web, cell phone 'apps' and cloud computing put a world of information at our fingertips that information is under constant threat from cyber vandals and hackers. Although awareness of information threats is growing in the Western world, in places like Saudi Arabia, information security is very poor. Unlike Western pluralistic democracies, Saudi Arabia is a highly-censored country, with a patriarchal and tribal culture, which may influence its poor information security rating. This paper examines the level of Information Security (InfoSec) practices among the IT departments in organizations in Saudi Arabia, using an online survey, based on instruments produced by specialist organizations on information security such as the Malaysian Cyber Security Organization, the Excellence of Information Assurance Centre, and Alelm organization in Saudi Arabia. The survey attracted 124 respondents and the results indicated that information security in Saudi Arabian organizations is quite low. Several of the areas of weakness in InfoSec appear to be related to the level of censorship or the patriarchal and tribal nature of Saudi culture. This study has clearly indicated that information security in Saudi Arabia faces some serious risks from a range of threat types. There is a need to reduce the risks faced and provide good strategies for further protection from threats quickly. This study has proposed the InfoSec Cultural Adaptation Process model (InfoSec CAP) as a process to inform a culturally appropriate response to this challenge. The vision of this research was to provide a tool that would protect and enhance the InfoSec in Saudi Arabia in the short and long terms. This was provided in the InfoSec CAP model. The use of the model will help to establish a strong information security practice and to provide a further information protection. It will also help embed the identified concepts in information security practice globally.
