A Cybersecurity Awareness Model for the Protection of Saudi Students from Social Media Attacks
Received: 22 February 2024 | Revised: 9 March 2024 | Accepted: 12 March 2024 | Online: 21 March 2024
Corresponding author: Gaseb Alotibi
Abstract
Social engineering addresses a broad category of techniques aiming to persuade someone to reveal data or perform actions for criminal purposes, such as disclosing personal information about a particular target. Cybersecurity awareness is required to raise people’s understanding of how these social engineering techniques are being used and so their capacity to exploit them. To accomplish this objective, primary focus is given to educating and training individuals on how to recognize such incidents and respond to them effectively. To protect people against social engineering threats, various cybersecurity models and approaches have been proposed. There are, however, a few differences between these models, since they are developed for specific purposes. Thus, the main objective of this study is to develop a cybersecurity awareness model specifically designed for Saudi students to protect them from social engineering attacks. The design science methodology was utilized in this study. The proposed model consists of four main stages: education and training, developing policies and guidelines, improving Saudi schools’ security, as well as monitoring and evaluation. The model introduced can ensure the safety and privacy of students, teachers, and staff across different social platforms.
Keywords:
cybersecurity, cybersecurity awareness, social media engineering, Saudi Arabia, design scienceDownloads
References
A. Parsaei, "Awareness and Social Engineering-Based Cyberattacks," International Journal of Reliability, Risk and Safety: Theory and Application, vol. 7, no. 1, pp. 31–36, Feb. 2024.
Z. Wang, H. Zhu, P. Liu, and L. Sun, "Social engineering in cybersecurity: a domain ontology and knowledge graph application examples," Cybersecurity, vol. 4, no. 1, Aug. 2021, Art. no. 31.
A. Alshammari, "A Novel Security Framework to Mitigate and Avoid Unexpected Security Threats in Saudi Arabia," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11445–11450, Aug. 2023.
N. Sandjojo, M. Zuhriyanto, and I. W. W. Pradnyana, "The Effects of Fear of Cybercrime and Information Systems Security Policy on National Vigilance," in International Conference on Informatics, Multimedia, Cyber and Information System, Jakarta, Indonesia, Nov. 2020, pp. 195–200.
A. Cetrulo, A. Sbardella, and M. E. Virgillito, "Vanishing social classes? Facts and figures of the Italian labour market," Journal of Evolutionary Economics, vol. 33, no. 1, pp. 97–148, Jan. 2023.
J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen, "Cyber Security and Privacy Issues in Smart Grids," IEEE Communications Surveys & Tutorials, vol. 14, no. 4, pp. 981–997, 2012.
M. Bardus, A. Keriabian, M. Elbejjani, and S. Al-Hajj, "Assessing eHealth literacy among internet users in Lebanon: A cross-sectional study," Digital Health, vol. 8, Jan. 2022, Art. no. 20552076221119336.
A. S. Alqahtani, "Factors Influencing the Adoption of E-commerce in Saudi Arabia: Study of Online Shopping," Ph.D. dissertation, Flinders University, Adelaide, South Australia, 2016.
A. Al-Dhaqm, S. Razak, and S. H. Othman, "Model Derivation System to Manage Database Forensic Investigation Domain Knowledge," in IEEE Conference on Application, Information and Network Security, Langkawi, Malaysia, Nov. 2018, pp. 75–80.
F. Alotaibi, S. Furnell, I. Stengel, and M. Papadaki, "A survey of cyber-security awareness in Saudi Arabia," in 11th International Conference for Internet Technology and Secured Transactions, Barcelona, Spain, Dec. 2016, pp. 154–158.
N. Innab, H. Al-Rashoud, R. Al-Mahawes, and W. Al-Shehri, "Evaluation of the Effective Anti-Phishing Awareness and Training in Governmental and Private Organizations in Riyadh," in 21st Saudi Computer Society National Computer Conference, Riyadh, Saudi Arabia, Apr. 2018, pp. 1–5.
E. I. M. Zayid and N. A. A. Farah, "A study on cybercrime awareness test in Saudi Arabia - Alnamas region," in 2nd International Conference on Anti-Cyber Crimes, Abha, Saudi Arabia, Mar. 2017, pp. 199–202.
A. Alarifi, H. Tootell, and P. Hyland, "A study of information security awareness and practices in Saudi Arabia," in International Conference on Communications and Information Technology, Hammamet, Tunisia, Jun. 2012, pp. 6–12.
A. Alzahrani and K. Alomar, "Information Security Issues and Threats in Saudi Arabia: A Research Survey," International Journal of Computer Science Issues, vol. 13, no. 6, pp. 129–135, Nov. 2016.
R. C. Dodge, C. Carver, and A. J. Ferguson, "Phishing for user security awareness," Computers & Security, vol. 26, no. 1, pp. 73–80, Feb. 2007.
N. A. G. Arachchilage and S. Love, "Security awareness of computer users: A phishing threat avoidance perspective," Computers in Human Behavior, vol. 38, pp. 304–312, Sep. 2014.
H. A. Albaroodi, M. Abomaali, and S. Manickam, "Iraqi’s Organizations Awareness to Prompt Open Source Cloud Computing (OSCC) in Their Service: A Study," in International Conference on Advances in Cyber Security, Penang, Malaysia, Dec. 2020, pp. 305–319.
A. P. Filippidis, C. S. Hilas, G. Filippidis, and A. Politis, "Information security awareness of greek higher education students — Preliminary findings," in 7th International Conference on Modern Circuits and Systems Technologies, Thessaloniki, Greece, Dec. 2018, pp. 1–4.
S. S. Md Kassim, M. Salleh, and A. Zainal, "Cloud Computing: A General User’s Perception and Security Awareness in Malaysian Polytechnic," in Pattern Analysis, Intelligent Security and the Internet of Things, A. Abraham, A. K. Muda, and Y.-H. Choo, Eds. New York, NY, USA: Springer, 2015, pp. 131–140.
Z. Asadi, M. Abdekhoda, and H. Nadrian, "Cloud computing services adoption among higher education faculties: development of a standardized questionnaire," Education and Information Technologies, vol. 25, no. 1, pp. 175–191, Jan. 2020.
F. J. Massey Jr., "The Kolmogorov-Smirnov Test for Goodness of Fit," Journal of the American Statistical Association, vol. 46, no. 253, pp. 68–78, Mar. 1951.
J. Abawajy, "User preference of cyber security awareness delivery methods," Behaviour & Information Technology, vol. 33, no. 3, pp. 237–248, Mar. 2014.
A. M. R. Al- Dhaqm, S. H. Othman, S. Abd Razak, and A. Ngadi, "Towards adapting metamodelling technique for database forensics investigation domain," in International Symposium on Biometrics and Security Technologies, Kuala Lumpur, Malaysia, Aug. 2014, pp. 322–327.
A. Al-Dhaqm, S. Razak, R. A. Ikuesan, V. R. Kebande, and S. Hajar Othman, "Face Validation of Database Forensic Investigation Metamodel," Infrastructures, vol. 6, no. 2, Feb. 2021, Art. no. 13.
S. Abd Razak, N. H. Mohd Nazari, and A. Al-Dhaqm, "Data Anonymization Using Pseudonym System to Preserve Data Privacy," IEEE Access, vol. 8, pp. 43256–43264, 2020.
A. Aldhaqm, S. A. Razak, S. H. Othman, A. Ali, and A. Ngadi, "Conceptual Investigation Process Model for Managing Database Forensic Investigation Knowledge," Research Journal of Applied Sciences, Engineering and Technology, vol. 12, no. 4, pp. 386–394, Feb. 2016.
M. Ngadi, R. Al-Dhaqm, and A. Mohammed, "Detection and prevention of malicious activities on RDBMS relational database management systems," International Journal of Scientific & Engineering Research, vol. 3, no. 9, pp. 1–10, Oct. 2012.
A. Ali, S. A. Razak, S. H. Othman, and A. Mohammed, "Extraction of Common Concepts for the Mobile Forensics Domain," in International Conference of Reliable Information and Communication Technology, Johor Bahru, Malaysia, Apr. 2017, pp. 141–154.
A. Ali, S. Razak, S. Othman, and M. Arafat, "Towards Adapting Metamodeling approach for the Mobile Forensics Investigation Domain," in International Conference on Innovation in Science and Technology, Kuala Lumpur, Malaysia, Apr. 2015, pp. 364–367.
M. A. Saleh, S. Hajar Othman, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Common Investigation Process Model for Internet of Things Forensics," in 2nd International Conference on Smart Computing and Electronic Enterprise, Cameron Highlands, Malaysia, Jun. 2021, pp. 84–89.
B. Zawali, R. A. Ikuesan, V. R. Kebande, S. Furnell, and A. A-Dhaqm, "Realising a Push Button Modality for Video-Based Forensics," Infrastructures, vol. 6, no. 4, Apr. 2021, Art. no. 54.
A. Al-Dhaqm et al., "Digital Forensics Subdomains: The State of the Art and Future Directions," IEEE Access, vol. 9, pp. 152476–152502, 2021.
A. Aldhaqm, S. A. Razak, and S. H. Othman, "CommonInvestigation Process Model for Database Forensic Investiga-tion Discipline," in International Conference on Innovation in Science and Technology, Kuala Lumpur, Malaysia, Apr. 2015, pp. 297–300.
F. M. Alotaibi, A. Al-Dhaqm, and Y. D. Al-Otaibi, "A Novel Forensic Readiness Framework Applicable to the Drone Forensics Field," Computational Intelligence and Neuroscience, vol. 2022, 2022, Art. no. 8002963.
F. M. Ghabban, I. M. Alfadli, O. Ameerbakhsh, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Comparative Analysis of Network Forensic Tools and Network Forensics Processes," in 2nd International Conference on Smart Computing and Electronic Enterprise, Cameron Highlands, Malaysia, Jun. 2021, pp. 78–83.
O. Ameerbakhsh, F. M. Ghabban, I. M. Alfadli, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Digital Forensics Domain and Metamodeling Development Approaches," in 2nd International Conference on Smart Computing and Electronic Enterprise, Cameron Highlands, Malaysia, Jun. 2021, pp. 67–71.
A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, A.-H. M. Emara, S. Bin Abd Razak, and D. S. Khafaga, "A Unified Forensic Model Applicable to the Database Forensics Field," Electronics, vol. 11, no. 9, Jan. 2022, Art. no. 1347.
F. M. Alotaibi, A. Al-Dhaqm, Y. D. Al-Otaibi, and A. A. Alsewari, "A Comprehensive Collection and Analysis Model for the Drone Forensics Field," Sensors, vol. 22, no. 17, Jan. 2022, Art. no. 6486.
W. M. S. Yafooz, A. Al-Dhaqm, and A. Alsaeedi, "Detecting Kids Cyberbullying Using Transfer Learning Approach: Transformer Fine-Tuning Models," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. New York, NY, USA: Springer, 2023, pp. 255–267.
A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, S. B. A. Razak, A.-H. M. Emara, and D. S. Khafaga, "Towards Development of a High Abstract Model for Drone Forensic Domain," Electronics, vol. 11, no. 8, Jan. 2022, Art. no. 1168.
I. M. Alfadli, F. M. Ghabban, O. Ameerbakhsh, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "CIPM: Common Identification Process Model for Database Forensics Field," in 2nd International Conference on Smart Computing and Electronic Enterprise, Cameron Highlands, Malaysia, Jun. 2021, pp. 72–77.
A. Al-Dhaqm, S. H. Othman, W. M. S. Yafooz, and A. Ali, "Review of Information Security Management Frameworks," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. New York, NY, USA: Springer, 2023, pp. 69–80.
M. Salem, S. H. Othman, A. Al-Dhaqm, and A. Ali, "Development of Metamodel for Information Security Risk Management," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. New York, NY, USA: Springer, 2023, pp. 243–253.
A. Al-Dhaqm, W. M. S. Yafooz, S. H. Othman, and A. Ali, "Database Forensics Field and Children Crimes," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. New York, NY, USA: Springer, 2023, pp. 81–92.
M. Saleh et al., "A Metamodeling Approach for IoT Forensic Investigation," Electronics, vol. 12, no. 3, Jan. 2023, Art. no. 524.
A. Ali, S. A. Razak, S. H. Othman, R. R. Marie, A. Al-Dhaqm, and M. Nasser, "Validating Mobile Forensic Metamodel Using Tracing Method," in Advances on Intelligent Informatics and Computing, F. Saeed, F. Mohammed, and F. Ghaleb, Eds. New York, NY, USA: Springer, 2021, pp. 473–482.
D. S. A. Baras, S. H. Othman, A. Al-Dhaqm, and R. Z. R. M. Radzi, "Information Security Management Metamodel (ISMM) Validation and Verification through Frequency-based Selection Technique," in International Conference on Data Science and Its Applications, Bandung, Indonesia, Oct. 2021, pp. 292–297.
A. M. R. Al-Dhaqm, "Simplified Database Forensic Invetigation Using Metamodeling Approach," Ph.D. dissertation, University of Technology Malaysia, Johor, Malaysia, 2019.
V. R. Kebande and I. Ray, "A Generic Digital Forensic Investigation Framework for Internet of Things (IoT)," in 4th International Conference on Future Internet of Things and Cloud, Vienna, Austria, Aug. 2016, pp. 356–362.
V. Kebande and H. S. Venter, "Requirements for Achieving Digital Forensic Readiness in the Cloud Environment using an NMB Solution," in 11th International Conference on Cyber Warfare and Security, Boston, MA, USA, Mar. 2016, pp. 1–9.
V. R. Kebande and H. S. Venter, "A comparative analysis of digital forensic readiness models using CFRaaS as a baseline," WIREs Forensic Science, vol. 1, no. 6, 2019, Art. no. e1350.
A. Al-Dhaqm, S. A. Razak, R. A. Ikuesan, V. R. Kebande, and K. Siddique, "A Review of Mobile Forensic Investigation Process Models," IEEE Access, vol. 8, pp. 173359–173375, 2020.
A. Al-Dhaqm et al., "Categorization and Organization of Database Forensic Investigation Processes," IEEE Access, vol. 8, pp. 112846–112858, 2020.
A. Al-Dhaqm, S. A. Razak, K. Siddique, R. A. Ikuesan, and V. R. Kebande, "Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field," IEEE Access, vol. 8, pp. 145018–145032, 2020.
V. R. Kebande, R. A. Ikuesan, N. M. Karie, S. Alawadi, K.-K. R. Choo, and A. Al-Dhaqm, "Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments," Forensic Science International: Reports, vol. 2, Dec. 2020, Art. no. 100122.
V. R. Kebande, R. A. Ikuesan, and N. M. Karie, "Review of Blockchain Forensics Challenges," in Blockchain Security in Cloud Computing, K. M. Baalamurugan, S. R. Kumar, A. Kumar, V. Kumar, and S. Padmanaban, Eds. New York, NY, USA: Springer, 2022, pp. 33–50.
V. R. Kebande and K.-K. R. Choo, "Finite state machine for cloud forensic readiness as a service (CFRaaS) events," Security and Privacy, vol. 5, no. 1, 2022, Art. no. e182.
S. Makura, H. S. Venter, V. R. Kebande, N. M. Karie, R. A. Ikuesan, and S. Alawadi, "Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring," Security and Privacy, vol. 4, no. 3, 2021, Art. no. e149.
V. R. Kebande, N. M. Karie, R. A. Ikuesan, and H. S. Venter, "Ontology-driven perspective of CFRaaS," WIREs Forensic Science, vol. 2, no. 5, 2020, Art. no. e1372.
F. Alotaibi, A. Al-Dhaqm, and Y. D. Al-Otaibi, "A Conceptual Digital Forensic Investigation Model Applicable to the Drone Forensics Field," Engineering, Technology & Applied Science Research, vol. 13, no. 5, pp. 11608–11615, Oct. 2023.
A. S. Alraddadi, "A Survey and a Credit Card Fraud Detection and Prevention Model using the Decision Tree Algorithm," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11505–11510, Aug. 2023.
A. Al-Dhaqm, W. M. S. Yafooz, S. H. Othman, and A. Ali, "Database Forensics Field and Children Crimes," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. New York, NY, USA: Springer, 2023, pp. 81–92.
Downloads
How to Cite
License
Copyright (c) 2024 Gaseb Alotibi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.