Professional Documents
Culture Documents
net/publication/344780898
CITATIONS READS
0 583
4 authors, including:
Amer Ibrahim
American University in the Emirates (AUE)
12 PUBLICATIONS 20 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Nahil Abdallah on 21 October 2020.
1,3,4,
School of Engineering and Technology, Aldar College University, UAE
2
Department of Fundamentals Religion, An-Najah National University, Nablus, Palestine
1
nahilabed@aldar.ac.ae, 2Odeh72@najah.edu, 3Hamzah@aldar.ac.ae, 4amer@aldar.ac.ae
ABSTRACT
The exchange of information is a key factor in the daily use of technology. Studies in computer security
education, awareness-raising, and training among college students are limited. Most of the research focuses
on computer security standards and guidance in organizational contexts. Few studies have analyzed the
predictors of the adoption of computer security practices by college students. The objective of this research
is to explore information security awareness among higher education students and exam key variables that
are influencing this behavior. A total of 180 questionnaires were collected from undergraduate students at
Aldar University College and analyzed using the Structural Equation Modelling (SEM) technique. The
findings revealed that perceived usefulness, subjective norms, self-efficacy, and the quality of the security
system are found to have an important effect on student behavioral awareness of security. The findings of
this research will help to develop a clear understanding of the factors that affect students’ security
awareness behavior. The findings of the study can be used to either refute or strengthen the theories or
framework that has been adopted. The findings might also contribute to the literature on security behavior
and awareness in general. Findings suggest that the proposed research model is a valuable model for
predicting students' attitudes towards information security and that their motivation is influenced by
education in security awareness and understanding the severity of such issues. Moreover, the outcome of
this research will lead to more awareness programs that can be used to promote privacy and security
protection behaviors of information security.
Keywords: Security Usefulness, Self-Efficacy, Subjective Norms, Security System Quality, Security
Awareness.
3825
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
witnessed by the increasing number of security declining [12]. Regardless of how well designed,
breach incidents such as the spread of computer protection measures are applied and used by
viruses, and hackers' invasion of proprietary individuals. Solutions in technology are important
network sites. With over one billion people but not sufficient [13]. Security quality often
connected worldwide to the Internet, the way depends on individuals' successful behavior [14].
people learn, interact, and communicate has had a
revolutionary impact. [4]. According to Solms and The Internet offers students fast access to
Niekerk, [5], information security is defined as “the numerous sources of information. Students always
tasks of guarding the information that is in a digital use the Internet for personnel purposes and not only
format typically manipulated by a microprocessor, for their academic purposes such as keeping in
stored on a magnetic or optical storage device, and touch with their friends via e-mail, chatting, and
is transmitted over a network”. Information security blogs. It is not clear whether students’ are security-
is meant to secure information of high importance aware. Nor is it clear what part security awareness
to individuals and organizations to prevent data plays in motivating students into practicing good
theft. Information security involves any process, security behavior [15]. Based on Moallem
activity, or task that protects the confidentiality, [16], college students are not aware of how to
integrity, and availability of information [6]. protect their data, although they believe they are
being observed when using the Internet and that
Recent developments in network resources, their data are not even secure on university systems.
personal computers, and multimedia applications Students cannot secure their systems against
indicated the development and implementation of security threats when browsing the Internet and
new and innovative teaching strategies. Internet is thus lead to illegal access to their personal
used increasingly for educational purposes [7]. information or identity theft. With this explosion of
Computer technologies have become major use, information and computer security are
components of the campus environment and the becoming significant subjects [17]. People do not
college experience. Students regularly use the think that they are at risk and often fail to recognize
Internet at schools, computer laboratories, libraries, security risks. The absence of security education
and community centers. Most of them access can be blamed for the lack of awareness amongst
library catalogs, online databases, and other students. Students have to understand security
academic resources to complete a wide range of threats, the damages that these threats can cause,
academic tasks. Many institutions are requiring and also methods on how to mitigate these damages
students to have computers to take advantage of if it occurs [18]. Behavior toward the security of
Web-accessible classrooms by incorporating ICT information is increasingly being paid attention,
courses into their curriculum. The advantages of especially when they use security technologies that
incorporating advanced technologies into have failed to protect businesses against cyber-
instruction are more efficiently accomplishing new attacks [19]. Therefore, this study was incepted to
or existing tasks and, preparing students for the job build on what was found in past studies in
market as well as enhancing productivity [8]. Along achieving the objectives of the study wherever
with information technology (IT) development, possible. By investigating critical factors in the
however, is the increasing number of unethical acts local context, the study attempts to fill a gap in the
that have been observed throughout the world. It individual country-level security awareness
has been realized that information security is not research. Hence, the objective of this empirical
just a technology problem [9]. The security threats study is to examine information security awareness
can affect the behavior and perception of IT users behavior among university students.
[10]. Information security includes both people and
technology, and it is becoming more and more
2. INFORMATION SECURITY
obvious that "the human factor is the Achilles heel
AWARENESS
of information security" [11].
Information is defined as a resource, commodity,
Literature shows that the development of perception of pattern, and constitutive force in our
information security remains uncertain and a lives. The information has some characteristics that
complicated process to protect personal and make it valuable to its owner and its intended users.
vulnerable information from cyber-attacks. However, in any case, information security ensures
Numerous sophisticated methods of security have that the information is not accessed, used, disclosed,
been developed but the security of information is disrupted, modified, seen, recorded, or destructed
3826
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
3827
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
ratio of a sample size to estimate parameters is N:p research investigation that has two or more possible
= 5:1 [24]. values. Creswell [27] further categorized the
variables into different groups: independent,
“A ratio of five responses per the parameter is dependent, intervening, moderating, control, and
required to obtain a trustworthy estimation”. With a compounding.
total of 22 elements, the effective sample size
required to test the trustworthiness of the model
would be 110. However, Hair et al.,[25] stated that
“a sample size exceeding 400 to 500 becomes too
sensitive as almost any difference is detected,
making all goodness-of-fit measures indicate a poor
fit”. The study sample is drawn from that part of the
population, which is close to hand. A total of 195
students participated in the study, with 180 valid
questionnaires, a high response rate of 92% is
achieved. “The research model and hypotheses are
to be examined through the analysis of data
extracted from various questionnaires using
structural equation modeling (SEM). SEM is a very
powerful analytical technique, which has been used
by many researchers”.
3828
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
3829
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
After establishing the research design and data missing not at random or not-ignorable (MNAR).
collection procedures, this section presents the data They further postulated that MCAR can be treated
analysis tools and techniques adopted in this with any mechanism and results would be
research study. To achieve research objectives; the acceptable to generalize, whereas, treating MNAR
data analysis was divided into two stages. In the could yield biased results. There are no clear
first stage, preliminary data analysis was performed guidelines regarding the extent of missing data
with the help of SPSS version, 23. Findings treatment. [25] suggested that in the case of the
generated at this stage of analysis provided the random missing data pattern, data missing fewer
general picture of the respondent‘s demographic than 10% can be ignored but it required remedial
statistics and their response to the survey adjustment if it is higher than 20% to 30%.
instrument. In the second stage, the evolution of a Similarly, Cohen et al., (2013) suggested that
structured model using the SEM technique was missing data up to 5% or even 10% on a particular
employed with the help of AMOS version 23.0. At variable may not be considered as large. Most
this stage, interrelationships between multiple simple analysis should yield reliable results even in
independent and dependent variables were case if the percentage of cases with missing
examined to test the proposed hypothetical observations is approximately less than 5%.
framework developed. In addition to this, both the
measurement model and structural model analysis Therefore, to treat the missing (incomplete)
techniques were employed to identify the level of data, the researcher followed four simple steps as
significance of various factors affecting security recommended by Hair et al., [25]. 1) examined the
awareness behavior. extent of missing data, 2) investigate the pattern of
missing data, 3) examined the randomness of
Preliminary data analysis for the present study
missing data, 4) applied appropriate techniques e.g.
was performed with the help of SPSS version, 23.
imputation method to fix the issue. [25] identified
SPSS has been accredited by many researchers and
several imputation methods such as regression
widely accepted in various research areas including
imputation, mean substitution, case substitution,
but not limited to, business studies, IS, social
and hot or cold deck imputation methods.
sciences, and marketing research. Therefore, the
Researchers in this study employed the mean
researcher decided to use this tool for data coding,
substation method. The reason is plausible in that
identification of missing values and outliers, and
the mean substitution approach is the most
the assumption of normality (i.e. using mean,
commonly adopted/accepted under MAR, MCAR,
Kurtosis, and skewness statistics). Additionally,
issues as well as the mean calculated with this
descriptive statistical tests were also performed
approach is treated as the best single replacement
with SPSS. Likewise, EFA was also conducted for
for any missing value.
factor/dimension reduction by summarizing
information from many variables used in the The demographic findings of the study are
proposed framework into a smaller number of discussed in this section. The first section of the
factors [25]. survey instrument requested respondents to provide
demographic and background information (gender,
Data examination is sometimes also referred to age, faculty, and department). Table 1 shows that
as data screening is conducted next. It is the process the gender distribution is skewed in favor of males
of ensuring that the collected data is completed and with 60.5%, while females with 39.5%. Across the
suitable for analysis. This step also tests the data to universities, the male population was found to
ensure if it is useful, reliable, and valid for further outnumbered the female population.
testing [35]. In most self-administrated survey
research, there are some chances for the existence
of incomplete data or improper data entry.
Tabachnick and Fidell [36] contend that missing
data problems occur in survey-based research when
respondents fail to respond to one or more
questions in the instrument, which can cause
potential issues in the data analysis process. Some
researchers argued that the possibility of missing
data patterns can be categorized into three types i.e.
missing at random also known ignorable (MAR),
missing completely at random (MCAR), and
3830
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
Variable No Cronbach‘s
Items alpha
Perceived Usefulness 6 0.82
Subjective norms 5 0.81
Self-efficacy 6 0.84
Information security system
quality 5 0.86
3831
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
After the CFA validation, the next step of the between perceived usefulness and information
analysis is to test the causal hypotheses presented in security awareness with a CR value of 7.721 (>±
the proposed research model and the strengths of 1.96) was statistically significant (p = 0.001).
the relationships among the constructs with the help Similarly, facilitating conditions and AU;
of a structural model. The researcher used GOF information quality. Similarly, hypotheses H2, H3,
indices and examined other parameter estimates to and H4, are all supported based on the results
evaluate the hypothesized structural model. Table 3 presented in Table 4. Figure 2 depicts the final
present the findings of the fit indices of the structural model.
structural model. The likelihood ratio chi-square
(χ2 = 3555.519; p = .000) was significant (p < Table 4: The estimate of the Hypothesized Model
.001); x2/df achieved an acceptable fit of 1.547 and
found well within limits i.e. 1.0 < x2 / df < 3.0). Stand. SE C.R. P
Furthermore, the findings for TLI and CFI were Regression Valid
0.927 and 0.903 respectively, and were above the Weights
recommended value of ≥ 0.90. Similarly, the results (β)
of AGFI (0.882) met the recommended criteria of ≥ H1 0.334 0.074 3.3981 *** YES
0.80. Lastly, the value of RMSEA found within the
H2 0.1687 0.056 1.826 0.213 YES
recommended criteria of < 0.5 and reached an
acceptable figure of 0.039. H3 0.179 0.009 3.316 *** YES
“ To inspect the hypotheses of this research, H4 0.278 0.195 2.648 0.015 YES
critical ratios, standardized estimates, and p-value Notes: “Std. Reg. Weight = Standardized regression
were used. It was assumed that a relationship is weight”
statistically significant at the 0.05 levels when the SE = “Standard error of regression
critical ratio (CR or t-value) found higher than ± weight” CR = “Critical ratio of regression
1.96” [25]. All the casual paths in the model were weight” p =” Level of significance of
examined based on the path estimates and CR (t- regression weight” (*** p < 0.001)
value). Results demonstrated that t-values for
twenty-two causal paths estimate found above the
1.96 (critical value) and significant at p ≤ .05.
However, t-values for thirteen casual paths were
found not statistically significant. The parameter
estimates are presented in table 4 and the overall
structural model is depicted in figure 2. Results
presented in Table 4 shows that all four
hypothesized paths between the variables found to
be significant. For example, the hypothesized path
3832
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
3833
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
information security behavior value more intention of higher education students towards
information security as they have more knowledge security, and the variables of the research model are
of information security. Most of the students selected under the control of related dimensions.
believed fairly in their abilities in keeping their
computers and information safe and secure.
Students, however, decided that they could Previous research has focused heavily on
download antivirus applications even when nobody technological solutions for computer security risks.
around to help them. Besides, the usefulness of Recent behavioral research has noted the
security systems, subjective norms, and self- importance of the human element and its role in
efficacy. The results indicate that the quality of the shielding computers, the information stored on
security measures and systems implemented affects them, and users’ privacy from dangerous and
students’ behavioral awareness. Based on DeLone
unauthorized penetrations. One of the most
and McLean [33], System quality refers to “the
performance of the system itself in terms of important implications of this research is the
accessibility, flexibility, integration, language, heightened focus on the usability and training of
functionality, complexity, responsiveness, and computer security practices. College administrators,
interface design” to help instructors conduct professors, and stakeholders should design courses,
teaching activities and facilitate learning. In the workshops, and special sessions on the usefulness
proposed hypothetical model, three hypotheses and ease of use of computer security practices.
were proposed to investigate the effect of system
Another important implication of this study is the
quality on PU, PEOU, and AU. Results of
parameter estimates for Hypothesis H4 (System significance of perceived vulnerability concerning
Quality → Security Awareness) (β = 0.116, t-value adopting computer security practices. Students are
= 2.813) at 0.001 (p < 0.05) level indicated that this found to more likely to adopt computer security
hypothesis found to be statistically significant and practices if they feel vulnerable to security threats.
hence, the hypothesis was supported. Colleges may start a lean, cost-effective, campaign
where professor, lecturer, and staff member sends
In contrast to previous works and existing
out regular emails to their students and clients
models in the area of security behavior awareness,
which raise awareness about the risks involved with
the current study extended the research scope by
computer security practices
combining the most critical factors identified in the
relevant literature. All these factors are attempted to The findings of the study can be used to either
apply them in the local context. It is recognized that refute or strengthen the theories or framework that
the majority of studies focus on access to has been adopted. The findings might also
technology and context whereas in developing contribute to the literature on security behavior and
countries majority are concern about individuals, awareness in general. Besides, The schools seem to
with few studies exhibit a comprehensive view. be actively working towards enhancing students '
awareness of these problems and how to protect
Therefore, the proposed model contained variables themselves against potential cyber-attacks such as
that have not been integrated into one framework ID theft or ransomware. The majority of students
subject previously, which allows simultaneously are also aware of the potential consequences of
examining for validation and relationship. Most of providing an entire university population with
the studies have examined users’ behavior personally identifiable information like identity
awareness by using the original technology theft and stalking but feel comfortable providing
this information.
acceptance model (TAM). They did not utilize a
framework for developing their research models.
5. CONCLUSION
This situation is a limitation because there is no
a clear pattern in selecting the external variables of Information security includes a thorough
the research models. Researchers are advised to comprehension of both human and technical
avoid using a single linear methodology when aspects. Threats to the security of information could
evaluating individual behavioral awareness. be diminished if individuals perform information
Therefore, in this study, a multidimensional behavior effectively. The information security
approach is considered to evaluate the behavioral success relies on the actual behavior of the people
3834
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
involved. The objective of this article was to [4] Y. K. Peker, L. Ray, S. Da Silva, N. Gibson,
examine the security awareness factors among and C. Lamberson, "Raising Cybersecurity
students at Aldar College University. This study Awareness among College Students," in
investigates the possibility of the incorporation of Journal of The Colloquium for Information
individual, institutional, and environmental as a System Security Education, 2016, pp. 17-17.
reflective construct that connects to information [5] R. Von Solms and J. Van Niekerk, "From
security awareness. The study was conducted based information security to cyber security,"
on a questionnaire using a descriptive case study computers & security, vol. 38, pp. 97-102,
approach. 180 valid responses were covering all the 2013.
faculties. The target was to get a general [6] T. R. Peltier, Information security risk
understanding of information security awareness analysis: Auerbach publications, 2010.
behavior and to further understand how different [7] S. I. Al-Jerbie, M. Z. Jali, and N. Sembilan, "A
factors may impact on it. The results of this second look at the information security
research exposed that perceived usefulness; awareness among secondary school students,"
subjective norms, self-efficacy, and security system in The International Conference on
quality are the main variables influencing security Information Security and Cyber Forensics
awareness. The self-efficacy of computers and (InfoSec2014)(pg. 88-97), 2014.
technology and information systems was [8] N. A. Zakaria and F. Khalid, "The benefits and
hypothesized to have the most effect on security constraints of the use of information and
awareness among students communication technology (ICT) in teaching
mathematics," Creative Education, vol. 7, pp.
The study makes important contributions to 1537-1544, 2016.
the emerging body of knowledge on the behavioral [9] F. Khalid, M. Y. Daud, M. J. A. Rahman, and
and educational settings about the information M. K. M. Nasir, "An Investigation of
security issue. Initially, the study offers a University Students’ Awareness on Cyber
theoretical explanation of the student’s awareness Security," International Journal of
of security. Furthermore, the research has shown Engineering & Technology, vol. 7, pp. 11-14,
that the important factors influenced by the 2018.
individual can help to motivate precaution-taking [10] L. Muniandy and B. Muniandy, "State of cyber
behavior in information security issues. However, security and the factors governing its
there are limitations to this research some of which protection in Malaysia," International Journal
include the study merely focuses on one of Applied Science and Technology, vol. 2, pp.
educational institution. Thus, a future study may 106-112, 2012.
increase the population size and include different [11] D.-L. Huang, P.-L. P. Rau, and G. Salvendy,
institutions. Besides, future studies should focus on "A survey of factors influencing people’s
individual practices in detail, as well as other perception of information security," in
recommended security practices. International Conference on Human-Computer
Interaction, 2007, pp. 906-915.
REFERENCES [12] L. Hadlington, "Employees Attitudes towards
Cyber Security and Risky Online Behaviours:
[1] L. Muniandy, B. Muniandy, and Z. Samsudin, An Empirical Assessment in the United
"Cyber Security Behaviour among Higher Kingdom," 2018.
Education Students in Malaysia," J. Inf. Assur. [13] M. Anwar, W. He, I. Ash, X. Yuan, L. Li, and
Cyber Secur, vol. 2017, pp. 1-13, 2017. L. Xu, "Gender difference and employees'
[2] S. Al-Janabi and I. Al-Shourbaji, "A study of cybersecurity behaviors," Computers in Human
cyber security awareness in educational Behavior, vol. 69, pp. 437-443, 2017.
environment in the middle east," Journal of [14] J. R. Ndiege and G. Okello, "Information
Information & Knowledge Management, vol. security awareness amongst students joining
15, p. 1650007, 2016. higher academic institutions in developing
[3] V. Broucek and P. Turner, "A Forensic countries: Evidence from Kenya," 2018.
Computing Perspective on the Need to [15] K. Edwards, "Examining the security
Improve User Education for Information awareness, information privacy, and the
Security Management," ed: Current Security security behaviors of home computer users,"
Management & Ethical Issues of Information 2015.
Technology …, 2003.
3835
Journal of Theoretical and Applied Information Technology
30th September 2020. Vol.98. No 18
© 2005 – ongoing JATIT & LLS
[16] A. Moallem, "Cyber Security Awareness on Perceptive and Cognitive Computing, vol.
Among College Students," in International 5, pp. 8-14, 2019.
Conference on Applied Human Factors and [31] N. Huda, N. Rini, Y. Mardoni, and P. Putra,
Ergonomics, 2018, pp. 79-87. "The analysis of attitudes, subjective norms,
[17] A. Farooq, J. Isoaho, S. Virtanen, and J. and behavioral control on muzakki's intention
Isoaho, "Information security awareness in to pay zakah," International Journal of
educational institution: An analysis of students' Business and Social Science, vol. 3, 2012.
individual factors," in 2015 IEEE [32] D. R. Compeau and C. A. Higgins, "Computer
Trustcom/BigDataSE/ISPA, 2015, pp. 352-359. self-efficacy: Development of a measure and
[18] P. Potgieter, "The Awareness Behaviour of initial test," MIS quarterly, pp. 189-211, 1995.
Students On Cyber Security Awareness by [33] W. H. DeLone and E. R. McLean,
Using Social Media Platforms: A Case Study "Information systems success revisited," in
at Central University of Technology," in Proceedings of the 35th Annual Hawaii
Proceedings of 4th International Conference International Conference on System Sciences,
on the, 2019, pp. 272-280. 2002, pp. 2966-2976.
[19] L. Hadlington, "Human factors in [34] F. J. Fowler Jr, Survey research methods: Sage
cybersecurity; examining the link between publications, 2013.
Internet addiction, impulsivity, attitudes [35] J. Gaskin, "Group differences. Retrieved from
towards cybersecurity, and risky cybersecurity stats tools package," ed, 2014.
behaviours," Heliyon, vol. 3, p. e00346, 2017. [36] B. G. Tabachnick and L. S. Fidell,
[20] F. A. Aloul, "The need for effective Experimental designs using ANOVA:
information security awareness," Journal of Thomson/Brooks/Cole Belmont, CA, 2007.
Advances in Information Technology, vol. 3, [37] J. A. Gliem and R. R. Gliem, "Calculating,
pp. 176-183, 2012. interpreting, and reporting Cronbach’s alpha
[21] D. E. Gray, Doing research in the business reliability coefficient for Likert-type scales,"
world: Sage Publications Limited, 2019. 2003.
[22] U. Sekaran and R. Bougie, Research methods [38] Hair, W. C. Black, B. J. Babin, and R. E.
for business: A skill building approach: John Anderson, "Multivariate data analysis: Global
Wiley & Sons, 2016. edition," ed: Pearson Higher Education Upper
[23] J. W. Creswell and V. L. P. Clark, Designing Saddle River, NJ, 2010.
and conducting mixed methods research: Sage [39] R. Hussein, F. Lambensa, and R. B. Anom,
publications, 2017. "Information security behaviour: a descriptive
[24] R. B. Kline, Principles and practice of analysis on a Malaysian public university,"
structural equation modeling: Guilford 2011.
publications, 2015. [40] M. Zwilling, G. Klien, D. Lesjak, Ł.
[25] J. F. Hair, M. Sarstedt, C. M. Ringle, and J. A. Wiechetek, F. Cetin, and H. N. Basim, "Cyber
Mena, "An assessment of the use of partial Security Awareness, Knowledge and Behavior:
least squares structural equation modeling in A Comparative Study," Journal of Computer
marketing research," Journal of the academy of Information Systems, pp. 1-16, 2020.
marketing science, vol. 40, pp. 414-433, 2012. [41] M.-H. Chang and D.-Y. Kang, "Factors
[26] P. D. Leedy and J. E. Ormrod, Practical affecting the information security awareness
research: Planning and design: Pearson and perceived information security risk of
Education, 2014. employees of port companies," Journal of
[27] J. W. Creswell and J. D. Creswell, Research Navigation and Port Research, vol. 36, pp.
design: Qualitative, quantitative, and mixed 261-271, 2012.
methods approaches: Sage publications, 2017.
[28] A. Alqarni, "Exploring factors that affect
adoption of computer security practices among
college students," 2017.
[29] F. D. Davis, "Perceived usefulness, perceived
ease of use, and user acceptance of information
technology," MIS quarterly, pp. 319-340, 1989.
[30] N. Abdallah and O. Abdullah, "Computer
Security Behavior and Awareness: An
Empirical Case Study," International Journal
3836