Cybersecurity Behavior in the West Sumatra Universities

- Gushelmi - Universitas Putra Indonesia YPTK, Padang, West Sumatra, Indonesia
Rodziah Latih - Universiti Kebangsaan Malaysia, UKM Bangi, Malaysia
Abdullah Mohd. Zin - Universiti Poly-Tech Malaysia, Kuala Lumpur, Malaysia


Citation Format:



DOI: http://dx.doi.org/10.62527/joiv.8.3-2.3094

Abstract


User cybersecurity behavior refers to the actions, habits, and decisions made by individuals when using technology and information that affect the level of security of the data and systems they access. Previous research has shown that user cybersecurity behavior is one of the leading causes of computer and information security issues in many organizations, particularly education. To address this issue, researchers must find solutions to improve user cybersecurity behavior within an organization. Therefore, this study aims to find the factors influencing user cybersecurity behavior in higher education institutions in West Sumatra in 2020. This study was conducted using a survey research method. A questionnaire was distributed to 155 respondents. The questionnaire consisted of 28 questions covering seven factors influencing user cybersecurity behavior. The survey data will be analyzed using the Structural Equation Model based on Partial Least Square. The research findings indicate that all variables, such as Misuse Prevention and Compliance, Body of Knowledge, Skill, Behavioral Intervention, Attitude, Security Compliance Behavior, and Technology, have significant relationships. The relationships between these factors will be shown in the framework to be developed. This indicates that the education sector in Indonesia is aware of cyber threats and the importance of security procedures in the workplace. For further research, a deeper exploration of specific security issues is needed to propose potential solutions or actions that can be implemented to improve user cybersecurity behavior in the education sector, particularly in Indonesia.

Keywords


User cybersecurity; behavior; universities

Full Text:

PDF

References


W. A. Al-Khater, S. Al-Maadeed, A. A. Ahmed, A. S. Sadiq, and M. K. Khan, “Comprehensive review of cybercrime detection techniques,” IEEE Access, vol. 8, pp. 137293–137311, 2020, doi:10.1109/access.2020.3011259.

Gushelmi, R. Latih, and A. M. Zin, “Level of User Security Behavior in the Service Industry,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 13, no. 4, pp. 1529–1536, 2023, doi: 10.18517/ijaseit.13.4.18425.

J. Brands and J. Van Doorn, “The measurement, intensity and determinants of fear of cybercrime: A systematic review,” Comput. Human Behav., vol. 127, p. 107082, 2022, doi:10.1016/j.chb.2021.107082.

A. Almansoori, M. Al-Emran, and K. Shaalan, “Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories,” Appl. Sci., vol. 13, no. 9, 2023, doi:10.3390/app13095700.

H. Oz, A. Aris, A. Levi, and A. S. Uluagac, “A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions,” ACM Comput. Surv., vol. 54, no. 11s, pp. 1–37, Jan. 2022, doi:10.1145/3514229.

A. Chernikova et al., “Cyber Network Resilience Against Self-Propagating Malware Attacks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 13554 LNCS, no. 2019, pp. 531–550, 2022, doi: 10.1007/978-3-031-17140-6_26.

S. Kamil, H. S. A. Siti Norul, A. Firdaus, and O. L. Usman, “The Rise of Ransomware: A Review of Attacks, Detection Techniques, and Future Challenges,” in 2022 International Conference on Business Analytics for Technology and Security (ICBATS), IEEE, Feb. 2022, pp. 1–7. doi: 10.1109/icbats54253.2022.9759000.

Y. Hong and S. Furnell, “Motivating Information Security Policy Compliance: Insights from Perceived Organizational Formalization,” J. Comput. Inf. Syst., vol. 62, no. 1, pp. 19–28, 2022, doi:10.1080/08874417.2019.1683781.

A. Kovacevic, N. Putnik, and O. Toskovic, “Factors Related to Cyber Security Behavior,” IEEE Access, vol. 8, pp. 125140–125148, 2020, doi: 10.1109/ACCESS.2020.3007867.

L. Sanny, V. Angelina, and B. B. Christian, “Innovation of SME service industry in Indonesia in improving customer satisfaction,” J. Sci. Technol. Policy Manag., vol. 12, no. 2, pp. 351–370, Jan. 2021, doi: 10.1108/JSTPM-03-2020-0056.

R. F. Ali, P. D. D. Dominic, S. Emad, A. Ali, and M. Rehman, “applied sciences Information Security Behavior and Information Security Policy Compliance : A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance,” Appl. Sci., 2021.

I. Metin-Orta and D. Demirtepe-Saygılı, “Cyberloafing behaviors among university students: Their relationships with positive and negative affect,” Curr. Psychol., no. 0123456789, 2021, doi:10.1007/s12144-021-02374-3.

S. Toker and M. H. Baturay, “Factors affecting cyberloafing in computer laboratory teaching settings,” Int. J. Educ. Technol. High. Educ., vol. 18, no. 1, 2021, doi: 10.1186/s41239-021-00250-5.

S. Sugiyono, “Statitsika Untuk Penelitian,” Alfabeta Bandung, vol. 12. pp. 1–415, 2007.

J. D’Arcy and P. B. Lowry, “Cognitive-affective drivers of employees’ daily compliance with information security policies: A multilevel, longitudinal study,” Inf. Syst. J., vol. 29, no. 1, pp. 43–69, 2019, doi:10.1111/isj.12173.

I. Alhassan, D. Sammon, and M. Daly, “Critical Success Factors for Data Governance: A Theory Building Approach,” Inf. Syst. Manag., vol. 36, no. 2, pp. 98–110, 2019, doi:10.1080/10580530.2019.1589670.

I. Becker, “Measuring and understanding security behaviours,” PQDT - UK Irel., 2019.

M. Butavicius, K. Parsons, M. Lillie, A. McCormac, M. Pattinson, and D. Calic, “When believing in technology leads to poor cyber security: Development of a trust in technical controls scale,” Comput. Secur., vol. 98, 2020, doi: 10.1016/j.cose.2020.102020.

M. Choi and J. Song, “Social control through deterrence on the compliance with information security policy,” Soft Comput., vol. 22, no. 20, pp. 6765–6772, 2018, doi: 10.1007/s00500-018-3354-z.

D. Bendler and M. Felderer, “Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model,” ACM Trans. Comput. Educ., vol. 23, no. 2, 2023, doi: 10.1145/3573205.

B. Alkhazi, M. Alshaikh, S. Alkhezi, and H. Labbaci, “Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior,” IEEE Access, vol. 10, pp. 132132–132143, 2022, doi: 10.1109/ACCESS.2022.3230286.

P. Ifinedo, “Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory,” Comput. Secur., vol. 31, no. 1, pp. 83–95, 2012, doi: 10.1016/j.cose.2011.10.007.

F. H. S. Al Izki, “Exploring the Organisational, Social and Cultural Factors Influencing Those Employee Attitudes and Behaviours that Impact the Implementation of an Information Security Culture Within Omani Organisations,” 2019.

J. Deutrom, V. Katos, and R. Ali, “Loneliness, life satisfaction, problematic internet use and security behaviours: re-examining the relationships when working from home during COVID-19,” Behav. Inf. Technol., 2021, doi: 10.1080/0144929X.2021.1973107.

C. C. Nwokeji, C. E. and Agubosim, “Effects of people’s mental models of cybersecurity on their security behaviour,” Eur. J. Comput. Sci. Inf. Technol., vol. 10, no. 1, pp. 1–9, 2022, doi:10.37745/ejcsit/vol10.no1.pp1-9.

J. F. Hair, M. Sarstedt, L. Hopkins, and V. G. Kuppelwieser, “Partial least squares structural equation modeling (PLS-SEM): An emerging tool in business research,” Eur. Bus. Rev., vol. 26, no. 2, pp. 106–121, 2014, doi: 10.1108/EBR-10-2013-0128.

C. M. Ringle, M. Sarstedt, R. Schlittgen, and C. R. Taylor, “PLS path modeling and evolutionary segmentation,” J. Bus. Res., vol. 66, no. 9, pp. 1318–1324, 2013, doi: 10.1016/j.jbusres.2012.02.031.

J. Hair, C. L. Hollingsworth, A. B. Randolph, and A. Y. L. Chong, “An updated and expanded assessment of PLS-SEM in information systems research,” Ind. Manag. Data Syst., vol. 117, no. 3, pp. 442–458, 2017, doi: 10.1108/IMDS-04-2016-0130.

L. J. Cronbach, J. E. Deken, and N. Webb, “Research on Classrooms and Schools: Formulation of Questions, Design and Analysis.,” Occas. Pap. Eval. Consort., p. 243, 1976, [Online]. Available: https://eric.ed.gov/?id=ED135801

C. Fornell and F. Larcker, David, “Fornell, C., & Larcker, D. F. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error.,” J. Mark. Res., vol. 18, no. 1, pp. 39–50, 1981.

G. Cepeda-Carrión, J. F. Hair, C. M. Ringle, J. L. Roldán, and J. García-Fernández, “Guest editorial: Sports management research using partial least squares structural equation modeling (PLS-SEM),” Int. J. Sport. Mark. Spons., vol. 23, no. 2, pp. 229–240, 2022, doi:10.1108/IJSMS-05-2022-242.

C. Chang, “Relational bonds , customer engagement , and service quality,” Serv. Ind. J., vol. 41, no. 321, pp. 330–354, 2021.

Chin W.W, “Chin1998,” MIS Quaterly, vol. 22, no. 1. pp. vii–xvi, 1998.

J. Henseler, “Partial least squares path modeling: Quo vadis?,” Qual. Quant., vol. 52, no. 1, pp. 1–8, 2018, doi: 10.1007/s11135-018-0689-6.

K. J. Preacher and A. F. Hayes, “Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models,” Behav. Res. Methods, vol. 40, no. 3, pp. 879–891, 2008, doi:10.3758/BRM.40.3.879.

D. G. Kim and C. W. Lee, “Exploring the roles of self-efficacy and technical support in the relationship between techno-stress and counter-productivity,” Sustain., vol. 13, no. 8, pp. 1173–1182, 2021, doi: 10.3390/su13084349.

X. Zhao, J. G. Lynch, and Q. Chen, “Reconsidering Baron and Kenny: Myths and truths about mediation analysis,” J. Consum. Res., vol. 37, no. 2, pp. 197–206, 2010, doi: 10.1086/651257.