Abstract
Previous studies explored some factors that impact on information security but research that presents a comprehensive understanding of managing information security through the lens of local Arab culture has been lacking. Hence this research investigates various cultural factors to enable local organizations to holistically adopt those factors to manage information security compliance in the Middle Eastern Arab region. This study used a quantitative research approach, and a web-based questionnaire was custom designed and administrated to a representative sample of 300 of which there were 247 usable responses. Following a series of pilot phases, the data was analysed using Structural Equation Modelling (SEM) with AMOS, and SPSS software. The sample was drawn from a total of 1500 local Arab employees within a Saudi Oil Company. An initial model linked the 6 factors that were latent in the literature. The initial model connected trust, workplace culture, leaders, western technology, employees’ alignment with information security. However, that model was found to be inadequate and following analysis of the pilot data from 3 pilot phases, a final parsimonious model showed 8 interconnections between 6 new emergent factors. That model contained belief, expectation, and trustworthiness of co-workers, workplace culture and supportive leadership, trust towards others, Western IT satisfaction, data privacy, and ISS compliance. Hence, this research makes a novel contribution by modelling the information security compliance in the lens of the local Arab region and leads the way for further research in the context of information security culture in the Arab region. This research was first to be conducted Information Security Management through the lens of Arab culture and opens-up many new avenues for future research in the context of Arab culture and Information Security Management.