International Standards On Information Security Policy: Analysis of The ISO Standards (ISO /IEC 27002) and Its Application in Arab Universities

The aim of this study is to analyze the ISO standards 27002 related to the management of information security systems, and to understand the guidelines and policies defined by these standards and the way that Arab universities are using them. The descriptive and analytical method has been used to define the components of the ISO 27002 standards and how they are used by the best Arab universities websites according to the academic institutions CSIC webometrics of 2012. In addition, a content analysis method has been used to analyze elements of 27002 sub- standards. A checklist of analysis parameters of information security is applied for the best Arab universities websites. The Researcher finds out that all Arab universities are giving importance to use sub- standards among 11 main parameters with 28.20% of the whole 27002 ISO standard. However, the criterion of security policies is the less adopted element with 19.05% of the selected universities. King Abdulaziz University is the top in terms of applying 95 of these standards ( 71.43% of the whole set of standards). Second in rank is King Fahd University of Petroleum and Minerals (KFUPM) with 85.65%, then, Umm Al-Qura University (52.63%) and the Jordanian university (51.88%). However, 80.95% of the selected Arab Universities are using less than 50% of the sub-standards.