Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Start date: 2022Subject: search.filters.subject.cybersecurity

Search Results

Now showing 1 - 10 of 27
  • No Thumbnail Available
    ItemRestricted
    Human Vulnerability Attack in Saudi Arabia
    (University of Portsmouth, 2025) AlZabin, Naif Abdullah M; Zaynab, Lamoyero
    Human vulnerability attacks, which use people rather than technology to get into networks, are a growing cybersecurity problem. This research examines human vulnerability attacks in all key Saudi Arabian industries and proposes effective mitigation techniques. A quantitative survey was used to collect data from Saudi Arabian banking, healthcare, energy, and government professionals. According to the results, psychological biases and repeated lapses dramatically increase cyberattack risk. A majority of respondents agreed that combining training, policy, and technology minimizes the danger of human vulnerability assaults, supporting the theory. Ineffective training and incomplete technical implementation were found, highlighting the need for adjustments. The research underlines the significance of leadership in developing cybersecurity awareness and establishing a security-conscious culture in enterprises. Implementing technical defenses, improving training, and strengthening policies are the study's cybersecurity suggestions. Future studies should increase sample size, examine particular psychological biases, and assess the long-term efficacy of integrated cybersecurity methods.
    3 0
  • No Thumbnail Available
    ItemRestricted
    Predictors of Cybersecurity Knowledge, Attitude, and Behaviours among Nurses in Saudi Arabia
    (Saudi Digital Library, 2025-05-21) Alanazi, Abdulhamid Khalifah; Khalifeh, Anas
    Background: Cybersecurity is becoming increasingly critical in healthcare, as nurses frequently access sensitive patient data through electronic health records (EHRs) and other digital platforms. Despite this, gaps in nurses' knowledge, attitudes, and behaviors (KAB) regarding cybersecurity pose risks to data security, especially in Saudi Arabia, where healthcare digitization is expanding rapidly. Research in this area remains limited. Aim: The aim of this study is to explore the predictors of cybersecurity knowledge, attitudes, and behaviors among nurses in Saudi Arabia. Methodology: This cross-sectional, descriptive correlational study was conducted in three hospitals in northern Saudi Arabia: King Khalid Hospital, Prince Abdulaziz Bin Musaed Hospital, and Qurayyat General Hospital. A total of 190 nurses were selected using a convenient sampling method, and then they were surveyed using the Human Aspects of Information Security Questionnaire (HAIS-Q) to assess their cybersecurity knowledge, attitude, and behavior (KAB). Sociodemographic, work-related, and organizational variables were analyzed using multiple regression to identify significant predictors of cybersecurity KAB. Results: Overall, 190 nurses participated in the study, with a mean age of 30.69 years (SD = 7.96). The results showed moderate levels of cybersecurity knowledge, attitudes, and behaviors among nurses in Saudi Arabian hospitals. The highest-scoring domain was mobile device usage, while password management scored the lowest. Significant differences in cybersecurity knowledge were found based on educational level (F = 3.626, p = .029) and monthly income (F = 3.196, p = .043), with nurses holding master’s or doctoral degrees and those earning higher salaries showing better knowledge scores. A statistically significant difference in knowledge scores was also observed based on the clarity of cybersecurity policies (F = 3.179, p = .044). No significant differences were found in attitudes or behaviors based on these variables (p > .05). Cybersecurity knowledge was strongly and positively correlated with both attitude and behavior (p < .001). Similarly, cybersecurity attitude was positively associated with behavior (p < .001). No significant correlations were found between the main variables and demographic factors such as age or years of experience. Cybersecurity attitude (β = .696, p < .001) and behavior (β = .231, p < .001) were significant predictors of cybersecurity knowledge. In turn, cybersecurity knowledge (β = .605, p < .001) and behavior (β = .358, p < .001) significantly predicted attitude. Finally, cybersecurity knowledge (β = .333, p < .001) and attitude (β = .571, p < .001) significantly predicted behavior. Conclusion: The study highlights moderate cybersecurity KAB among nurses, influenced by education, policy clarity, and work-related factors. Strong correlations exist between knowledge, attitudes, and behaviors, emphasizing the need for targeted training and institutional cybersecurity reinforcement
    15 0
  • No Thumbnail Available
    ItemRestricted
    The Influence of Emotions on Employees' Cybersecurity Protection Motivation Behaviour: Examining the Mediating Effect of Self- Efficacy and Moderating Role of Cybersecurity Awareness
    (Aston University, 2024-12) Alshammari, Abdulelah Sulaiman; Vladlena, Benson; Luciano, Batista
    Cyber threats at the employee level are a complex issue that needs more attention. Psychological research shows that emotions influence individuals' motivation to engage in cybersecurity practices. Most existing studies focus on how external factors affect employees' cybersecurity behaviours, including risk perception, rational decision making in cybersecurity policies, security regulations, compliance, and ethical behaviour. However, research into employees' internal capabilities and psychological factors, such as emotions, that enable them to protect organisational information assets is still in its early stages. Therefore, this thesis aims to explore the influence of employees' emotions on their cybersecurity protection motivation behaviours within Saudi Arabia’s context. The research highlights self-efficacy as a mediating factor and cybersecurity awareness as a moderating factor. This thesis is underpinned by the Broaden and Build Theory (BBT) and Protection Motivation Theory (PMT) to explore the influence of negative and positive emotions on employees' cybersecurity protection motivation behaviour. Moreover, it adopted a deductive research design, employing a quantitative approach through an online survey, resulting in 383 responses from participants at King Abdulaziz University in Saudi Arabia. The data were analysed using partial least squares structural equation modelling (PLS-SEM) via SmartPLS 4 software, which included measurement and structural model assessments. The study found that negative emotions do not influence employees' self-efficiency or motivation to protect themselves. Moreover, it found that self-efficacy does not mediate the relationship between negative emotions and employees' protection motivation behaviour. However, positive emotions positively influence employees' self-efficacy and protection motivation behaviour. In addition, self-efficacy positively mediates the relationship between positive emotions and employees’ protection motivation behaviour. Regarding cybersecurity awareness, it was found that it positively influences employees' protection motivation. Moreover, it also moderates the relationships between positive emotions and self-efficacy and protection motivation behaviour, and between self-efficacy and protection motivation behaviour. The study contributes to cybersecurity by showing how emotions influence protective behaviours. It introduces a novel model based on BBT and PMT, exploring how emotions influence employees' self-efficacy and protection motivation behaviour. Moreover, the study's empirical findings address a gap by focusing on how emotions influence cybersecurity protection motivation behaviours.
    12 0
  • No Thumbnail Available
    ItemRestricted
    Assessing Cybersecurity Awareness Among Public Sector Employees in Saudi Arabia: A Study on Social Engineering Vulnerabilities
    (Royal Holloway University of London, 2024-08-28) Almadhi, Khaled; Ojo, Olumide
    The purpose of this study is to evaluate the level of cybersecurity awareness among employees in the public sector of Saudi Arabia with a specific focus on understanding their vulnerability to social engineering attacks. This literature review examines cybersecurity awareness among public sector employees towards social engineering vulnerabilities. Understanding and mitigating these vulnerabilities is critical due to the increasing prevalence of cyber-attacks that exploit human factors. The review critically examines theories (i.e., Protection Motivation Theory (PMT) and the Theory of Planned Behaviour (TPB)) about motivations and behaviours that influence cybersecurity practices among employees. In addition, the review evaluates established frameworks of (i.e., the National Institute of Standards and Technology's Security Awareness, Training, and Education (NIST SATE) framework, the Human Aspects of Information Security Questionnaire (HAIS-Q), and the Cybersecurity Awareness Training (CSAT) framework) to assess for their effectiveness in buttressing cybersecurity awareness and their limitations such as the challenges in measuring training effectiveness and adapting to diverse organisational needs. Furthermore, the review categorises multifarious social engineering threats of (i.e., phishing, spear phishing, pretexting, baiting, tailgating and quid pro quo) so as to provide detailed thoughts into their mechanisms and management strategies. Past studies are critically scrutinised to evaluate the effectiveness of existing cybersecurity training programs, revealing specific vulnerabilities, knowledge gaps and the significant impact of organisational culture and policies on cybersecurity awareness. Such comprehensive analysis identifies critical areas for improvement and underscores the need for continuous updates and tailored training programs. By bridging the gap between theoretical information and practical applications, this review aims to provide a foundation for developing targeted strategies that enhance cybersecurity awareness and resilience among public sector employees. This study measures cybersecurity knowledge across Saudi public sector workers using a quantitative, positivist-guided methodology. It employs a logical approach to test hypotheses using online surveys that are examined using SPSS. Convenience sampling as well as the cross-sectional approach allow for extensive data gathering while upholding participant protection ethics. The results of the T-test, all the alternative hypotheses are accepted as the obtained p-values are less than 0.05 (p<0.05). Oppositely, the results of regression analysis indicate that the first and second hypotheses are accepted, but the third alternative hypothesis cannot be accepted. Hence, by comparing the results of regression analysis with the results of the T-test and graphical analysis, it can be stated that cybersecurity training, organisational policy and organisational culture significantly and positively influence cybersecurity awareness among employees.
    37 0
  • No Thumbnail Available
    ItemRestricted
    “Exploring the Macroeconomic Implications of CBDCs”
    (Brunel University, 2024-09-05) Alnughaymishi, Saleh Mohammed; Korotana, Mohammed
    This dissertation examines the potential macroeconomic implications of CBDC adoption, focusing on monetary policy, financial stability, and economic growth. A comprehensive literature review explores the historical evolution of money and digital currencies, analysing various CBDC models and design choices. The study delves into the potential impacts of CBDCs on monetary policy transmission mechanisms and financial stability, while also considering the technological and operational challenges associated with their implementation. The dissertation provides a detailed analysis of the UK's legislative framework concerning CBDCs, including an overview of current financial legislation, proposed regulatory changes, and the role of the Bank of England. Comparative analyses with other jurisdictions offer a broader perspective on global regulatory approaches. Empirical analysis1 and case studies of CBDC implementations provide practical insights into the real-world implications of these digital currencies. Based on these findings, the dissertation presents policy recommendations for central banks, governments, financial institutions2, and technology providers to effectively navigate the challenges and opportunities presented by CBDCs.
    39 0
  • No Thumbnail Available
    ItemRestricted
    ADAPTIVE INTRUSION DETECTION SYSTEM FOR THE INTERNET OF MEDICAL THINGS (IOMT): ENHANCING SECURITY THROUGH IMPROVED MUTUAL INFORMATION FEATURE SELECTION AND META-LEARNING
    (Towson University, 2024-12) Alalhareth, Mousa; Hong, Sungchul
    The Internet of Medical Things (IoMT) has revolutionized healthcare by enabling continuous patient monitoring and diagnostics but also introduces significant cybersecurity risks. IoMT devices are vulnerable to cyber-attacks that threaten patient data and safety. To address these challenges, Intrusion Detection Systems (IDS) using machine learning algorithms have been introduced. However, the high data dimensionality in IoMT environments often leads to overfitting and reduced detection accuracy. This dissertation presents several methodologies to enhance IDS performance in IoMT. First, the Logistic Redundancy Coefficient Gradual Upweighting Mutual Information Feature Selection (LRGU-MIFS) method is introduced to balance the trade-off between relevance and redundancy, while improving redundancy estimation in cases of data sparsity. This method achieves 95% accuracy, surpassing the 92% reported in related studies. Second, a fuzzy-based self-tuning Long Short-Term Memory (LSTM) IDS model is proposed, which dynamically adjusts training epochs and uses early stopping to prevent overfitting and underfitting. This model achieves 97% accuracy, a 10% false positive rate, and a 94% detection rate, outperforming prior models that reported 95% accuracy, a 12% false positive rate, and a 93% detection rate. Finally, a performance-driven meta-learning technique for ensemble learning is introduced. This technique dynamically adjusts classifier voting weights based on factors such as accuracy, loss, and prediction confidence levels. As a result, this method achieves 98% accuracy, a 97% detection rate, and a 99% F1 score, while reducing the false positive rate to 10%, surpassing previous results of 97% accuracy, a 93% detection rate, a 97% F1 score, and an 11% false positive rate. These contributions significantly enhance IDS effectiveness in IoMT, providing stronger protection for sensitive medical data and improving the security and reliability of healthcare networks.
    25 0
  • No Thumbnail Available
    ItemRestricted
    Improvements of Technical Blockchain to Combat Ransomware Attacks in Healthcare
    (Newcastle University, 2024) Albalawi, Sarah; Mace, John
    In the face of increasing cybersecurity threats, ransomware attacks have become a significant risk to critical sectors such as healthcare. As medical healthcare systems increasingly rely on electronic health records, they face heightened vulnerabilities that can compromise patient data and disrupt essential medical services. Ransomware attacks can encrypt and render critical medical records inaccessible, jeopardising patient care. This research aims to develop and evaluate a blockchain-based solution designed to secure medical healthcare records against ransomware, enhancing data integrity, availability, and security in healthcare systems. By leveraging blockchain technology, specifically by using smart contracts and decentralised applications on the Ethereum platform, the proposed solution creates a decentralised, immutable medical record management system. The system's robustness is demonstrated through a Python-based ransomware simulation, which compares locally stored medical data with data managed via blockchain. The findings show that the blockchain-based approach and smart contracts maintain data integrity and availability during ransomware attacks, preventing unauthorised access and ensuring continuous healthcare operations. These results suggest that adopting blockchain technology in healthcare can significantly mitigate the risks posed by ransomware, reduce operational disruptions, and protect patient data from evolving cyber threats, ultimately providing a scalable and secure solution for enhancing cybersecurity in the healthcare sector.
    30 0
  • No Thumbnail Available
    ItemRestricted
    Cloud Cybersecurity
    (Universidad de Al cala, 2024) Bokhari, Nabil; Herraiz, Martinez; Javier, Jose
    The rapid evolution of cloud computing has revolutionized modern business operations, from hosting applications to storing data in high-security environments. Competitive businesses are leveraging cloud computing solutions to maximize the benefits, including cost-effectiveness, flexibility, and scalability. Cloud computing enables enterprises to access on-demand and scalable computing resources, specifically computational power and vast data storage. Despite the immense benefits, the security of data transmitted and stored in a cloud computing environment is vulnerable to multiple cybersecurity attacks, including data manipulation, loss, and theft. The study aims to develop a security model for enhanced data privacy and security in the cloud by leveraging a hybrid of cryptographic algorithms and steganography image-based techniques. The security model innovatively combines Advanced Encryption Standard (AES), Rivest Shamir Adleman (RSA), and the Least Significant Bit (LSB) technique to enhance data privacy and security of data in motion in a cloud computing environment. The three-step security model was designed, developed, and evaluated using the Design Science Research (DSR) methodology. The model secures data through cryptographic algorithms, adds an extra security layer using steganography, and implements backup and data recovery. The methodology was selected because of its practicality and philosophical underpinnings on addressing contemporary challenges by developing novel and relevant artifacts using scientifically rigorous procedures. The findings show that a hybrid of cryptography and steganography provides unbeatable security for data in a cloud computing environment. Implementing the security model will enhance data privacy and security in the cloud by revolutionizing how data is encrypted and decrypted. In the future, the integration of Machine Learning and Artificial Intelligence methodologies and algorithms will quadruple the effectiveness and robustness of this data security model for the cloud.
    26 0
  • No Thumbnail Available
    ItemRestricted
    Evaluating NCA OTCC’s Effectiveness in ICS Cybersecurity: A Comparative Analysis with NIST SP800-82 Rev.3 and IEC62443
    (Newcastle University, 2024-08-13) Omran, Abdullah; Ahmed, Mujeeb
    This study evaluates the effectiveness of the newly released Saudi Arab ia Operational Technology Cyb ersecurity Controls (OTCC) in protecting and mitigating industrial control systems (ICS) infrastructures. As critical infrastructure threats and attacks increase exponentially, assessing national frameworks is crucial for enhancing cyb ersecurity posture in those critical infrastructures. This research compares OTCC with well- known international standards like NIST SP800-82 Rev.3 and IEC 62443 while analyzing the coverage against real-world cyb er threats using the MITRE ATT&CK for ICS framework. In this research, a mixed-method approach was developed which contains comparative analysis, control mapping, and simulated ICS environments. These methods helped in reviewing OTCC structure, mapped relevant controls to MITRE ATT&CK techniques, and did a side-by-side comparison with NIST SP800-82 Rev.3. Our findings showed that OTCC provided a foundation for ICS security in Saudi Arab ia while lacking some depth and comprehensiveness when compared to international standards. OTCC covers approximately 60% of NIST SP800- 82 Rev.3 control areas often with less guidance and discussion for controls. Mapping against MITRE ATT&CK showed some gaps in terms of addressing attack techniques with a coverage of only 60% compared to 86% for NIST SP800- 82 Rev.3 and 97% for IEC 62443. The study highlights OTCC limitations in mitigating and protecting against sophisticated cyb er threats in particular those employed by APT groups targeting critical infrastructure. This shows the need for enhancements to OTCC to match the effectiveness of international standards in protecting Saudi Arab ia’s ICS environments. Future research should focus more on real-world implementation studies and developing frameworks to address evolving threats used by APT groups in the ICS landscape.
    18 0
  • No Thumbnail Available
    ItemRestricted
    Assessing and Enhancing Protection Measures for Internet of Things (IoT) in Cybersecurity
    (University of Portsmouth, 2024-09) Alshehri, Abdulrahman; Bader-El-den, Mohammed
    The Internet of Things (IoT) revolution sweeps across Saudi Arabia, connecting devices, transforming industries, enhancing lives. But with great connectivity comes great vulnerability - cybersecurity threats loom large in this digital frontier. This study delves into the heart of IoT security in the Kingdom, surveying the landscape, probing the defenses, seeking solutions. Through the lens of cybersecurity professionals, we explore current practices, uncover challenges, envision improvements. Our findings paint a picture of a nation at a crossroads: frequent audits needed, authentication protocols lacking, employee training insufficient, encryption underutilized. Yet hope springs eternal in the form of correlations discovered - more vigilant monitoring begets stronger authentication desires. From this research emerges a roadmap for the future: recommendations for policymakers to craft robust regulations, guidelines for organizations to fortify their digital fortresses, advice for end-users to navigate the IoT maze safely. In the rapidly evolving technological tapestry of Saudi Arabia, this study weaves a thread of security consciousness, contributing to a safer, more reliable IoT ecosystem. As the Kingdom marches towards its Vision 2030, may it do so with cybersecurity as its steadfast companion.
    20 0

Copyright owned by the Saudi Digital Library (SDL) © 2025