Saudi Cultural Missions Theses & Dissertations
Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10
Browse
2 results
Search Results
Item Restricted Cultivating Compliance: Building a Robust Information Security Culture in Higher Education Institutions Through Organisational Culture(Saudi Digital Library, 2025) ALSHAREEF, ASMA AHMED F; Craggs, Barnaby; Ramokapane, MarvinInformation security threats have been seen to severely impact higher education institutions (HEIs), with over 61 major incidents 2020-2023 in the UK alone, with numerous accounts of attacks globally on the sector. These implications might manifest in adverse effects on the institutions, such as reputational damage and financial loss, or on employees, such as disruptions to workflow, research projects, or mental well-being. HEIs have invested heavily in advanced technology to mitigate or eliminate these security threats. However, it is well known that the primary role in safeguarding organisations from such threats lies with employees in terms of their compliance with information security policies (ISPs). Unfortunately, HEIs worldwide still face an alarming pattern of noncompliance among their employees. The literature has suggested that cultivating a robust information security culture can improve employees' compliance with ISPs. Despite this, recent data shows that this culture remains relatively weak in HEIs. Further, the literature indicates that there is still uncertainty regarding which factors are essential to build and nurture a desirable security culture at HEIs, possibly exacerbating the problem. Moreover, the role of the broader organisational culture that underlies the security culture has not been investigated in the higher education setting. To address gaps in the literature, through a mixed-methods approach with participants in the United Kingdom (UK) and Saudi Arabia (SA), the two primary locations of this research, this thesis identifies the key factors of the culture of information security within HEIs, examines the relationships between this culture and the organisational culture, and examines the potential impact of both cultures on employees' compliance behaviours within the HEI setting. This thesis offers three key contributions to the literature, being: 1- validation of seven key factors, previously attributed in other geographies, that are present in developing an information security culture among HEI employees in the UK and SA, 2- evidence of the true positive impact of organisational culture upon the inherent security culture within HEIs, and 3- a model of compliance behaviour which integrates cultural aspects and explains their effects on shaping HEI employee compliance with security policies. This thesis, in its conclusion, offers up practical guidance to leaders and security professionals on how to implement the seven key factors of information security culture along with a how to approach organisational culture with appropriate strategies to help foster a robust information security culture within HEIs and promote good compliance with security policies and procedures.18 0Item Restricted DESIGNING AN INTRUSION DETECTION SCHEME FOR INDUSTRIAL ADJUSTABLE SPEED DRIVE SYSTEMS(2023-08) Alotaibi, Faris; Enjeti, PrasadThis dissertation proposes a detection method for cyber intrusions on sensor measurement of an adjustable speed drive (ASD) system controlling a critical process and a grid-following PV inverter system. The proposed detection method is injecting a random private low-amplitude signal with a zero mean Gaussian distribution, “watermark”, into one of the input phase voltages that power the system or to the control input signal of a system. This watermark signal propagates through the system, then ultimately appears in the sensor measurements. By deploying two statistical dynamic watermarking tests with two proper thresholds, the system can detect potential cyber-intrusions or unobservable cyber-attacks such as replay attacks. In Chapter 2, we described the modeling and V/f control for the industrial ASD system, and then we illustrated the behaviors of the industrial ASD system under false data injection attacks (FDIA). FDIA is an attacker adding false data into the feedback control loop, which can cause the system to act abnormally and possibly lead to dangerous consequences such as equipment damage and system instability. Therefore, we need to develop a detection method for cyber intrusions. Chapter 3 presented the proposed Dynamic Watermarking approach on the industrial ASD system with the injection of the watermark signal into the control input signal, which is the modulation index of the inverter. The approach is validated using Hardware-in-the-Loop (Typhoon HIL) setup with the implementation of several attack scenarios, such as replay attacks. The proposed Dynamic Watermarking approach was experimentally tested on a commercial ASD system in Chapter 4. The watermark signal here is injected into one of the input phase voltages that power the system. This system, powered by a commercial PWM drive operating at 208 V, 3-phase, and 3.7 kW, served as our experimental platform. Furthermore, the approach is examined on multiple ASD systems controlling a critical process through Hardware-in-the-Loop (HiL). Chapter 5 proposed a method to detect a man-in-the-middle attack (MiTM) on a grid following PV inverter system. The control objective of the grid following inverter is to utilize the measurement data from the smart meter to supply the maximum available solar power at any given point to a residential load, while simultaneously preventing any reverse power flow to the grid. FDIA is envisioned on the smart meter data communicated to the inverter by malicious actors. A Hardwarein-the-Loop (HIL) implementation reveals that the detection method effectively identifies FDIA and unobservable FDIA, such as replay attacks.13 0