Exploring the Reasons behind the Low ISO 27001 Adoption in Public Organizations in Saudi Arabia

Abstract

The main purpose of this paper is to investigate the reason behind the low adoption of the ISO 27001 standard in the public organizations in Saudi Arabia. Human resource management issues such as shortage of information security expertise, lack of training, education, and awareness programs, and high salary demand for security professionals were found to be the most significant barriers to the successful implementation of ISO 27001 in public organizations in Saudi Arabia. Implications for public organizations management and future research are discussed at the end of this paper.