SACM - United Kingdom

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667

Browse

Subject: search.filters.subject.Cyber Security

Search Results

Now showing 1 - 9 of 9
  • No Thumbnail Available
    ItemRestricted
    The Influence of Usable Security on Security Culture
    (University of Nottingham, 2025) Fallatah, Wesam; Furnell, Steven; Wagner, Christian
    Cybersecurity threats are becoming more complex, and organizations must implement security measures that are technically robust and practical. The lack of usability of these measures can lead to uncompliant behavior, risky workarounds, and a weak security culture, making the organization susceptible to security breaches. To improve cybersecurity posture and resilience, organizations need to understand and strengthen their security culture. This study adopts a mixed-method approach to explore the influence of usable security on security culture. It centers on three core objectives. First, it seeks to understand the concepts of usability, usable security, and security culture by examining their representation in studies and authoritative sources. It also formulates a comprehensive set of definitions to identify the factors that influence these key elements. Second, it aims to characterize the relationship between usable security and security culture by framing the study variables and investigating whether usable security can positively impact security culture, drawing on both quantitative and qualitative analyses. To achieve this, a survey was conducted with over 200 participants, followed by interviews with a smaller sub-population. The study then employed statistical descriptive analysis and thematic analysis to understand the relationship between usable security and security culture. Third, it sought to design a means that leverages the influence of usable security, identifying specific areas where usability improvements can promote a stronger and positive security culture. A thorough review of previous and related studies informs the study’s direction and methodology, laying the groundwork for developing the instruments required to investigate the impact of usable security on security culture. An important outcome of this research is the development of a framework for fostering a strong security culture by employing usable security alongside other necessary elements. This framework, which forms a key contribution to the study, was validated by two groups: participants who completed the survey and interviews and a group of experts. The validation process highlighted the framework's practical value and contributed to enhancing the framework's clarity, presentation, and potential for integration. The research intends that organizations may overcome pitfalls that hinder the development of a positive security culture by establishing a structured approach that addresses common usability barriers. Ultimately, the study has the potential to help organizations achieve greater compliance, reduce cybersecurity risks, and enhance their resilience to evolving threats.
    6 0
  • No Thumbnail Available
    ItemRestricted
    The combined application of force under Article 2(4) and Article 51 of the United Nations Charter for cyber warfare: Examining and learning lessons from the Iranian cyber warfare threat to Saudi Arabia
    (Lancaster University, 2023-03) Alhamdan,Monirah; Sweeney, James; Easton, Cathrien
    This thesis is written by MONIRAH FAHAD ALHAMDAN on the combined application of force under Article 2(4) and Article 51 of the United Nations Charter for cyber warfare: Examining and learning lessons from the Iranian cyber warfare threat to Saudi Arabia. In the absence of formal international legal regulation on cyber warfare and cyber-attacks, countries must apply the traditional rules for determining whether an armed conflict exists (jus ad bellum) to this new type of conflict. Nonetheless, applying jus ad bellum norms to this issue is a very controversial matter. Article 2(4) of the UN Charter prohibits using force between states, whereas Article 51 makes an exception for self-defence against an armed attack. To what extent can these Articles be applied to prevent and punish the source of cyber operations? This and other questions will be discussed in this study. The International Court of Justice (ICJ) clarified the use of force in the Nicaragua case. Also, it recognised the right of self-defence in customary international law. Moreover, the present study is timely and significant because of the increased number of ‘cyber operations’ influencing other states, such as in the long-lasting regional struggle for power between Saudi Arabia and Iran. That regional struggle will provide the backdrop to this thesis, although global examples will also be examined. Also, to understand its responsibility and scope of cyber-attacks, this research will attempt to assess the lawfulness of the Security Council to authorize the use of cyber weapons as a tool to maintain peace and security in the world. This body of research will furthermore look into the jus ad bellum norms in Traditional Islamic Rules in a cyber-context. Moreover, it will help researchers do further research in applying international law norms to cyber operations. This thesis undertakes a robust doctrinal analysis of the existing exalt in this field and proposes some future developments. This thesis will not use measurements of quantity and amounts as its essential tools but instead a qualitative method.
    11 0
  • Thumbnail Image
    ItemRestricted
    Assessing Security, Accessibility, Usability, and Privacy Attributes Of Virtual Banking in Saudi Arabia
    (University of Warwick, 2023-12-06) Alsadir, Mohammed; Azad, Mohammed
    In this study, the integration of technological advancements in the banking sector was explored, with a specific focus on the development and implementation of virtual banking applications. These applications, designed to provide banking services through digital platforms, were examined in the context of their adoption in Saudi Arabia, which has been comparatively slower. This observation led to the conduct of this research, aiming to understand the cybersecurity landscape within the Saudi Arabian virtual banking sector. The primary objective of the study was to assess critical aspects such as security, privacy, accessibility, and usability of these virtual banking applications. To address the identified gap in existing literature, primary data was collected directly from users of virtual banking in Saudi Arabia. This data collection was conducted through a questionnaire survey, utilizing Qualtrics as the online data collection channel.
    37 0
  • Thumbnail Image
    ItemRestricted
    Employees awareness assessment of cyber security in Saudi universities Case Study on Taif university
    (Saudi Digital Library, 2023-11-14) Almaliki, Abdulrahman Abdulrazak; Safari, Solmaz
    This research aimed to bolster cybersecurity awareness among Taif University's employees through a designed website and evaluate its efficacy using a questionnaire. Initially, a specialised website was conceptualised, designed, and implemented to enhance awareness about cybersecurity amongst the staff. This is done while utilising the System Development Life Cycle (SDLC) for a structured approach. The website provided resources relevant to cybersecurity challenges faced by the employees which allow flexible and paced learning. An online questionnaire was administered to 93 staff members to collect feedback on the website and gather data on their cybersecurity awareness levels. The online format was selected for its cost-effectiveness, efficiency and the ability to reach a larger audience which is mainly important in a post-pandemic environment where remote methods are favoured. The questionnaire which is designed on Google Forms consisted of Twenty-one close-ended items including demographic queries and questions related to cybersecurity awareness and items were measured by using a 5-point Likert scale and multiple-choice format. The sampling involved a convenience method with participants selected for their availability and willingness to participate. Nonetheless, the results provided thoughts into the staff's cybersecurity awareness levels and the designed website's effectiveness. As such, this research is perceived as a foundation for future research and practice in the field.
    46 0
  • Thumbnail Image
    ItemRestricted
    Educate employees working in critical departments of public and private establishments in Saudi Arabia about cyber security
    (Saudi Digital Library, 2023-10-03) ALluqmani, Ammar; Setzer, Anton
    This project sought to enhance cybersecurity awareness among employees working for various government and private sector organizations through an interactive web-based application. Centered on supporting immediate learning, the platform offers educational materials, quizzes, and up-to-date news, and users are required to complete a quiz upon login. If users answer incorrectly, they are redirected to pertinent resources to promote continuous learning. An emergency login bypass is provided once monthly, and stringent security measures, such as robust password policies and two-factor authentication, are instituted. The backend utilizes PHP Laravel, chosen for its swift development capabilities, structured file organization, and extensive community support benefits. Additionally, Laravel’s Jetstream and Livewire frameworks expedite built-in component integration and authentication. The frontend leverages Tailwind CSS for flexibility. After designing the website, the platform was evaluated by critical department workers in the Saudi Arabian public sector via a survey. The platform received predominantly positive feedback, which negated the need for further alterations. Through using such platform, employees will refine their knowledge about cybersecurity threats which is necessary to save various important governmental departments and private establishments from online threats
    31 0
  • Thumbnail Image
    ItemRestricted
    Enhancing Network Intrusion Detection using Hybrid Machine Learning and Deep Learning Approaches: A Comparative Analysis with the HIKARI-2021 Dataset
    (Saudi Digital Library, 2023-11-09) Alkhanani, Doaa; Batten, Ian
    This thesis presents an in-depth analysis of machine learning (ML) and deep learning (DL) methodologies for network intrusion detection, utilizing the HIKARI-2021 dataset. By leveraging models such as Random Forest, XG Boost, LSTM, and GRU, the study aimed to identify and classify malicious activities within network traffic. The models' performance was assessed primarily based on accuracy, as well as confusion matrix evaluations. Preliminary results indicate Random Forest achieved an accuracy of 93.77%, XG Boost attained 93.02%, LSTM reached 92.48%, and GRU reported 92.50%. These results were then compared to benchmark models from the literature, which achieved accuracies ranging from 98% to 99%. Through this comparative analysis, the research emphasizes the strengths, weaknesses, and the potential of each model in real-world scenarios. Notably, while the employed models showcased commendable performance, benchmark models exhibited slightly superior results, suggesting further room for model optimization and feature engineering. This research offers valuable insights into the evolving landscape of network security and sets the stage for further exploration in enhancing intrusion detection mechanisms.
    103 0
  • Thumbnail Image
    ItemRestricted
    The Impact of Internal Threats on Saudi Arabia Government and Companies
    (Saudi Digital Library, 2023-11-01) Alshammari, Saddam; Rezaeifar, Zeinab
    The government of the Kingdom of Saudi Arabia is very interested in its cyber security, spending significant amounts of money on protecting its data and attracting cyber security experts to face the challenges and violations that are increasing daily. The Kingdom has achieved great superiority in protecting its data against external attacks and has responded to them successfully, in addition to being one of the most prominent countries around the world that has achieved high ranks in innovations in programs, methods and solutions that have contributed to enhancing cyber security in the Kingdom. However, the most severe violations that affected the government and companies of Saudi Arabia were due to internal threats through employees or contractors, which is not what often comes to mind. Nevertheless, Detection of internal threats is complex because it is not only related to the use of technology but depends on people and their motives and different ways to carry out attacks, which makes technical solutions insufficient to address this dilemma. In this work, we focus on studying the psychological and behavioral factors that fuel the motives for executing internal attacks. We measure the impact of these attacks on critical systems and financial losses in Saudi Arabia. Additionally, we will discuss how Saudi Arabia addressed these threats.
    36 0
  • Thumbnail Image
    ItemRestricted
    Examining Adversarial Examples as Defensive Approach Against Web Fingerprinting Attacks
    (Saudi Digital Library, 2023) Alzamil, Layla; Elahi, Tariq
    In the age of online surveillance, and the growth in privacy and security concerns for individuals activities over the internet. Tor browser is a widely used anonymisation network offering security and privacy-enhanced features to protect users online. However, web fingerprinting attacks (WF) have been a challenging threat that aims to deanonymise users browsing activities over Tor. This interdisciplinary project contributes to defending against WF attacks by employing the “attack-on-attack” approach, where Adversarial Examples (AEs) attacks are launched to exploit existing vulnerabilities in the neural network architecture. The FGSM and DeepFool construction methods are implemented to introduce perturbed data to these models and lead them to misclassify, significantly decreasing the classifier prediction accuracy.
    18 0
  • No Thumbnail Available
    ItemRestricted
    Artificial Immune Systems for Detecting Unknown Malware in the IoT
    (Queen Mary University of London, 2023-01-27) Alrubayyi, Hadeel; Goteng, Gokop; Jaber, Mona
    With the expansion of the digital world, the number of the Internet of Things (IoT) devices is evolving dramatically. IoT devices have limited computational power and small memory. Also, they are not part of traditional computer networks. Consequently, existing and often complex security methods are unsuitable for malware detection in IoT networks. This has become a significant concern in the advent of increasingly unpredictable and innovative cyber-attacks. In this context, artificial immune systems (AIS) have emerged as effective IoT malware detection mechanisms with low computational requirements. In this research, we present a critical analysis to highlight the limitations of the AIS state-of-the-art solutions and identify promising research directions. Next, we propose Negative-Positive-Selection (NPS) method, which is an AIS-based for malware detection. The NPS is suitable for IoT's computation restrictions and security challenges. The NPS performance is benchmarked against the state-of-the-art using multiple real-time datasets. The simulation results show a 21% improvement in malware detection and a 65% reduction in the number of detectors. Then, we examine AIS solutions' potential gains and limitations under realistic implementation scenarios. We design a framework to mimic real-life IoT systems. The objective is to evaluate the method's lightweight, fault tolerance, and detection performance with regard to the system constraints. We demonstrate that AIS solutions successfully detect unknown malware in the most challenging IoT environment in terms of memory capacity and processing power. Furthermore, the systemic results with different system architectures reveal the AIS solutions' ability to transfer learning between IoT devices. Transfer learning is a critical feature in the presence of highly constrained devices in the network. More importantly, we highlight that the simulation environment cannot be taken at face value. In reality, AIS malware detection accuracy for IoT systems is likely to be close to 10% worse than simulation results, as indicated by the study results.
    74 0

Copyright owned by the Saudi Digital Library (SDL) © 2025