Skip to main content

Research Repository

Advanced Search

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia

Almomani, Iman; Ahmed, Mohanned; Maglaras, Leandros


Iman Almomani

Mohanned Ahmed


The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report.

Journal Article Type Article
Acceptance Date Aug 15, 2021
Online Publication Date Sep 9, 2021
Publication Date 2021
Deposit Date Dec 20, 2022
Publicly Available Date Jan 4, 2023
Journal PeerJ Computer Science
Print ISSN 2376-5992
Publisher PeerJ
Peer Reviewed Peer Reviewed
Volume 7
Article Number e703
Keywords Saudi Arabia, Cybersecurity, Maturity assessment, Audit tool, ISO27001, CITC, NCA, ECC, CRF, GDPR, COVID-19, Higher education
Public URL


You might also like

Downloadable Citations