Assessing Information Security Practices in Omani Ministries: Challenges and Pathways to International Standards Compliance

Digital transformation in Oman has amplified the risk of cyberattacks, as evidenced by millions of attacks targeting government websites and critical infrastructures. However, Oman’s current cybersecurity preparedness, particularly in policy development, is inadequate, as indicated by its moderate ranking in the National Cyber Security Index and score of 0% in cybersecurity policy development. Furthermore, prior research has not extensively covered the implementation of information security standards within Omani ministries. This study addresses this critical gap by evaluating the current state of information security policy implementation across 18 Omani ministries. A survey of 36 IT and security managers assessed current policies and practices, focusing on confidentiality, integrity, and availability. The study highlights that, although fundamental information security principles are implemented, a limited number of ministries possess international certifications. Specific deficiencies exist in advanced security measures, particularly in inadequate authentication protocols, inadequate encryption of sensitive data, and insufficient disaster recovery plans. The outcomes of this research highlight the critical necessity for Omani government agencies to embrace innovative technologies and adhere to internationally recognised information security standards to improve their security stance. This study provides significant information for policymakers and professionals aiming to strengthen the security posture of Oman’s public sector.

Keywords: Information Security; Information Security Policy; Government Ministries; Oman Information Security Standards.