Cybersecurity Awareness Framework for Academia

Cybersecurity is a multifaceted global phenomenon representing complex socio-technical challenges for governments and private sectors. With technology constantly evolving, the types and numbers of cyberattacks affect different users in different ways. The majority of recorded cyberattacks can be traced to human errors. Despite being both knowledge- and environment-dependent, studies show that increasing users’ cybersecurity awareness is found to be one of the most effective protective approaches. However, the intangible nature, socio-technical dependencies, constant technological evolutions, and ambiguous impact make it challenging to offer comprehensive strategies for better communicating and combatting cyberattacks. Research in the industrial sector focused on creating institutional proprietary risk-aware cultures. In contrast, in academia, where cybersecurity awareness should be at the core of an academic institution’s mission to ensure all graduates are equipped with the skills to combat cyberattacks, most of the research focused on understanding students’ attitudes and behaviors after infusing cybersecurity awareness topics into some courses in a program. This work proposes a conceptual Cybersecurity Awareness Framework to guide the implementation of systems to improve the cybersecurity awareness of graduates in any academic institution. This framework comprises constituents designed to continuously improve the development, integration, delivery, and assessment of cybersecurity knowledge into the curriculum of a university across different disciplines and majors; this framework would thus lead to a better awareness among all university graduates, the future workforce. This framework may be adjusted to serve as a blueprint that, once adjusted by academic institutions to accommodate their missions, guides institutions in developing or amending their policies and procedures for the design and assessment of cybersecurity awareness.

[1]  Tammy Schellens,et al.  Long-term study of safe Internet use of young children , 2011, Comput. Educ..

[2]  Sheikh Ghafoor,et al.  Integrating security in the computer science curriculum , 2015, Inroads.

[4]  L. Slusky,et al.  Students Information Security Practices and Awareness , 2012 .

[5]  Elsa João,et al.  Scenario‐based eLearning to promote active learning in large cohorts: Students' perspective , 2019, Comput. Appl. Eng. Educ..

[7]  Muharman Lubis,et al.  Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures , 2015 .

[8]  Jens Mache,et al.  Building and Supporting a Community of CS Educators Teaching Cybersecurity in 2017 (Abstract Only) , 2017, SIGCSE.

[9]  Nashrawan Taha,et al.  College students information security awareness: a comparison between smartphones and computers , 2020, Education and Information Technologies.

[10]  Linda Null Integrating security across the computer science curriculum , 2004 .

[11]  Gary Bente,et al.  Why so serious? On the relation of serious games and learning , 2010, Eludamos: Journal for Computer Game Culture.

[12]  Rajendra K. Raj,et al.  Infusing Principles and Practices for Secure Computing Throughout an Undergraduate Computer Science Curriculum , 2020, ITiCSE.

[13]  Levente Buttyán,et al.  A Survey of Interdependent Information Security Games , 2014, ACM Comput. Surv..

[14]  Jens Mache,et al.  Integrating Hands-on Cybersecurity Exercises into the Curriculum in 2021 , 2021, SIGCSE.

[15]  F. Aloul The Need for Effective Information Security Awareness , 2011 .

[16]  Siddharth Kaza,et al.  Security Injections@Towson: Integrating Secure Coding into Introductory Computer Science Courses , 2016, TOCE.

[17]  Asifa Tassaddiq,et al.  Assessment of Cybersecurity Awareness among Students of Majmaah University , 2021, Big Data Cogn. Comput..

[18]  Wan Nor Ashiqin Wan Ali,et al.  Social Media Cyberbullying: Awareness and Prevention through Anti Cyberbully Interactive Video (ACIV) , 2020 .

[19]  Ulrik Schroeder,et al.  The Problem with Teaching Defence against the Dark Arts: A Review of Game-based Learning Applications and Serious Games for Cyber Security Education , 2019, CSEDU.

[20]  Siti Hajar,et al.  Cyber Security Awareness Among University Students: A Case Study , 2020 .

[21]  B. V. Niekerk,et al.  Students' cybersecurity awareness at a private tertiary educational institution , 2017 .

[22]  Rossouw von Solms,et al.  A conceptual framework for cyber-security awareness and education in SA , 2014, South Afr. Comput. J..

[23]  Yee Leng Eow,et al.  Computer games development and appreciative learning approach in enhancing students' creative perception , 2010, Comput. Educ..

[24]  Hennie A. Kruger,et al.  A Vocabulary Test to Assess Information Security Awareness , 2010, Inf. Manag. Comput. Secur..

[25]  Refaat H. Abdel-Razek,et al.  Evaluation of Information Systems Security Awareness in Higher Education: An Empirical Study of Kuwait University , 2016 .

[26]  Kevin F. McCrohan,et al.  Influence of Awareness and Training on Cyber Security , 2010 .