King Saud University
There is no doubt that modern society depends heavily on information technology in nearly every facet of human activity. Organizations of all kinds are increasingly exposed to various kinds of risks, including information technology risks. There are many security standards and frameworks available to help organizations manage these risks. The question which one is best and can address the information security risks adequately warrants further investigation and research. The purpose of this research work is to highlight the challenges facing enterprises in their efforts to properly manage information security risks when adopting international standards and frameworks.