International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Security Awareness among Students in Campus Environment: Case Study

  • Najihah Osman (Faculty of Information Technology and Communication, Universiti Teknikal Malaysia Melaka) ;
  • Haniza N (Faculty of Information Technology and Communication, Universiti Teknikal Malaysia Melaka) ;
  • Zulkiflee M. (Faculty of Information Technology and Communication, Universiti Teknikal Malaysia Melaka)
  • Received : 2023.10.05
  • Published : 2023.10.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this era of globalization without limitation, many security issues occur, especially in a public network. Internet users significantly increased every single day. However, only some users are aware of security issues when they use Internet services. For the campus network environment, both staffs and students are susceptible to security threats such as data theft, unauthorized access and more due to different levels of awareness towards security threats. This paper is to study the level of awareness among students on security issues based on KSA model. As a case study, the survey was distributed among students in the UTeM campus network. A quantitative study was conducted, and a structured questionnaire has been designed and distributed among students. The variables were focused on three (3) aspects, which are Knowledge, Skill and Ability (KSA). The finding shows the relationship between KSA with the level of awareness among students has been revealed. From the result, Knowledge is the most significant aspect that contributes to high awareness. For the future, a study about increasing students' knowledge about security issues should be addressed.

Keywords

Acknowledgement

The authors would like to thank INSFORNET, Center for Advanced Computing Technology (C-ACT), Fakulti Teknologi Maklumat dan Komunikasi (FTMK), Universiti Teknikal Malaysia Melaka for giving opportunity and equipment to conduct this study.

References

  1. M. Gurunathan and M. A. Mahmoud, "A Review and Development Methodology of a LightWeight Security Model for IoT-based Smart Devices," Int. J. Adv. Comput. Sci. Appl., vol. 11, no. 2, pp. 125-134, 2020.  https://doi.org/10.14569/IJACSA.2020.0110217
  2. H. Naderi, P. Vinod, M. Conti, S. Parsa, and M. H. Alaeiyan, "Malware signature generation using locality sensitive hashing," in International Conference on Security & Privacy, 2019, pp. 115-124. 
  3. L. Li, W. He, L. Xu, I. Ash, M. Anwar, and X. Yuan, "Investigating the impact of cybersecurity policy awareness on employees' cybersecurity behavior," Int. J. Inf. Manage., vol. 45, pp. 13-24, 2019.  https://doi.org/10.1016/j.ijinfomgt.2018.10.017
  4. M. Bada, A. M. Sasse, and J. R. C. Nurse, "Cyber security awareness campaigns: Why do they fail to change behaviour?," arXiv Prepr. arXiv1901.02672, 2019. 
  5. G. Kemper, "Improving employees' cyber security awareness," Comput. Fraud Secur., vol. 2019, no. 8, pp. 11-14, 2019.  https://doi.org/10.1016/S1361-3723(19)30085-5
  6. M. Kante, "Software Security Awareness: A forgotten tactical and strategic weapon," 2018. 
  7. H. Hamid and A. M. Zeki, "Users' Awareness of and Perception on Information Security Issues: A Case Study of Kulliyyah of ICT Postgraduate Students," in 2014 3rd International Conference on Advanced Computer Science Applications and Technologies, 2014, pp. 139-144. 
  8. P. M. Merikle, "Toward a definition of awareness," Bull. Psychon. Soc., vol. 22, no. 5, pp. 449-450, 1984.  https://doi.org/10.3758/BF03333874
  9. J. A. Palmer, "History and development of Environmental Education," Environ. Educ. 21st century, 1998. 
  10. E. L. de la Vega, "Awareness, knowledge, and attitude about environmental education: responses from environmental specialists, high school instructors, students, and parents." University of Central Florida, 2004. 
  11. H. A. Kruger and W. D. Kearney, "A prototype for assessing information security awareness," Comput. Secur., vol. 25, no. 4, pp. 289-296, 2006.  https://doi.org/10.1016/j.cose.2006.02.008
  12. M. Alavi and D. E. Leidner, "Knowledge management and knowledge management systems: Conceptual foundations and research issues," MIS Q., pp. 107-136, 2001. 
  13. C. F. Camerer and R. M. Hogarth, "The effects of financial incentives in experiments: A review and capital-labor-production framework," J. Risk Uncertain., vol. 19, no. 1-3, pp. 7-42, 1999.  https://doi.org/10.1023/A:1007850605129
  14. L. K. J. Baartman and E. De Bruijn, "Integrating knowledge, skills and attitudes: Conceptualising learning processes towards vocational competence," Educ. Res. Rev., vol. 6, no. 2, pp. 125-134, 2011.  https://doi.org/10.1016/j.edurev.2011.03.001
  15. W. A. Conklin, R. E. Cline, and T. Roosa, "Re-engineering cybersecurity education in the US: an analysis of the critical factors," in 2014 47th Hawaii International Conference on System Sciences, 2014, pp. 2006-2014. 
  16. R. Prestwich and T.-M. Ho-Kim, "Knowledge, skills and abilities of international business majors: What we teach them versus what companies need them to know," J. Teach. Int. Bus., vol. 19, no. 1, pp. 29-55, 2007.  https://doi.org/10.1300/J066v19n01_03
  17. H.-S. Rhee, C. Kim, and Y. U. Ryu, "Self-efficacy in information security: Its influence on end users' information security practice behavior," Comput. Secur., vol. 28, no. 8, pp. 816-826, 2009.  https://doi.org/10.1016/j.cose.2009.05.008
  18. D. H. Tobey, "A vignette-based method for improving cybersecurity talent management through cyber defense competition design," in Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, 2015, pp. 31-39. 
  19. M. T. Dlamini, J. H. P. Eloff, and M. M. Eloff, "Information security: The moving target," Comput. Secur., vol. 28, no. 3-4, pp. 189-198, 2009.  https://doi.org/10.1016/j.cose.2008.11.007
  20. B. O. Newsome and J. A. Jarmon, A practical introduction to homeland security and emergency management: From home to abroad. SAGE Publications, 2015. 
  21. J. Kaur and N. Mustafa, "Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME," in 2013 International Conference on Research and Innovation in Information Systems (ICRIIS), 2013, pp. 286-290. 
  22. A. H. Schoenfeld, Problem solving in the mathematics curriculum: A report, recommendations, and an annotated bibliography, no. 1. Mathematical Association of America, Committee on the Teaching of ..., 1983. 
  23. C. Wu, "The problems in campus network information security and its solutions," in 2010 2nd International Conference on Industrial and Information Systems, 2010, vol. 1, pp. 261-264. 
  24. J. R. Ndiege and G. Okello, "Information security awareness amongst students joining higher academic institutions in developing countries: Evidence from Kenya," 2018. 
  25. S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing," J. Netw. Comput. Appl., vol. 34, no. 1, pp. 1-11, 2011.  https://doi.org/10.1016/j.jnca.2010.07.006
  26. A. Tsohou, M. Karyda, S. Kokolakis, and E. Kiountouzis, "Managing the introduction of information security awareness programmes in organisations," Eur. J. Inf. Syst., vol. 24, no. 1, pp. 38-58, 2015.  https://doi.org/10.1057/ejis.2013.27
  27. R. Nilsen, "Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges," 2017. 
  28. T. Velki, K. Solic, and H. Ocevcic, "Development of Users' Information Security Awareness Questionnaire (UISAQ)-Ongoing work," in 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2014, pp. 1417-1421. 
  29. R. V Krejcie and D. W. Morgan, "Determining sample size for research activities," Educ. Psychol. Meas., vol. 30, no. 3, pp. 607-610, 1970. https://doi.org/10.1177/001316447003000308