English abstract
Digital transformation in Oman has amplified the risk of cyberattacks, as evidenced by millions of attacks targeting
government websites and critical infrastructures. However, Oman’s current cybersecurity preparedness, particularly
in policy development, is inadequate, as indicated by its moderate ranking in the National Cyber Security Index
and score of 0% in cybersecurity policy development. Furthermore, prior research has not extensively covered the
implementation of information security standards within Omani ministries. This study addresses this critical gap
by evaluating the current state of information security policy implementation across 18 Omani ministries. A survey
of 36 IT and security managers assessed current policies and practices, focusing on confidentiality, integrity, and
availability. The study highlights that, although fundamental information security principles are implemented, a
limited number of ministries possess international certifications. Specific deficiencies exist in advanced security
measures, particularly in inadequate authentication protocols, inadequate encryption of sensitive data, and
insufficient disaster recovery plans. The outcomes of this research highlight the critical necessity for Omani
government agencies to embrace innovative technologies and adhere to internationally recognised information
security standards to improve their security stance. This study provides significant information for policymakers
and professionals aiming to strengthen the security posture of Oman’s public sector.
