Identify the Factors Affecting the Culture and Awareness of Cyber Security Using Theme Analysis

Document Type : Original Article

Authors

1 PhD student, Saveh Branch, Islamic Azad University, Saveh, Iran

2 Assistant Professor, Maroodasht Branch, Islamic Azad University, Maroodasht, Iran

3 Associate Professor, Department of Educational Management, Saveh Branch, Islamic Azad University, Saveh, Iran

Abstract

Cybercriminals are targeting more humans than machines these days because they try to exploit users' vulnerabilities to achieve their destructive goals. The main purpose of this study is to identify the factors affecting the culture and awareness of cyber security using theme analysis. The research is applied in terms of purpose, exploratory in terms of method and qualitative in terms of data type. The research data includes all valid articles in the field of culture and cyber security awareness published in 2020 to 2022 inside and outside the country, with 3 keywords (culture, awareness, cyber security) in the valid have been collected and reviewed in the framework of MAXQDA software. The criteria for entering articles in the research was the applicable content for the research question and the criteria for excluding abstracts, book chapters, short reports and lack of access to the full text of the article. Validity was assessed using content validity and data reliability was estimated using Holstie method. Findings showed a review of 392 theme identified the basic themes related to cybersecurity culture and awareness, of which 12 themes were asset organizing, continuity, access and trust, operations, protection, security governance, attitude, behavior, competence, commitment and support, cyber security and they covered the budget. The identified factors can be used as analytical tools in the field of assessing the culture and awareness of cyber security, which is an important factor in the occurrence of cybercrime, in a logical and principled way to reduce cybercrime and solve related problems in the economic field. Educational, security, social and cultural payments.

Keywords


Smiley face

[1]    F. Tavakoli, M. Mortazavi, M. Keshavarz Tork M, “Determining Strategic Factors Affecting the Prevention of Cybercrime with Fuzzy Delphi Approach,” Journal of Social Order (JoSS), vol. 12, no. 4, pp. 113-140, 2021. [in Persian] 
[2]    B. Karimzadeh, B. Pourghahramani, J. Beigi, “Designing a Native Model of Social Capital to Prevent Cybercrime,” Journal of Social Order (JoSS), vol. 13, no. 2, pp. 115-148, 2021. [in Persian]  
[3]    K. Dadashtabar Ahmadi, M. Mahmoudbabouei, “An active cyber defense model for use in cyber deception technology,” Electronic and Cyber Defense, vol. 9, no. 4, pp. 125-140, 2022. [in Persian] 
[4]    H. Javaheri, H. Akbari, E. Shaghaghi, “Improvement in the Ransomwares Detection Method With New API Calls Features,” Electronic and Cyber Defense, vol. 8, no. 4, 107-118, 2021. [in Persian 
[5]    T. Mohammad, NA. Hussin, MH. Husin, “Online safety awareness and human factors: An application of the theory of human ecology,” Technology in Society (techsoc). Vol. 1, no. 68, pp.1-14, 2022. 
[6]    A. Alzubaidi, “Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia,” Heliyon (heliyon). vol. 1 no. 7(1), pp. 1-13, 2021. 
[7]    MI. Al-Ghamdi, “Effects of knowledge of cyber security on prevention of attacks,” Materials Today: Proceedings (matpr).vol. 10, 1-17,  2021.
[8]    M. Ebrahimi, “A Model of Human Factors in Cyber Security,” Information Manipulation and Its Impact Across All Industries, pp. 102-121. 2022. 
[9]    R. Sabillon, “The Cybersecurity Awareness Training Model (CATRAM),” InResearch Anthology on Advancements in Cybersecurity Education, pp. 501-520, 2022. 
[10] A. Da Veiga, M. Loock, K. Renaud. “Cyber4Dev‐Q: Calibrating cyber awareness in the developing country context,” The Electronic Journal of Information Systems in Developing Countries (EJISDC), vol. 88, no. 1, pp. 1-21, 2022.
[11] S. Hasan, M. Ali, S. Kurnia, R. Thurasamy, “Evaluating the cyber security readiness of organizations and its influence on performance,” Journal of Information Security and Applications (jisa), vol. 1, no. 58, pp. 1-27, 2021. 
[12] Z. Jafari, “Cyber Security,” 7th National Conference on New Ideas in Engineering, Rasht. pp. 1-12, 2022. [in Persian]  
[13] KW. HOE KW, “Culture and cyber security: How cultural tightness-looseness moderates the effects of threat and coping appraisals on mobile cyber hygiene (smu),” pp. 1-245, 2021.   
[14] S. Tan, P. Xie, JM. Guerrero, JC. Vasquez, Y. Li, X. Guo, “Attack detection design for dc microgrid using eigenvalue assignment approach,” Energy Reports (ICPE). Vol. 1, no. 7, pp. 469-476, 2021. 
[15] MA. Judge, A. Manzoor, C. Maple, JJ. Rodrigues, S. ul Islam. “Price-based demand response for household load management with interval uncertainty,” Energy Reports (ICPE). vol. 1, no. 7, pp. 8493-504, 2021. 
[16] I. Priyadarshini, R. Kumar, R. Sharma, PK. Singh, SC. Satapathy, “Identifying cyber insecurities in trustworthy space and energy sector for smart grids,” Computers & Electrical Engineering (compeleceng). vol. 1, no. 93, pp. 1-20, 2021.   
[17] M. Amir, T. Givargis, “Pareto optimal design space exploration of cyber-physical systems,” Internet of things (IOT). vol. 1, no. 12, pp. 1-32, 2020.  
[18] N. Li, C. Tsigkanos, Z. Jin, Z. Hu, C. Ghezzi. “Early validation of cyber–physical space systems via multi-concerns integration,” Journal of Systems and Software (jss). vol. 1, no. 170, pp. 1-18, 2020.  
[19] A. Georgiadou, S. Mouzakitis, D. Askounis, “Designing a cyber-security culture assessment survey targeting critical infrastructures during covid-19 crisis,” International Journal of Network Security & Its Applications (IJNSA), vol. 1, pp. 1-13, 2021. 
[20] L. Cardoso, M. Castanho. “A Cyberculture Study: K-Pop And The New Media-Bts And Twitter,” European Journal of Social Sciences Studies (SSS). vol. 9, no. 6(6), pp. 1-23, 2021.
[21] MR. Tarkhan, V. Fatouhabadi, “Presenting a Conceptual Model Based on Situational Awareness Aimed at Improving Cyber Security,” Second International Conference on New Research Findings in Electrical Engineering and Computer Science, Ramsar, 2017. [in Persian]  
[22] AJ. Rashidi, M. Shakibazad, “Presenting a Framework for Achieving Dynamic Cyber Situation Awareness on the Cyber Battle Scene,” Fourth International Conference on Electrical and Computer Engineering, Tehran, 2017. [in Persian] 
[23] A. Rasooli. “The concept of cyber attacks and strategies to deal with it,” the Second National Conference on Cyber Defense, Maragheh, 2020. [in Persian]  
[24] A. Khalilipor Roknabadi, Y. Nooralivand, “Cyber threats and national security,” Strategic Studies Quarterly, vol. 15, no. 56, pp. 167-196, 2012. [in Persian]
[25] MR. Movahedirad, N. Modiri, “Presenting a Structured Approach to Implementing Cyber Exercises,” The First National Conference on Computer Engineering Research, Tehran, 2015. [in Persian] 
[26] B. Uchendu, JR. Nurse, M. Bada, S. Furnell. “Developing a cyber security culture: Current practices and future needs,” Computers & Security (cose). vol. 1, no. 109, pp. 1-29, 2021. 
[27] D. Papatsaroucha, Y. Nikoloudakis, I. Kefaloukos, E. Pallis, EK. Markakis, “A Survey on Human and Personality Vulnerability Assessment in Cyber-security: Challenges, Approaches, and Open Issues,” arXiv preprint arXiv:2106.09986 (cs.CR). 2021. 
[28] A. Safaei, M. Ghadiri, “Impacts of Covid-19 epidemic in the field of cyber security,” 7th IRGC National Conference on Defense Science and Engineering, Tehran, 2021. [in Persian]  
[29] H. Kaviani, N. Mirsepasi, G. Me'marzadeh Tehran, “A Pattern for Strategic Development of Human Resources in the Field of Cyber Security of the Armed Forces of Islamic Republic of Iran,” Defence Studies, vol. 18, no. 1, pp. 37-66, 2020. [in Persian] 
[30] NA. Azmi, AP. Teoh, A. Vafaei-Zadeh, H. Hanifah, “Predicting information security culture among employees of telecommunication companies in an emerging market,” Information & Computer Security. pp. 1-11, 2021 
[31] A. Georgiadou, S. Mouzakitis, D. Askounis, “Detecting Insider Threat via a Cyber-Security Culture Framework,” Journal of Computer Information Systems (CIS). vol. 26, pp. 1-10, 2021.   
[32] EI. Collins, J. Hinds, “Exploring Workers' Subjective Experiences of Habit Formation in Cybersecurity: A Qualitative Survey,” Cyberpsychology, Behavior, and Social Networking (CBSN). vol. 1, no. 24(9), pp. 599-604, 2021. 
[33] M. Rajabi, H. Rajabi, M. Ahmadabadi, “The Theme Analysis of the Requirements for the Realization of the Disciplinary Security in the Thought of the Supreme Commander of All Armed Forces,” Journal of Social Order (JoSS), vol. 10, no. 2, pp. 85-108, 2018. [in Persian] 
[34] S. Sharifi Rahnmo, A. Fathi, E. Emrani, M. Sharifi Rahnmo, B. Zare kohan, M. Ebrahimi, “Forecasting Components of Youth Cultural Security based on the Degree of Attachment to Cyberspace,” Societal Security Studies (SSS), vol. 12, no. 65, 69-88, 2021. [in Persian]
[35] S. Razavi, J. Sadehmiri, “Influential components in raising the level of awareness and intelligence of NAJA personnel against the threats and injuries of soft war based on the intellectual system of Imam Khamenei, the Supreme Leader,” Police Protectoral and Security Studies quarterly (SPAPS), vol. 15, no. 55, pp. 43-77, 2020. [in Persian]
[36] Farashi A., Estarky A., Abiri D. “The role of preventive actions in protecting the organization's cyber missions,” Police Protectoral and Security Studies quarterly (SPAPS), vol. 15, no. 55, pp. 129-160, 2020. [in Persian] 
[37] H. Sayyadi Tooranloo, S. Mirghafoori, M. Mahdavi, S. Saghafi, “Analysis of factors related to the establishment of Cybercrime using a Fuzzy approach,” Quarterly of Order & Security Guards (OSRA), vol. 13, no. 3, pp. 27-54, 2020. [in Persian]   
[38] R. Zakeri Hamane, M. Azam Azade M. , GHaziNejad, S. Bastani, “Qualitative Study of Users’ Sense of Online Security in Social Networks,” New Media Studies (NMS), vol. 6, no. 21, pp. 141-178, 2020. [in Persian]
[39] M. Sahraei, M. Valavi, B. Bayat, A. Taraghi, “Provide a native model of cyber monitoring, monitoring and alerting based on the ooda cycle,” National Security (NS), vol. 10, no. 37, pp. 473-512, 2020. [in Persian] 
[40] A. Ferasati, S. Rah peyk, “Investigating the Impact of Preventive Components on Controlling and Reducing the Crimes of Armed Forces Payers,” National Security (NS), vol. 10, no. 35, pp. 291-326, 2020. [in Persian] 
[41] SA. Samouti, M. Azizipour, Field study of cyber threats in the human resources layer and the importance of cyber security awareness, Second National Conference on Cyber Defense, Maragheh, 2020. [in Persian]
[42] MR. Eivazi, MM. Dadashi Chakan, “Types of threats in cyberspace and strategies to deal with it,” Second National Conference on Cyber Defense, Maragheh, 2020. [in Persian] 
[43] A. Erola, I. Agrafiotis, JR. Nurse, L. Axon, M. Goldsmith, S. Creese. “A system to calculate cyber-value-at-risk,” Computers & Security (COSE). vol. 1, no. 113, pp. 102-124, 2022. 
[44] TA. Nguyen., K. Koblandin, S. Suleymanova, V. Volokh, “Effects of ‘Digital’Country’s Information Security on Political Stability,” Journal of Cyber Security and Mobility (CSM). Vol. 1, pp. 29-52, 2022.  
[45] AG. Adamu, MM. Siraj, SH. Othman, “An assessment of cybersecurity awareness level among Northeastern University students in Nigeria,” International Journal of Electrical and Computer Engineering (ECE). vol. 1, no. 12(1), pp. 572-589, 2022. 
[46] B. Iser, R. Brandtweiner, “Role of Awareness to Prevent Personal Disasters: Reducing the Risks of Falling for Phishing by Strengthening User Awareness,” Wit Transactions on The Built Environment (WIT).vol. 207, pp. 79-88, 2022. 
[47] MD. Richardson, PA. Lemoine, WE. Stephens, RE. Waller, “Planning for Cyber Security in Schools: The Human Factor,” Educational Planning (ERIC). vol. 27, no. 2, pp. 23-39, 2020.
[48] [48] M. Grobler, R. Gaire, S. Nepal. “User, usage and usability: Redefining human centric cyber security,” Frontiers in big Data (fData). Vol. 5, pp. 1-12, 2021. 
[49] K. Khando, S. Gao, SM. Islam, A. Salman, “Enhancing employees information security awareness in private and public organisations: A systematic literature review,” Computers & Security (COSE). vol. 106, pp. 1-17, 2021. 
[50] A. Georgiadou, S. Mouzakitis, D. Askounis, “Working from home during COVID-19 crisis: a cyber security culture assessment survey,” Security Journal (SJ). vol. 26, pp. 1-20, 2021.  
[51] JR. Nurse, “Cybersecurity Awareness,” arXiv preprint arXiv (arXiv):2103.00474. 2021.  
[52] F. Quayyum, DS. Cruzes, L. Jaccheri, “Cybersecurity awareness for children: A systematic literature review,” International Journal of Child-Computer Interaction (jcci). vol. 30, pp. 1-14, 2021.  
[53] K. Matyokurehwa, N. Rudhumbu, C. Gombiro, C. Mlambo, “Cybersecurity awareness in Zimbabwean universities: Perspectives from the students,” Security and Privacy (SPY). vol. 4, no. 2, pp. e141, 2021. 
[54] JV. Bino, “Cyber Security Awareness By Using Social Media Platforms Among Students,” International Journal of Research (IJR), vol. 8, no. 5, pp. 581-589, 2021.  
[55] AI. Al-Alawi, SA. Al-Bassam, “Assessing The Factors of Cybersecurity Awareness in the Banking Sector” AGJSR, vol. 37, no. 4, pp. 17-32, 2021. 
[56] AG. Buja, SD. Wahid, TF. Rahman, NA. Deraman, MN. Jono, AA. Aziz, “Development of organization, social and individual cyber security awareness model (OSICSAM) for the elderly,” International Journal of Advanced Technology and Engineering Exploration (IJATEE). vol. 8, no. 76, pp. 511-532, 2021.
[57] A. Georgiadou, S. Mouzakitis, D. Askounis, “Assessing mitre att&ck risk using a cyber-security culture framework,” Sensors. Vol. 21, no. 9, pp. 1-14, 2021.  
[58] I. Progoulakis, N. Nikitakos, P. Rohmeyer, B. Bunin, D. Dalaklis, S. Karamperidis, “Perspectives on Cyber Security for Offshore Oil and Gas Assets,” Journal of Marine Science and Engineering (jmse). vol. 9, no. 2, pp. 112-125, 2021.
[59] MI. Alghamdi, “Determining the impact of cyber security awareness on employee behaviour: A case of Saudi Arabia,” Materials Today: Proceedings (matpr). Vol. 1, 1-12, 2021. 
[60] PR. Trim, YI. Lee, “The global cyber security model: counteracting cyber attacks through a resilient partnership arrangement,” Big Data and Cognitive Computing (bdcc). vol. 5, no. 3, 32-45, 2021.  
[61] VK. Viraja, P. Purandare, “A Qualitative Research on the Impact and Challenges of Cybercrimes,” InJournal of Physics: Conference Series, vol. 1964, no. 4, pp. 1-18, 2021. 
[62] BK. Mamade, DM. Dabala, “Exploring The Correlation between Cyber Security Awareness, Protection Measures and the State of Victimhood: The Case Study of Ambo University’s Academic Staffs,” Journal of Cyber Security and Mobility (csm). vol. 1, pp. 699-724, 2021. 
[63] PT. Mai, A. Tick, “Cyber Security Awareness and behavior of youth in smartphone usage: A comparative study between university students in Hungary and Vietnam,” Acta Polytech. Hung (APH). vol. 18, pp. 67-89, 2021. 
[64] A. H. Khan, P. B. Sawhney, S. Das, D. Pandey, “SartCyber Security Awareness Measurement Model (APAT),” International Conference on Power Electronics & IoT Applications in Renewable Energy and its Control (PARC), IEEE,  pp. 298-302, 2020. 
[65] OS. Ahmed, “Teacher’s awareness to develop student cyber security: A Case Study,” Turkish Journal of Computer and Mathematics Education (TURCOMAT). vol. 12, no. 10, pp. 5148-156, 2021. 
[66] Š. Orehek, G. Petrič, “A systematic review of scales for measuring information security culture,” Information & Computer Security. vol. 1, pp. 1-10, 2020. 
[67] S. Furnell, E. Collins, “Cyber security: what are we talking about?”  Computer Fraud & Security (CFSe). vol. 7, pp. 6-11, 2021.
[68] A. Garba, MB. Sirat, S. Hajar, IB. Dauda, “Cyber security awareness among university students: A case study,” Science Proceedings Series (SPS). vol. 2, no. 1, pp. 82-86, 2020.  
[69] M. Butavicius, K. Parsons, M. Lillie, A. McCormac, M. Pattinson, D. Calic, “When believing in technology leads to poor cyber security: Development of a trust in technical controls scale,” Computers & Security (cose). vol. 1, pp. 98-112, 2020. 
[70] S. Enescu. “A Comparative Study on European Cyber Security Strategies,” Redefining Community in Intercultural Context (RCIC). vol. 9, no. 1, pp. 277-82, 2020. 
[71] J. Sebastian, P. Sakthivel, “Cyber Terrorism: A Potential Threat To Global Security,” Pearsonjournal (PJ), vol. 6, no. 6, pp. 334-341, 2020.
[72] A. Wiley, A. McCormac, D. Calic, “More than the individual: Examining the relationship between culture and Information Security Awareness,” Computers & Security (cose). vol. 1, no. 88, pp. 1-16, 2020.
[73] A. Kovačević, SD. Radenković, “SAWIT—security awareness improvement tool in the workplace,” Applied Sciences (app). vol, 10, no. 9, pp. 30-65, 2020. 
[74] G. Hatzivasilis, S. Ioannidis, M. Smyrlis, G. Spanoudakis, F. Frati, L. Goeke, T. Hildebrandt, G. Tsakirakis, F. Oikonomou, G. Leftheriotis, H. Koshutanski, “Modern aspects of cyber-security training and continuous adaptation of Programmes to trainees,” Applied Sciences (app). vol. 10, no. 16, pp. 1-30, 2020.
[75] LV. Astakhova, “Issues of the culture of information security under the conditions of the digital economy,” Scientific and Technical Information Processing (STIP). vol. 47, no. 1, pp. 56-64, 2020.
[76] N. Bhatnagar, M. Pry, “Student Attitudes, Awareness, and Perceptions of Personal Privacy and Cybersecurity in the Use of Social Media: An Initial Study,” Information Systems Education Journal (isedj), vol. 18, no. 1, pp. 48-58, 2020.
[77] M. Alshaikh, “Developing cybersecurity culture to influence employee behavior: A practice perspective,” Computers & Security (cose), vol. 1, no. 98, pp. 1-26, 2020. 
[78] AU. Walden, “Creating cybersecurity awareness,” Strategic Finance. pp.1-24, 2020.
[79] G. Abebe, L. Lessa. “Human Factors Influence in Information Systems Security: Towards a Conceptual Framework,” Proceedings of the 2nd African International Conference on Industrial Engineering and Operations Management Harare (IEOM), pp. 1-18, 2020 
[80] I. Al-Shanfari, W. Yassin, R. Abdullah, “Identify of factors affecting information security awareness and weight analysis Process,” International Journal of Engineering and Advanced Technology (IJEAT), vol. 9, no. 3, pp. 534-42, 2020. 
[81] I. Legárd, “Building an effective information security awareness program,” Central and Eastern European eDem and eGov Days (ocg), Vol. 15, no. 338, pp. 189-200, 2020. 
[82] KL. Bethel, “An Evaluation of Organizational Culture: Its Influence on Security Culture: A Case Study (Doctoral dissertation, Northcentral University),” vol. 1, pp. 1-345, 2020, 
[83] R. AlMindeel, JT. Martins. “Information security awareness in a developing country context: insights from the government sector in Saudi Arabia,” Information Technology & People (ITP). Vol. 6, pp. 1-17, 2020. 
[84] W. Aljohani, N. Elfadil, “Measuring Cyber Security Awareness of Students: A Case Study at Fahad Bin Sultan University,” International Journal of Computer Science and Mobile Computing (IJCSMC). vol. 9, no. 6, pp. 141-155, 2020.
[85] N. Tosun, M. Altinöz, E. Çay, T. Çinkiliç, S. Gülseçen, T. Yildirim, MA. Aydin, B. Metin, ZA. Reis, N. Ünlü, “A swot analysis to raise awareness about cyber security and proper use of social media: Istanbul sample,” International Journal of Curriculum and Instruction (ijci). vol. 14, no. 12, pp. 271-94, 2020.
[86] P. Pavlova, “Enhancing the Organisational Culture related to Cyber Security during the University Digital Transformation,”  Information & Security (isij). vol. 46, no. 3, pp. 239-49, 2020.
Volume 11, Issue 1 - Serial Number 41
No. 41, Spring
May 2023
Pages 67-80
  • Receive Date: 16 March 2022
  • Revise Date: 02 June 2022
  • Accept Date: 24 December 2022
  • Publish Date: 22 May 2023