Abdullah,S.,Alsaadi,F.,&Zantout,H. (2021).Criticalinfrastructureprotectioninthe oilandgassector:Acybersecurityperspective. Journal of Information Security and Applications, 58,102716. 

Abreu, M. C., Cunha, M. C., & Rebouças, S. M. (2013). Effects of personal characteristics on organizational commitment: Evidence from Brazil's oil and gas industry. The International Journal of Human Resource Management, 24(20),3831-3852. 

Addae,J.H.,Sun,X.,Towey,D.,&Radenkovic,M. (2020).Exploringuser behavioral data for adaptive cybersecurity. User Modeling and User-Adapted Interaction, 29(3),701–750. 

Adler, S. (2020). Reducing threat impact with CIS Controls. An Arctic Wolf Session May 2020. Cyber Security Digital Summit. 

Ainane, S., & Bouabid,A. (2017). Build it and they will come! Reversing the gender gap:womenenrollinginengineering programsand preparingfor careersinthe oilandgasindustryintheUAE. 2017 ASEE Annual Conference & Exposition. 

Al Neaimi, A., Ranginya, T., & Lutaaya, P. (2015).A framework for effectiveness of cyber security defenses, a case of the United Arab Emirates (UAE). International Journal of Cyber-Security and Digital Forensics (IJCSDF), 4(1), 290-301. 

Al Omari, L. (2016). IT governance evaluation: Adapting and adopting the COBIT framework for public sector organizations. Doctoral dissertation (Queensland University of Technology). 

AlRestar.(2019).Half Of TheCyber AttacksInTheMiddleEastTargetedOilAndGas Companies. Z6 Mag. Retrieved Dec 03, 2019, from https://z6mag.com/2019/06/18/middle-east-hackers-targets-oil-companies/ 

Alali,F., &Yeh,C. (2019).Cybersecuritypracticesin thefinancialsector:Thecaseof Jordan. Journal of Cybersecurity and Privacy, 3(1),15-28. 

Albuquerque, R., Villalba, L., Orozco, A., Sousa Júnior, R., & Kim, T. (2016). Leveraginginformationsecurityand computationaltrustfor cybersecurity. The Journal of Supercomputing, 72(10). 

ALDhanhani,M.J.(2021).Reviewof Cyber SecurityonOilandGasIndustryinUnited Arab Emirates: Analysis on the Effectiveness of the National Institute of StandardsandTechnology’s(NIST) CybersecurityFramework. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 12(11),714-720. 

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4),2347-2376. 

Ali, M., Alawneh, M., & Kifle, M. (2020). A comprehensive review of flexibility in cybersecurity: A systematic literature mapping study. Journal of Information Security and Applications, 52.doi:10.1016/j.jisa.2020.102484 

Al-Jazeera. (2018). GCC countries to launch joint cybersecurity initiative. Retrieved fromhttps://www.aljazeera.com/news/ 

Alketbi,A.,Talib,M.A.,&Atif,Y.(2018).ASurveyonComprehensiveCyber Security Strategyfor theUAE.International Journal of Computer Applications, 181(12), 7-13. 

Al-Khouri,A. (2012).eGovernmentStrategiesTheCaseof theUnitedArab. European Journal of ePractice, 17,126-150. 

Al-Khouri,A. M. (2014).UAENationalCyber SecurityFramework:AStepTowardsa Safer SmartGovernment.International Journal of Electronic Governance, 6(4), 302-313. 

Al-Mualla, M. (2017).The Development and Implementation of National Information Assurance Framework Towards Enhancing UAE's Critical Infrastructure Protection.International Conference on Electrical and Computing Technologies and Applications (ICECTA). 

Al-Mukhtar, A., Al-Ghurair, K., & Al-Qasem, L. (2020). Cybersecurity risk managementintheoilandgasindustry:Asystematicliteraturereview. Journal of Cybersecurity, 6(1),006. 

Al-Nasser,A. (2020).Cybersecurity challengesintheoilandgasindustry:Areviewof currentthreatsandmitigationmeasures. Journal of Information Security, 11(3), 77-92. 

Al-Neyadi, H.,Abawajy, J., & Kamel, K. (2015). Building Cybersecurity Skills in the UAE: The UAE National Cybersecurity Strategy and Its Impact. Journal of Information Warfare, 14(4),97-111. 

Aloul, F.A. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3),176-183. 

Alqahtani,M.,& Braun,R. (2021).Reviewinginfluenceof UTAUT2 factorsoncyber security compliance:Aliterature review. Journal of Information Assurance & Cybersecurity. 

Al-Sati, Z. (2019). The biggest oil and gas threat isn't drones. It's cyber. Arabianbusiness. Retrieved 12 01, 2019, from https://www.arabianbusiness.com/technology/428319-the-biggest-oil-gas­threat-isnt-drones-its-cyber 

Alshenqeeti, H. (2014). Interviewing as a Data Collection Method:ACritical Review. English Linguistics Research, 3(1),39-45. doi:10.5430/elr.v3n1p39 

Al-Tamimi,N. (2017). Saudi Arabia's National Cybersecurity Authority takes the lead in the GCC. Retrieved from Arab News: https://www.arabnews.com/node/1193206 

Amazon Web Services, Inc. (2019). NIST Cybersecurity Framework (CSF). Amazon Web Services, Inc. 

Ambore, S., Richardson, C., Dogan, H.,Apeh, E., & Osselton, D. (2017).A resilient cybersecurity framework for Mobile Financial Services (MFS). Journal of Cyber Security Technology, 1(4),202-224. 

APCERT. (2020). APCERT Annual Report. Asia Pacific Computer Emergency Response Team (APCERT). 

APNIC. (2019). Enhancing Cybersecurity in the Asia-Pacific Region. Asia Pacific Network Information Centre (APNIC). 

ASEAN. (2018). Chairman’s Statement of the ASEAN Ministerial Conference on Cybersecurity. Association of Southeast Asian Nations , Association of SoutheastAsianNations. 

Atkinson, P., & Silverman, D. (1997). Kundera's Immortality: The interview society andtheinvention of theself. Qualitative Inquiry, 3(3),304-325. 

Aynalem, G.A. (2020, Dec. 09). How to interpret mean and standard deviation for a likert type survey. Retrieved from ResearchGate: https://www.researchgate.net/post/How_to_interpret_mean_and_standard_devi ation_for_a_likert_type_survey 

Babarinde, O., & Oluwaseun, A. (2019). The influence of COBIT framework on information technology governance practices in the oil and gas industry. International Journal of Advanced Science and Technology, 28(16),471-481. 

Bajpai,S.,&Gupta,J.(2007).Securingoilandgasinfrastructure. Journal of Petroleum Science and Engineering,174-186. doi:10.1016/j.petrol.2006.04.007 

Barney, J. (1991). Firm resources and sustained competitive advantage. Journal of Management, 17(1),99-120. 

Barney, J. (1991). Journal of Management. Firm resources and sustained competitive advantage, 17(1),99-120. 

Barrett, M. (2018). Framework for Improving Critical Infrastructure Cybersecurity. NITRD Faster Administration and Technology. Education and Resaerch (FASTER) Community of Practice(CoP). 

Baruah, B., & Biskupski-Mujanovic, S. (2021). Closing the gender gaps in energy sector recruitment, retention and advancement. Research Handbook on Energy and Society,168-183. 

Basamh, S., Qudaih, H., & Bin Ibrahim, J. (2014). An Overview on Cyber Security Awareness in Muslim Countries. International Journal of Information and Communication Technology Research, 4(1),21-24. 

BBC. (2018). British Airways: Suspect code that hacked fliers. Retrieved from BBC News:https://www.bbc.com/news/technology-45446529 

Beaumont,J.-F.,&Rivest,L.-P.(2009).Dealingwithoutliersinsurveydata. Handbook of Statistics, 29,247-279. 

Blair, E. (2015). A reflexive exploration of two qualitative data coding techniques. Journal of Methods and Measurement in the Social Sciences, 6(1), 14-26. doi:10.2458/v6i1.18772 

Bozick, R., Gonzalez , G., Ogletree, C., & Carew. (2017). Developing a Skilled Workforce for the Oil and Natural Gas IndustrAn Analysis of Employers and CollegesinOhio,Pennsylvania,and WestVirginia. RAND Corporation. 

Bridge, G. (2008). Global production networks and the extractive sector: Governing resource-based development. Journal of Economic Geography, 8(3),389-419. 

Brinkmann,S.(2016).Methodologicalbreachingexperiments:Stepstowardtheorizing thequalitativeinterview. Culture & Psychology, 22(4),520-533. 

Bronk, C., & Tikk-Ringas, E. (2013). The Cyber Attack on SaudiAramco. Survival, 55(2),81-96. doi:10.1080/00396338.2013.784468 

Bronk, C., & Tikk-Ringas, E. (2013). The Cyber Attack on SaudiAramco. Survival, 55(2),81-96. 

Brooks, R. (2018). Top 20 Critical Security Controls for Effective Cyber Defense. Netwrix Corporation. 

Caimi, S. (2021). Why implementation groups are so important to CIS Controls v8? Cybersecurity Resilience Sponsored News. 

Calder, A., & Watkins, S. (2012). IT Governance: An International Guide to Data Security and ISO27001/ISO27002. KoganPagePublishers. 

Cameron, K. S. (1986). Effectiveness as paradox: Consensus and conflict in conceptions of organizational effectiveness. Management Science, 32(5), 539­553. 

Castillo-Montoya,M.(2016).Preparingfor interviewresearch:Theinterviewprotocol. The Qualitative Report, 21(5), 811-831. Retrieved from http://nsuworks.nova.edu/tqr/vol21/iss5/2 

Cattell, R. B. (1966).Thescreetestfor thenumber of factors. Multivariate Behavioral Research, 1(2),245–276. doi:10.1207/s15327906mbr0102_10 

Caulkins,B.(2017).Modelingand Simulationof BehavioralCybersecurity. IDC 5602 Cybersecurity: A Multidisciplinary Approach. 

CCCS. (2021, Dec. 16). Cyber threat bulletin. (Canadian Centre for Cyber Security) Retrieved from Cyber threat to operational technology: https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-cyber-threat­operational-technology 

Chan, M., Woon, I., & Kankanhalli,A. (2005). Perceptions of information security in the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3),18-41. 

Chen, J., & Zhao, H. (2018). Data security and privacy protection issues in cloud computing. Procedia Computer Science, 17,372-375. 

Chen, P. (2014). Exploring the unknown: The journey of becoming a professional hacker. Journal of Cybersecurity Research, 1(1),29-48. 

Cherdantseva,Y.,Burnap,P.,&Blyth,A.(2020).Adaptivecybersecurity:Asystematic literaturereview. Computers & Security, 90,101656. 

Choo, K., & Dehghantanha,A. (2020). Title of the article: Cybersecurity ability and effectiveness:Amultidisciplinaryreviewand synthesis. Computers & Security, 88,101636. 

Christey , S., Kenderdine, J., Mazella, J., & Miles. (2013). Common weakness enumeration. MitreCorporation. 

Cichonski,P.,Millar,T.,Grance,T.,&Scarfone,K.(2012).Computer securityincident handlingguide. NIST Special Publication, 800(61),1-79. 

CIS. (2021). CIS Controls Version 7. Center for Internet Security, 5. Retrieved from https://www.cisecurity.org/controls/v7 

CISA. (2020). About CISA.Retrieved fromhttps://www.cisa.gov/about-cisa 

Clough, J. (2017). Cybersecurity and cyberwar in Asia: Challenges and solutions. Journal of Cyber Policy, 2(1),54-67. 

Cockerill,R. (2019). Cybersecurity and the geopolitical balance. MENASeries. 

Comrey,A. L., & Lee, H. B. (1992). A First Course in Factor Analysis. Hillsdale, NJ: LawrenceErlbaumAssociates. 

Conkle,T. (2018).NISTCybersecurity Framework,Howitwasimproved. 

Creekmore, J. (2022). A Predictive Study on Acceptance of Honeypots in US CybersecurityProfessionals. Doctoral dissertation. 

Creery,A., & Byres, E. (2005). Industrial Cybersecurity for Power System and Scada Networks. Record of Conference Papers Industry Applications Society 52nd Annual Petroleum and Chemical Industry Conference, 303-309. doi:10.1109/pcicon.2005.1524567 

Creswell, J. W. (2014). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. (4th,Ed.) SAGE Publications,Inc. 

Creswell, J., & Clark, V. (2010). Designing and conducting mixed methods research. ThousandOaks:SAGE Publications,Inc. 

Creswell,J.,& Clark,V. (2010). Designing and Conducting Mixed Methods Research. SAGE Publications,Inc. 

CWECommunity. (2019). Common Weakness Enumeration: A Community-Developed List of Software Weakness Types.Retrievedfromhttps://cwe.mitre.org/ 

Cyber securitymanagementmodelfor criticalinfrastructure. (2017). Entrepreneurship and Sustainability, 4(4),559-573. 

Cyber Threat Alliance. (2020). About the Cyber Threat Alliance. Retrieved from https://www.cyberthreatalliance.org/about/ 

D'Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1),79-98. 

DarkMatter. (2019).DarkMatter Group Callsfor Improved VigilanceasUAE'sCyber­threat Landscape Reaches Critical Level. Retrieved from https://www.prnewswire.com/ae/news-releases/darkmatter-group-calls-for­improved-vigilance-as-uae-s-cyber-threat-landscape-reaches-critical-level­881538662.html 

Davies. (2017).Fivequickfactsyoushould knowaboutNESA’sUAEIAS. 

Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of informationtechnology. MIS Quarterly, 13(3),319-340. 

Davis, F. D., Bagozzi, R. P., & Warshaw, P. R. (1989). User acceptance of computer technology: a comparison of two theoretical models. Management Science, 35(8),982-1003. 

De Haes, S., & Van Grembergen, W. (2015). Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer. 

Denzin, N. K. (1978). The research act: A theoretical introduction to sociological methods. McGraw-Hill. 

Desman,M.(2002).Building an information security awareness program. BocaRaton: AuerbachPublications. 

DiCicco-Bloom, B., & Crabtree, B. F. (2006). The qualitative research interview. Medical Education, 40(4),314-321. 

ECSO. (2020). About ECSO. Retrieved from European Cyber Security Organisation : https://www.ecs-org.eu/about 

Efthymiopoulos, M. (2016). Cyber-security in smart cities: the case of Dubai. Journal of Innovation and Entrepreneurship, 5(1),13. 

EIA. (2017). International energy outlook 2017. EIA (U.S. Energy Information Administration). 

ENISA. (2020). CSIRTs in Europe. Retrieved from European Union Agency for Cybersecurity : https://www.enisa.europa.eu/topics/csirts-in-europe/csirts-in­europe 

Ericsson, G. (2010). Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure. IEEE Transactions on Power Delivery, 25(3),1501-1507. doi:10.1109/tpwrd.2010.2046654 

Espinosa,C.(2021).Doyouhaveacybersecuritytalentshortage?Don'trequireafour­year degree. Forbes Technology Council. 

Etikan,I., Musa, S., &Alkassim, R.(2016).Comparison of conveniencesamplingand purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1),1-4. 

European Commission. (2019). Cybersecurity Act. Retrieved from https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-act 

Europol. (2020). European Cybercrime Centre (EC3). Retrieved from https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3 

Farwell , J., & Rafal, R. (2011). Stuxnet and the Future of Cyber War. 53(1), 23-40. doi:10.1080/00396338.2011.555586 

Fatokun, F. B., Hamid, S., Norman,A., & Fatokun, J. O. (2019). The impact of age, gender, and educational level on the cybersecurity behaviors of tertiary institution students: an empirical investigation on Malaysian universities. Journal of Physics: Conference Series, 1339(1),012098. 

Ferron,J.(2018).The NIST Cybersecurity Framework.RetrievedMarch20,2018,from InteractiveSecurityTraining. 

Fovino, I., Coletta,A., & Masera, M. (2019). Cybersecurity for the digitalised oil and gasindustry:Acomprehensivesurvey. Computers & Security, 85,349-371. 

Fuster,A.(2020).Regulatorychallengesinthedigitalfinanceera.Financial Regulation Journal, 18(2),32-48. 

Fuster, G. (2020). Cybersecurity in financial services: A comparative analysis of regulatory frameworks. Journal of Financial Regulation and Compliance, 28(2),164-182. 

Galligan , M., Herrygers, S., & Rau, K. (2021). Managing cyber risk in a digital age [White paper]. Committee of Sponsoring Organizations of the Treadway Commission. 

Gardner, B., & Thomas, V. (2014). Building an information security awareness program (1sted.).Waltham,MA: Syngress. 

Garson,G.D.(2012).Testingstatisticalassumptions. Statistical Associates Publishing. 

Gorkowienko,A. (2019). Ensuring Oil and Gas Critical Infrastructure Security. Oil & Gas IQ. Retrieved from https://www.oilandgasiq.com/oil-gas/news/ensuring­oil-and-gas-critical-infrastructure-security 

Gorkowienko, T. (2019). Cybersecurity Threats in the Oil and Gas Sector: A ComprehensiveReview. Energy Policy Journal, 132,1102-1112. 

Gratian,M.,Bandi,S.,Cukier,M.,Dykstra,J.,&Ginther,A.(2018).Correlatinghuman traits and cybersecurity behavior intentions. Computers & Security, 73, 345­358. 

Greenberg,A. (2018). The untold story of NotPetya, the most devastating cyberattack in history. Retrieved from Wired: https://www.wired.com/story/notpetya­cyberattack-ukraine-russia-code-crashed-the-world/ 

Gruenloh,T.(2021).HowCISControlsv8impactsSMBs? Dark Reading: Connecting the Information Security Community. 

Gyan, C. (2013). The role of women in the oil industry. Journal of Social Sciences, 9(3),94. 

Harhara, A., Singh, S., & Hussain, M. (2015). Correlates of employee turnover intentions in oil and gas industry in the UAE. International Journal of Organizational Analysis, 23(3),493-504. doi:10.1108/ijoa-11-2014-0821 

Harrell, M., & Bradley, M. (2009). Data Collection Methods. Semi-Structured InterviewsandFocusGroups. National Defense Research Institute. 

Hathaway,&Klimburg,A.(2012).NationalCyber SecurityFrameworkManual. NATO Cooperative Cyber Defence Centre of Excellence, Tallinn. 

HelpNetSecurity.(2018).MiddleEastoilandgascompaniesareunpreparedtoaddress OT cyber risk. Help Net Security. Retrieved 12 01, 2019, from https://www.helpnetsecurity.com/2018/03/21/middle-east-ot-cyber-risk/ 

Hobbs,D.(2021).Center for InternetSecurity(CIS) v8 –WhyYouShouldCare.Black HillsInformationSecurity. 

Honan,B.(2017). ISO27001 in a Windows Environment: The Best Practice Handbook for a Microsoft Windows Environment. ITGovernancePublishing. 

Huang,D. L.,Rau,P.-L. P.,&Salvendy,G. (2010).Perception of informationsecurity. Behaviour & Information Technology, 29(3),221-232. 

Huang,D. L., Rau,P.-L. P., Salvendy,G., Gao,F.,& Zhou,J. (2011). Factorsaffecting perceptionof informationsecurityandtheir impactsonITadoptionandsecurity practices. International Journal of Human-Computer Studies, 69(12),870-883. 

Hult, F., & Sivanesan, G. (2014). What good cyber resilience looks like. Journal of Business Continuity & Emergency Planning, 7(2),112-125. 

Humphreys,E. (2016). Implementing the ISO/IEC 27001:2013 ISMS Standard. Artech House. 

Hvidt,M. (2011).Economicand InstitutionalReformsin theArabGulf Countries. The Middle East Journal(1),85-102. doi:10.3751/65.1.15 

IEC. (2018). Industrial communication networks -Network and system security -Part 1-1: Terminology, concepts and models. International Electrotechnical Commission. Retrieved fromhttps://webstore.iec.ch/publication/62305 

IMF. (2021).UnitedArab Emirates: 2021Article IVConsultation-Press Release;Staff Report;andStatementbytheExecutiveDirector for theUnitedArab Emirates. Retrieved from https://www.imf.org/en/Publications/CR/Issues/2021/07/19/United-Arab­Emirates-2021-Article-IV-Consultation-Press-Release-Staff-Report-and­Statement-46745 

ISACA. (2012). COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. Information Systems Audit and Control Association (ISACA) -Framework Introduction.ISACA. 

ISACA. (2018). Natural gas company case study. ISACA. Retrieved from https://www.isaca.org/COBIT/Pages/Natural-Gas-Company-Case-Study.aspx 

ISACA.(2019).COBIT. ISACA.Retrievedfromhttps://www.isaca.org/resources/cobit 

Ismail, S., Sitnikova, E., & Slay, J. (2014). Towards Developing SCADA Systems Security Measures for Critical Infrastructures against Cyber-TerroristAttacks. ICT Systems Security and Privacy Protection IFIP Advances in Information and Communication Technology,242-249. doi:10.1007/978-3-642-55415-5_20 

Ismail, Z., Masrom, M., Sidek, Z., & Hamzah, D. (2010). Framework to manage information security for Malaysian academic environment. Information Assurance & Cybersecurity, 1-16. 

ISO. (2013). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems. International Organization for Standardization(ISO). 

IT Governance Institute. (2007). COBIT 4.1. Framework Document. IT Governance Institute. 

ITU.(2021).Cybersecurity regulations and standards in the ICTsector.Retrievedfrom InternationalTelecommunicationUnion. 

Jiang, H. (2016). A maturity model for measuring organization-wide cybersecurity. Cybersecurity, 1(1),1-18. 

Jick,T.D.(1979).Mixingqualitativeandquantitativemethods:Triangulationinaction. Administrative Science Quarterly, 24(4),602-611. 

Johnson, B., Onwuegbuzie, A., & Turner, L. (2007). Toward a Definition of Mixed Methods Research. Journal of Mixed Methods Research, 1,112-133. doi:10.1177/1558689806298224 

Jones, L., & Chin,A. (2019). Protecting student data in the digital age. Education and IT Journal, 12(1),45-58. 

Joshi, A., Bollen, L., Hassink, H., De Haes, S., & Van Grembergen, W. (2018). A Maturity Modelfor Governance,RiskManagement,and Compliance(GRC) in Healthcare. Journal of Information Systems, 32(2). 

Kaiser, H. F. (1960). The application of electronic computers to factor analysis. Educational and Psychological Measurement, 20(1), 141–151. doi:10.1177/001316446002000116 

Kajornboon, A. B. (2005). Using interviews as research instruments. E-journal for Research Teachers, 2(1),1-9. 

Kamel , D., & Gnana, J. (2019). Middle East energy companies' cyber-security investments lag. Dubai:TheNational. 

Kang, H. (2013). The prevention and handling of the missing data. Korean Journal of Anesthesiology, 64(5),402–406. doi:10.4097/kjae.2013.64.5.402 

Karlsson, M., Karlsson, F., Åström, J., & Denk, T. (2021). The effect of perceived organizational culture on employees’ information security compliance. Information & Computer Security. 

Kelter, R. (2021). Analysis of type I and II error rates of Bayesian and frequentist parametric and nonparametric two-sample hypothesis tests under preliminary assessmentof normality. Computational Statistics, 36(2),1263–1288. doi:DOI: 10.1007/s00180-020-01034-7 

Khan,M.,&Alghathbar,K.(2019).Cybersecurityinsmartmanufacturing:Challenges andsolutions. Journal of Industrial Integration, 14(2),213-227. 

Kilian, L. (2009). Not all oil price shocksare alike: Disentangling demandand supply shocksinthecrudeoilmarket. American Economic Review, 99(3),1053-1069. 

Knapp, E., & Langill, J. (2014). Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress. 

Kolkowska, E., & Dhillon, G. (2013). Information security management:Amethod to assess and mitigate the risks of social engineering attacks. Information Management & Computer Security, 21(4),272-289. 

Kornmaier, A., & Jaouën, F. (2014). Beyond technical data -a more comprehensive Situational Awareness fed by available Intelligence Information. 6th International Conference on Cyber Conflict (CyCon 2014). 

Krebs, B. (2013). Target: 40 million credit cards compromised. Retrieved from Krebs on Security: https://krebsonsecurity.com/2013/12/target-40-million-credit­cards-compromised/ 

Krejcie, R. V., & Morgan, D. W. (1970). Determining Sample Size for Research Activities. Educational and Psychological Measurement. 

Krumpal, I. (2013). Determinants of social desirability bias in sensitive surveys: a literaturereview. Quality & Quantity, 47(4),2025-2047. 

Kumar, P., & Raj, P. (2019). Cloud-native security: Patterns for scalable infrastructure andapplicationsin adynamicenvironment. O'Reilly Media. 

Kwak,S.-K.,&Kim,J.-H.(2017).Statisticaldatapreparation:managementof missing valuesandoutliers. Korean journal of anesthesiology, 70(4),407-411. 

Li, L., Xu, L., & He, W. (2022). The effects of antecedents and mediating factors on cybersecurity protection behavior. Computers in Human Behavior Reports, 5, 100165. 

Li, L., Xu, L., He, W., Chen,Y., & Chen, H. (2016). Cyber security awareness and its impact on employee’s behavior. International Conference on Research and Practical Issues of Enterprise Information Systems,103-111. 

Lichtblau, K., Stich, V., Bertenrath, R., & Blach, R. (2020). Cybersecurity challenges inthemanufacturingsector.Journal of Manufacturing Systems, 25(3),445-456. 

Lichtblau, K., Stich, V., Bertenrath, R., & Blach, R. (2020). Industrie 4.0-readiness of small and medium-sized enterprises. International Journal of Production Research, 58(9),2745-2761. 

Lim,S.,Saldanha,T.,Malladi,S.,&Melville,N.(2013).TheoriesUsedinInformation Systems Research: Insights from Complex Network Analysis. JOURNAL OF INFORMATION TECHNOLOGY THEORY AND A APPLICATION, 14(2), 5­46. 

Lim,W.,& Chin,K. (2020).Cybersecuritymanagementfor theoiland gasindustry:A review of trends and challenges. Renewable and Sustainable Energy Reviews, 132,110022. doi:10.1016/j.rser.2020.110022 

Limba,T.,Pleta,T.,Agafonov,K.,&Damkus,M.(2017).Cyber securitymanagement modelfor criticalinfrastructure. Entrepreneurship and Sustainability, 4(4),559­573. 

Liu, F., Wang, X., & Camp, L. J. (2017). Defining and measuring the effectiveness of cybersecuritycontrols. Journal of Cybersecurity, 3(2),143-158. 

Liu,J.,&Wang,L.(2018).Blockchain:Anewsolutionfor secureandefficientfinancial transactions. International Journal of Financial Studies, 6(2),56-70. 

Lubell, J. (2016). Baseline Tailor Software-aided Security Control Selection. NIST Engineering Laboratory. 

Luiijf, E., Besseling, K., & Graaf, P. (2013). Nineteen National Cyber Security Strategies. International Journal of Critical Infrastructure Protection, 9(1). doi:10.1504/IJCIS.2013.051608. 

MaalemLahcen,R.A.,Caulkins,B.,Mohapatra,R.,&Kumar,M. (2020).Reviewand insightonthebehavioralaspectsof cybersecurity. Cybersecurity, 3(1),1-18.

Malek,C.(2019).Countingthecostof MiddleEastcyberattacks. ArabNews.Retrieved Dec03,2019,fromhttps://www.arabnews.com/node/1551171/middle-east

Manns, G. (2021). The Adoption of Cybersecurity in Small-to Medium-Sized Businesses:ACorrelation Study. Doctoral dissertation.CapellaUniversity.

Martin, R.A.,& Scarfone,K. (2011).GuidetoUsing VulnerabilityNaming Schemes.

Menachery, M. (2017). Oil and gas industry becomes key target for cyber criminals. ITP Media Group. Retrieved Dec 03, 2019, from https://www.oilandgasmiddleeast.com/article-17869-oil-and-gas-industry­becomes-key-target-for-cyber-criminals 

Mepham,K.,Ghinea,G.,Louvieris,P.,&Clewley,N.(2014).DynamicCyber-Incident Response. 6th International Conference on Cyber Conflict (CyCon 2014).

MITRE. (2021).CWE ListVersion4.6. The MITRE Corporation.

Mohamed, K., & Meddas, O. (2019). Economic, Business and Management Sciences Institute. Excellent Model of economic diversification from UAE, 3(1).

Morgan, D. L. (2014). Integrating qualitative and quantitative methods:A pragmatic approach. SAGE Publications, Inc.

Morrison,D.(2018).ProtectingICSandSCADAsystemsin manufacturing. Industrial Cybersecurity Journal, 10(1),58-65.

MOTC. (2018). Qatar National Cybersecurity Strategy. Ministry of Transport and Communications.Retrieved fromhttps://www.motc.gov.qa/ 

Nakashima, E. (2015). Hacks of OPM databases compromised 22.1 million people, federal authorities say. Retrieved from The Washington Post: https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of­security-clearance-system-affected-21-5-million-people-federal-authorities­say/ 

Nakashima, E., & Warrick, J. (2014). For U.S. and N. Korea, Sony attack is just the latestepisodeinacyberwar. The Washington Post. 

Nathans,D. (2014). Designing and Building Security Operations Center. Syngress. 

NESA. (2015). UAE Information Assurance Standards. Retrieved from National ElectronicSecurityAuthority(NESA): https://www.nesa.gov.ae 

Neuman, W. L. (2011). Social Research Methods: Qualitative and Quantitative Approaches. Allyn and Bacon. 

Nicholson,A.(2015).Areviewof cybersecurityincidentresponsepractices.Computers & Security, 57,14-31. 

NIST. (2018, April). Cybersecurity Framework, 1.1. Retrieved from The National Institute of Standards and Technology: https://doi.org/10.6028/NIST.CSWP.04162018 

NIST. (2018). Frameworkfor ImprovingCriticalInfrastructureCybersecurity,Version 

1.1. National Institute of Standards and Technology. doi:10.6028/nist.cswp.04162018 Noble, H., & Smith, J. (2015). Issues of validity and reliability in qualitative research. Evidence Based Nursing, 18(2),34-35. doi:10.1136/eb-2015-102054 

North American Electric Reliability Corp. (NERC). (2019). CIP standards. NERC. Retrievedfromhttps://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx 

NSF. (2020). Cyber Corps Scholarship for Service. Retrieved from National Science Foundation:https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=504991 

Nyhuis , M. (2020). CIS Security Benchmarks and Compliance: What is CIS Compliance? . Diligent Insights. 

Nyhuis,D. (2020).Building aCybersecurityEcosystemwithCIS Controls. Center for Internet Security. 

Oakley, A. (1981). Interviewing women: A contradiction in terms. (H. Roberts, Ed.) Routledge&Kegan Paul. 

OECD. (2021).EconomicDiversificationintheUnitedArabEmirates. Retrieved from https://www.oecd-ilibrary.org/economics/economic-diversification-in-the­united-arab-emirates_6d18f6ec-en 

OIC. (2019). OIC stresses importance of strengthening cybersecurity. Retrieved from Organizationof IslamicCooperation:https://www.oic-oci.org 

Otting, J. H. (2020). Factors Influencing the Adoption of Active Cybersecurity MeasuresWithinSmalltoMidsizeEnterprises:ACorrelationalStudy. Doctoral dissertation.CapellaUniversity. 

Oxford University Press Inc. (2018, Jan. 17). Oxford’s Constitutions. Retrieved from constituteproject.org: https://www.constituteproject.org/constitution/United_Arab_Emirates_2004.p df 

Palinkas,L.,& Horwitz, S. (2015).Purposefulsamplingfor qualitativedata collection and analysis in mixed method implementation research. Administration and Policy in Mental Health and Mental Health Services Research, 42(5),533-544. 

Park,R.,Metzger,B.,&Foreman,L.(2019).Promotinggender diversityandinclusion in the oil, gas and mining extractive industries. A Women’s Human Rights Report January 2019. The Advocates for Human Rights, Minneapolis, Minnesota USA. 

Peat, J. (2018). Oil and gas industry 'needs to wake up to cyber threat from hostile states'. INDEPENDENT. Retrieved Dec 03, 2019, from https://www.independent.co.uk/news/uk/home-news/cyber-attacks-threat-oil­gas-industry-brian-lord-gchq-abu-dhabi-a8495666.html 

Pedersen, C. (2014). Much Ado about Cyber-space: Cyber-terrorism and the Reformation of the Cyber-security. Pepperdine Policy Review, 7. Retrieved fromhttps://digitalcommons.pepperdine.edu/ppr/vol7/iss1/3 

Pernik, P., Wojtkowiak, J., & Verschoor-Kirss, A. (2016). National cybersecurity organization: United States. NATO Cooperative Cyber Defence Centre of Excellence: Tallinn. 

Perrons, R., & Hems,A. (2013). Cloud computing in theupstream oil & gas industry: A proposed way forward. Energy Policy, 56, 732-737. doi:10.1016/j.enpol.2013.01.016 

Perumal,D.(2010).RESEARCH METHODS IN COMPETITIVE INTELLIGENCE. (A. Jameelah,Ed.) Malaysia:OpenUniversity Malaysia. 

Pescatore,J. (2021).Backto basics:Focuson thefirstsixCIScriticalsecuritycontrols [Whitepaper]. SANS Analyst Program. 

PonemonInstitute. (2018). The state of cybersecurity in the oil & gas industry: United States. Ponemon Institute. Retrieved from https://info.telos.com/rs/602-XJZ­750/images/Ponemon-Oil-Gas-Report-2018.pdf 

Power, C., & Kennedy, A. (2016). Gender diversity in the oil and gas industry. The APPEA Journal, 56(2),538. 

Purkait, S. (2020). Cybersecurity challenges in educational institutions. Journal of Educational Technology, 17(2),123-135. 

Purkait, S. (2020). Cybersecurity in higher education: A study of universities' preparednessagainstcyber threats. Computers & Security, 92,101755. 

Rabionet,S.(2009).HowI LearnedtoDesignandConductSemi-structuredInterviews: An Ongoing and Continuous Journey. The Qualitative Report, 16(2), 563-566. Retrievedfromhttp://www.nova.edu/ssss/QR/QR16-2/rabionet.pdf 

Radvanovsky,R.,&McDougall,A.(2013). Critical Infrastructure: Homeland Security and Emergency Preparedness (3rded.).BocaRaton,Florida:CRCPress,Taylor &FrancisGroup. 

Reback, S., & Costello, T. (2014). Deconstructing the Internet of Things. Bloomberg Finance. 

Reegård, K., Blackett, C., & Katta, V. (2019). The concept of cybersecurity culture. 29th European Safety and Reliability Conference,4036-4043. 

Rhee, H.-S., Kim, C., & Ryu, Y. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8),816-826. doi:10.1016/j.cose.2009.05.008 

Risk,M. C. (2018).Cybersecurity framework. 

Ritchie,J.,&Lewis,J.(2013).Qualitative research practice: A guide for social science students and researchers. Sage. 

Riza,A.,Tibben,W.J.,&KhinThan,W. (2018).Reviewof cybersecurityframeworks: context and shared concepts. Faculty of Engineering and Information Sciences -Papers: Part B. 

Roberts, P. (2020). Standards and frameworks for cybersecurity in manufacturing. Manufacturing Today, 18(5),78-83. 

Rock, D., & Grant, H. (2016). Why diverse teams are smarter. Harvard Business Review. Harvard Business Review. 

Romanosky, S., Acquisti, A., & Telang, R. (2022). Cybersecurity in the banking and financesector. Journal of Financial Security, 58(2),123-145. 

Romanosky, S., Acquisti, A., & Telang, R. (2022). The economics of cybersecurity. Annual Review of Economics, 14. 

Rossel, J. (2019). United Arab Emirates -Country overview. pwc. Retrieved 12 01, 2019,fromhttp://taxsummaries.pwc.com/ID/United-Arab-Emirates-Overview 

Roy, B. (2019).All about missing data handling: Missing data imputation techniques. Towards Data Science. Retrieved from https://towardsdatascience.com/all­about-missing-data-handling-b94b8b5d2184 

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliancemodelin organizations. Computers & Security, 56,70-82. 

Sangani,&Vijayakumar,B.(2012).Cyber securityscenariosandcontrolforsmalland mediumenterprises. Informatica Economica,, 16(2),58. 

SANS Institute. (2019). Oil rig cyber security case study. SANS Institute. Retrieved from https://www.sans.org/reading-room/case-studies/oil-rig-cybersecurity­case-study-38415 

Saunders, M., Lewis, P., & Thornhill, A. (2007). Research methods for Business Students (8ed.).HarlowCM179NA,UK:PearsonEducationLimited.doi:978­1-292-20878-7 

Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a More Representative Defifinitionof Cyber Security. Journal of Digital Forensics, Security and Law, 12(2).doi:https://doi.org/10.15394/jdfsl.2017.1476 

Scott, J., Dakin, R., Heller, K., & Eftimie, A. (2013). A survey and analysis of the gendered impacts of onshore oil and gas production in three developing countries. Extractive Industries for Development Series #28. 

Seidman, I. (2013). Interviewing as Qualitative Research:AGuide for Researchers in EducationandtheSocialSciences. Teachers College Press. 

Shackelford, S., Proia, A., Martell, B., & Craig, A. (2015). Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST Cybersecurity Framework on shaping reasonable national and international cybersecuritypractices. Texas International Law Journal, 50(2),303-353. 

Sharma, G. (2017). Pros and cons of different sampling techniques. International Journal of Applied Research, 3(7),749-752. 

Shen,L. (2014).TheNISTcybersecurityframework:Overviewand potentialimpacts. Scitech Lawyer, 10(4),16. 

Singer,P.W.,&Brooking,E.T.(2018).TheWeaponizationof SocialMedia. Houghton Mifflin Harcourt. 

Singh.(2020).Cybersecuritychallengesanditsemergingtrendsonlatesttechnologies. International Journal of Advanced Research in Computer Science, 11(1),94-98. 

Singh, R. (2020). Cybersecurity in ICT: Challenges and Solutions. Journal of Information Security, 11(2),123-135. 

Smith, J. (2021). The role of employee training in preventing cyber threats in the bankingsector. Journal of Banking and Finance, 45(3),215-230. 

Smith, J. A. (2020). Qualitative Psychology:APractical Guide to Research Methods. SAGE. 

Smith, R. (2021). Ransomware attacks on universities: A growing threat. Journal of Cybersecurity in Education, 4(3),215-229. 

Sofaer, S. (2002). Qualitative research methods. International Journal for Quality in Health Care, 14(4),329-336. doi:10.1093/intqhc/14.4.329 

Stevens,P. (2012).Cybersecurityintheenergysector:Acomparativeanalysisbetween EuropeandtheMiddleEast. Energy Strategy Reviews, 1(3),171-178. 

Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to Industrial Control Systems (ICS) Security. NIST Special Publication, 800-82 Rev. 2. 

Stouffer,K.,Zimmerman,T.,Tang,C.,Cichonski,J.,Pease,M.,Shah,N.,& Downard, W. (2019). Cybersecurity Framework Manufacturing Profile. 3. doi:10.6028/NIST.IR.8183A-3 

Syed, D., Chang, T.-H., Svetinovic, D., Rahwan, T., &Aung, Z. (2017). Security for Complex Cyber-Physical and Industrial. Pacific Asia Conference on Information Systems -PACIS 2017 Proceedings,180. 

Taber,K.(2018).Theuseof Cronbach’sAlphawhendevelopingandreportingresearch instrumentsinscienceeducation. Research Science Education, 48,1273-1296. 

Tan,W.,&Restar. (2019). Cyberattacks in UAE, Middle East. DarkMatter report. 

Taylor,M.(2018).Implementingmulti-factor authenticationineducationalinstitutions. Journal of Network Security, 10(2),112-120.

TECH. (2018).Oil&gassector ill-equippedtodealwithcyber risks. TECH.Retrieved Dec2,2019

Teh, T. Y. (2017). Performance and Risk: Empirical Evidence from Mah Sing Group Berhad. SSRN Electronic Journal.

Ten, C.-W., Manimaran, G., & Liu, C.-C. (2010). Cybersecurity for Critical Infrastructures:Attack and Defense Modeling. IEEE Transactions on Systems, Man, and Cybernetics -Part A: Systems and Humans, 40(4), 853-865. doi:10.1109/tsmca.2010.2048028 

Tewari, S. (2021). Women in Cybersecurity: Why Diversity Matters? IBM: Security Intelligence. Retrieved from https://securityintelligence.com/posts/women-in­cybersecurity-diversity/ 

The National, & ADNOC. (2019). Oil & Gas 4.0. Retrieved 12 02, 2019, from https://oilandgas4.thenational.ae 

Thurmond, V. A. (2001). The point of triangulation. Journal of Nursing Scholarship, 33(3),253-258. 

Tipton,H.F.,&Krause,M.(2007).Information Security Management Handbook, Sixth Edition, Volume 2. CRC Press. 

Tounsi, L., & Rais, H. (2018). A survey of cybersecurity threat intelligence. Future Generation Computer Systems, 91,327-349. 

Turner, L. (2021). The human factor in manufacturing cybersecurity. Journal of Cybersecurity in Manufacturing, 6(4),312-320. 

U.S. Energy InformationAdministration. (2019).

US-CERT. (2020). About US-CERT. Retrieved from United States Computer EmergencyReadinessTeam:https://www.us-cert.gov/about-us 

Vakakis,N.,Nikolis,O.,Ioannidis,D.,Votis,K.,&Tzovaras,D. (2019).Cybersecurity in SMEs: The smart-home/office use case. 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 1-7. 

Valdez, L., Faust, G., & Ng, D. (2020). Cybersecurity risk management in the oil and gasindustry:Areviewof thecurrentstateof practiceandchallenges.Computers & Security, 97,101984. 

Venkatesh,V.,&Davis,F.(2000).Atheoreticalextensionof thetechnologyacceptance model:Four longitudinalfieldstudies. Management Science, 46(2),186-204. 

Venkatesh,V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptanceof informationtechnology:Towardaunifiedview. MIS Quarterly, 27(3),425-478. 

Venkatesh, V., Morris, M., Davis, G., & Davis, F. (2003). User acceptance of informationtechnology:Towardaunifiedview. MIS Quarterly, 27(3),425-478. 

Voigt,P., &Von demBussche,A. (2017).TheEU GeneralData Protection Regulation (GDPR). Springer. 

VonSolms,R.,& VanNiekerk,J. (2013).From informationsecuritytocyber security. Computers & Security, 38,97-102. 

VonSolms,R.,& VanNiekerk,J. (2013).From informationsecuritytocyber security. Computers & Security, 38,97-102. 

Wang,Y.,Xu,H.,&Li,Y.(2020).Cybersecurityeffectivenessinthefinancialindustry: Aquantitativestudy. Journal of Financial Services Marketing, 25(1),33-43. 

Watkins, M. W. (2018). Exploratory factor analysis:Aguide to best practice. Journal of Black Psychology, 44(3),219-246. 

Weiss, J. (2011). Protecting Industrial Control Systems from Electronic Threats. MomentumPress. 

Whitman, M. E., & Mattord, H. J. (2018).Principlesof information security. Cengage Learning. 

World Bank. (2019). UnitedArab Emirates GDP. World Bank. Retrieved 12 01, 2019, fromhttps://tradingeconomics.com/united-arab-emirates/gdp 

Yergin,D. (2006).Theprize:Theepicquestfor oil,money&power. Free Press. 

Zhang,D.,Lai,K. K., &Wang,S.Y. (2019).An intelligentfinancialportfoliodecision supportsystemthroughintegrating fuzzyneuralnetworkandartificialimmune algorithm. Computers & Operations Research, 36(5),1475-1482. 

Zhang, L., Zhang, X., & Wang, L. (2021). Adaptive cybersecurity: A deep reinforcement learning approach. IEEE Transactions on Neural Networks and Learning Systems, 32(7),2961-2974. 

Zhao,X.,Ge,L.,&Dong,X.(2019).Adaptivecybersecurityframeworkfor theInternet of Things. Computers & Electrical Engineering, 76,214-222. 

Zimmerman, T. (2017). Ensuring the Cybersecurity of Manufacturing Systems. NIST. Retrieved Dec. 4, 2019, from https://www.nist.gov/blogs/taking­measure/ensuring-cybersecurity-manufacturing-systems