Information Security Awareness practices: Omani Government Agencies as a case study

Malik Al-Shamli*, Khalfan Zahran Al Hijji, Abdul Khalique Shaikh

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


This paper aims at reviewing Information Security Awareness (ISA) practices in general and at Omani Government Agencies (OGA) in particular. It also explores the concerns and challenges that may affect their implementation, and the reasons why ISA practices remained problematic for more than a decade at the OGAs. To inform the aim of this research, the researchers employed a systematic process to review the publications that explored ISA practices in general and at OGAs in particular. As a sampling technique, the researchers created a research strategy to select relevant publications for the study. The grounded theory technique is adopted for data analysis since it provides an inductive and systematic interpretive approach to generate theoretical insights from the data. The review reveals that current ISA practices seem ineffective in meeting the needs of employees. Furthermore, a set of important ISA practices are either missing or undeveloped. The review also revealed the absence of a framework for the ISA process at OGAs. To the best of our knowledge, the present study is one of the first to conduct an in-depth review on ISA practices applied in general and at OGAs in particular. Therefore, this study contributed to the emerging field of information security by reviewing the current state of ISA practices. In addition, this research study contributed a comprehensive picture of sources dealing with vital issues of insider threats and human factors within OGAs that were indeed unclear and surrounded by various ambiguities in the past.

Original languageEnglish
JournalEducation and Information Technologies
Publication statusAccepted/In press - 2022


  • Delivery methods
  • Evaluation methods
  • Information Security Awareness (ISA)
  • Information Security Awareness practices
  • Information Security awareness process

ASJC Scopus subject areas

  • Education
  • Library and Information Sciences

Cite this