SACM - United Kingdom

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667

Browse

Subject: search.filters.subject.cybersecurity

Search Results

Now showing 1 - 10 of 15
  • No Thumbnail Available
    ItemRestricted
    Assessing Cybersecurity Awareness Among Public Sector Employees in Saudi Arabia: A Study on Social Engineering Vulnerabilities
    (Royal Holloway University of London, 2024-08-28) Almadhi, Khaled; Ojo, Olumide
    The purpose of this study is to evaluate the level of cybersecurity awareness among employees in the public sector of Saudi Arabia with a specific focus on understanding their vulnerability to social engineering attacks. This literature review examines cybersecurity awareness among public sector employees towards social engineering vulnerabilities. Understanding and mitigating these vulnerabilities is critical due to the increasing prevalence of cyber-attacks that exploit human factors. The review critically examines theories (i.e., Protection Motivation Theory (PMT) and the Theory of Planned Behaviour (TPB)) about motivations and behaviours that influence cybersecurity practices among employees. In addition, the review evaluates established frameworks of (i.e., the National Institute of Standards and Technology's Security Awareness, Training, and Education (NIST SATE) framework, the Human Aspects of Information Security Questionnaire (HAIS-Q), and the Cybersecurity Awareness Training (CSAT) framework) to assess for their effectiveness in buttressing cybersecurity awareness and their limitations such as the challenges in measuring training effectiveness and adapting to diverse organisational needs. Furthermore, the review categorises multifarious social engineering threats of (i.e., phishing, spear phishing, pretexting, baiting, tailgating and quid pro quo) so as to provide detailed thoughts into their mechanisms and management strategies. Past studies are critically scrutinised to evaluate the effectiveness of existing cybersecurity training programs, revealing specific vulnerabilities, knowledge gaps and the significant impact of organisational culture and policies on cybersecurity awareness. Such comprehensive analysis identifies critical areas for improvement and underscores the need for continuous updates and tailored training programs. By bridging the gap between theoretical information and practical applications, this review aims to provide a foundation for developing targeted strategies that enhance cybersecurity awareness and resilience among public sector employees. This study measures cybersecurity knowledge across Saudi public sector workers using a quantitative, positivist-guided methodology. It employs a logical approach to test hypotheses using online surveys that are examined using SPSS. Convenience sampling as well as the cross-sectional approach allow for extensive data gathering while upholding participant protection ethics. The results of the T-test, all the alternative hypotheses are accepted as the obtained p-values are less than 0.05 (p<0.05). Oppositely, the results of regression analysis indicate that the first and second hypotheses are accepted, but the third alternative hypothesis cannot be accepted. Hence, by comparing the results of regression analysis with the results of the T-test and graphical analysis, it can be stated that cybersecurity training, organisational policy and organisational culture significantly and positively influence cybersecurity awareness among employees.
    34 0
  • No Thumbnail Available
    ItemRestricted
    “Exploring the Macroeconomic Implications of CBDCs”
    (Brunel University, 2024-09-05) Alnughaymishi, Saleh Mohammed; Korotana, Mohammed
    This dissertation examines the potential macroeconomic implications of CBDC adoption, focusing on monetary policy, financial stability, and economic growth. A comprehensive literature review explores the historical evolution of money and digital currencies, analysing various CBDC models and design choices. The study delves into the potential impacts of CBDCs on monetary policy transmission mechanisms and financial stability, while also considering the technological and operational challenges associated with their implementation. The dissertation provides a detailed analysis of the UK's legislative framework concerning CBDCs, including an overview of current financial legislation, proposed regulatory changes, and the role of the Bank of England. Comparative analyses with other jurisdictions offer a broader perspective on global regulatory approaches. Empirical analysis1 and case studies of CBDC implementations provide practical insights into the real-world implications of these digital currencies. Based on these findings, the dissertation presents policy recommendations for central banks, governments, financial institutions2, and technology providers to effectively navigate the challenges and opportunities presented by CBDCs.
    29 0
  • No Thumbnail Available
    ItemRestricted
    Improvements of Technical Blockchain to Combat Ransomware Attacks in Healthcare
    (Newcastle University, 2024) Albalawi, Sarah; Mace, John
    In the face of increasing cybersecurity threats, ransomware attacks have become a significant risk to critical sectors such as healthcare. As medical healthcare systems increasingly rely on electronic health records, they face heightened vulnerabilities that can compromise patient data and disrupt essential medical services. Ransomware attacks can encrypt and render critical medical records inaccessible, jeopardising patient care. This research aims to develop and evaluate a blockchain-based solution designed to secure medical healthcare records against ransomware, enhancing data integrity, availability, and security in healthcare systems. By leveraging blockchain technology, specifically by using smart contracts and decentralised applications on the Ethereum platform, the proposed solution creates a decentralised, immutable medical record management system. The system's robustness is demonstrated through a Python-based ransomware simulation, which compares locally stored medical data with data managed via blockchain. The findings show that the blockchain-based approach and smart contracts maintain data integrity and availability during ransomware attacks, preventing unauthorised access and ensuring continuous healthcare operations. These results suggest that adopting blockchain technology in healthcare can significantly mitigate the risks posed by ransomware, reduce operational disruptions, and protect patient data from evolving cyber threats, ultimately providing a scalable and secure solution for enhancing cybersecurity in the healthcare sector.
    25 0
  • No Thumbnail Available
    ItemRestricted
    Evaluating NCA OTCC’s Effectiveness in ICS Cybersecurity: A Comparative Analysis with NIST SP800-82 Rev.3 and IEC62443
    (Newcastle University, 2024-08-13) Omran, Abdullah; Ahmed, Mujeeb
    This study evaluates the effectiveness of the newly released Saudi Arab ia Operational Technology Cyb ersecurity Controls (OTCC) in protecting and mitigating industrial control systems (ICS) infrastructures. As critical infrastructure threats and attacks increase exponentially, assessing national frameworks is crucial for enhancing cyb ersecurity posture in those critical infrastructures. This research compares OTCC with well- known international standards like NIST SP800-82 Rev.3 and IEC 62443 while analyzing the coverage against real-world cyb er threats using the MITRE ATT&CK for ICS framework. In this research, a mixed-method approach was developed which contains comparative analysis, control mapping, and simulated ICS environments. These methods helped in reviewing OTCC structure, mapped relevant controls to MITRE ATT&CK techniques, and did a side-by-side comparison with NIST SP800-82 Rev.3. Our findings showed that OTCC provided a foundation for ICS security in Saudi Arab ia while lacking some depth and comprehensiveness when compared to international standards. OTCC covers approximately 60% of NIST SP800- 82 Rev.3 control areas often with less guidance and discussion for controls. Mapping against MITRE ATT&CK showed some gaps in terms of addressing attack techniques with a coverage of only 60% compared to 86% for NIST SP800- 82 Rev.3 and 97% for IEC 62443. The study highlights OTCC limitations in mitigating and protecting against sophisticated cyb er threats in particular those employed by APT groups targeting critical infrastructure. This shows the need for enhancements to OTCC to match the effectiveness of international standards in protecting Saudi Arab ia’s ICS environments. Future research should focus more on real-world implementation studies and developing frameworks to address evolving threats used by APT groups in the ICS landscape.
    16 0
  • No Thumbnail Available
    ItemRestricted
    Assessing and Enhancing Protection Measures for Internet of Things (IoT) in Cybersecurity
    (University of Portsmouth, 2024-09) Alshehri, Abdulrahman; Bader-El-den, Mohammed
    The Internet of Things (IoT) revolution sweeps across Saudi Arabia, connecting devices, transforming industries, enhancing lives. But with great connectivity comes great vulnerability - cybersecurity threats loom large in this digital frontier. This study delves into the heart of IoT security in the Kingdom, surveying the landscape, probing the defenses, seeking solutions. Through the lens of cybersecurity professionals, we explore current practices, uncover challenges, envision improvements. Our findings paint a picture of a nation at a crossroads: frequent audits needed, authentication protocols lacking, employee training insufficient, encryption underutilized. Yet hope springs eternal in the form of correlations discovered - more vigilant monitoring begets stronger authentication desires. From this research emerges a roadmap for the future: recommendations for policymakers to craft robust regulations, guidelines for organizations to fortify their digital fortresses, advice for end-users to navigate the IoT maze safely. In the rapidly evolving technological tapestry of Saudi Arabia, this study weaves a thread of security consciousness, contributing to a safer, more reliable IoT ecosystem. As the Kingdom marches towards its Vision 2030, may it do so with cybersecurity as its steadfast companion.
    19 0
  • No Thumbnail Available
    ItemRestricted
    Identifying Characteristics Of Individuals Most Vulnerable To Mobile Phishing In Saudi Arabia
    (Newcastle University, 2024-08) Alrasheed, Abdullah Mohammed; Ibrahim, Rasha
    Mobile phishing attacks represent a significant threat in today’s digital landscape, especially in countries with high smartphone usage rates. Saudi Arabia, with its 99% internet usage and 98.9% of users primarily accessing the internet through mobile phones, face a growing and persistent risk of mobile phishing. This dissertation investigates the effect of the demographic characteristics and security awareness of Saudi mobile users on their vulnerability to mobile phishing attacks. Through an online survey utilizing a mobile phishing IQ test, data was collected from 203 participants across various age groups, genders, educational levels, and general cybersecurity knowledge levels. Multiple regression analysis showed that while age and gender were not significant predictors of phishing vulnerability, educational level and general cybersecurity knowledge were positively associated with both accuracy and precision in identifying phishing attempts. The model explained 12.1% of the variance in accuracy (adjusted R square = 0.103) and 10.3% of the variance in precision (adjusted R square = 0.085). Notably, participants performed better at identifying phishing messages (from 89.2% to 98% accuracy) compared to genuine messages (from 62.6% to 82.8% accuracy). The study highlights the need for targeted awareness efforts and training programs, particularly for individuals with lower educational levels and limited cybersecurity knowledge. These findings add to the growing body of research on mobile phishing susceptibility and provide valuable insights for developing more effective strategies to combat mobile phishing attacks in Saudi Arabia and similar cultural contexts. Future research should focus on real-world mobile phishing scenarios and longitudinal studies to assess the long-term effectiveness of awareness strategies.
    13 0
  • Thumbnail Image
    ItemRestricted
    Identification and Reporting of Phishing Attacks in Cybersecurity
    (University of Portsmouth, 2024-07-02) Almajnouni, Ali; Sparrius, Martin
    In Saudi, there is a quick rise in cybersecurity demands coupled with an increase in phishing incidents coming out at an escalating rate, which makes it necessary to require a better comprehension of what motivates people to recognize report and eliminate these kinds of cyber-attacks. This study intends to address this gap by examining how awareness regarding cyberspace security, training, perceived security of phishing assault as well as trust over reporting channels affect reporting practices and behaviour. The research seeks to find out what motivates individuals to report phishing attacks using a combination of literature review, online survey, and data analysis. This study is important because it could help policymakers and key stakeholders to comprehend how individuals can be made aware of being more careful about cybercrime, as well as improve ways through which these crimes are reported while enabling both internet users and companies to respond quickly to phishing attacks. The exploration of inventive techniques and technologies in this research paper helps to enhance existing cybersecurity patterns and protect private information from evolving phishing attacks to ultimately benefit individuals, companies and governmental organizations in Saudi, Arabia and outside.
    15 0
  • Thumbnail Image
    ItemRestricted
    Evaluating user's awareness towards phishing attack
    (University of Portsmouth, 2024-05-24) Almutairi, Nafea; Mohasseb, Alaa
    Phishing attacks have become an increasing cybersecurity threat in recent years. Furthermore, attackers can target users through various channels, including social media applications, SMS, emails, and phone calls. Moreover, attackers employ social engineering strategies to deceive people to gain psychological access to their personal information. Therefore, users' curiosity, fear, and urgency are the primary triggers that motivate users to become victims of phishing attacks. This research investigated users' susceptibility to phishing attacks, including their attitudes and perceptions towards such attacks and their future intentions for mitigating risks. This research conducted a questionnaire among 100 participants to evaluate their susceptibility to phishing regarding their knowledge and awareness towards phishing attacks. The study findings contribute to cybersecurity by suggesting practical solutions to mitigate phishing attacks. The research findings can assist organisations and policymakers in determining the level of cybersecurity awareness among current users.
    16 0
  • Thumbnail Image
    ItemRestricted
    Towards Robust Cybersecurity Realm: An Exhaustive Evaluation of AI-Driven Approaches for Enhanced Insider Threat Detection
    (University of Warwick, 2024-01-08) Alyami, Rahf Yousif; Safa, Nader Sohrabi
    Today, insider threats pose a significant risk to an organization's cybersecurity posture, often proving difficult to detect and causing substantial damage not only to an organization's financial resources but also to its reputation, mission, personnel, infrastructure, information, equipment, networks, or systems. Despite their critical importance, many organizations tend to primarily focus on external threats, unintentionally neglecting those that come from within. This study aims to explore the effectiveness of artificial intelligence in detecting insider threats in the cybersecurity landscape. It focuses on evaluating different algorithms and their ability to identify unusual behaviour patterns that indicate potential insider threats. To achieve this goal, the study involves developing a Python-based machine learning program in Jupyter Notebook to assess the performance of various anomaly-based and classification-based models such as One-Class Support Vector Machine (OCSVM), Isolation Forest (iForest), Support Vector Machine (SVM), Random Forest (RF), Adaptive Boosting (AdaBoost), Logistic Regression (LR), Extreme Gradient Boosting (XGBoost), and Neural Network (NN). Additionally, the study will conduct a comprehensive examination and comparative analysis of three sophisticated techniques: SelectKBest, Principal Component Analysis, and Synthetic Minority Over-sampling to enhance and optimize the performance of the selected models. This will ultimately lead to identifying the most efficient, anomaly, and classification-based detection models that deliver outstanding performance results, as well as identifying the best techniques to optimize their performance. For anomaly-based detection, the study's results revealed that the iForest algorithm demonstrated superior performance over OCSVM, achieving remarkable metrics of 90% Precision, 93% Recall, 92% F1-Score, and 93% Accuracy. For the classification-based models, a variety of combinations produced impressive results. The integration of the SMOTE technique and SelectKBest proved to be effective in reducing the occurrence of false positives. For instance, the RF-SMOTE-SelectKBest model showcased a remarkable 100% Recall and 99% Accuracy. The SVM-SMOTE-SelectKBest model maintained consistent performance metrics, recording 97% in Precision, Recall, F1-Score, and 99% Accuracy. The AdaBoost-SMOTE-SelectKBest model achieved 99% Accuracy. The XGBoost-SMOTE-SelectKBest model delivered 95% Precision, 95% Recall, 95% F1-Score, and 99% Accuracy. The NN-SMOTE-SelectKBest model exhibited exceptional performance, achieving 99% Accuracy, 97% Precision, and 95% Recall. The results of this study provide important insights into the ability of AI to efficiently identify insider threats, as well as in helping to select appropriate methods to enhance the effectiveness of insider threat detection.
    14 0
  • Thumbnail Image
    ItemRestricted
    Enhancing Phishing Awareness Using Scenario-based Learning Techniques
    (Saudi Digital Library, 2023-09) Alsubaie , Sarah; Rezaeifar , Zeinab
    Phishing is a type of cyber-attack that uses fraudulent emails to trick users into revealing personal information, such as passwords and credit card numbers. Phishing attacks pose a major threat to businesses and individuals, causing significant financial and reputational damage. This study aimed to investigate the effectiveness of scenario-based learning in improving phishing awareness among IT professionals in Saudi Arabia. A quasi-experimental design was used to evaluate the effectiveness of a scenario-based learning program on phishing awareness among 80 IT professionals in Saudi Arabia. Participants completed pre- and post-test phishing detection tasks. The study found that participants' performance in distinguishing phishing emails significantly improved after the educational program. The percentage of correct answers increased in all scenarios, except for scenario 2, where it decreased by 5.5%. On average, the percentage of correct answers increased from 54.22% before the educational program to 69.5% after. The study's findings suggest that scenario-based learning is an effective way to improve phishing awareness among IT professionals. The study also suggests that online courses or tutorials are a popular way for IT professionals to learn about cybersecurity.
    49 0

Copyright owned by the Saudi Digital Library (SDL) © 2025