Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Subject: search.filters.subject.Cybersecurity

Search Results

Now showing 1 - 10 of 64
  • No Thumbnail Available
    ItemRestricted
    Investigating the Factors that Affect the Adoption of Cybersecurity Data Visualization Applications Within Organizational Context: An Application of the T-O-E Framework
    (Saudi Digital Library, 2025) Aljasir, Afnan; Chinazunwa, Uwaoma
    Cybersecurity visualization (VizSec) tools have emerged as critical enablers for organizations to detect, interpret, and respond to increasingly complex cyber threats. Despite their potential, the adoption and effective use of these tools remain inconsistent across industries. This dissertation examines the determinants of VizSec adoption through the application of the Technology-Organization-Environment (TOE) framework; and the effect of its adoption on organizational performance thereafter. Mixed-method approach was used in this study to provide an in-depth understanding of quantitative and qualitative results. During the quantitative step, a survey of 230 cybersecurity professionals and decision-makers in various industries was used to gather data and analyzed using Partial Least Squares Structural Equation Modeling (PLS-SEM). The qualitative stage was based on 14 semi-structured interviews, conducted with the help of the six-phase thematic analysis of Braun and Clarke, in order to render the lived experiences and the practical knowledge of the participants. The results show that the most powerful drivers of adoption are technological determinants, especially ease of use, lesser complexity, and compatibility with the already existing infrastructure. Influencing factors include organizational aspects, comprising of top management support, financial and human resources, as well as the organizational ability to learn, without which the value of VizSec is constrained due to the lack of skilled professionals. Environmental factors were considered key determinants, whereas competitive pressure had a small influence. Notably, the research proved the mediating effects of Security Data Visualization (SDV) between factors of the TOE and organizational performance. Adoption of VizSec was found to have a high level of customer satisfaction, financial performance, innovation and agility within the organization. Theoretically, this research contributes by generalizing the use of the TOE framework in the space of cybersecurity visualization and introduces SDV as a mediating construct to redefine organizational and environmental variables in this sense. In practice, the study provides a roadmap on how organisations can get the best out of VizSec through strategic investments, enhancing compliance, developing skilled human capital, and establishing vendor relationships.
    7 0
  • No Thumbnail Available
    ItemRestricted
    An Investigation on Improving the Security of Remote Work to Secure Communication and Enhance Efficiency
    (Saudi Digital Library, 2025) ALBATEL, Yousef; AlDoghman, Firas
    The rapid adoption of remote working has transformed organisational operations, particularly following the COVID-19 pandemic. While remote work offers significant benefits such as flexibility, reduced operational costs, and improved employee productivity, it has also introduced substantial challenges related to the security of communication systems. Remote workers increasingly rely on personal devices, unsecured networks, and digital collaboration tools, making organisational data and communication channels vulnerable to cyber threats such as phishing, malware, and data breaches. This research investigates the security challenges affecting communication in remote working environments and examines strategies that can be adopted to enhance both security and efficiency. Guided by the Technology Acceptance Model (TAM), the study explores how perceived usefulness and ease of use influence the adoption of security technologies in remote work settings. A comprehensive review of existing literature is conducted to identify key cybersecurity risks and evaluate mitigation strategies, including encryption, virtual private networks (VPNs), zero-trust architecture, identity and access management, and employee cybersecurity awareness training. The findings highlight that although effective security solutions exist, their adoption is often hindered by high implementation costs, performance limitations, and insufficient technical skills among employees. The study concludes that organisations must adopt a holistic approach combining technological solutions, organisational policies, and employee training to secure communication channels and enhance the overall efficiency of remote working. The research contributes to both academic literature and professional practice by providing insights into improving secure communication within modern remote work environments.
    6 0
  • No Thumbnail Available
    ItemRestricted
    Between a Chat and a Hard Place: Technical Compliance Measures and Intermediary Liability in End-to-End Encrypted Messaging Platforms under the Online Safety Act
    (Saudi Digital Library, 2025) AlEid, Haneen; Lachlan, Urqhart
    This study investigates the complex interplay between content moderation, platform liability, and end-to-end encryption (E2EE) within the legal context of the United Kingdom’s Online Safety Act 2023. It critically assesses how the Act approaches intermediary liability for E2EE-enabled platforms such as WhatsApp, Signal, and Telegram, with particular attention to the feasibility, effectiveness, and proportionality of proposed technical measures for moderating encrypted communications. The research further explores the evolving regulatory mandate of Ofcom and identifies pathways to reconcile public safety objectives with the safeguarding of user privacy. By integrating legal analysis with a technical understanding of encryption and platform architecture, the study seeks to advance a rights-respecting and technically grounded model of platform accountability. It argues that aligning regulatory frameworks with realistic technological capabilities is not only essential for effective governance but also vital for maintaining public trust in digital communication systems.
    8 0
  • No Thumbnail Available
    ItemRestricted
    Exploring the use of LLMs to analyse/summarise security logs
    (Saudi Digital Library, 2025) Algoblan, Faisal; William, Seymour
    Security and system logs are key to modern cybersecurity and IT operations. However, their scale and complexity put a lot of pressure on analysts. Large language models (LLMs) offer new ways to summarise and interpret logs, but their use raises questions about trust, risk, and governance. This project set out to explore how practitioners perceive the role of LLMs in operational security and what safeguards they believe are necessary for safe adoption. Eight semi-structured interviews were carried out with professionals who had experience in log analysis, including SOC Manager and analysts, IT administrators, and students with relevant backgrounds. The transcripts were analysed using Braun and Clarke’s thematic analysis [5], resulting in four themes: Workflow Integration and Guardrails; Trust, Verification, and Evidence; Privacy and Data Governance; and Adoption and Organisational Readiness. Findings show that practitioners see value in combining LLMs with existing tools like SIEM platforms, alert triage workflows, and ticketing systems. They stressed that human oversight is vital. Prompts must be carefully structured, and outputs need supporting evidence before they can be trusted. Privacy concerns were significant, with requests for local hosting, strict access controls, data minimization, and clear audit policies. Adoption relied on training, cultural readiness, and a clear return on investment. The study contributes by offering a practitioner-centred view of LLM use in cybersecurity, filling a gap in the literature that has mainly focused on technical benchmarks. It concludes that LLMs can support efficiency and improve understanding in log analysis, but only when integrated into workflows that enforce verification, protect privacy, and ensure clear accountability.
    9 0
  • No Thumbnail Available
    ItemRestricted
    Emerging Cybersecurity Risks and the Effectiveness of Risk Management Frameworks in Saudi Arabia
    (Saudi Digital Library, 2025) Abdulaziz, Mohammed; Adamos, Vasileios
    Cybersecurity, Risk Management, Saudi Arabia, NIST CSF, ISO 27005, SAMA, UK NCSC, Risk Frameworks, Emerging Threats, Financial Sector
    42 0
  • No Thumbnail Available
    ItemRestricted
    Optimizing Hate Text Detection using Custom NLP Techniques and an Adapted DeBERTa-based Machine Learning Model
    (Saudi Digital Library, 2025) Aljabbar, Abdullah; AlYamani, Abdulghani
    The rapid expansion of social media has transformed online communication, providing platforms for public debate and community engagement. However, this openness has also facilitated the spread of harmful content, particularly hate speech, which poses significant risks to individual well-being, social cohesion, and digital trust. Detecting such content remains a major challenge due to the subtle, context-dependent, and evolving nature of hateful expressions. Traditional machine learning models, though useful as early baselines, often fail to capture linguistic nuance and contextual depth. Recent advances in natural language processing (NLP), particularly Transformer-based architectures, have significantly improved text classification tasks by enabling context-sensitive embeddings. This research investigates the effectiveness of DeBERTa (Decoding-enhanced BERT with Disentangled Attention) for hate speech detection. The study employs a systematic methodology consisting of four stages: data preparation and preprocessing, exploratory data analysis, model development, and evaluation. A curated dataset of 2,041 social media posts, derived from a larger corpus, was pre-processed to remove noise, normalise text, and correct class imbalance. The DeBERTa-v3-large model was fine-tuned using cross-entropy loss and AdamW optimisation. Performance was assessed with accuracy, precision, recall, F1-score, ROC, and PR curves, while error analysis and confusion matrices were used to identify common misclassifications. The findings demonstrate that DeBERTa can effectively capture indirect meaning and grammar connections. Additionally, outperforming traditional approaches and offering robust classification of hate and non- hate content. The study contributes to both NLP research and the wider cybersecurity domain by supporting the development of more reliable automated moderation tools that promote safer digital environments.
    14 0
  • No Thumbnail Available
    ItemRestricted
    Resilience of Saudi Financial Institutions Against AI-Driven Cyber Threats
    (Saudi Digital Library, 2025) ALshammar, Rushud; Adamos, Vasileios
    Artificial intelligence (AI) is increasingly exploited by cybercriminals, creating advanced threats that challenge the security of financial institutions. Saudi banks, central to Vision 2030’s digital transformation, face heightened risks from AI-driven attacks such as phishing, fraud detection evasion, and adversarial machine learning. The aim of this research was to evaluate the resilience of six major Saudi banks (NCB, Al Rajhi, SABB, Riyad Bank, BSF, and ANB)against AI-enabled cyber threats, with a focus on identifying gaps in current frameworks, assessing employee awareness, and recommending improvements. A quantitative, cross-sectional survey was employed, gathering data from banking professionals across cybersecurity, compliance, and risk management roles. The findings show that while AI-driven threats are widely recognised, frameworks are inconsistently applied, AI-powered defences are rare, and employee training lacks AI-specific content. These shortcomings reduce institutional agility and leave human awareness as the weakest layer of defence. The study is limited by its reliance on survey data, which restricts depth of institution-specific insights. It recommends mandatory AI-focused training, adoption of automated defence systems, and contextualised national frameworks. Future research should include longitudinal studies, case-specific analyses, and simulation-based testing to strengthen resilience in evolving threat environments.
    31 0
  • No Thumbnail Available
    ItemRestricted
    An NLP-Driven Framework for Business Email Compromise Detection and Authorship Verifcation
    (Saudi Digital Library, 2025) Almutairi, Amirah; AlHashimy, Nawfal; Kang, BooJoong
    Business Email Compromise (BEC) presents a critical cybersecurity threat, leveraging linguistic impersonation and social engineering rather than traditional malicious payloads. These attacks routinely evade conventional flters by mimicking legitimate communication styles and exploiting trusted identities. This thesis explores content-based detection strategies for BEC using a sequence of natural language processing (NLP) models. First, it proposes a transformer-based classifer to detect semantic indicators of deception in email body text. Second, it develops a Siamese authorship verifcation (AV) model that captures stylistic consistency, even under adversarial mimicry. These components are unifed within a multi-task learning (MTL) framework that simultaneously optimizes for BEC detection and AV by sharing underlying representations while preserving task-specifc objectives. To support empirical evaluation, a structured taxonomy of BEC fraud is introduced, and a synthetic email dataset is generated through prompt-guided language model fne-tuning and human validation. Experiments on combined real and synthetic corpora demonstrate that the MTL model achieves up to 97% F1-score in BEC detection and 93% in AV, outperforming transfer learning baseline while reducing false positives and computational overhead. This work contributes a principled, modular, and extensible framework for enhancing email security through joint semantic and stylistic analysis, addressing gaps in current defenses against sophisticated impersonation attacks.
    12 0
  • No Thumbnail Available
    ItemRestricted
    CYBERSECURITY PROFESSIONALS’ BEHAVIORAL PREDISPOSITIONS AFFECTING CYBERSECURITY COMMITMENT AND CONSISTENCY: SAUDI ARABIAN CONTEXT
    (Saudi Digital Library, 2025) Kabli, Rana; MICHELLE, LIU
    The intensity of cybersecurity incidents has been on the rise and is attributed to factors related to end-users and security professionals. Human subjects such as employees make the greatest loop to cybersecurity incidents currently reported across the globe. This is due to a lack of awareness and other behavioral aspects that contribute to online risky behaviors. The study aimed to determine the influence of cybersecurity professionals’ behavioral predispositions on cybersecurity commitment and consistency in Saudi Arabia. The study focused on the professional behavioral attributes that have been associated with cybersecurity behavior: subjective norms, attitudes, self-efficacy to comply, perceived behavioral control, and perceived benefit of compliance. A survey instrument was developed from previous literature, and the instrument was converted into an online survey that was utilized in data collection. The analysis of the collected data, established that whereas the respondents understand the importance of commitment and consistency, a significant number of the cybersecurity professionals felt that commitment and consistency had a minor effect on security of information systems. The analysis established that cybersecurity attitudes and subjective norms was the greatest predictor of commitment and consistency in compliance with cybersecurity policies. The significant influence of cybersecurity attitude indicates that cybersecurity professionals' personal beliefs substantially influence their compliance behaviors. Crucially, the significant influence of subjective norms points indicates that organizational culture and leadership is crucial in promoting commitment and consistency in compliance with cybersecurity policies.
    32 0
  • No Thumbnail Available
    ItemRestricted
    Analysing Cybersecurity Risk Assessment Model for Healthcare Systems in Saudi Arabia
    (Saudi Digital Library, 2025-05) Alghamdi, Abdulmonem; Vasileios, Adamos
    This study analyses the Saudi Arabian's cybersecurity issues in healthcare systems and assesses the usefulness of international risk assessment models in some frameworks such as ISO/IEC 27001 and NIST. It identifies major threats like ransomware, phishing, data breaches, and insider risks based on survey responses from medical professionals like medical staff, cybersecurity specialists and administrative managers. Variety of medical institutions members with difference in beds capability, number of branches and financial situation that guarantees the national-wide needs study. Findings point to critical weaknesses in the current models, especially their incompatibility with local regulations and organisational cultures and special needs. Consequently, the study emphasises the necessity of a tailored cybersecurity risk assessment model that is particular to the Saudi healthcare environment. The research highlights key elements and offers suggestions to improve cybersecurity resilience in accordance with national policies and Vision 2030 objectives, even though it does not fully implement a model.
    50 0

Copyright owned by the Saudi Digital Library (SDL) © 2026