الملخص الإنجليزي
The rapid growth of digital economies has led organizations all around the world to massively
depend on new technologies and digital data, which has triggered cybersecurity threats to
emerge. Cybersecurity technologies enable organizations to withstand cybersecurity threats;
however, the insufficient expertise of the cybersecurity workforce may result in cyber-attacks.
Therefore, one suggested dimension to mitigate cyber threats is to elevate personnel
competencies through cybersecurity workforce capacity building. Research studies addressed
the different dimensions of cybersecurity capacity building such as technology, regulations,
policy and strategy, and workforce. However, they appear to have abstract or limited
comprehension of the factors of cybersecurity workforce capacity. Hence, there is a need to
comprehensively address the essential factors that could assist in effectively evaluating the
cybersecurity workforce capacity maturity. The lack of studies addressing the factors of
cybersecurity workforce capacity in Oman motivated this study. This research aimed at
comprehending the essential factors and evaluating the cybersecurity workforce capacity
maturity in Oman. A quantitative approach was employed using a questionnaire adapted from
two capacity maturity models to evaluate the workforce capacity maturity. This approach
enabled the study to measure the implementation status of the cybersecurity practices related
to cybersecurity workforce capacity in three government organizations in Oman. The data
were analyzed using statistical analysis to determine the maturity level of the measured
attributes. As a result, the study determined, summarized, and refined the essential factors of
the cybersecurity workforce capacity and proposed a framework that comprehends the
essential factors to effectively evaluate the cybersecurity workforce capacity. The results
identified the focused and the overlooked factors of the cybersecurity workforce capacity. In
addition, the study revealed a significant difference between the capacity maturities of the
cybersecurity workforce in the three organizations. The main theoretical contributions of the
study are determining the essential factors of cybersecurity workforce maturity, classifying
the factors into four domains, and adding one more maturity indication level. The main
practical contribution of the study is assisting organizations to design suitable cybersecurity
development programs based on the evaluation results of cybersecurity workforce capacity.
