A Study of Cyber Security Awareness in Educational Environment in the Middle East

2016 ◽  
Vol 15 (01) ◽  
pp. 1650007 ◽  
Author(s):  
Samaher Al-Janabi ◽  
Ibrahim Al-Shourbaji
Keyword(s):  
Middle East ◽  
Information Security ◽  
Undergraduate Students ◽  
Cyber Security ◽  
Training Programs ◽  
Academic Staff ◽  
Cyber Attacks ◽  
Security Awareness ◽  
Negative Consequences ◽  
Information Security Awareness

Information security awareness can play an important role in facing cyber-attacks by intruders. The main goal of this paper is to analyse the information security awareness among academic staff, researchers, undergraduate students and employee within educational environments in the Middle East in an attempt to understand the level of awareness of information security, the associated risks and overall impact on the institutions. The results reveal that the participants do not have the requisite knowledge and understanding of the importance of information security principles and their practical application in their day-to-day work. This situation can however be corrected through comprehensive awareness and training programs as well as adopting all the necessary safety measures at all levels of the institution to ensure that the students, academic staff and employees are trustworthy, technology savvy and keep their data safe. Without such training programs and awareness, there will be negative consequences on IT systems and their application usage, as well as on users’ personal security now and in the future. From the weaknesses identified in this survey, some essential recommendations are put forward to remedy the situation.

Cyber Security Competency Model Based on Learning Theories and Learning Continuum Hierarchy

2022 ◽  
pp. 139-156
Author(s):  
Winfred Yaokumah
Keyword(s):  
Cyber Security ◽  
Domain Knowledge ◽  
Training Programs ◽  
Cyber Attacks ◽  
Competency Model ◽  
Learning Theories ◽  
Security Awareness ◽  
Non Governmental Organizations ◽  
Security Competency ◽  
And Training

There is an urgent need for transformative changes in cyber security awareness and training programs to produce individuals and the workforce that can deal with business risks emanating from the prevailing and emerging cyber-attacks. This chapter proposes a cyber security competency model that integrates learning theories (cognitive, affective, and psychomotor), learning continuum hierarchy (awareness and training), and cyber security domain knowledge. Employing literature search of scholarly and practitioner works, together with cyber security standards from governmental and non-governmental organizations, the chapter integrates cyber security domain knowledge, learning theories, and learning continuum hierarchy to design a model of cyber security competencies suitable for use in educating individuals and the general workforce. This theoretical-based approach to designing cyber security awareness and training programs will produce skillful individuals and workforce that can mitigate cyber-attacks in the global business environment.

scholarly journals Information Security Awareness among Non-Academic Staff in the University of Ibadan, Nigeria

2019 ◽  
Vol 8 (2) ◽  
pp. 77-84
Author(s):  
H. T. AbdulRahman ◽  
S. O. Oladipupo
Keyword(s):  
Information Security ◽  
Survey Design ◽  
Academic Staff ◽  
Sampling Technique ◽  
Future Research ◽  
Security Awareness ◽  
Information Security Awareness ◽  
The University ◽  
University Of Ibadan ◽  
Ibadan Nigeria

This study applied the established factors from the existing literatures on information security awareness to investigate information security awareness among non-academic staff in the University of Ibadan, Nigeria. The objectives of this study are; to identify the factors that influence information security awareness and to determine the level of information security awareness among non-academic staff. This study employed a survey design. Stratified random sampling technique was utilized to select the respondents for the study. The study participants consist of non-academic staff in the University of Ibadan. A field survey of 300 respondents was carried out using questionnaire as the main instrument. Descriptive statistics was used for data analysis. Findings of this study revealed that information security awareness is significantly influenced by policy of information security, education of information security, knowledge of technology, and non-academic staff’s behavior. Furthermore, findings show that the level of information security awareness among non-academic staff in the University of Ibadan was high. Finally, findings were discussed and recommendations for the future research were also addressed.

Matching training to individual learning styles improves information security awareness

2019 ◽  
Vol 28 (1) ◽  
pp. 1-14 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Meredith Lillie ◽  
Beau Ciccarello ◽  
Kathryn Parsons ◽  
...  
Keyword(s):  
Information Security ◽  
Learning Styles ◽  
Cyber Security ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Security Controls ◽  
Human Aspects ◽  
Security Training ◽  
Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Exploring the relationship between student mobile information security awareness and behavioural intent

2015 ◽  
Vol 23 (4) ◽  
pp. 406-420 ◽  
Author(s):  
Bukelwa Ngoqo ◽  
Stephen V. Flowerday
Keyword(s):  
Information Security ◽  
Mobile Phone ◽  
Undergraduate Students ◽  
Security Awareness ◽  
Human Errors ◽  
Content Type ◽  
Information Security Awareness ◽  
Student Information ◽  
Key Aspects ◽  
The Relationship

Purpose – The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa. Design/methodology/approach – Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle. Findings – The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises. Originality/value – Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

scholarly journals A Simple Assessment of Information Security Awareness in Hospital Staff Across Five Danish Regions

2021 ◽  
Author(s):  
Thomas Schmidt ◽  
Christian Nøhr ◽  
Ross Koppel
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Medical Profession ◽  
Health Information Systems ◽  
Hospital Staff ◽  
Cyber Attacks ◽  
Security Awareness ◽  
Information Security Awareness ◽  
Computer Proficiency ◽  
System Usability

Information Security Awareness among employees in healthcare has become an essential part in safeguarding health information systems against cyber-attacks and data breaches. We present three simple security awareness questions that can be included in larger surveys gauging other aspects of information systems. The questions have been tested in a national Danish survey to evaluate correlations among medical profession, computer proficiency, experience, and place of employment. We find that dissatisfaction with system usability is strongly linked with reduced information security awareness, and that clinical professions have different responses to security concerns.

Cyber Security Competency Model Based on Learning Theories and Learning Continuum Hierarchy

2019 ◽  
pp. 94-110
Author(s):  
Winfred Yaokumah
Keyword(s):  
Cyber Security ◽  
Domain Knowledge ◽  
Training Programs ◽  
Cyber Attacks ◽  
Competency Model ◽  
Learning Theories ◽  
Security Awareness ◽  
Non Governmental Organizations ◽  
Security Competency ◽  
And Training

There is an urgent need for transformative changes in cyber security awareness and training programs to produce individuals and the workforce that can deal with business risks emanating from the prevailing and emerging cyber-attacks. This chapter proposes a cyber security competency model that integrates learning theories (cognitive, affective, and psychomotor), learning continuum hierarchy (awareness and training), and cyber security domain knowledge. Employing literature search of scholarly and practitioner works, together with cyber security standards from governmental and non-governmental organizations, the chapter integrates cyber security domain knowledge, learning theories, and learning continuum hierarchy to design a model of cyber security competencies suitable for use in educating individuals and the general workforce. This theoretical-based approach to designing cyber security awareness and training programs will produce skillful individuals and workforce that can mitigate cyber-attacks in the global business environment.

Enterprise Information Security Awareness and Behavior as an Element of Security Culture During Remote Work

2021 ◽  
pp. 119-138
Author(s):  
Nur Sena Tanriverdi ◽  
Bilgin Metin
Keyword(s):  
Information Security ◽  
Cyber Attacks ◽  
Security Awareness ◽  
Remote Work ◽  
Enterprise Information ◽  
Human Errors ◽  
Information Security Awareness ◽  
Information Security Behavior ◽  
Work From Home ◽  
Security Behavior

It's the first time that many users are operating their work from home. There is not only the tension of the uncertainty around the COVID-19 pandemic but also a time for adjusting people to their remote working habits considering ever-increasing cyber-attacks. When employees work in an office, there is an IT team working with them closely for their information security problems. However, it is difficult to provide sufficient information security protection that can compensate for human errors in remote working. Information security familiarity, information security awareness, and information security behavior are critical concepts to consider again during the pandemic as the new normal. In this chapter, a literature review will be conducted for information security awareness and information security familiarity concepts. Analysis of the context of these concepts is the aim of this chapter. This study can give insight to understand, evaluate, and determine the information security behavior of employees during new remote working conditions.

Cyber Security Competency Model Based on Learning Theories and Learning Continuum Hierarchy

2022 ◽  
pp. 262-279
Author(s):  
Winfred Yaokumah
Keyword(s):  
Cyber Security ◽  
Domain Knowledge ◽  
Training Programs ◽  
Cyber Attacks ◽  
Competency Model ◽  
Learning Theories ◽  
Security Awareness ◽  
Non Governmental Organizations ◽  
Security Competency ◽  
And Training

There is an urgent need for transformative changes in cyber security awareness and training programs to produce individuals and the workforce that can deal with business risks emanating from the prevailing and emerging cyber-attacks. This chapter proposes a cyber security competency model that integrates learning theories (cognitive, affective, and psychomotor), learning continuum hierarchy (awareness and training), and cyber security domain knowledge. Employing literature search of scholarly and practitioner works, together with cyber security standards from governmental and non-governmental organizations, the chapter integrates cyber security domain knowledge, learning theories, and learning continuum hierarchy to design a model of cyber security competencies suitable for use in educating individuals and the general workforce. This theoretical-based approach to designing cyber security awareness and training programs will produce skillful individuals and workforce that can mitigate cyber-attacks in the global business environment.

Sign in / Sign up

Export Citation Format

Share Document