See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/385597409

Investigating Security Awareness and Incident Reporting levels at Mbarara

Article in Indonesian Journal of Innovation and Applied Sciences (IJIAS) · October 2024
DOI: 10.47540/ijias.v4i3.1482

CITATIONS READS

0 8

4 authors, including:

Thomas Mbonimpa Richard Ntwari

Mbarara University of Science & Technology (MUST) Mbarara University of Science & Technology (MUST)
1 PUBLICATION 0 CITATIONS 4 PUBLICATIONS 4 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Thomas Mbonimpa on 07 November 2024.

The user has requested enhancement of the downloaded file.

 INDONESIAN
Indonesian JOURNAL
Journal OF INNOVATION
of Innovation AND A(IJIAS),
and Applied Sciences PPLIED SCIENCES
4 (3), 208-216 (IJIAS)
Journal Homepage: https://ojs.literacyinstitute.org/index.php/ijias
ISSN: 2775-4162 (Online)
Research Article

Volume 4 Issue 3 October (2024) DOI: 10.47540/ijias.v4i3.1482 Page: 208 – 216

Investigating Security Awareness and Incident Reporting levels at Mbarara

University of Science and Technology
Mbonimpa Thomas1, Ntwari Richard2, Muhereza, J. Innocent3, Muheki Priscilla1
1
Department of Physics, Mbarara University of Science and Technology, Uganda
2
Department of Computer Science, Mbarara University of Science and Technology, Uganda
3
Department of Security, Mbarara University of Science and Technology, Uganda
Corresponding Author: Mbonimpa Thomas; Email: tmbonimpa@must.ac.ug

ARTICLE INFO ABSTRACT

Keywords: Incident Reporting, Security Higher learning institutions confront heightened cyber threats due to the value of
Awareness, Security Behavior, Security their data, necessitating a robust security culture. In addition to cyber threats,
Incident. various security incidents cause danger to devices and personal belongings on
campuses. Security incidents present a substantial challenge to academic
Received : 17 June 2024 institutions, especially higher education, where their occurrence is notably
Revised : 11 September 2024 prevalent. These incidents encompass a broad spectrum, including thefts, data
Accepted : 28 October 2024 breaches, malware attacks, and other breaches in physical security. Addressing
security incidents necessitates critical strategies involving educating and raising
awareness among the academic and surrounding communities. In this study, we
aimed to investigate the security awareness levels of students at Mbarara University
of Science and Technology and establish their incident reporting attitudes and
levels. We used a quantitative research method and conducted different statistical
tests. The findings indicate that ~50% of the participants had not had any security
awareness training, indicating a very big gap in the security culture at this
institution. Although some of the students indicated their awareness of security
threats, the percentage who showed a lack of awareness or a noncommittal response
suggests that there is a very big need for security awareness strategies. Additionally,
about 60% of the students showed their will to report security threats which implies
that they can be vigilant about their and the institutional security. Based on these
findings we recommend continuous training programs for students to increase their
levels of awareness and incident reporting and consequently develop an institutional
security culture.

INTRODUCTION including firewalls, encryption, intrusion detection

Business organizations invest substantially in systems, and employee training programs (Jamal et
cutting-edge technologies to streamline their al., 2024). By implementing comprehensive security
production processes and gather critical data for measures, organizations aim to safeguard their
their operations. These technologies are pivotal in sensitive information, intellectual property, and
enhancing efficiency and facilitating informed financial assets from cyberattacks and unauthorized
decision-making (Rosin et al., 2022). However, access.
alongside the benefits, the increased reliance on Despite concerted efforts to fortify their cyber
technology also exposes organizations to cyber defenses, organizations face persistent challenges
threats (Li & Liu, 2021). Consequently, from cybercriminals who continue to evolve and
organizations including higher learning institutions adapt their tactics (Shah, 2024). Cybercriminals
prioritize protecting their data and digital assets by employ sophisticated techniques to breach
investing in robust computer security solutions. networks, systems, and databases, exploiting
These solutions encompass a range of measures, vulnerabilities in software and exploiting human
208
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
error (Aslan et al., 2023). Indeed, a significant Uganda including Mbarara University of Science
proportion of cyber incidents can be attributed to and Technology (MUST) include the use of email,
human factors, such as clicking on malicious links, phone calls, and other platforms that don’t give
falling victim to phishing scams, or using weak immediate responses to the incidents and are not
passwords (Sawyer & Hancock, 2018). Moreover, reliable. Therefore implementing a comprehensive
the proliferation of mobile devices, cloud communication platform and awareness of security
computing, and internet-connected devices further incidents is crucial to mitigate risks, improve
expands the attack surface, making organizations preparedness, and foster a security culture, thus
more susceptible to cyber threats (Djenna et al., fortifying the academic community and preserving
2021). Consequently, organizations must adopt a institutional integrity. The main aim of security is
proactive approach to cybersecurity, continually to: ensure the safety of both staff and students,
assessing and enhancing their defenses to mitigate protect the university’s property, and detect and
the risk of cyberattacks and data breaches. investigate crime to apprehend and prosecute
In addition to cyber threats, various security offenders.
incidents such as thefts, physical attacks on This study therefore explores the pivotal role
individuals, etc threaten organizational of security awareness information amidst
infrastructure, individuals, and their tangible and multifaceted challenges faced by universities. It
intangible assets. These security incidents present a seeks to identify the current status of security
substantial challenge, especially to higher learning awareness initiatives being utilized in the university
institutions, where their occurrence has become and further progress to develop a communication
notably prevalent (Mofokeng et al., 2023; framework to improve security incident
Moghayedi et al., 2024; Ulven & Wangen, 2021). management.
According to a study by (Ekpoh et al., 2020),
theft, kidnaps, sexual abuse, room and office break- METHODS
ins, cell phone stealing, violent demonstrations by The study employed a descriptive cross-
students, vandalism, etc are major security sectional design, incorporating a quantitative survey
challenges on campuses. Universities are complex approach to investigate information security
organizations comprising people from diverse awareness among students at MUST. Mbarara
backgrounds and with diverse goals and therefore University of Science and Technology is the largest
are at risk of security threats. and oldest public university in the western part of
In response to the evolving threat landscape, Uganda (www.must.ac.ug). It offers programs in
organizations are increasingly prioritizing security different faculties i.e. Science, Medicine, Applied
awareness and education as integral components of Science and Technology, Information Technology
their defense strategy (Cheng & Wang, 2022). and Computing, Business and Management
Recognizing that security is not solely the Science, and Interdisciplinary Studies.
responsibility of specific departments but requires The sample size for the study was determined
collective vigilance, organizations invest in training using Israel's tables for sample size calculation,
programs to educate employees about risks and best considering a confidence level of 95%. The
practices (Ahmad et al., 2020). Moreover, fostering University has a total estimated population of 7700
a culture of security awareness promotes a sense of individuals. A total of 374 students were randomly
shared responsibility and commitment among sampled from different faculties within the
stakeholders, breaking down departmental barriers University. This was done to ensure the
and promoting collaboration against security representativeness of the study. A survey
threats. questionnaire was developed based on the
Therefore insufficient understanding and Protection Motivation Theory (PMT), a widely
awareness of security culture among students and recognized framework for understanding
staff lead to unauthorized access, data breaches, and individuals' responses to threats and risks. The
malware vulnerabilities (González-Granadillo et al., questionnaire comprised items assessing various
2021). In addition to this, the most utilized means of dimensions of information security awareness,
reporting security incidents at most universities in including perceived vulnerability, severity, response
209
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
efficacy, and self-efficacy. Participants were briefed RESULTS AND DISCUSSION
about the purpose of the study and provided Response Rate
informed consent before completing the The sample that was used included participants
questionnaire. Data collection was conducted (students) from different faculties. 46.3% of the
through a paper-based survey. Ethical guidelines respondents belonged to the Faculty of Science
were adhered to throughout the research process to indicating the availability and willingness of
ensure the protection of participants' rights and the participants. The rest of the respondents were from
confidentiality of their responses. Institutional the Faculty of Business and Management Science
review board (IRB) approval was obtained from the (13.0%), Faculty of Applied Science and
University review board (The MUST REC) before Technology (10.6%), Faculty of Medicine (13.0%),
commencing data collection. Faculty of Computing and Informatics (7.9%), and
The collected data were subjected to statistical Faculty of Interdisciplinary Studies (10.4%).
analysis using SPSS. Descriptive statistics, Training and Security Awareness
including frequencies, percentages, means, and The outcomes of the survey conducted among
standard deviations, were computed to summarize university students uncover various notable trends
the demographic characteristics of the sample and concerning security awareness, incident reporting,
the key variables related to information security and password management. Initially, a significant
awareness. Potential limitations of the study, such proportion of students expressed dissatisfaction
as sample representativeness, self-report biases, and with the adequacy of training or guidance provided
generalizability of findings, were acknowledged. regarding security incidents (see Figure1), with
Steps were taken to minimize these limitations, more than half of the respondents indicating a lack
including random sampling and ensuring anonymity of any such training.
of responses.

Figure 1. Shows the responses to training on security awareness and preparedness

This emphasizes a critical deficiency in to have regular communication and training on
awareness and readiness, potentially leaving security awareness. This promotes the idea of
students susceptible to security risks. Importantly, having a security culture that all the community
similar concerns echoed through interviews with members embrace.
staff members, suggesting a systemic issue within According to (Alshaikh, 2020) building a
the institution regarding security training. As cybersecurity culture in Higher Education
indicated by (Da Veiga et al., 2020) it is necessary Institutions can be achieved through continuous
210
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
training and awareness campaigns. This can be done Awareness of Security Incidents and Reporting
during orientation seminars for the new students as Regarding awareness of security incidents
they join the University. During these seminars, within the university, while a notable fraction of
important information on security policies and students reported feeling adequately informed, the
procedures should be shared. Additionally, possible considerable proportion of non-committal responses
disciplinary actions for breaches need to be and the relatively similar percentages between
highlighted. Both students and staff need to agreement and disagreement (see Figure 2) imply
understand that security is a shared responsibility scope for improvement in the dissemination of
and should aim at doing the right thing (Chapman, information. This supports the necessity for
2019). Fundamentally, academic institutions should consistent and dependable communication channels
include active security awareness and training to ensure all students receive timely and accurate
programs in their strategic plans. updates about security incidents. Without effective
communication strategies, misinformation, or lack
of awareness among students could impede security
endeavors.

Figure 2. Shows the distribution of students' responses to incident reporting

Related studies worldwide, e.g., (Alharbi & otherwise(Alqahtani, 2022; Garba et al., 2020). The
Tassaddiq, 2021; Alqahtani, 2022; Hong et al., findings of this study correlate with those of
2023) show that security awareness levels among (Alharbi & Tassaddiq, 2021) who found in their
students are generally insufficient, especially in investigation of the level of cybersecurity awareness
cybersecurity. Even for students with the required and user compliance among undergraduate students
information regarding cybersecurity, the approach at Majmaah University in Saudi Arabia that the
they use while dealing with this information is majority of the students found having strong
inappropriate (Taha & Dahabiyeh, 2021; Thompson passwords unpleasant and therefore opted to use the
et al., 2018) in practical circumstances. Therefore, same password for all accounts. Inadequate
there is a need for continuous security awareness password management could expose students to
and training programs (Dash & Ansari, 2022; security breaches or unauthorized access to their
Khando et al., 2021; Taha & Dahabiyeh, 2021; accounts.
Zwilling et al., 2022) to ensure that students can This highlights the importance of reinforcing
improve their alertness. the significance of password hygiene and
Concerning password practices, although a implementing measures to promote secure password
significant portion of students claimed regular management practices among students (Barakovic
password updates, a considerable number indicated
211
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
& Barakovic Husic, 2023; Hall et al., 2023; community(Ahmad et al., 2020; Hina & Dominic,
Kasowaki & Ali, 2024; Neigel et al., 2020) 2020; Kumar et al., 2021; Ulven & Wangen, 2021).
Furthermore, the findings indicate a necessity One such effort is to develop a communication
for enhancing awareness of reporting procedures for platform for the students that enables real-time
security incidents. A substantial proportion of reporting of any form of security threat(Hatzivasilis
students admitted unawareness of these procedures, et al., 2021; Hu et al., 2022; Maddireddy &
suggesting a lack of clarity or communication Maddireddy, 2022).
regarding reporting mechanisms. Efforts should be Communication Channels for Security Incident
directed toward educating students on prompt and Information
efficient reporting of security incidents, as timely It was observed that the majority of the
reporting is pivotal for effectively addressing students (over 60%) receive information through
security threats within the university social media.

Figure 3. Shows the communication channels used by students

This implies that social media can be one way information regarding security. Therefore there is a
that can be used to promote security incident need for improvement in this arena by relaying
awareness. Since social media tends to be embraced security updates through for instance the
by a vast population, it can be utilized to share university’s social media accounts.
information regarding cybersecurity and other On the other hand, (Alharbi & Tassaddiq,
security matters. Universities including MUST can 2021), suggest that passive awareness methods,
venture into using social media to share tips, such as email, oral presentation, newsletters, and
resources, and updates on the security status of the SMS messages, are insufficient for educating users.
university. There is a need to have a combination of passive
A study by (Rahman et al., 2020) indicates and proactive methods such as training to have
similar findings showing that about 70% of their effective security awareness (Arend et al., 2020;
study population uses social media as their primary Franchina et al., 2021; Kuraku et al., 2023).
source of information. However, even though social
media is popular, most people acknowledge that
they don’t get enough cybersafety information
through the platform. This is also evident in the
findings of this study. The majority of the
respondents showed dissatisfaction with the use of
the different communication channels to relay
212
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
Willingness to Report Security Incidents

Figure 4. Shows the willingness of students to report security incidents

The survey findings among MUST students within and outside the university environment (Da
regarding incident reporting and security behavior Veiga, 2023; Wiley et al., 2020).
reflect that the majority (~61%, see Figure 4) are
willing to report suspicious behavior, indicating a CONCLUSION
positive attitude to security vigilance. These Security awareness is essential for academic
findings are in agreement with those of (Lamoreaux institutions because of the vast amount of vital data
& Sulkowski, 2021). The author emphasizes that they handle, the valuable infrastructure they use,
trust in the system is important to enhance the and that they deal with students from diverse
willingness of students to report any security backgrounds. In this study, we evaluated the
threats. To be assured that what they report will be security awareness and incident reporting levels
acted upon accordingly greatly influences the will among students at Mbarara University of Science
to report. Students need to be connected to the and Technology in Uganda, using a quantitative
university environment and trust its systems to research approach.
facilitate reporting security threats. This also Generally, the survey outcomes underscore
emphasizes the need for a security culture at several areas that need to be improved to bolster
institutions. Group dynamics also play a big role in security awareness and preparedness among
promoting security vigilance (Robinson et al., university students. We emphasize that security
2022). It should be noted that the percentage of awareness training programs for both students and
students who agree with the idea that reporting staff should be included in the University’s security
incidents is optional and those who are management plan and be executed accordingly.
noncommittal is higher than those who consider it These trainings need to comprehensively address
important. This implies that there is still a need for cyber and physical security awareness, secure
engagement with the students on the importance of password management practices, enhancing
security vigilance and pro-activeness. As appropriate use of the different communication
emphasized by (Kovacevic et al., 2020; Setiawan & channels, and incident reporting.
Rizal, 2024), improving students' knowledge, Acknowledgment
attitudes, and behavior regarding security is very We acknowledge the government of Uganda
crucial for security awareness, and this can be through the Directorate of Research and Graduate
achieved through classroom interactions, training, Training (DRGT) of Mbarara University of Science
workshops, etc. information security There needs to and Technology for funding.
be a security culture that is instilled among the
students so that they appreciate the value of security
213
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216

REFERENCES 12. Dash, B., & Ansari, M. F. (2022). An effective

1. Ahmad, A., Desouza, K. C., Maynard, S. B., cybersecurity awareness training model: First
Naseer, H., & Baskerville, R. L. (2020). How defense of an organizational security strategy.
integration of cyber security management and 13. Djenna, A., Harous, S., & Saidouni, D. E.
incident response enables organizational (2021). Internet of things meet internet of
learning. Journal of the Association for threats: New concern cyber security issues of
Information Science and Technology, 71(8), critical cyber infrastructure. Applied Sciences,
939–953. 11(10), 4580.
2. Alharbi, T., & Tassaddiq, A. (2021). 14. Ekpoh, U. I., Edet, A. O., & Ukpong, N. N.
Assessment of cybersecurity awareness among (2020). Security challenges in Universities:
students of Majmaah University. Big Data and Implications for safe school environment.
Cognitive Computing, 5(2), 23. Journal of Educational and Social Research,
3. Alqahtani, M. A. (2022). Factors affecting 10(6), 112–112.
cybersecurity awareness among university 15. Franchina, L., Inzerilli, G., Scatto, E.,
students. Applied Sciences, 12(5), 2589. Calabrese, A., Lucariello, A., Brutti, G., &
4. Alshaikh, M. (2020). Developing cybersecurity Roscioli, P. (2021). Passive and active training
culture to influence employee behavior: A approaches for critical infrastructure protection.
practice perspective. Computers & Security, 98, International Journal of Disaster Risk
102003. Reduction, 63, 102461.
5. Arend, I., Shabtai, A., Idan, T., Keinan, R., & 16. Garba, A., Sirat, M. B., Hajar, S., & Dauda, I.
Bereby-Meyer, Y. (2020). Passive and not B. (2020). Cyber security awareness among
active-risk tendencies predict cyber security university students: A case study. Science
behavior. Computers & Security, 97, 101964. Proceedings Series, 2(1), 82–86.
6. Aslan, Ö., Aktug, S. S., Ozkan-Okay, M., 17. González-Granadillo, G., González-Zarzosa, S.,
Yilmaz, A. A., & Akin, E. (2023). A & Diaz, R. (2021). Security information and
comprehensive review of cyber security event management (SIEM): Analysis, trends,
vulnerabilities, threats, attacks, and solutions. and usage in critical infrastructures. Sensors,
Electronics, 12(6), 1333. 21(14), 4759.
7. Barakovic, S., & Barakovic Husic, J. (2023). 18. Hall, R. C., Hoppa, M. A., & Hu, Y.-H. (2023).
Cyber hygiene knowledge, awareness, and An Empirical Study of Password Policy
behavioral practices of university students. Compliance. Journal of The Colloquium for
Information Security Journal: A Global Information Systems Security Education, 10(1),
Perspective, 32(5), 347–370. 8–8.
8. Chapman, J. (2019). How Safe is Your Data?: 19. Hatzivasilis, G., Ioannidis, S., Smyrlis, M.,
Cyber-security in Higher Education. Spanoudakis, G., Frati, F., Braghin, C.,
9. Cheng, E. C., & Wang, T. (2022). Institutional Damiani, E., Koshutanski, H., Tsakirakis, G.,
strategies for cybersecurity in higher education Hildebrandt, T., & others. (2021). The threat-
institutions. Information, 13(4), 192. arrest cyber range platform. 2021 IEEE
10. Da Veiga, A. (2023). A model for information International Conference on Cyber Security
security culture with creativity and innovation and Resilience (CSR), 422–427.
as enablers–refined with an expert panel. 20. Hina, S., & Dominic, P. D. D. (2020).
Information & Computer Security, 31(3), 281– Information security policies’ compliance: A
303. perspective for higher education institutions.
11. Da Veiga, A., Astakhova, L. V., Botha, A., & Journal of Computer Information Systems.
Herselman, M. (2020). Defining organisational 21. Hong, W. C. H., Chi, C., Liu, J., Zhang, Y.,
information security culture—Perspectives Lei, V. N.-L., & Xu, X. (2023). The influence
from academia and industry. Computers & of social education level on cybersecurity
Security, 92, 101713. awareness and behaviour: A comparative study
of university students and working graduates.

214
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
Education and Information Technologies, International Journal of Sustainable
28(1), 439–470. Development, 16(04), 11–28.
22. Hu, S., Hsu, C., & Zhou, Z. (2022). Security 33. Moghayedi, A., Michell, K., Le Jeune, K., &
education, training, and awareness programs: Massyn, M. (2024). Assessing the influence of
Literature review. Journal of Computer technological innovations and community-
Information Systems, 62(4), 752–764. based facilities management on the safety and
23. Jamal, H., Algeelani, N. A., & Al-Sammarraie, security of universities. A case study of an open
N. (2024). Safeguarding data privacy: campus. Facilities, 42(3/4), 223–244.
Strategies to counteract internal and external 34. Neigel, A. R., Claypoole, V. L., Waldfogle, G.
hacking threats. Computer Science and E., Acharya, S., & Hancock, G. M. (2020).
Information Technologies, 5(1), 46–54. Holistic cyber hygiene education: Accounting
24. Kasowaki, L., & Ali, K. (2024). Cyber for the human factors. Computers & Security,
Hygiene: Safeguarding Your Data in a 92, 101731.
Connected World. EasyChair. 35. Rahman, N. A. A., Sairi, I. H., Zizi, N. A. M.,
25. Khando, K., Gao, S., Islam, S. M., & Salman, & Khalid, F. (2020). The importance of
A. (2021). Enhancing employees information cybersecurity education in school. International
security awareness in private and public Journal of Information and Education
organisations: A systematic literature review. Technology, 10(5), 378–382.
Computers & Security, 106, 102267. 36. Robinson, S. R., Casiano, A., & Elias-Lambert,
26. Kovacevic, A., Putnik, N., & Toškovic, O. N. (2022). “Is it my responsibility?”: A
(2020). Factors related to cyber security qualitative review of university students’
behavior. IEEE Access, 8, 125140–125148. perspectives on bystander behavior. Trauma,
27. Kumar, S., Biswas, B., Bhatia, M. S., & Dora, Violence, & Abuse, 23(1), 117–131.
M. (2021). Antecedents for enhanced level of 37. Rosin, F., Forget, P., Lamouri, S., & Pellerin,
cyber-security in organisations. Journal of R. (2022). Enhancing the decision-making
Enterprise Information Management, 34(6), process through industry 4.0 technologies.
1597–1629. Sustainability, 14(1), 461.
28. Kuraku, S., Kalla, D., Samaah, F., & Smith, N. 38. Sawyer, B. D., & Hancock, P. A. (2018).
(2023). Cultivating Proactive Cybersecurity Hacking the human: The prevalence paradox in
Culture among IT Professional to Combat cybersecurity. Human Factors, 60(5), 597–609.
Evolving Threats. International Journal of 39. Setiawan, B., & Rizal, M. A. (2024).
Electrical, Electronics and Computers, 8(6). Measurement of Information Security and
29. Lamoreaux, D. J., & Sulkowski, M. L. (2021). Privacy Awareness in College Students after
Crime Prevention through Environmental the Covid-19 Pandemic. Procedia Computer
Design in schools: Students’ perceptions of Science, 234, 1396–1403.
safety and psychological comfort. Psychology 40. Shah, A. (2024). Cybercrime Chronicles:
in the Schools, 58(3), 475–493. Exploring the Evolving Landscape of
30. Li, Y., & Liu, Q. (2021). A comprehensive Challenges in the Digital Era.
review study of cyber-attacks and cyber 41. Taha, N., & Dahabiyeh, L. (2021). College
security; Emerging trends and recent students information security awareness: A
developments. Energy Reports, 7, 8176–8186. comparison between smartphones and
31. Maddireddy, B. R., & Maddireddy, B. R. computers. Education and Information
(2022). Real-Time Data Analytics with AI: Technologies, 26(2), 1721–1736.
Improving Security Event Monitoring and 42. Thompson, J. D., Herman, G. L., Scheponik, T.,
Management. Unique Endeavor in Business & Oliva, L., Sherman, A., Golaszewski, E.,
Social Sciences, 1(2), 47–62. Phatak, D., & Patsourakos, K. (2018). Student
32. Mofokeng, J. T., Nkosikhona Simelane, N., & misconceptions about cybersecurity concepts:
Mofokeng, L. (2023). Student safety and Analysis of think-aloud interviews. Journal of
security for sustainable and inclusive Cybersecurity Education, Research and
residences: A Cross-Sectional Study. OIDA Practice, 2018(1), 5.
215
 Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4 (3), 208-216
43. Ulven, J. B., & Wangen, G. (2021). A
systematic review of cybersecurity risks in
higher education. Future Internet, 13(2), 39.
44. Wiley, A., McCormac, A., & Calic, D. (2020).
More than the individual: Examining the
relationship between culture and Information
Security Awareness. Computers & Security, 88,
101640.
45. Zwilling, M., Klien, G., Lesjak, D., Wiechetek,
L., Cetin, F., & Basim, H. N. (2022). Cyber
security awareness, knowledge and behavior: A
comparative study. Journal of Computer
Information Systems, 62(1), 82–97.

216

View publication stats