Investigating Security Awareness and Incident Reporting levels at Mbarara University of Science and Technology

Authors

  • Thomas Mbonimpa Department of Physics, Mbarara University of Science and Technology, Uganda
  • Ntwari Richard Department of Computer Science, Mbarara University of Science and Technology, Uganda
  • Muhereza J. Innocent Department of Security, Mbarara University of Science and Technology, Uganda
  • Muheki Priscilla Department of Physics, Mbarara University of Science and Technology, Uganda

DOI:

https://doi.org/10.47540/ijias.v4i3.1482

Keywords:

Incident Reporting, Security Awareness, Security Behavior, Security Incident

Abstract

Higher learning institutions confront heightened cyber threats due to the value of their data, necessitating a robust security culture. In addition to cyber threats, various security incidents cause danger to devices and personal belongings on campuses. Security incidents present a substantial challenge to academic institutions, especially higher education, where their occurrence is notably prevalent. These incidents encompass a broad spectrum, including thefts, data breaches, malware attacks, and other breaches in physical security. Addressing security incidents necessitates critical strategies involving educating and raising awareness among the academic and surrounding communities. In this study, we aimed to investigate the security awareness levels of students at Mbarara University of Science and Technology and establish their incident reporting attitudes and levels. We used a quantitative research method and conducted different statistical tests. The findings indicate that ~50% of the participants had not had any security awareness training, indicating a very big gap in the security culture at this institution. Although some of the students indicated their awareness of security threats, the percentage who showed a lack of awareness or a noncommittal response suggests that there is a very big need for security awareness strategies. Additionally, about 60% of the students showed their will to report security threats which implies that they can be vigilant about their and the institutional security. Based on these findings we recommend continuous training programs for students to increase their levels of awareness and incident reporting and consequently develop an institutional security culture.

References

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939–953.

Alharbi, T., & Tassaddiq, A. (2021). Assessment of cybersecurity awareness among students of Majmaah University. Big Data and Cognitive Computing, 5(2), 23.

Alqahtani, M. A. (2022). Factors affecting cybersecurity awareness among university students. Applied Sciences, 12(5), 2589.

Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003.

Arend, I., Shabtai, A., Idan, T., Keinan, R., & Bereby-Meyer, Y. (2020). Passive and not active-risk tendencies predict cyber security behavior. Computers & Security, 97, 101964.

Aslan, Ö., Aktug, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), 1333.

Barakovic, S., & Barakovic Husic, J. (2023). Cyber hygiene knowledge, awareness, and behavioral practices of university students. Information Security Journal: A Global Perspective, 32(5), 347–370.

Chapman, J. (2019). How Safe is Your Data?: Cyber-security in Higher Education.

Cheng, E. C., & Wang, T. (2022). Institutional strategies for cybersecurity in higher education institutions. Information, 13(4), 192.

Da Veiga, A. (2023). A model for information security culture with creativity and innovation as enablers–refined with an expert panel. Information & Computer Security, 31(3), 281–303.

Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713.

Dash, B., & Ansari, M. F. (2022). An effective cybersecurity awareness training model: First defense of an organizational security strategy.

Djenna, A., Harous, S., & Saidouni, D. E. (2021). Internet of things meet internet of threats: New concern cyber security issues of critical cyber infrastructure. Applied Sciences, 11(10), 4580.

Ekpoh, U. I., Edet, A. O., & Ukpong, N. N. (2020). Security challenges in Universities: Implications for safe school environment. Journal of Educational and Social Research, 10(6), 112–112.

Franchina, L., Inzerilli, G., Scatto, E., Calabrese, A., Lucariello, A., Brutti, G., & Roscioli, P. (2021). Passive and active training approaches for critical infrastructure protection. International Journal of Disaster Risk Reduction, 63, 102461.

Garba, A., Sirat, M. B., Hajar, S., & Dauda, I. B. (2020). Cyber security awareness among university students: A case study. Science Proceedings Series, 2(1), 82–86.

González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759.

Hall, R. C., Hoppa, M. A., & Hu, Y.-H. (2023). An Empirical Study of Password Policy Compliance. Journal of The Colloquium for Information Systems Security Education, 10(1), 8–8.

Hatzivasilis, G., Ioannidis, S., Smyrlis, M., Spanoudakis, G., Frati, F., Braghin, C., Damiani, E., Koshutanski, H., Tsakirakis, G., Hildebrandt, T., & others. (2021). The threat-arrest cyber range platform. 2021 IEEE International Conference on Cyber Security and Resilience (CSR), 422–427.

Hina, S., & Dominic, P. D. D. (2020). Information security policies’ compliance: A perspective for higher education institutions. Journal of Computer Information Systems.

Hong, W. C. H., Chi, C., Liu, J., Zhang, Y., Lei, V. N.-L., & Xu, X. (2023). The influence of social education level on cybersecurity awareness and behaviour: A comparative study of university students and working graduates. Education and Information Technologies, 28(1), 439–470.

Hu, S., Hsu, C., & Zhou, Z. (2022). Security education, training, and awareness programs: Literature review. Journal of Computer Information Systems, 62(4), 752–764.

Jamal, H., Algeelani, N. A., & Al-Sammarraie, N. (2024). Safeguarding data privacy: Strategies to counteract internal and external hacking threats. Computer Science and Information Technologies, 5(1), 46–54.

Kasowaki, L., & Ali, K. (2024). Cyber Hygiene: Safeguarding Your Data in a Connected World. EasyChair.

Khando, K., Gao, S., Islam, S. M., & Salman, A. (2021). Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Security, 106, 102267.

Kovacevic, A., Putnik, N., & Toškovic, O. (2020). Factors related to cyber security behavior. IEEE Access, 8, 125140–125148.

Kumar, S., Biswas, B., Bhatia, M. S., & Dora, M. (2021). Antecedents for enhanced level of cyber-security in organisations. Journal of Enterprise Information Management, 34(6), 1597–1629.

Kuraku, S., Kalla, D., Samaah, F., & Smith, N. (2023). Cultivating Proactive Cybersecurity Culture among IT Professional to Combat Evolving Threats. International Journal of Electrical, Electronics and Computers, 8(6).

Lamoreaux, D. J., & Sulkowski, M. L. (2021). Crime Prevention through Environmental Design in schools: Students’ perceptions of safety and psychological comfort. Psychology in the Schools, 58(3), 475–493.

Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186.

Maddireddy, B. R., & Maddireddy, B. R. (2022). Real-Time Data Analytics with AI: Improving Security Event Monitoring and Management. Unique Endeavor in Business & Social Sciences, 1(2), 47–62.

Mofokeng, J. T., Nkosikhona Simelane, N., & Mofokeng, L. (2023). Student safety and security for sustainable and inclusive residences: A Cross-Sectional Study. OIDA International Journal of Sustainable Development, 16(04), 11–28.

Moghayedi, A., Michell, K., Le Jeune, K., & Massyn, M. (2024). Assessing the influence of technological innovations and community-based facilities management on the safety and security of universities. A case study of an open campus. Facilities, 42(3/4), 223–244.

Neigel, A. R., Claypoole, V. L., Waldfogle, G. E., Acharya, S., & Hancock, G. M. (2020). Holistic cyber hygiene education: Accounting for the human factors. Computers & Security, 92, 101731.

Rahman, N. A. A., Sairi, I. H., Zizi, N. A. M., & Khalid, F. (2020). The importance of cybersecurity education in school. International Journal of Information and Education Technology, 10(5), 378–382.

Robinson, S. R., Casiano, A., & Elias-Lambert, N. (2022). “Is it my responsibility?”: A qualitative review of university students’ perspectives on bystander behavior. Trauma, Violence, & Abuse, 23(1), 117–131.

Rosin, F., Forget, P., Lamouri, S., & Pellerin, R. (2022). Enhancing the decision-making process through industry 4.0 technologies. Sustainability, 14(1), 461.

Sawyer, B. D., & Hancock, P. A. (2018). Hacking the human: The prevalence paradox in cybersecurity. Human Factors, 60(5), 597–609.

Setiawan, B., & Rizal, M. A. (2024). Measurement of Information Security and Privacy Awareness in College Students after the Covid-19 Pandemic. Procedia Computer Science, 234, 1396–1403.

Shah, A. (2024). Cybercrime Chronicles: Exploring the Evolving Landscape of Challenges in the Digital Era.

Taha, N., & Dahabiyeh, L. (2021). College students information security awareness: A comparison between smartphones and computers. Education and Information Technologies, 26(2), 1721–1736.

Thompson, J. D., Herman, G. L., Scheponik, T., Oliva, L., Sherman, A., Golaszewski, E., Phatak, D., & Patsourakos, K. (2018). Student misconceptions about cybersecurity concepts: Analysis of think-aloud interviews. Journal of Cybersecurity Education, Research and Practice, 2018(1), 5.

Ulven, J. B., & Wangen, G. (2021). A systematic review of cybersecurity risks in higher education. Future Internet, 13(2), 39.

Wiley, A., McCormac, A., & Calic, D. (2020). More than the individual: Examining the relationship between culture and Information Security Awareness. Computers & Security, 88, 101640.

Zwilling, M., Klien, G., Lesjak, D., Wiechetek, L., Cetin, F., & Basim, H. N. (2022). Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems, 62(1), 82–97.

Published

2024-10-30

How to Cite

Mbonimpa, T., Richard, N. ., Innocent, M. J. ., & Priscilla, M. . (2024). Investigating Security Awareness and Incident Reporting levels at Mbarara University of Science and Technology. Indonesian Journal of Innovation and Applied Sciences (IJIAS), 4(3), 208-216. https://doi.org/10.47540/ijias.v4i3.1482