Abdullah M. Alnajim,Shabana Habib,Muhammad Islam,Hazim Saleh AlRawashdeh,Muhammad Wasim

DOI: https://doi.org/10.3390/sym15122175

2023-12-07

Symmetry

Abstract:Considering the alarming increase in cyberattacks and their potential financial implications, the importance of cybersecurity education and training cannot be overstated. This paper presents a systematic literature review that examines different cybersecurity education and training techniques with a focus on symmetry. It primarily focuses on traditional cybersecurity education techniques and emerging technologies, such as virtual reality (VR) and augmented reality (AR), through the lens of symmetry. The main objective of this study is to explore the existing cybersecurity training techniques, identify the challenges involved, and assess the effectiveness of cybersecurity training based on VR and AR while emphasizing the concept of symmetry. Through careful selection criteria, 66 primary studies were selected from a total of 150 pertinent research studies. This article offers valuable insights into the pros and cons of conventional training approaches, explores the use of VR and AR in cybersecurity education concerning symmetry, and thoroughly discusses the challenges associated with these technologies. The findings of this review contribute significantly to the continuing efforts in cybersecurity education by offering recommendations for improving employees’ knowledge, engagement, and motivation in cybersecurity training programs while maintaining symmetry in the learning process.

multidisciplinary sciences

Temitayo Oluwaseun Abrahams,Oluwatoyin Ajoke Farayola,Simon Kaggwa,Prisca Ugomma Uwaoma,Azeez Olanipekun Hassan,Samuel Onimisi Dawodu

DOI: https://doi.org/10.51594/csitrj.v5i1.708

2024-01-11

Computer Science & IT Research Journal

Abstract:As organizations continue to grapple with the escalating threat landscape of cyber-attacks, the imperative to fortify their cybersecurity defenses becomes increasingly paramount. This review delves into the critical realm of cybersecurity awareness and education programs, focusing on the pivotal factors of employee engagement and accountability. The effectiveness of these programs in cultivating a cyber-resilient workforce is scrutinized through an extensive examination of existing literature, empirical studies, and industry practices. The review begins by exploring the foundational elements of cybersecurity awareness programs, elucidating the significance of imparting knowledge and instilling a culture of vigilance among employees. It examines the diverse methodologies employed in these programs, ranging from interactive workshops and simulated phishing exercises to online modules and gamified learning platforms. A comparative analysis of these approaches sheds light on their respective strengths and limitations. A central theme of this review revolves around the nexus between employee engagement and cybersecurity resilience. It delves into the psychological and behavioral aspects of engagement, assessing how motivational factors and tailored learning experiences contribute to heightened cybersecurity awareness. The impact of organizational culture and leadership support on fostering a sense of responsibility among employees is also explored, emphasizing the need for a holistic approach that transcends mere compliance. Furthermore, the review investigates the role of accountability in sustaining the efficacy of cybersecurity initiatives. It examines the mechanisms employed by organizations to enforce adherence to security policies and protocols, emphasizing the role of robust monitoring systems, clear communication channels, and consequence management. Case studies and real-world examples are integrated to illustrate instances of successful accountability frameworks and their influence on overall cybersecurity posture. This review synthesizes key findings and identifies emerging trends in cybersecurity awareness and education programs, with a particular focus on optimizing employee engagement and fostering a culture of accountability. The insights gleaned from this analysis provide a roadmap for organizations seeking to fortify their defenses against evolving cyber threats by cultivating a vigilant and proactive workforce. Keywords: Cybersecurity, Education, Cyber threat, Employee engagement, Accountability.

Elochukwu Ukwandu,Mohamed Amine Ben Farah,Hanan Hindy,David Brosset,Dimitris Kavallieros,Robert Atkinson,Christos Tachtatzis,Miroslav Bures,Ivan Andonovic,Xavier Bellekens

DOI: https://doi.org/10.3390/s20247148

IF: 3.9

2020-12-13

Sensors

Abstract:Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CRs and TBs platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CRs and TBs research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hussain Aldawood,Geoffrey Skinner

DOI: https://doi.org/10.3390/fi11030073

2019-03-18

Future Internet

Abstract:The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users’ proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.

Saleh Mohamed AlHidaifi,Muhammad Rizwan Asghar,Imran Shafique Ansari

DOI: https://doi.org/10.1145/3649218

IF: 16.6

2024-02-23

ACM Computing Surveys

Abstract:Cyber resilience has become a major concern for both academia and industry due to the increasing number of data breaches caused by the expanding attack surface of existing IT infrastructure. Cyber resilience refers to an organisation’s ability to prepare for, absorb, recover from, and adapt to adverse effects typically caused by cyber-attacks that affect business operations. In this survey, we aim to identify the significant domains of cyber resilience and measure their effectiveness. We have selected these domains based on a literature review of frameworks, strategies, applications, tools, and technologies. We have outlined the cyber resilience requirements for each domain and explored solutions related to each requirement in detail. We have also compared and analysed different studies in each domain to find other ways of enhancing cyber resilience. Furthermore, we have compared cyber resilience frameworks and strategies based on technical requirements for various applications. We have also elaborated on techniques for improving cyber resilience. In the supplementary section, we have presented applications that have implemented cyber resilience. This survey comprehensively compares various popular cyber resilience tools to help researchers, practitioners, and organisations choose the best practices for enhancing cyber resilience. Finally, we have shared key findings, limitations, problems, and future directions.

computer science, theory & methods

Moti Zwilling,Galit Klien,Dušan Lesjak,Łukasz Wiechetek,Fatih Cetin,Hamdullah Nejat Basim

DOI: https://doi.org/10.1080/08874417.2020.1712269

2020-02-14

Journal of Computer Information Systems

Abstract:Cyber-attacks represent a potential threat to information security. As rates of data usage and internet consumption continue to increase, cyber awareness turned to be increasingly urgent. This study focuses on the relationships between cyber security awareness, knowledge and behavior with protection tools among individuals in general and across four countries: Israel, Slovenia, Poland and Turkey in particular. Results show that internet users possess adequate cyber threat awareness but apply only minimal protective measures usually relatively common and simple ones. The study findings also show that higher cyber knowledge is connected to the level of cyber awareness, beyond the differences in respondent country or gender. In addition, awareness is also connected to protection tools, but not to information they were willing to disclose. Lastly, findings exhibit differences between the explored countries that affect the interaction between awareness, knowledge, and behaviors. Results, implications, and recommendations for effective based cyber security training programs are presented and discussed.

computer science, information systems

Nur Mohammad Ali Chisty,Parikshith Reddy Baddam,Ruhul Amin

DOI: https://doi.org/10.18034/ei.v10i2.689

2022-10-01

Engineering International

Abstract:This research investigates various strategic approaches to protecting the digital future and offers insights into the practices of the next generation of cybersecurity. The study's primary objectives are to identify key challenges and trends in the current cybersecurity landscape, evaluate the effectiveness of traditional cybersecurity approaches, investigate emerging technologies for enhancing cybersecurity resilience, examine human factors in cybersecurity resilience, and develop recommendations for future cyber defense. All of these objectives will be accomplished through the course of the study. To analyze strategic approaches to cybersecurity, the study uses a methodology based on a survey of secondary data and synthesizes the current literature from recognized sources. Among the most significant discoveries are the significance of incorporating new technologies, addressing human aspects, encouraging collaboration, and emphasizing risk management. Policy implications include promoting cooperation and the exchange of information, investing in emerging technologies, raising awareness about cybersecurity, building regulatory frameworks, and boosting international cooperation through the promotion of international cooperation. According to the findings of this study, organizations, policymakers, and other stakeholders looking to improve their cybersecurity resilience and effectively protect the digital future can benefit from the insightful insights and practical advice provided.

Alina Torbunova,Adnan Ashraf,Ivan Porres

2024-07-10

Abstract:Context: To effectively defend against ever-evolving cybersecurity threats, software systems should be made as secure as possible. To achieve this, software developers should understand potential vulnerabilities and apply secure coding practices. To prepare these skilled professionals, it is important that cybersecurity concepts are included in programming courses taught at universities. Objective: To present a comprehensive and unbiased literature review on teaching of cybersecurity concepts in programming courses taught at universities. Method: We perform a Systematic Mapping Study. We present six research questions, define our selection criteria, and develop a classification scheme. Results and Conclusions: We select 24 publications. Our results show a wide range of research contributions. We also outline guidelines and identify opportunities for future studies. The guidelines include coverage of security knowledge categories and evaluation of contributions. We suggest that future studies should cover security issues, negative impacts, and countermeasures, as well as apply evaluation techniques that examine students' knowledge. The opportunities for future studies are related to advanced courses, security knowledge frameworks, and programming environments. Furthermore, there is a need of a holistic security framework that covers the security concepts identified in this study and is suitable for education.

Programming Languages

Divine C. Chupkemi,Konstantinos Mersinas

DOI: https://doi.org/10.3390/jmse12101844

IF: 2.744

2024-10-16

Journal of Marine Science and Engineering

Abstract:The implementation of cybersecurity standards and directives in the maritime sector plays a crucial role in protecting critical maritime infrastructures from cyber threats. The level of protection depends heavily on humans. However, the effectiveness of cybersecurity training and compliance programmes, an essential component of these standards, is often hindered by challenges related to the sector's environment, including the established technologies, practices, and norms. This paper aims to identify these challenges through a literature review and set the basis for more effective human risk minimization, responses, and training. We identify 17 challenges and validate them with an online survey (N = 205) capturing real-world perspectives from maritime-related stakeholders. Our findings contribute to enhancing the effectiveness of maritime cybersecurity training and compliance programmes, ultimately strengthening the maritime cybersecurity posture.

oceanography,engineering, marine, ocean

Azqa Nadeem

DOI: https://doi.org/10.1145/3626252.3630821

2023-10-12

Abstract:Although many Computer Science (CS) programs offer cybersecurity courses, they are typically optional and placed at the periphery of the program. We advocate to integrate cybersecurity as a crosscutting concept in CS curricula, which is also consistent with latest cybersecurity curricular guidelines, e.g., CSEC2017. We describe our experience of implementing this crosscutting intervention across three undergraduate core CS courses at a leading technical university in Europe between 2018 and 2023, collectively educating over 2200 students. The security education was incorporated within CS courses using a partnership between the responsible course instructor and a security expert, i.e., the security expert (after consultation with course instructors) developed and taught lectures covering multiple CSEC2017 knowledge areas. This created a complex dynamic between three stakeholders: the course instructor, the security expert, and the students. We reflect on our intervention from the perspective of the three stakeholders -- we conducted a post-course survey to collect student perceptions, and semi-supervised interviews with responsible course instructors and the security expert to gauge their experience. We found that while the students were extremely enthusiastic about the security content and retained its impact several years later, the misaligned incentives for the instructors and the security expert made it difficult to sustain this intervention without organizational support. By identifying limitations in our intervention, we suggest ideas for sustaining it.

Computers and Society,Cryptography and Security

Mohammad Azzeh,Ahmad Mousa Altamimi,Mahmood Albashayreh,Mohammad A AL-Oudat

DOI: https://doi.org/10.48550/arXiv.2209.10407

2022-09-12

Cryptography and Security

Abstract:This study examines the effect of adopting cybersecurity concepts on the IT curriculum and determines the potential effect on students' knowledge of cybersecurity practices and level of awareness. To this end, a pilot study was first conducted to measure the current level of cybersecurity awareness. The results revealed that students do not have much knowledge of Cybersecurity. Thus, a four-step approach was proposed to infuse the relevant cybersecurity topics in five matched courses based on the latest Cybersecurity curricular guidelines (CSEC2017). A sample of 42 students was selected purposively without prior knowledge of Cybersecurity and divided identically into experimental and control groups. Students in the experimental group were asked to take five consecutive courses over five semesters. In each course, groups went through a pre-test for the infused topics. Then, the experimental group taught the corresponding infused topics. A post-test was administered to both groups at the end of each course, and the t-test was conducted. The results found significant differences between marks of prior and post-tests for 11 out of 14 infused topics. These satisfactory results would encourage universities to infuse cybersecurity concepts into their curriculum

Temitayo Oluwaseun Abrahams,Sarah Kuzankah Ewuga,Samuel Onimisi Dawodu,Abimbola Oluwatoyin Adegbite,Azeez Olanipekun Hassan

DOI: https://doi.org/10.51594/csitrj.v5i1.699

2024-01-09

Computer Science & IT Research Journal

Abstract:In an era where digital threats are increasingly pervasive, understanding the evolution and efficacy of cybersecurity strategies in modern organizations is paramount. This study provides a comprehensive analysis of the dynamic landscape of cybersecurity, exploring its progression from traditional methods to innovative, technology-driven approaches. The digital age has ushered in complex cyber threats, necessitating robust cybersecurity measures. This study examines cybersecurity strategies' historical development, current trends, and future directions across different organizational contexts and industries. The primary aim is to assess the evolution and effectiveness of cybersecurity measures, identify existing gaps, and understand the interplay between human behavior, technology, and policy in cybersecurity. The paper encompasses a comprehensive methodological framework for cybersecurity analysis, exploring the effectiveness of traditional versus modern approaches, the role of AI and ML, and the impact of international policies. It also presents case studies to illustrate successes and failures in cybersecurity implementation. Key findings reveal a significant shift towards advanced technologies like AI and ML in cybersecurity, the critical role of human factors in shaping cybersecurity outcomes, and the influence of international policies in standardizing cybersecurity practices. The study concludes that effective cybersecurity strategies require a balanced approach, combining technological advancements with understanding human factors and adherence to international standards. Recommendations include continuous education and training, adopting holistic cybersecurity strategies, and aligning with international policies. Keywords: Cybersecurity, Artificial Intelligence, Machine Learning, International Policies, Human Factors, Cyber Threats.

Sarah Sharifi

2023-01-23

Abstract:The Internet and cyberspace are inseparable aspects of everyone's life. Cyberspace is a concept that describes widespread, interconnected, and online digital technology. Cyberspace refers to the online world that is separate from everyday reality. Since the internet is a recent advance in human lives, there are many unknown and unpredictable aspects to it that sometimes can be catastrophic to users in financial aspects, high-tech industry, and healthcare. Cybersecurity failures are usually caused by human errors or their lack of knowledge. According to the International Business Machines Corporation (IBM) X-Force Threat Intelligence Index in 2020, around 8.5 billion records were compromised in 2019 due to failures of insiders, which is an increase of more than 200 percent compared to the compromised records in 2018. In another survey performed by the Ernst and Young Global Information Security during 2018-2019, it is reported that 34% of the organizations stated that employees who are inattentive or do not have the necessary knowledge are the principal vulnerabilities of cybersecurity, and 22% of the organizations indicated that phishing is the main threat to them. Inattentive users are one of the reasons for data breaches and cyberattacks. The National Cyber Security Centre (NCSC) in the United Kingdom observed that 23.2 million users who were victims of cybersecurity attacks used a carelessly selected password, which is 123456, as their account password. The Annual Cybersecurity Report published by Cisco in 2018 announced that phishing and spear phishing emails are the root causes of many cybersecurity attacks in recent years. Hence, enhancing the cybersecurity behaviors of both personal users and organizations can protect vulnerable users from cyber threats. Both human factors and technological aspects of cybersecurity should be addressed in organizations for a safer environment.

Human-Computer Interaction,Cryptography and Security

Yongjoo Shin,Hyukjin Kwon,Jaeyeong Jeong,Dongkyoo Shin

DOI: https://doi.org/10.3390/electronics13193867

IF: 2.9

2024-09-30

Electronics

Abstract:As cyberattacks become increasingly sophisticated with advancements in information and communication technology, the impact of cyberspace threats is growing in both civilian and defense sectors. The utilization of cyber capabilities in operations is on the rise, prompting major nations to continuously enhance their cyber capabilities. This study aims to establish a systematic approach to cyber operations training and propose a framework for the development of cyber training. A hybrid cyber training system is designed as a plan for temporal and spatial integration to simultaneously combine simulation-based training with real-world target training. To develop this concept, a literature review was conducted, expert consultations were held, and data were collected and analyzed through visits to relevant organizations and units. Additionally, the fundamental components of cyber training were examined from environmental, scenario-based, and operational perspectives, leading to the presentation of a development direction for effective cyber training. This study is anticipated to enhance response capabilities to evolving cyber threats and attacks, improve cyber operational proficiency, and secure cyber power to achieve dominance in cyberspace.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ghaidaa Shaabany,Reiner Anderl

DOI: https://doi.org/10.1007/978-3-319-94782-2_20

2018-06-24

Abstract:In the light of the expanding digitization, connectivity and interconnection of machines, products, and services in Industrie 4.0, the increasing trend of digitalization and transformation to cyber-physical production systems reveal serious cybersecurity-related issues. BSI (the federal office for information security) in Germany has compiled a list of the most cybersecurity threats faced by manufacturing and process automation systems. The results show that the top threats are social engineering and phishing. From these two threats, it is clear that use of non-technical means like human weaknesses and/or unawareness is gaining a lot of prominence. The aim is to gain unauthorized access to target information and IT systems. Furthermore, the goal is to install malware in the victim’s systems, for example, by opening infected attachments. Therefore, human factor becomes a widely discussed topic by cybersecurity incidents nowadays. Facing these threats by utilizing technical measurements alone is not sufficient. Thus, it is important to provide engineers with an adequate cybersecurity awareness like, new possible threats and risks caused by extensive using of digitization. To fill this gap of knowledge at engineering faculties, this paper presents an effective course that concentrates on cybersecurity issues. The focus is to improve the ability to understand and detect these new cybersecurity threats in the industry. By designing this innovative and effective course, a new assessment model is developed. The model is based on important aspects that are required for enhancing student’s social competences and skills. In the first step, students should work together in teams on a given problem based on best practice examples and contents learned during the course. Another aspect that the mentioned assessment model focuses on is giving a feedback review. In this phase, students have to read the paper of another group and then give a systematic feedback according to specific identified criteria. In the final step, students have to present the results and discuss them with the advisor and then get their grades. Our findings show that there is an acute lack of social competence and skill enhancement by the engineering faculties. We believe that these skills are fundamental for engineering careers and therefore are intensively considered in the introduced course and assessment model.

Mohammed A. Alqahtani

DOI: https://doi.org/10.3390/app12052589

2022-03-02

Applied Sciences

Abstract:One of the essential stages in increasing cyber security is implementing an effective security awareness program. This work studies the present level of security knowledge among Imam Abdulrahman Bin Faisal University college students. A module was created to assist the students in becoming more informed. The main contribution of this work is an assessment of cybersecurity awareness among the university students based on three essential aspects: password security, browser security, and social media. Numerous questions were designed and sent to them to evaluate their awareness. The current survey received as many as 450 responses with their answers. Various statistical analyses were applied to the responses, including the validity and reliability test, feasibility test of a variable, correlation test, multicollinearity test, multiple regression, and heteroskedasticity test, carried out using SPSS. Furthermore, a multiple linear regression model and coefficient of determination, a hypothesis test, ANOVA test, and a partial test using ANOVA were also carried out. The hypothesis investigated here concerns password security, browser security, and social media. The results of partial hypothesis testing using a t-test showed that the password security variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the password security variable in the multiple linear regression model was found to have a beta value of 0.147. In addition, the browser security variable significantly affects awareness, with a p-value = 0.0001. The regression coefficient of the password security variable had a beta value of 0.188. The social media activities variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the social media activities variable had a beta value of 0.241. Based on the research conducted, it is concluded that knowledge of password security, browser security, and social media activities significantly influences cybersecurity awareness in students. Overall, students have realized the importance of cybersecurity awareness.

Sunil Chaudhary

DOI: https://doi.org/10.1016/j.cose.2024.103858

IF: 5.105

2024-04-27

Computers & Security

Abstract:Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees' attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees' knowledge. In cybersecurity, knowledge on its own will have no significant value unless it is used to guide decisions and inspire actions. This study, therefore, has investigated the attributes that could influence and contribute to positive changes in employees' cybersecurity behaviours. The study used a literature review for questionnaire design and then employed the Delphi method with 22 experts, which consequently identified seven such attributes. These attributes are as follows: i) obtain senior management support and participation in CSA activities; ii) consider CSA as a continuous process that needs to be updated and improved on a regular basis; iii) cultivate and spread 'cybersecurity' as a norm in the organisation; iv) encourage cybersecurity activities and behaviours through incentives; v) craft and use persuasive CSA messages; vi) employ innovative and effective approaches to disseminate CSA messages; and vii) recommend security activities that are achievable and pertinent for the audience.

computer science, information systems

Daksh Dave,Gauransh Sawhney,Pushkar Aggarwal,Nitish Silswal,Dhruv Khut

DOI: https://doi.org/10.1109/ICT60153.2023.10374044

2023-11-05

Abstract:In today's digitally interconnected world, cybersecurity threats have reached unprecedented levels, presenting a pressing concern for individuals, organizations, and governments. This study employs a qualitative research approach to comprehensively examine the diverse threats of cybersecurity and their impacts across various sectors. Four primary categories of threats are identified and analyzed, encompassing malware attacks, social engineering attacks, network vulnerabilities, and data breaches. The research delves into the consequences of these threats on individuals, organizations, and society at large. The findings reveal a range of key emerging threats in cybersecurity, including advanced persistent threats, ransomware attacks, Internet of Things (IoT) vulnerabilities, and social engineering exploits. Consequently, it is evident that emerging cybersecurity threats pose substantial risks to both organizations and individuals. The sophistication and diversity of these emerging threats necessitate a multi-layered approach to cybersecurity. This approach should include robust security measures, comprehensive employee training, and regular security audits. The implications of these emerging threats are extensive, with potential consequences such as financial loss, reputational damage, and compromised personal information. This study emphasizes the importance of implementing effective measures to mitigate these threats. It highlights the significance of using strong passwords, encryption methods, and regularly updating software to bolster cyber defenses.

Cryptography and Security,Artificial Intelligence,Computers and Society,Machine Learning

Naresh Kshetri,Vasudha,Denisa Hoxha

2023-10-19

Abstract:Technology has advanced dramatically in the previous several years. There are also cyber assaults. Cyberattacks pose a possible danger to information security and the general public. Since data practice and internet consumption rates continue to upswing, cyber awareness has become progressively important. Furthermore, as businesses pace their digital transformation with mobile devices, cloud services, communal media, and Internet of Things services, cybersecurity has appeared as a critical issue in corporate risk management. This research focuses on the relations between cybersecurity awareness, cyber knowledge, computer ethics, cyber ethics, and cyber behavior, as well as protective tools, across university students in general. The findings express that while internet users are alert of cyber threats, they only take the most elementary and easy-to-implement precautions. Several knowledge and awareness have been proposed to knob the issue of cyber security. It also grants the principles of cybersecurity in terms of its structure, workforces, and evidence pertaining to the shield of personal information in the cyber world. The first step is for people to educate themselves about the negative aspects of the internet and to learn more about cyber threats so that they can notice when an attack is taking place. To validate the efficiency of the suggested analysis between CS and non-CS university students, case study along with several comparisons are provided.

Cryptography and Security

Lydia Kraus,Valdemar Švábenský,Martin Horák,Vashek Matyáš,Jan Vykopal,Pavel Čeleda

DOI: https://doi.org/10.48550/arXiv.2307.07608

2023-07-14

Computers and Society

Abstract:As cyber threats endanger everyone, from regular users to computing professionals, spreading cybersecurity awareness becomes increasingly critical. Therefore, our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public. The course offers simple, actionable steps that anyone can use to implement defensive countermeasures. Compared to other resources, the course not only suggests learners what to do, but explains why and how to do it. To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course. They completed the course as a part of their homework and filled out a questionnaire after each lesson. Analysis of the questionnaire responses revealed that the students valued the course highly. They reported new learning, perspective changes, and transfer to practice. Moreover, they suggested suitable improvements to the course. Based on the results, we have distilled specific insights to help security educators design similar courses. Lessons learned from this study are relevant for cybersecurity instructors, course designers, and educational managers.