Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Has files: YesSubject: search.filters.subject.cybersecurity

Search Results

Now showing 1 - 10 of 25
  • No Thumbnail Available
    ItemRestricted
    The Influence of Emotions on Employees' Cybersecurity Protection Motivation Behaviour: Examining the Mediating Effect of Self- Efficacy and Moderating Role of Cybersecurity Awareness
    (Aston University, 2024-12) Alshammari, Abdulelah Sulaiman; Vladlena, Benson; Luciano, Batista
    Cyber threats at the employee level are a complex issue that needs more attention. Psychological research shows that emotions influence individuals' motivation to engage in cybersecurity practices. Most existing studies focus on how external factors affect employees' cybersecurity behaviours, including risk perception, rational decision making in cybersecurity policies, security regulations, compliance, and ethical behaviour. However, research into employees' internal capabilities and psychological factors, such as emotions, that enable them to protect organisational information assets is still in its early stages. Therefore, this thesis aims to explore the influence of employees' emotions on their cybersecurity protection motivation behaviours within Saudi Arabia’s context. The research highlights self-efficacy as a mediating factor and cybersecurity awareness as a moderating factor. This thesis is underpinned by the Broaden and Build Theory (BBT) and Protection Motivation Theory (PMT) to explore the influence of negative and positive emotions on employees' cybersecurity protection motivation behaviour. Moreover, it adopted a deductive research design, employing a quantitative approach through an online survey, resulting in 383 responses from participants at King Abdulaziz University in Saudi Arabia. The data were analysed using partial least squares structural equation modelling (PLS-SEM) via SmartPLS 4 software, which included measurement and structural model assessments. The study found that negative emotions do not influence employees' self-efficiency or motivation to protect themselves. Moreover, it found that self-efficacy does not mediate the relationship between negative emotions and employees' protection motivation behaviour. However, positive emotions positively influence employees' self-efficacy and protection motivation behaviour. In addition, self-efficacy positively mediates the relationship between positive emotions and employees’ protection motivation behaviour. Regarding cybersecurity awareness, it was found that it positively influences employees' protection motivation. Moreover, it also moderates the relationships between positive emotions and self-efficacy and protection motivation behaviour, and between self-efficacy and protection motivation behaviour. The study contributes to cybersecurity by showing how emotions influence protective behaviours. It introduces a novel model based on BBT and PMT, exploring how emotions influence employees' self-efficacy and protection motivation behaviour. Moreover, the study's empirical findings address a gap by focusing on how emotions influence cybersecurity protection motivation behaviours.
    12 0
  • No Thumbnail Available
    ItemRestricted
    Assessing Cybersecurity Awareness Among Public Sector Employees in Saudi Arabia: A Study on Social Engineering Vulnerabilities
    (Royal Holloway University of London, 2024-08-28) Almadhi, Khaled; Ojo, Olumide
    The purpose of this study is to evaluate the level of cybersecurity awareness among employees in the public sector of Saudi Arabia with a specific focus on understanding their vulnerability to social engineering attacks. This literature review examines cybersecurity awareness among public sector employees towards social engineering vulnerabilities. Understanding and mitigating these vulnerabilities is critical due to the increasing prevalence of cyber-attacks that exploit human factors. The review critically examines theories (i.e., Protection Motivation Theory (PMT) and the Theory of Planned Behaviour (TPB)) about motivations and behaviours that influence cybersecurity practices among employees. In addition, the review evaluates established frameworks of (i.e., the National Institute of Standards and Technology's Security Awareness, Training, and Education (NIST SATE) framework, the Human Aspects of Information Security Questionnaire (HAIS-Q), and the Cybersecurity Awareness Training (CSAT) framework) to assess for their effectiveness in buttressing cybersecurity awareness and their limitations such as the challenges in measuring training effectiveness and adapting to diverse organisational needs. Furthermore, the review categorises multifarious social engineering threats of (i.e., phishing, spear phishing, pretexting, baiting, tailgating and quid pro quo) so as to provide detailed thoughts into their mechanisms and management strategies. Past studies are critically scrutinised to evaluate the effectiveness of existing cybersecurity training programs, revealing specific vulnerabilities, knowledge gaps and the significant impact of organisational culture and policies on cybersecurity awareness. Such comprehensive analysis identifies critical areas for improvement and underscores the need for continuous updates and tailored training programs. By bridging the gap between theoretical information and practical applications, this review aims to provide a foundation for developing targeted strategies that enhance cybersecurity awareness and resilience among public sector employees. This study measures cybersecurity knowledge across Saudi public sector workers using a quantitative, positivist-guided methodology. It employs a logical approach to test hypotheses using online surveys that are examined using SPSS. Convenience sampling as well as the cross-sectional approach allow for extensive data gathering while upholding participant protection ethics. The results of the T-test, all the alternative hypotheses are accepted as the obtained p-values are less than 0.05 (p<0.05). Oppositely, the results of regression analysis indicate that the first and second hypotheses are accepted, but the third alternative hypothesis cannot be accepted. Hence, by comparing the results of regression analysis with the results of the T-test and graphical analysis, it can be stated that cybersecurity training, organisational policy and organisational culture significantly and positively influence cybersecurity awareness among employees.
    36 0
  • No Thumbnail Available
    ItemRestricted
    “Exploring the Macroeconomic Implications of CBDCs”
    (Brunel University, 2024-09-05) Alnughaymishi, Saleh Mohammed; Korotana, Mohammed
    This dissertation examines the potential macroeconomic implications of CBDC adoption, focusing on monetary policy, financial stability, and economic growth. A comprehensive literature review explores the historical evolution of money and digital currencies, analysing various CBDC models and design choices. The study delves into the potential impacts of CBDCs on monetary policy transmission mechanisms and financial stability, while also considering the technological and operational challenges associated with their implementation. The dissertation provides a detailed analysis of the UK's legislative framework concerning CBDCs, including an overview of current financial legislation, proposed regulatory changes, and the role of the Bank of England. Comparative analyses with other jurisdictions offer a broader perspective on global regulatory approaches. Empirical analysis1 and case studies of CBDC implementations provide practical insights into the real-world implications of these digital currencies. Based on these findings, the dissertation presents policy recommendations for central banks, governments, financial institutions2, and technology providers to effectively navigate the challenges and opportunities presented by CBDCs.
    35 0
  • No Thumbnail Available
    ItemRestricted
    ADAPTIVE INTRUSION DETECTION SYSTEM FOR THE INTERNET OF MEDICAL THINGS (IOMT): ENHANCING SECURITY THROUGH IMPROVED MUTUAL INFORMATION FEATURE SELECTION AND META-LEARNING
    (Towson University, 2024-12) Alalhareth, Mousa; Hong, Sungchul
    The Internet of Medical Things (IoMT) has revolutionized healthcare by enabling continuous patient monitoring and diagnostics but also introduces significant cybersecurity risks. IoMT devices are vulnerable to cyber-attacks that threaten patient data and safety. To address these challenges, Intrusion Detection Systems (IDS) using machine learning algorithms have been introduced. However, the high data dimensionality in IoMT environments often leads to overfitting and reduced detection accuracy. This dissertation presents several methodologies to enhance IDS performance in IoMT. First, the Logistic Redundancy Coefficient Gradual Upweighting Mutual Information Feature Selection (LRGU-MIFS) method is introduced to balance the trade-off between relevance and redundancy, while improving redundancy estimation in cases of data sparsity. This method achieves 95% accuracy, surpassing the 92% reported in related studies. Second, a fuzzy-based self-tuning Long Short-Term Memory (LSTM) IDS model is proposed, which dynamically adjusts training epochs and uses early stopping to prevent overfitting and underfitting. This model achieves 97% accuracy, a 10% false positive rate, and a 94% detection rate, outperforming prior models that reported 95% accuracy, a 12% false positive rate, and a 93% detection rate. Finally, a performance-driven meta-learning technique for ensemble learning is introduced. This technique dynamically adjusts classifier voting weights based on factors such as accuracy, loss, and prediction confidence levels. As a result, this method achieves 98% accuracy, a 97% detection rate, and a 99% F1 score, while reducing the false positive rate to 10%, surpassing previous results of 97% accuracy, a 93% detection rate, a 97% F1 score, and an 11% false positive rate. These contributions significantly enhance IDS effectiveness in IoMT, providing stronger protection for sensitive medical data and improving the security and reliability of healthcare networks.
    25 0
  • No Thumbnail Available
    ItemRestricted
    Improvements of Technical Blockchain to Combat Ransomware Attacks in Healthcare
    (Newcastle University, 2024) Albalawi, Sarah; Mace, John
    In the face of increasing cybersecurity threats, ransomware attacks have become a significant risk to critical sectors such as healthcare. As medical healthcare systems increasingly rely on electronic health records, they face heightened vulnerabilities that can compromise patient data and disrupt essential medical services. Ransomware attacks can encrypt and render critical medical records inaccessible, jeopardising patient care. This research aims to develop and evaluate a blockchain-based solution designed to secure medical healthcare records against ransomware, enhancing data integrity, availability, and security in healthcare systems. By leveraging blockchain technology, specifically by using smart contracts and decentralised applications on the Ethereum platform, the proposed solution creates a decentralised, immutable medical record management system. The system's robustness is demonstrated through a Python-based ransomware simulation, which compares locally stored medical data with data managed via blockchain. The findings show that the blockchain-based approach and smart contracts maintain data integrity and availability during ransomware attacks, preventing unauthorised access and ensuring continuous healthcare operations. These results suggest that adopting blockchain technology in healthcare can significantly mitigate the risks posed by ransomware, reduce operational disruptions, and protect patient data from evolving cyber threats, ultimately providing a scalable and secure solution for enhancing cybersecurity in the healthcare sector.
    30 0
  • No Thumbnail Available
    ItemRestricted
    Cloud Cybersecurity
    (Universidad de Al cala, 2024) Bokhari, Nabil; Herraiz, Martinez; Javier, Jose
    The rapid evolution of cloud computing has revolutionized modern business operations, from hosting applications to storing data in high-security environments. Competitive businesses are leveraging cloud computing solutions to maximize the benefits, including cost-effectiveness, flexibility, and scalability. Cloud computing enables enterprises to access on-demand and scalable computing resources, specifically computational power and vast data storage. Despite the immense benefits, the security of data transmitted and stored in a cloud computing environment is vulnerable to multiple cybersecurity attacks, including data manipulation, loss, and theft. The study aims to develop a security model for enhanced data privacy and security in the cloud by leveraging a hybrid of cryptographic algorithms and steganography image-based techniques. The security model innovatively combines Advanced Encryption Standard (AES), Rivest Shamir Adleman (RSA), and the Least Significant Bit (LSB) technique to enhance data privacy and security of data in motion in a cloud computing environment. The three-step security model was designed, developed, and evaluated using the Design Science Research (DSR) methodology. The model secures data through cryptographic algorithms, adds an extra security layer using steganography, and implements backup and data recovery. The methodology was selected because of its practicality and philosophical underpinnings on addressing contemporary challenges by developing novel and relevant artifacts using scientifically rigorous procedures. The findings show that a hybrid of cryptography and steganography provides unbeatable security for data in a cloud computing environment. Implementing the security model will enhance data privacy and security in the cloud by revolutionizing how data is encrypted and decrypted. In the future, the integration of Machine Learning and Artificial Intelligence methodologies and algorithms will quadruple the effectiveness and robustness of this data security model for the cloud.
    26 0
  • No Thumbnail Available
    ItemRestricted
    Evaluating NCA OTCC’s Effectiveness in ICS Cybersecurity: A Comparative Analysis with NIST SP800-82 Rev.3 and IEC62443
    (Newcastle University, 2024-08-13) Omran, Abdullah; Ahmed, Mujeeb
    This study evaluates the effectiveness of the newly released Saudi Arab ia Operational Technology Cyb ersecurity Controls (OTCC) in protecting and mitigating industrial control systems (ICS) infrastructures. As critical infrastructure threats and attacks increase exponentially, assessing national frameworks is crucial for enhancing cyb ersecurity posture in those critical infrastructures. This research compares OTCC with well- known international standards like NIST SP800-82 Rev.3 and IEC 62443 while analyzing the coverage against real-world cyb er threats using the MITRE ATT&CK for ICS framework. In this research, a mixed-method approach was developed which contains comparative analysis, control mapping, and simulated ICS environments. These methods helped in reviewing OTCC structure, mapped relevant controls to MITRE ATT&CK techniques, and did a side-by-side comparison with NIST SP800-82 Rev.3. Our findings showed that OTCC provided a foundation for ICS security in Saudi Arab ia while lacking some depth and comprehensiveness when compared to international standards. OTCC covers approximately 60% of NIST SP800- 82 Rev.3 control areas often with less guidance and discussion for controls. Mapping against MITRE ATT&CK showed some gaps in terms of addressing attack techniques with a coverage of only 60% compared to 86% for NIST SP800- 82 Rev.3 and 97% for IEC 62443. The study highlights OTCC limitations in mitigating and protecting against sophisticated cyb er threats in particular those employed by APT groups targeting critical infrastructure. This shows the need for enhancements to OTCC to match the effectiveness of international standards in protecting Saudi Arab ia’s ICS environments. Future research should focus more on real-world implementation studies and developing frameworks to address evolving threats used by APT groups in the ICS landscape.
    16 0
  • No Thumbnail Available
    ItemRestricted
    Assessing and Enhancing Protection Measures for Internet of Things (IoT) in Cybersecurity
    (University of Portsmouth, 2024-09) Alshehri, Abdulrahman; Bader-El-den, Mohammed
    The Internet of Things (IoT) revolution sweeps across Saudi Arabia, connecting devices, transforming industries, enhancing lives. But with great connectivity comes great vulnerability - cybersecurity threats loom large in this digital frontier. This study delves into the heart of IoT security in the Kingdom, surveying the landscape, probing the defenses, seeking solutions. Through the lens of cybersecurity professionals, we explore current practices, uncover challenges, envision improvements. Our findings paint a picture of a nation at a crossroads: frequent audits needed, authentication protocols lacking, employee training insufficient, encryption underutilized. Yet hope springs eternal in the form of correlations discovered - more vigilant monitoring begets stronger authentication desires. From this research emerges a roadmap for the future: recommendations for policymakers to craft robust regulations, guidelines for organizations to fortify their digital fortresses, advice for end-users to navigate the IoT maze safely. In the rapidly evolving technological tapestry of Saudi Arabia, this study weaves a thread of security consciousness, contributing to a safer, more reliable IoT ecosystem. As the Kingdom marches towards its Vision 2030, may it do so with cybersecurity as its steadfast companion.
    20 0
  • No Thumbnail Available
    ItemRestricted
    Identifying Characteristics Of Individuals Most Vulnerable To Mobile Phishing In Saudi Arabia
    (Newcastle University, 2024-08) Alrasheed, Abdullah Mohammed; Ibrahim, Rasha
    Mobile phishing attacks represent a significant threat in today’s digital landscape, especially in countries with high smartphone usage rates. Saudi Arabia, with its 99% internet usage and 98.9% of users primarily accessing the internet through mobile phones, face a growing and persistent risk of mobile phishing. This dissertation investigates the effect of the demographic characteristics and security awareness of Saudi mobile users on their vulnerability to mobile phishing attacks. Through an online survey utilizing a mobile phishing IQ test, data was collected from 203 participants across various age groups, genders, educational levels, and general cybersecurity knowledge levels. Multiple regression analysis showed that while age and gender were not significant predictors of phishing vulnerability, educational level and general cybersecurity knowledge were positively associated with both accuracy and precision in identifying phishing attempts. The model explained 12.1% of the variance in accuracy (adjusted R square = 0.103) and 10.3% of the variance in precision (adjusted R square = 0.085). Notably, participants performed better at identifying phishing messages (from 89.2% to 98% accuracy) compared to genuine messages (from 62.6% to 82.8% accuracy). The study highlights the need for targeted awareness efforts and training programs, particularly for individuals with lower educational levels and limited cybersecurity knowledge. These findings add to the growing body of research on mobile phishing susceptibility and provide valuable insights for developing more effective strategies to combat mobile phishing attacks in Saudi Arabia and similar cultural contexts. Future research should focus on real-world mobile phishing scenarios and longitudinal studies to assess the long-term effectiveness of awareness strategies.
  • No Thumbnail Available
    ItemRestricted
    ANALYSIS OF CYBERSECURITY INTEGRATION AND LEGISLATIVE STRATEGIES IN JAPAN
    (Kyushu University, 2024-08-21) Aldhafeeire, Salman; Jiro, Hasumi
    This thesis analyzes Japan's national security strategy, which integrates cybersecurity and legislative strategies in response to evolving global cyber threats. The thesis emphasizes the growing importance of cybersecurity in an ever-evolving cyberspace, where state-sponsored cyber-attacks pose significant risks to national security, individual privacy, and economic stability. It explores Japan's proactive policies to cybersecurity integration, considering the interconnected nature of information warfare in the contemporary geopolitical landscape. Despite a historical aversion to militarization, the challenges posed by cyber threats necessitate a pragmatic response, resulting in the delicate balance between defending against cyber threats and upholding pacifist ideals. The research questions focus on understanding how Japan systematically integrates cybersecurity and information warfare measures, legislative frameworks, and proactive initiatives to fortify critical infrastructure and secure sensitive data. The literature review addresses the major policies and interventions by examining Japan's 2021 Cybersecurity Strategy, outlining the government's approach to addressing contemporary threats. The methodology employs a mixed research approach, incorporating document analysis and expert interviews of cybersecurity incidents. The analysis section will dissect secondary sources, resulting in a conclusion synthesizing key findings, academic contributions, and implications for policymakers, academics, and practitioners in cybersecurity and national security, aligning with the Cybersecurity Integration Framework (CIF) theoretical framework. The CIF model is used to assess the extent to which Japan's initiatives effectively reconcile pacifism and defensive cybersecurity measures and incorporates Pacifist Elements, Proactive Elements, Adaptability, and Integrated Analysis in its evaluation. The thesis contributes to a detailed understanding of Japan's cybersecurity strategies, highlighting the integration of information warfare, the impact of historical pacifism, and the effectiveness of legislative frameworks.

Copyright owned by the Saudi Digital Library (SDL) © 2025