See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/341364046

Cyber Security Awareness Among University Students: A Case Study

Article  in  Science Proceedings Series · April 2020

DOI: 10.31580/sps.v2i1.1320

CITATIONS READS

7 7,014

4 authors, including:

Adamu Abdullahi Garba Siti Hajar Othman

Universiti Teknologi Malaysia Universiti Teknologi Malaysia
20 PUBLICATIONS   38 CITATIONS    86 PUBLICATIONS   661 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Factors motivating inside threat attacks View project

Digital forensic project View project

All content following this page was uploaded by Adamu Abdullahi Garba on 17 June 2020.

The user has requested enhancement of the downloaded file.

 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

Cyber Security Awareness Among University Students: A Case Study

Adamu Abdullahi Gabra *1, Maheyzah Binti Sirat 2, Siti Hajar 3, Ibrahim Bukar Dauda 4
*1
Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia, Skudia,
Johor Bahru, 81310, Malaysia
2,3
Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia, Skudia,
Johor Bahru, 81310, Malaysia
4
Azman Hashim International Business School. Universiti Teknologi Malaysia.Skudia,
Johor Bahru, 81310, Malaysia
*1
adamugaidam@gmail.com

Abstract
This paper reports the preliminary outcomes of a quantitative survey intended to identify
students' awareness and enthusiasm to learn cybersecurity in Nigerian Universities. The
objective of the survey was to see how students in this developing country are mindful of cyber-
attacks and how they can mitigate the attacks and to find out if the cybersecurity awareness
program is among the University program. The preliminary results indicated that the students
claimed to have basic cybersecurity knowledge, but are not well informed of how to protect their
data. It also seems that most Universities do not have an active cybersecurity awareness
program to improve students' knowledge on how to protect themselves from any threats. The
surveyed students also show interest in learning more about cybersecurity.

Keywords: cybersecurity awareness, Two-factor authentication, Password Management

1. Introduction
Today, the world is so connected that a person from one region can see or video chat with
another person in another region, people connect to the internet using their phones, computers,
even employees come to connect with the outside world in their workplaces. Organizations'
operations are performed remotely nowadays as contractors can communicate a thousand miles
away. All these are possible and it makes life more easy and enjoyable but at the same time if
there is no control over the devices the infrastructure of the workplace is in danger of any cyber-
attacks. People now connect to public Wi-Fi to do their business anytime and a huge amount of
personal data are being processed over the unprotected medium. The organization is most
vulnerable to cybersecurity attacks because employees might compromise the network of the
organization through the connection to the internet.
In today's life there are continuous attacks on a big organization that allow access to the
internal network, therefore resulting in the economic meltdown which causes loss of reputation
and prestige as a company(McCrohan, Engel, & Harvey, 2010; Troia, 2018). A study by Serianu
limited shows that almost 35% of losses which account for almost $649million. The most
affected organizations are banking and telecoms. Mixed-methods were used in gathering
information. The results show loss to inside threats is about $194 million, computer system
attacks are about $130 million and social engineering is about $97 million.
However, the report also indicated a capital loss of $3.5billion in Africa in 2017, making
Nigeria alone the highest in the loss. Almost all if not many of these breaches are caused by
employees in the organizations, and the main issue is of regular awareness about the danger of
cyber threats. Nigeria is the giant of Africa and the most populous black nation in the world with
a population of about 180million inhabitants, which majority as a youth, being the hub of Africa
Nigeria is facing day to day cybercrime-related attack. This shows Nigeria is at high risk of

ISSN: 2005-4238 IJAST 767

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

cyber-attack and also shows a lack of cybersecurity awareness. The objectives of this paper are to
survey Nigerian Universities to investigate the following:
• To identify the level of basic knowledge of cybersecurity among university students in
Nigeria
• To identify if cybersecurity is among their curriculum or a seminar class
• To identify if the cybersecurity awareness program is needed or not.
The subsequent sections will explain the literature review of existing similar research in
section 2, section 3 will explain the methodology adopted, section 4 will expensively describe the
result and finding from the survey to see if the objectives of the paper are achieved and section 5
will be the conclusion of the research paper.

2. Literature Review
Today, technology has provided many ways where a person can communicate with another in
the same or different destination, this technology also opens a way for a cybercriminal to attack
or hack certain organization information or personal data. This section briefly outlines the related
research in cybersecurity awareness and training in the educational area. Most criminals use
email, network traffic, and user profiling in launching an attack,(Moallem, 2019). Also,
approximately 4.9% of students had perpetrated cyberstalking(Reyns, Henson, & Fisher, 2012).
This indicated that to what extent an individual is vulnerable to cyber-attack when using the
internet. Therefore, using the internet emanates with a price and the most vulnerable are students
and people with less or no knowledge of cybersecurity. User personal information can be
compromised. Cybersecurity awareness knowledge can be used to mitigate some basic attacks to
individuals, therefore he more aware users are on the basic principles of cybersecurity the less
frequent cyber-attack can be successful.
This shows that young people are the most vulnerable for cyber- attacks. The availability of
technology has provided an application for educations either online or offline, university
students can access much information unlimitedly, which also helps them to expand their
learning (Al-Janabi & Al-Shourbaji, 2016). There is a direct relationship between preventive
measures and information security awareness, which increase the security performance(Knapp,
Marshall, Rainer, & Ford, 2006), this shows that security awareness should be part of measures
in enhancing security in any organization. Also, there is a strong relationship between
knowledge of information security and the behavior of people (Kruger, Drevin, & Steyn, 2010).
This clearly shows if people are aware of security then the rate of attack can be minimized to a
residual level. Cybersecurity awareness programs should be developed in such a way that such
elements must be included, these elements security policies and rules designed by the
organization to achieve the desired outcome (A McDaniel, 2013).universities systems have
continuously been attacked as a result of open access to information and also a vast amount of
power worth connecting (Katz, 2005).
Furthermore, Students from the business department at New England have been surveyed to
determine their attitudes toward information security awareness, which will help in developing
an effective information security awareness training (ISAT), the results of the survey indicated
that students understand the need if ISAT in improving their cybersecurity level of
awareness(Kim, 2014). A study of security awareness from academic sectors from the Middle
East was conducted among students and professionals, the results from the academic show less
insight on how to conduct the training in the best manner to reduce cyber-attack (Aloul, 2012).
Many universities are among the most vulnerable to attacks, this attacks can be motivated as the
result of the heist of patent award from both students and professors, also the theft of both
students and staff information. This shows that cybersecurity and training must be included in
any organization's security management plan. Proper awareness programs, training, educations,

ISSN: 2005-4238 IJAST 768

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

and policies, the universities must also have measures in security, privacy, trust, audit, and legal
requirement.
Likewise, simulation tools should be provided for enhancing the information security
awareness level for students, staff, and other Professionals (Pastor, Díaz, & Castro, 2010).
Games like CyberCIEGE were used to improve cybersecurity awareness for two the Navy IT
training and the early result shows the tools can be effective in improving the cybersecurity
awareness programs (Cone, Irvine, Thompson, & Nguyen, 2007). These show that tools and
software can be used to improve student security awareness and also can be as per real
experiment to enable then to understand the depth of security concept. Another survey was
conducted at the college of business and economics at the California State University on
cybersecurity awareness, the result indicated that the main problem with the security awareness
is not the lack of basic knowledge but the method students use it in real life, it further shows the
compliance with information security knowledge is lower than the understanding of it (Slusky &
Partow-Navid, 2012). Cybersecurity awareness study was carried out and analyzed among
Students of college in Tamil Nadu (India) the students were asked about various security threats,
the survey indicated that out of 500 students 70% are aware of basic virus attacks and using
antivirus software, while 11% uses outdated antivirus and more than 97% of the students do not
know the source of the virus(Yang et al., 2017). Also in Malaysia, a survey was conducted to
understand the awareness risk related to social networking site (SNS), 295 Malaysian student
took part in the survey and the results shows that one-third had been a victim of SNS scams
(Kirwan, Fullwood, & Rooney, 2017). This indicated that there is less knowledge of
cybersecurity threats in social site among Malaysian undergraduate students. Another survey was
conducted to college students at US Pacific Northwest, 498 student participated, and the result
indicated that the students were not able to define the terms malware( 55%), Trojan horses(
52%), phishing (50%) and worms(17%) (Sarathchandra, Haltinner, & Lichtenberg, 2016). In
New Zealand, a survey was conducted on internet usage and cybersecurity awareness among
students of various age, the result indicated that most students were not familiar with the
common cybersecurity terns and did not reveal adequate awareness of common terns like
phishing (Tirumala, Sarrafzadeh, & Pang, 2016). In Bangladesh, a cybersecurity awareness
survey was conducted among the people of Bangladesh, the survey finds that there is a patchy
awareness level and it is not satisfactory (Ahmed et al., 2018). This shows that many people are
under the risk of cyber-related attack and there is a need for a cybersecurity awareness program
in the country. Most students at higher education are not unaware of security concerns regarding
phones, but also at the same time are not aware of all the security risks and necessary security
practices(Pramod & Raman, 2014).
Many researchers also focus on how effective the cybersecurity/ information security program
in academic sector (Chan, 2012; Rahim, Hamid, Kiah, Shamshirband, & Furnell, 2015; Rantos,
Fysarakis, & Manifavas, 2012; Tsohou, Kokolakis, Karyda, & Kiountouzis, 2008; Willison &
Warkentin, 2013).The security of information has become vital importance for any organizations,
therefore organization using information systems must take information security seriously as a
top priority. In this paper, university students in Nigeria will be the target, to know the
cybersecurity awareness level, however, in this quantitative survey research, we will analyze and
assess the understanding of awareness, use and also a problem associated with all cybersecurity
in different universities in Nigeria, From the survey results, we will offer a recommendation that
would be used in providing an approach to increase the level of cybersecurity among students at
the Universities.

3. Methodology
This research uses a quantitative approach in designing the questionnaire-based survey to
collect data using an online method. The questions were organized to obtain the level of
cybersecurity awareness level among the targeted participant. The participant is university
students in Nigeria. This group was selected as a result of using the information as part of their

ISSN: 2005-4238 IJAST 769

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

daily activities and also students are the future employees in any organization. The survey link
was distributed among students in Nigerian universities from January 2020 to the end of
February the same year. Based on the above objectives the questions were drafted and an online
medium was used as a medium where the student can access and fill the questionnaire. The
questionnaire consists of 19 main questions and their answers were limited to “Yes”, “No” and
“Maybe” with five demography questions.
The estimated time for a participant to complete the survey is around 15 to 20 minutes. The
questions were designed to provide answers to the objective of the paper, the key focus area
includes Basic knowledge of cybersecurity Trust, Privacy, Password management, the desire to
learn cybersecurity and cybersecurity awareness program as a course. The protocol of this
questions was adopted based on the study carried out by (Moallem, 2018; Al-Janabi & Al-
Shourbaji, 2016).

4. Results and Findings

The questionnaire link was distributed and takes one month for respondents to answer the
questions before the link is disabled. A total number of 408 students have filled the questions and
out this 408, filtration was made to see of some questions were not answered or left blank. A
total number of 41 were identified and are deleted from the results due to not completing one
question among the questions given. A total number of 367 are identified to be valid and the
analysis will be conducted using these samples.

4.1. Demography
The completed survey consists of demography data which include age and gender were
collected. Out of 367 responders, 18- 20 ages are 50 students, 21- 25 are 200 students, and 26 –
30 are 117 respectively and in gender, males are 308, and females are 53 and those that answered
prefer not to say are 4. From this analysis is shown most responders are male and between the
age of 21 to 25.

4.2. Basic Knowledge of Cybersecurity

The question was asked, do you consider yourself knowledgeable about the concept of
cybersecurity, to determine the basic knowledge of cybersecurity.

Figure1 Respond to Cybersecurity

Figure 1 shows the response on Q1, from this chart it shows the number of students that have
basic knowledge is 193 and82 said No and others are not sure answered maybe which is 90. This

ISSN: 2005-4238 IJAST 770

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

shows the majority of the students have some basic knowledge of what is cybersecurity means
but half are not sure about the concept of cybersecurity but when the number of no and maybe
are combined is 172 which is almost to half. This shows that there is a need to educate the
students on the concept of cybersecurity. Q2, Do you know what Two-Factor Authentication
(2FA) is, and do you use it? The result shows the majority know the Two-Factor Authentication
a total of 162 out 367, while 162 said No and 29 said maybe. This result shows even with the
majority the overall result shows most students are not familiar with this technique. This raises
the question of having an awareness to increase the level of cybersecurity knowledge. Q3, when
you receive an email from an unfamiliar sender, do you open it? The result on the opening of
unfamiliar email, a total of 219 said yes out of 367, 110 said no, and 36 said maybe. This result
indicates the majority of students lack the knowledge of phishing attacks. This poses a threat to
student information and the universities too. An urgent awareness is needed to clear this doubt
before occurring of any incident. Q4, when you receive an email requiring your credential
information such as name, date of birth, age, your credit card number. Do you send it? The
results are displayed below.

Figure 2. Response to Sending Credit Card Information

Figure 2 shows that almost all students are aware of 419 tricks, and a total number of 306 out
of 367 said No on sending names, date of birth, and credit card number to an unknown person.
This indicates students are more aware of critical issues, like this when it involves money. Q5, do
you ever reject app permission? The result shows the cybersecurity knowledge of students on
whether they reject app permission, a total of 210 said yes, while 126 said No and 29 said maybe
out of 367 respondents. These results indicate that the majority do not accept app permission to
access certain information like location, contact. This shows students are aware of the danger.
Q6, do you know \what is the difference between using HTTP and HTTPS? The results show a
total of 197 said yes, 155 said no, and 13 are not sure. When we analyze the result, the majority
understood the difference but overall indication shows 170 do not understand the concept. This
indicates there is a need for awareness to explain the difference. Q7, do you know, what is the
meaning of the concept phishing? The result shows a total number of 276 students said No, 72
said yes and 17 said maybe, this shows students lack the theoretical knowledge and also practical
know-how on the term phishing. More than half lacks phishing knowledge.
This seriously indicates there is a need for an awareness to address the issue. Q8, do you use
debit or credit cards at an outdoor payment machine? The result shows a total number of 234 said
yes on using the debit/ credit to make payments, while 111 said No and 20 said maybe out of 367
respondents. This indicates the majority are using their card to make payments. These shows are
is less need for awareness to used cashless payment only how the student will identify legitimate
and fake sites when making the payment is needed. Q9, do you shop/purchase items advertised
on social networks or your private email? The result shows most students do not buy products
advertised on their social page using the recommender system, a total of 177 said yes, 168 said
no, and 20 are not sure. The result shows the majority said No, but overall the result show they

ISSN: 2005-4238 IJAST 771

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

are some substantial number of student who purchases product recommended to them. This poses
a threat to phishing as a new method of phishing has evolved using pictures. There is a need to
enlighten the students on-site to click to make payment. Q10, do you think that it is important to
read the user agreements for free program/software before clicking, \I accept"? The result shows
a total No of 274 yes, 62 said No and 29 said maybe on whether user agreement is important to
read before clicking I/accept. This shows the majority are reading the agreement before accepting
it. This shows students aware of the need to agree to a term and condition.

4.3. Privacy
The question asked was when using the computer system and the Internet, what do you feel
secure? Figure 3 shows the results.

Figure 3 Response to Privacy

Figure 3 shows the response to the above question about privacy, 169 respondents out 367
said yes, while 111 said No and 85 said maybe. If the total number of No and maybe is combined
then 199 were not sure if they are secure. This shows that students are not comfortable when
using the internet, therefore there is a need to educate them on how to use the internet securely,
Q2, have you ever rejected a mobile app request for accessing your contacts, camera, or location?
The result shows the results of the student ever reject app permission to access contact, camera,
and location, 195 said yes, 153 said No and 17 said maybe. Majority of the students said yes, but
overall of the results shows almost half said No, this shows student lack basic knowledge of
privacy.

4.5. Trust
The question asked was, do you have reason to believe that you are being observed online
without your consent? Figure 4 explains more

Figure 0 Response to on Trust

Figure 4 shows that students trust when online, 187 fill ok while 143 said No and 35 said
maybe. This result shows that the majority trusted the internet but No is almost more than half.
This shows not all the students trusted the internet. A second was asked, do you think that your

ISSN: 2005-4238 IJAST 772

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

data on the university system is secure? The results show that 198 out of 367 students feel their
data is secured, 103 said No, and 64 said maybe. Based on the results the majority of its shows
believe their data is secured but overall shows the number of No and maybe are 207 which is
higher than the majority shows many do not feel their data is secured. This prompts awareness to
the ICT staff to organize a workshop to enlighten students on how their data is saved in the
university systems.

4.6. Password Management

Password management question was asked do you use a harder-to-guess password to access
your bank account than to access your social networking accounts.

Figure 5 Response to password

Figure 5 shows the analysis of password question, 204 said no, 139 said yes and 22 said
maybe. This result shows the majority are not using hard to guess passwords. This shows the
students are less secure password, this shows awareness on password management is highly
required. Q2, do you use the same passwords for both social networks such as Facebook, Twitter,
iTunes, and your email accounts? And the results show 194 said yes, 153 said no and 18 said
maybe. These results show the majority are aware of the knowledge but almost half are not
implementing it. This prompts awareness of the risk of using the same password across all
platforms.

4.7. Desire to Learn Cybersecurity

This question was part of the objective to know if students want to learn more about
cybersecurity.

Figure 5 Response to desire to learn cybersecurity

ISSN: 2005-4238 IJAST 773

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

Figure 5 shows the response on the question, a total of 346 students said yes, 12 said No, and
7 said maybe. This result indicates the desire and needs of the students to learn more about
cybersecurity. This shows awareness is highly needed.

4.8. Cybersecurity Awareness Program as a Course

This question is also among the objectives of the research, to know if students are willing to
take a cybersecurity course when made as a curriculum.

Figure 6 Response to Cybersecurity as a Course in the University Curriculum

Figure 6 shows an astonishing result regarding whether students are willing to take
cybersecurity as a course in their curriculum and the result shows a passionate consensus. A total
number of 328 out 367 said yes this shows the universities are lacking cybersecurity as a course
and this prompts to awareness of the university management. A second question was asked, in
your opinion, is it important that academic institutions should have an information security
officer? The result 325 out of 367 students have agreed on that, this shows currently there are no
security officers in the universities.

5. Conclusion
The results of the survey indicate that university students lack the basic knowledge of
cybersecurity, even when the results on the questions shows that students have basic knowledge
around 193 said yes and 82 said No and other are not sure answered maybe which is 90, but the
subsequent questions indicated the lack of cybersecurity awareness. Among the question is that
of password management result analysis which shows 204 said No, 139 said yes and 22 said
maybe to using hard to guess password also, the question on opening an email sent from an
unfamiliar person, the result shows, a total of 219 said yes out of 367, 110 said no and 36 said
maybe. This result indicates the majority of students lack the knowledge of phishing attacks. The
results appear to show that all the institutions lack cybersecurity programs and no indication of
the cybersecurity program and a total of 346 respondents out 367 strongly desire to learn more
about cybersecurity. Also, a total number of 328 out of 367 respondents agree to have
cybersecurity awareness as a curriculum in their university. When it comes to payment or given
credit information the students are aware of the danger but lack other methods of an attack like
phishing as the result show a total of 276 out of 367 are not familiar with the concept of phishing.
Finally, this results obtained from this survey it indications, cybersecurity awareness program is
not conducted in Nigerian tertiary institutions, it also indicates lack of basic cybersecurity
knowledge such as password management, the survey also indicates students are demanding such
cybersecurity awareness program as out of 367 surveyed students 346 have the desire to learn
more on cybersecurity and 328 agrees to have cybersecurity course inside university curriculum.

ISSN: 2005-4238 IJAST 774

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

6. References
[1] A McDaniel, E. (2013). Securing the Information and Communications Technology Global Supply Chain from
Exploitation: Developing a Strategy for Education, Training, and Awareness. Issues in Informing Science and
Information Technology, 10(2012), 313–324. https://doi.org/10.28945/1813
[2] Ahmed, N., Kulsum, U., Bin Azad, M. I., Momtaz, A. S. Z., Haque, M. E., & Rahman, M. S. (2018).
Cybersecurity awareness survey: An analysis from Bangladesh perspective. 5th IEEE Region 10 Humanitarian
Technology Conference 2017, R10-HTC 2017, 2018-January, 788–791. https://doi.org/10.1109/R10-
HTC.2017.8289074
[3] Al-Janabi, S., & Al-Shourbaji, I. (2016). A Study of Cyber Security Awareness in Educational Environment in
the Middle East. Journal of Information and Knowledge Management, 15(1).
https://doi.org/10.1142/S0219649216500076
[4] Aloul, F. A. (2012). The Need for Effective Information Security Awareness. Journal of Advances in Information
Technology, 3(3). https://doi.org/10.4304/jait.3.3.176-183
[5] Chan, H. (2012). Significance of Information Security Awareness in the Higher Education Sector. 60(10), 23–31.
[6] Cone, B. D., Irvine, C. E., Thompson, M. F., & Nguyen, T. D. (2007). A video game for cyber security training
and awareness. Computers and Security, 26(1), 63–72. https://doi.org/10.1016/j.cose.2006.10.005
[7] Katz, F. H. (2005). The effect of a university information security survey on instruction methods in information
security. Proceedings of the 2005 Information Security Curriculum Development Conference, InfoSecCD ’05,
43–48. https://doi.org/10.1145/1107622.1107633
[8] Kim, E. B. (2014). Recommendations for information security awareness training for college students.
Information Management and Computer Security, 22(1), 115–126. https://doi.org/10.1108/IMCS-01-2013-0005
[9] Kirwan, G. H., Fullwood, C., & Rooney, B. (2017). Risk Factors for Social Networking Site Scam Victimization
Among Malaysian Students. 00(00), 1–6. https://doi.org/10.1089/cyber.2016.0714
[10] Knapp, K. J., Marshall, T. E., Rainer, R. K., & Ford, F. N. (2006). Information security: Management’s effect on
culture and policy. Information Management and Computer Security, 14(1), 24–36.
https://doi.org/10.1108/09685220610648355
[11] Kruger, H., Drevin, L., & Steyn, T. (2010). A vocabulary test to assess information security awareness.
Information Management & Computer Security, 18(5), 316–327. https://doi.org/10.1108/09685221011095236
[12] McCrohan, K. F., Engel, K., & Harvey, J. W. (2010). Influence of awareness and training on cyber security.
Journal of Internet Commerce, 9(1), 23–41. https://doi.org/10.1080/15332861.2010.487415
[13] Moallem, A. (2019). Cybersecurity Awareness Among Students and Faculty. In Cybersecurity Awareness
Among Students and Faculty (Vol. 2). https://doi.org/10.1201/9780429031908
[14] Pastor, V., Díaz, G., & Castro, M. (2010). State-of-the-art simulation systems for information security education,
training and awareness. 2010 IEEE Education Engineering Conference, EDUCON 2010, 1907–1916.
https://doi.org/10.1109/EDUCON.2010.5492435
[15] Pramod, D., & Raman, R. (2014). A study on the user perception and awareness of smartphone security.
International Journal of Applied Engineering Research, 9(23), 19133–19144.
[16] Rahim, N. H. A., Hamid, S., Kiah, L. M., Shamshirband, S., & Furnell, S. (2015). A systematic review of
approaches to assessing cybersecurity awareness. Kybernetes, 44(4), 606–622. https://doi.org/10.1108/K-12-
2014-0283
[17] Rantos, K., Fysarakis, K., & Manifavas, C. (2012). How Effective Is Your Security Awareness Program? An
Evaluation Methodology. Information Security Journal, 21(6), 328–345.
https://doi.org/10.1080/19393555.2012.747234
[18] Reyns, B. W., Henson, B., & Fisher, B. S. (2012). Stalking in the Twilight Zone: Extent of Cyberstalking
Victimization and Offending Among College Students. Deviant Behavior, 33(1), 1–25.
https://doi.org/10.1080/01639625.2010.538364
[19] Sarathchandra, D., Haltinner, K., & Lichtenberg, N. (2016). College Students’ Cybersecurity Risk Perceptions,
Awareness, and Practices. Proceedings - 2016 Cybersecurity Symposium, CYBERSEC 2016, 68–73.
https://doi.org/10.1109/CYBERSEC.2016.018
[20] Slusky, L., & Partow-Navid, P. (2012). Students Information Security Practices and Awareness. Journal of
Information Privacy and Security, 8(4), 3–26. https://doi.org/10.1080/15536548.2012.10845664
[21] Tirumala, S. S., Sarrafzadeh, A., & Pang, P. (2016). A survey on internet usage and cybersecurity awareness in
students. 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016, 223–228.
https://doi.org/10.1109/PST.2016.7906931

ISSN: 2005-4238 IJAST 775

Copyright ⓒ 2020 SERSC
 International Journal of Advance Science and Technology
Vol. 29 No. 10S, (2020), pp. 767-776

[22] Troia, V. (2018). The Cybersecurity Framework as an Effective Information Security Baseline: A Qualitative
Exploration. ProQuest Dissertations and Theses, D.I.T.(August). Retrieved from
http://wv9lq5ld3p.search.serialssolutions.com.library.capella.edu?ctx_ver=Z39.88-
2004&ctx_enc=info:ofi/enc:UTF-
8&rfr_id=info:sid/Dissertations+%2526+Theses+%2540+Capella+University&rft_val_fmt=info:ofi/fmt:kev:mtx
:dissertation&rft.genre=dissertations+%252
[23] Tsohou, A., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2008). Investigating information security awareness:
Research and practice gaps. Information Security Journal, 17(5–6), 207–227.
https://doi.org/10.1080/19393550802492487
[24] Willison, R., & Warkentin, M. (2013). Beyond Deterrence: An Expanded View of Employee Computer Abuse.
MIS Quarterly, 37(1), 1–20. Retrieved from http://www.jstor.org/stable/43825935
[25] Yang, Y., Zhou, L., Peng, Z., Using, S., Spread, N., Deng, S., & Huang, H. (2017). A Survey on Cyber Security
awareness among college students in Tamil Nadu A Survey on Cyber Security awareness among college students
in Tamil Nadu. https://doi.org/10.1088/1757-899X/263/4/042043

ISSN: 2005-4238 IJAST 776

Copyright ⓒ 2020 SERSC

View publication stats