The objective of this thesis is to investigate the significant perceived security threats against information security systems (ISS) for information systems (IS) in Saudi organisations. An empirical survey using a self-administered questionnaire has been carried out to achieve this objective. The survey results revealed that almost half of the responded Saudi organisations have suffered financial losses due to internal and external IS security breaches. The statistical results further revealed that accidental and intentional entry of bad data; accidental destruction of data by employees; employees' sharing of passwords; introduction of computer viruses to IS; suppression and destruction of output; unauthorised document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived threats to IS in Saudi organisations. Accordingly, it is recommended to strengthen the security controls over the above weakened security areas and to enhance the awareness of IS security issues among Saudi companies to achieve better protection to their IS.