Enhancement of cybersecurity awareness program on personal data protection among youngsters in Malaysia: an assessment
List of Authors
  • Noor Hayani Abd Rahim , Suraya Hamid

Keyword
  • cybersecurity awareness, program assessment, youngsters, personal data protection, Kirkpatrick’s Four Learning Evaluation Model

Abstract
  • Cybersecurity awareness program has been used as a medium to educate and make awareness among youngsters on personal data protection. However, it is still unclear the extent to which the effectiveness of this cybersecurity awareness program among youngsters require an assessment. This to ensure the current content of cybersecurity awareness program is consistently updated and aligned with current Internet usage among youngsters. Our assessment was systematically conducted using Kirkpatrick’s Four Learning Evaluation Model as conceptual framework; which consists of four phases of sequential assessment; Phase 1 –Reaction, Phase 2- Learning, Phase 3 – Behavior and Phase 4-Result. This study used mixed method research methodology in conducting the assessment and the instruments used in Phases 1 until 4 respectively were survey, pre-test and post-test survey, observation of web recording and focus group interview. The findings from this study revealed that youngsters do have positive reaction towards the program content, reported to have changes in terms of their knowledge and skills and practice of desired behavior on personal data protection. However, the undesired behavior also revealed practiced among youngsters and this suggest improvement required to the current module used to educate youngsters. The improvements include i) Decision making process in using personal data, ii) Management of online application iii)Management of online contents iv)Management of password and username. The result of this assessment is significant to the stakeholders in terms of providing insight into the effectiveness level of current module used to educate youngsters and assist them to decide better module.

Reference
  • [1] Abawajy, J., “User preference of cyber security awareness delivery methods”. Behaviour & Information Technology, Vol. 33 No. 3, 2014, 237–248. https://doi.org/10.1080/0144929X.2012.708787
    [2] Abawajy, J., Thatcher, K., & Kim, T.”Investigation of stakeholders commitment to information security awareness programs”, in 2008 International Conference on Information Security and Assurance (isa 2008) 2008, pp. 472–476. https://doi.org/10.1109/ISA.2008.25
    [3] Acquisti, A., Brandimarte, L., & Loewenstein, G.,“Privacy and human behavior in the age of information”. Science, Vol. 347 No.(6221), 2015, 509–514. https://doi.org/10.1126/science.aaa1465
    [4] Ahmad, R., & Bakar, Z. A., “Information systems skills requirements in Malaysia”. Malaysian Journal of Computer Science, Vol. 13 No.2, 2000, 64–69.
    [5] Aimeur, E., & Schonfeld, D., “The ultimate invasion of privacy: Identity theft”, in 2011 Ninth Annual International Conference on Privacy, Security and Trust, IEEE 2008, pp. 24–31. https://doi.org/10.1109/PST.2011.5971959
    [6] Albert, D., Chein, J., & Steinberg, L., “The teenage brain peer influences on adolescent decision making”. Current Directions in Psychological Science, Vol. 22 No.(2), 2013, 114–120. https://doi.org/10.1177/0963721412471347
    [7] Al-Hamdani, W. A., “Assessment of need and method of delivery for information security awareness program”, in Proceedings of the 3rd Annual Conference on Information Security Curriculum Development - InfoSecCD ’06, 2006, p.102. https://doi.org/10.1145/1231047.1231069
    [8] Atkinson, S., Furnell, S., & Phippen, A., “Securing the next generation: enhancing e-safety awareness among young people”. Computer Fraud & Security, Vol. July, 2009, pp.13–19. https://doi.org/10.1016/S1361- 3723(09)70088-0
    [9] Australian Cybercrime Online Reporting Network. Australian Cyber Security Center. Retrieved April 3, 2017, from https://www.acorn.gov.au/
    [10] Baek, Y. M., Kim, E. M., & Bae, Y., “My privacy is okay, but theirs is endangered: Why comparative optimism matters in online privacy concerns”. Computers in Human Behavior, Vol .31, 2014, pp.48–56. https://doi.org/10.1016/j.chb.2013.10.010
    [11] Christodoulaki, M., & Fragopoulou, P., “SafeLine: reporting illegal internet content”. Information Management & Computer Security, Vol 18 No 1, 2010, pp. 54–65. https://doi.org/10.1108/09685221011035269
    [12] Correa, T., Straubhaar, J. D., Chen, W., & Spence, J., “Brokering new technologies: The role of children in their parents’ usage of the internet”. New Media & Society, Vol 1461444813,2013. https://doi.org/1461444813506975.
    [13] Cyber Security Awareness Alliance. Cyber Security Agency of Singapore. Retrieved April 3, 2017, from https://www.csa.gov.sg/gosafeonline/go-safe-for-me/for-students
    [14] Da Veiga, A., “An information security training and awareness approach (ISTAAP) to instil an information security-positive culture”, in Proceedings of the ninth international symposium on human aspects of information security and assurance (HAISA 20150, 2015.
    [15] De Moor, S., Dock, M., Gallez, S., Lenaerts, S., Scholler, C., & Vleugels, C. Teens and ICT: Risks and opportunities, 2008. Retrieved November, 6, 2016.
    [16] Farooq, A., Isoaho, J., Virtanen, S., & Isoaho, J., “Information Security Awareness in Educational Institution: An Analysis of Students’ Individual Factors”, in 2015 IEEE Trustcom/BigDataSE/ISPA. IEEE, 2015, pp. 352– 359. https://doi.org/10.1109/Trustcom.2015.394
    [17] Fornell, C., & Bookstein, F., “Two structural equation models: LISREL and PLS applied to consumer exit-voice theory”. Journal of Marketing Research, Vol.19 No.4, 1982, pp. 440–452. https://doi.org/10.1177/002224378201900406
    [18] Furman, S., Theofanos, M. F., Choong, Y. Y., & Stanton, B.,”Basing cybersecurity training on user perceptions”. IEEE Security and Privacy, Vol. 10 No.2, 2012, pp. 40–49. https://doi.org/10.1109/MSP.2011.180
    [19] Furnell, S., “ Jumping security hurdles”. Computer Fraud & Security, Vol. 2010 No.6, 2010, pp. 10–14. https://doi.org/10.1016/S1361-3723(10)70067-1
    [20] Furnell, S. M., Bryant, P., & Phippen, A., “Assessing the security perceptions of personal Internet users”. Computers & Security, Vol.26 No.5, 2007, pp. 410–417. https://doi.org/10.1016/j.cose.2007.03.001
    [21] Furnell, S., Tsaganidi, V., & Phippen, A.,”Security beliefs and barriers for novice Internet users”. Computers & Security, Vol. 27 No.7–8, 2008, pp. 235–240. https://doi.org/10.1016/j.cose.2008.01.001 [22] Gross, J. B., & Rosson, M. B. (2007).,”Looking for trouble”, in Proceedings of the 2007 symposium on Computer human interaction for the management of information technology - CHIMIT ’07 (p. 10). New York, New York, USA: ACM Press, 2007. https://doi.org/10.1145/1234772.1234786
    [23] Henseler, J., Ringle, C., & Sarstedt, M.,”A new criterion for assessing discrimant validity in varience-based structural equation modeling”. Journal of the Academy Marketing Science, Vol.43 No.1, 2014, pp.115-135. https://doi.org/10.1007/s11747-014-0403-8
    [24] Ho, R, Second Edition: Handbook of Univariate and Multivariate Data Analysis eith IBM SPSS. CRC Press, 2014. https://doi.org/10.1201/b15605
    [25] Hong, W., & Thong, J. Y.,”Internet privacy concerns: an integrated conceptualization and four empirical studies”. MIS Quaterly, Vol.37 No.1, 2013, pp.275–298. https://doi.org/10.25300/MISQ/2013/37.1.12
    [26] Humaidi, N., & Balakrishnan, V.,”The moderating effect of working experience on health information system security policies compliance behaviour”. Malaysian Journal of Computer Science, Vol.28 No.2 2015.
    [27] Joe, M. M., & Ramakrishnan, D. B.,”A survey of various security issues in online social networks”. International Journal of Computer Networks and Applications, Vol. 1 No.1, 2014, pp.11–14.
    [28] Johansson, A., & Götestam, K. G.,”Internet addiction: characteristics of a questionnaire and prevalence in Norwegian youth (12-18 years)”. Scandinavian Journal of Psychology, Vol. 45 No.3, 2004, pp. 223–229. https://doi.org/10.1111/j.1467-9450.2004.00398.x
    [29] Johnson, E. C.,”Security awareness : Switch to a better programme”. Network Security, Vol. February,2006, pp. 15–18. https://doi.org/10.1016/S1353-4858(06)70337-3
    [30] Kirkpatrick, D, Evaluating training programs: four levels. San Francisco: Berrett-Koehler, 1994.
    [31] Kok, E. T., Ng, M. L. Y., & Kim, G. S.,”Online activities and writing practices of urban Malaysian adolescents”. System, Vol. 38 No.4,2010, pp. 548–559. https://doi.org/10.1016/j.system.2010.09.014
    [32] Kruger, H., & Kearney, W. D.,” A prototype for assessing information security awareness. Computers & Security, Vol.25 No.4, 2006, pp.289–296. https://doi.org/10.1016/j.cose.2006.02.008
    [33] LaRose, R., Lin, C. A., & Eastin, M. S., “Unregulated Internet usage: Addiction, habit, or deficient selfregulation?”. Media Psychology, Vol. 5 No. 3, 2003, pp. 225–253. https://doi.org/10.1207/S1532785XMEP0503_01
    [34] Lenhart, A, Teens, smartphones & texting. Pew Internet & American Life Project, 2012, pp.1-34.
    [35] Lenhart, A., Madden, M., Smith, A., Purcell, K., Zickhur, K., & Rainie, L.,Teens, kindness and cruelty on social network sites. Pew Internet and American Life Project, 2011, p.28.
    [36] Lenhart, A., Purcell, K., Smith, A., & Zickhur, K, Social media and mobile internet use among teens and youngs adults. Pew Internet and American Life Project, 2010.
    [37] Lewis, M.,”Iterative tringulation: A theory development process using existing case studies”. Journal of Operation Managements, Vol.16 No.4, 1998, pp.455–469. https://doi.org/10.1016/S02726963(98)00024-2
    [38] Livingstone, S., Bober, M., & Helsper, E, Internet literacy among children and young people : findings from the UK children go online project Internet literacy among children and young people. Findings from the UK Children Go Online Project, 2005.
    [39] Madden, M., Lenhart, A., Duggan, M., Cortesi, S., & Grasser, U,. Teen and technology 2013. Washington, DC: Pew Internet & American Life Project.,2013.
    [40] Mani, D., Choo, R., & Mubarak, S.,”Information security in the South Australian real estate industry: A study of 40 real estate organisations”. Information Management & Computer Security, Vol.22 No.1, 2014, pp.24–41. https://doi.org/10.1108/IMCS-10-2012-0060
    [41] Micheli, M., “What is new in the digital divide? Understanding internet use by teenagers from different social backgrounds”, in Communication and Information Technologies Annual. Emerald Group Publishing Limited, 2015 pp. 55-87. https://doi.org/10.1108/S2050-206020150000010003
    [42] Ng, B.-Y., Kankanhalli, A., & Xu, Y. (Calvin).,”Studying users’ computer security behavior: A health belief perspective”. Decision Support Systems, Vol.46 No.4, 2009, pp.815–825. https://doi.org/10.1016/j.dss.2008.11.010
    [43] O’Keeffe, G. S., Clarke-Pearson, K., & Council on Communications and Media.,”The impact of social media on children, adolescents, and families. Pediatrics, Vol. 127 No.4, 2011, pp. 800–804. https://doi.org/10.1542/peds.2011-0054
    [44] Oblinger, D., & Oblinger, J.,” Is it age or IT: First steps toward understanding the net generation”. Educating the Net Generation, Vol. 2 No.1–2, 2005, p. 20.
    [45] Ramli, N. S., Hassan, M., Osman, M. N., Shaffril, M., & Azril, H.,”Qualitative findings on youths views on the internet and mobile phone: the case of university students in Malaysia”. The Social Sciences, Vol.9 No.3,2014, pp. 239–243.
    [46] Rossi, P. H., Lipsey, M. W., & Freeman, H. E, Evaluation: A systematic approach. USA: Sage Publications Inc, 2004.
    [47] Royse, D., Thyer, B. A., Padgett, D. K., & Logan, T. K, Program evaluation an introduction. Cengage Learning, 2001.
    [48] Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H.-J.,”The impact of information richness on information security awareness training effectiveness”. Computers & Education, Vol. 52 No.1, 2009, pp.92–100. https://doi.org/10.1016/j.compedu.2008.06.011
    [49] Sieber, S., & Sabatie, J. V.,”Uses and attitudes of young people toward technology and mobile telephony”, in 16th Bled eCommerce Conference eTransformation 2003, pp. 773–787. Bled, Slovenia.
    [50] Siponen, M. T., “A conceptual foundation for organizational information security awareness”. Information Management & Computer Security, Vol.8 No.(Table I), 2000 31–41. https://doi.org/10.1108/09685220010371394
    [51] Sithira, V., & Nguwi, Y., “A study on the adolescent online security issues”. International Journal of Multidisciplinary and Current Research, Vol.2 No. June, 2014, pp.596–601.
    [52] Smahel, D., Helsper, E., Green, L., Kalmus, V., Blinka, L., & Ólafsson, K.,”Excessive internet use among European children”. Research and policy challenges in comparative perspective, 2012, pp. 191-204. https://doi.org/10.1332/policypress/9781847428837.003.0015
    [53] Spiekermann, S., Acquisti, A., Böhme, R., & Hui, K. L.,”The challenges of personal data markets and privacy”. Electronic Markets, Vol. 25 No.2, 2015, pp.161–167. https://doi.org/10.1007/s12525-015-0191-0
    [54] Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J.,”Analysis of end user security behaviors”. Computers & Security, Vol.24 No.2, 2005, pp. 124–133. https://doi.org/10.1016/j.cose.2004.07.001
    [55] Steinberg, L., & Cauffman, E.,”Maturity of judgment in adolescence: Psychosocial factors in adolescent decision making”. Law and Human Behavior, Vol. 20 No. 3, 1996, p. 249. https://doi.org/10.1007/BF01499023
    [56] Talib, S., Clarke, N. L., & Furnell, S. M., “An analysis of information security awareness within home and work environments”, in 2010 International Conference on Availability, Reliability and Security. 2010, pp. 196–203). Ieee. https://doi.org/10.1109/ARES.2010.27
    [57] Valcke, M., De Wever, B., Van Keer, H., & Schellens, T., “ Long-term study of safe Internet use of young children”. Computers & Education, Vol.57 No.1, 2011, pp. 1292–1305. https://doi.org/10.1016/j.compedu.2011.01.010
    [58] Vandoninck, S., D’Haenens, L., & Smahel, D. Preventive measures – how youngsters avoid online risks. 2014. Retrieved April 3, 2016, from www.eukidsonline.net
    [59] Yarbrough, D. B., Shulha, L. M., Hopson, R. K., & Caruthers, F. A, The program evaluation standards: A guide for evalators and evaluation users. California: Sage Publications, Inc. 2011.
    [60] Young, A. L., & Quan-Haase, A., “Privacy protection strategies on Facebook: The Internet privacy paradox revisited”. Information, Communication & Society, Vol. 16 No.4, 2013, pp.479–500. https://doi.org/10.1080/1369118X.2013.777757