Information security consciousness among students Assignment | Online Assignment Help


1- I need it form the writer to work with me every part.
2- When he finish form every part i need to see it and discus it
3- I need to used survey to collect data form the university.
4- I upload file have the proposal i want to write about it

Don't use plagiarized sources. Get Your Custom Essay on
Information security consciousness among students Assignment | Online Assignment Help
Just from $13/Page
Order Essay

the structure of the thesis will be

1- Introduction
1.1 The problem of the study.
1.2 The importance of the study
1.3 Objectives of the study
1.4 The limitations of the study, which are the difficulties faced by the researcher when writing scientific research
2- Literature review
2.1 Previous studies that the researcher relies on in his thesis.
2.2 A summary of previous studies, what they reached, and their relationship to the message
3- Methodology, and tools used in the resea
3.1 The community from which the study sample was taken
3.2 Tools used in the message, such as questionnaires, interviews, and other
3.3 The results of the researcher through this study
4- References and appendices


Table of Contents

Information security consciousness among students at Hail University




The importance of information security awareness keeps manifesting with greater technological integration. A literature review indicates that most studies focus on technological aspects and ignore the contribution of individuals and organizations. This research will review information security policies at Hail University and test a sample of students on the familiarity with the policies. Besides, participants will receive a standardized test to determine aspects of their human nature. The results of the survey will be analyzed qualitatively to attain a description of information security awareness among the students.



  1. Introduction

Information security refers to the practice of restricting unauthorized recording, disclosure, inspection, modification, disruption, and destruction of physical and digital information [5]. This study will focus on digital information since it is the largely used medium of communication. A literature review will be conducted to establish the standing and contribution of the study. The listed objectives establish what the study intends to prove. A methodology that will be used to conduct the study is provided. It indicates the feasibility and logic of the process. The survey study will seek to establish security consciousness among students of Hail University.


  1. Literature review

Information is fundamental in the sustenance of any modern-day organization. Protecting this essential asset requires the integration of organizational, technological, and human aspects that are closely associated with people [9]. Tsohou et al. established that folks adopt security-related knowledge and make decisions on security differently [11]. This is because personal beliefs, perceptions, and biases significantly influence compliance with security policies. Programs for security awareness should focus on factors affecting the internalization of communicated information [7]. According to Bellekens et al., the human factor is regarded mainly as a primary aspect of cybersecurity research [2]. Situational and risk perception are termed as critical elements in the decision-making process. Emotional stability, propensity for risks, conscientiousness, and agreeableness affect information security awareness, while gender and age do not [3]. Many researchers have established the growing influence of digital systems and sought to determine security awareness among people. Parsons et al. studied three features of information security decision making, namely self-reported behavior, attitude towards procedures and policies, and knowledge of procedures and policies [8]. The aspects were examined against factors within the organization that could increase the vulnerability of information. The sample size was 500 employees, and the results suggested a link between organizational data security culture and data security decisions.

According to Ogutcu et al., software and hardware mechanisms are used to enhance the formidability of information systems [6]. However, the systems are highly vulnerable to interference due to undesirable behaviors by humans. Compliance with information security policies requires knowledge of the policies [1]. To increase compliance, most organizations have sought to implement programs and periodic interventions to ensure the dissemination of policies. Soomro et al. reviewed over 39 reports and found that most information security awareness studies focused on the technological framework and ignored the contribution of management [10]. The role of management should be considered in information security management.



  1. Objectives
  • Check the present policies drafted by the university regarding information security, compare it to national policies, find the differences related to students’ applications and use and test student familiarity with the policies.
  • Analyze the data to provide definitive answers on consciousness of information security among students and their applications of these policies and propose new needed policies if applicable.
  • Study the security of all information that the students could access, and type of attacks related to students’ use and applications and propose a solution to these attacks if applicable.


  1. Methodology

From the literature review, it has been established that an organization plays a huge role in the informational awareness of the employees. Besides, human nature contributes to the adherence and intake of the set policies. In this study:

  • The provisions of the university will be reviewed to establish if there are policies on information security.
  • A sample group will be randomly chosen without regard for age or gender to fill the size of 200 participants. The participants will be tested on the knowledge of the policies and other general human attributes to determine awareness of information security.
  • Questionnaires will be submitted to the participants to fill regarding familiarity with each element specified in the policies.
  • A standardized test will also address human attributes like a proclivity for risks and attentiveness.
  • Once the responses are received, data cleaning will be performed to ensure the accuracy and integrity of the submissions. Those with gaps will be eliminated to provide a wholesome analysis.
  • A qualitative analysis will be used since most of the responses are subject to interpretation [4].



  1. Bauer, S., Bernroider, E. W., &Chudzikowski, K. (2017). Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Computers & security, 68, 145-159.
  2. Bellekens, X., Hamilton, A., Seeam, P., Nieradzinska, K., Franssen, Q., &Seeam, A. (2016, June). Pervasive eHealth services a security and privacy risk awareness survey. In 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA) (pp. 1-4). IEEE.
  3. McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017). Individual differences and information security awareness. Computers in Human Behavior, 69, 151-156.
  4. McGannon, K. R., Smith, B., Kendellen, K., & Gonsalves, C. A. (2019). Qualitative research in six sport and exercise psychology journals between 2010 and 2017: An updated and expanded review of trends and interpretations. International Journal of Sport and Exercise Psychology, 1-21.
  5. Muronga, K., Herselman, M., Botha, A., & Da Veiga, A. (2019, September). An analysis of assessment approaches and maturity scales used for evaluation of information security and cybersecurity user awareness and training programs: A scoping review. In 2019 Conference on Next Generation Computing Applications (NextComp) (pp. 1-6). IEEE.
  6. Öğütçü, G., Testik, Ö. M. &Chouseinoglou, O. (2016). Analysis of personal information security behavior and awareness. Computers & Security, 56, 83-93.
  7. Park, E. H., Kim, J., & Park, Y. S. (2017). The role of information security learning and individual factors in disclosing patients’ health information. Computers & Security, 65, 64-76.
  8. Parsons, K. M., Young, E., Butavicius, M. A., McCormac, A., Pattinson, M. R., & Jerram, C. (2015). The influence of organizational information security culture on information security decision making. Journal of Cognitive Engineering and Decision Making, 9(2), 117-129.
  9. Safa, Nader Sohrabi, Rossouw Von Solms, and Lynn Futcher. “Human aspects of information security in organizations.” Computer Fraud & Security 2016.2 (2016): 15-18.
  10. Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs a more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.
  11. Tsohou, A., Karyda, M., &Kokolakis, S. (2015). Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs. Computers & Security, 52, 128-141.




  1. Policy Objective
  2. Policy Scope​
  3. Policy Statements
    1. Information Security Definition
    2. Information Security Policy Document
    3. ​Review of the Information Security Policy
  4. Definitions and Terms
  5. Roles and Responsibilities
  6. Related Policies and Procedures
  7. Document Owner
  8. Policy Changes, Review and Update
  9. Policy Enforcement / Compliance
  10. Policy Exceptions

1 – Policy Objective

The main objective of Information Security Policy is to assure and communicate the management direction and support for information security in accordance with UOH’s business requirements and relevant laws and regulations.

2 – Policy Scope

This policy applies to UOH, its affiliated partners or subsidiaries, including data processing and process control systems, that are in possession of or using information and/or facilities owned by UOH.

This policy applies to all UOH faculty, staff, students and third parties that are directly or indirectly employed by UOH, subsidiaries or any entity conducting work on behalf of UOH that involves the use of information assets owned by UOH.


3 – Policy Statements


3.1  Information Security Definition

The information asset’s availability, integrity, confidentiality, and accountability are essential to maintain UOH’s security compliance, and organization image. UOH Deanship of IT and E-Learning acknowledges the importance of ensuring information security and is committed towards supporting the information security goals and its principles.


UOH Information Security Policy’s ultimate goal is to ensure the following:

  • Availability of information to authorized users, if and when required;
  • Integrity of the information through the protection from unauthorized modification.
  • Information is protected from unauthorized access;
  • Confidentiality of information should be maintained;
  • Regulatory and legislative requirements are met.

    All UOH faculty, staff, students and third parties should adhere to this information security policy and the appropriate supporting policies. The following sections briefly summarize each of the policies that were developed as part of the ISMS (Information Security Management System) establishment to support the overall security posture of UOH.

    These policies follow the best security practices including, but not limited to, ISO27001 standard and map to its recommendations:

    1.     Organization of Information Security Policy: The purpose of this policy is to establish a management framework to initiate and control the implementation of information security within the organization. This policy details the roles and responsibilities within UOH’s information security organization.

    2.     Asset Management Policy: The purpose of this policy is to define UOH objectives for establishing specific requirements to identify, and classify its assets; in addition to defining the acceptable use of information assets.

    3.     Human Resources Security Policy: The purpose of this policy is to define the requirements for the protection of UOH corporate assets from the intentional abuse, misuse, or destruction by employees and/or third parties. This can be achieved by implementing the appropriate measures in the processes of personnel hiring and release.

    4.     Physical and Environmental Security Policy: The purpose of this policy is to protect and preserve information, physical assets, and human assets by reducing the exposure to various physical threats that can produce a disruption or denial of information processing facilities service.

    5.     Communications and Operations Management Policy: The purpose of this policy is to define all the necessary controls required to protect UOH’s information assets transmitted over communication networks, and provide guidelines for the authorized use of information processing facilities.

    6.     Access Control Policy: The purpose of this policy is to allow authorized individuals and/or devices and to disallow unauthorized individuals and/or devices to access UOH information processing facilities. Logical and physical access controls should be considered for optimum security implementation.

    7.     Information Systems Acquisition, Development and Maintenance Policy: The purpose of this policy is to ensure that security is integrated throughout the lifecycle of information systems acquisitions, development and maintenance.

    8.     Information Security Incident Management Policy: The purpose of this policy is to develop a framework for timely and effective handling of information security incidents. The detection of potential information security incidents constitutes an action according to which it is timely identified and at the same time protects against real incidents intended to compromise the security posture of UOH.

    9.     Business Continuity Management Policy: The purpose of this policy is to define appropriate actions to mitigate any interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption. This includes controls, measures and precautions for disaster avoidance, procedures and instructions for recovery.

    10.  Compliance Policy: The purpose of this policy is to define the necessary requirements to avoid any breaches of the information security policies, laws, regulatory, contractual obligations and any security requirements.


3.2  Information Security Policy Document


  1. Management (ISC) should understand their responsibilities toward sustaining the information security objectives within UOH environment.
  2. Management (ISC) should acknowledge the importance of ensuring information security and committed towards supporting the information security goals and its principles.
  3. Management (ISC) should define a well-structured information security framework to initiate control and maintain information security in accordance with UOH’s business requirements.
  4. Management (ISC) should provide the direction and support for implementation of security requirements across UOH environment.
  5. UOH should be committed to preserve the security of all the information assets owned and entrusted to them to ensure the information security and legal conformity.
  6. UOH approach to information security management should be based on international standards and globally accepted best practices to ensure:
  7. Information is always available to all the individuals who have the proper and approved authorization to access this information;
  8. Information is only changed and/or updated by authorized individuals who have the proper and approved authorization;
  9. Information is only accessed by authorized individuals, who have the proper and approved access authorization;
  10. All the confidential information is well protected with all the necessary controls;
  11. All individuals who have been granted any form of access to information are fully accountable for the proper use of this information.


  1. All Management, faculty, students and UOH staff should commit to strict adherence to information security policies and practices.

[ISO 27001: A.5.1.1]


3.3  Review of the Information Security Policy


  1. Information Security Officer should review and update all information security policies and procedures on an annual base.
  2. Information Security Officer should annually measure the effectiveness of the implemented controls to avoid security incidents and reduce resulting impacts, together with a process for benchmarking security maturity with other similar establishments. The below should be considered:
  3. Feedback and opinions of interested parties;
  4. Reports and status of incidents reported;
  5. Results of independent and management reviews;
  6. Trends of threats and their vulnerabilities;
  7. Information Security Officer should ensure that information security policies, and relevant procedures and standards are well documented in line with relevant international standards, legal and regulatory requirements and other compliance requirements.
  8. All UOH departments should cooperate within themselves and with Information Security Officer to ensure appropriate security level for their information assets.

[ISO 27001: A.5.1.2]


4 – Definitions and Terms

All terms and acronyms used in this document are specified in the Information Security Management Systems Glossary Document.

5 – Roles and Responsibilities

All roles and responsibilities associated with this document are specified in the RACI Matrix Document.

6 – Related Policies and Procedures


The following are all related policies and procedures to this policy:

  • Risk Management Policy
  • Organization of Information Security Policy
  • Asset Management Policy
  • Human Resources Security Policy
  • Physical and Environmental Security Policy
  • Communications and Operations Management Policy
  • Access Control Policy
  • Information Systems Acquisition, Development and Maintenance Policy
  • Information Security Incident Management Policy
  • Business Continuity Management Policy
  • Compliance Policy
  • Acceptable Use Policy
  • Risk Management Procedure
  • Change Management Procedure
  • Patch Management Procedure
  • User Access Management Procedure
  • Backup and Restoration Procedure
  • Management Review Procedure
  • Information Systems Acquisition, Development and Maintenance Procedure
  • Personnel Security Procedure
  • Asset Management Procedure
  • Corrective and Preventive Actions Procedure
  • Documents and Records Control Procedure
  • ISMS Internal Audit Procedure


7 – Document Owner

Deanship of IT and E-Learning

8 – Policy Changes, Review and Update


  • Technological advancements and changes in the business requirements will necessitate periodic revisions to policies. Therefore, this policy may be updated to reflect changes or define new or improved requirements.
  • This document may be viewed, printed by authorized personnel only.
  • A policy review should be performed at least on an annual basis to ensure that the policy is current.
  • It is the responsibility of ISMS Manager to facilitate the review of this policy on a regular basis. Personnel and Department Head from relevant departments should also participate in the annual review of this policy.
  • Deficiencies within this policy should be immediately communicated to the ISMS Manager. Policy changes should require the approval of Management.
  • Change log should be kept current and should be updated as soon as any change has been made.
9 – Policy Enforcement / Compliance
  • Compliance with this policy is mandatory and all UOH Department Heads should ensure continuous compliance monitoring within their department.
  • Compliance with the statements of this policy is a matter of periodic review by the Information Security Officer. Any violation will result in disciplinary action in accordance with UOH due process.
  • Disciplinary action will be depending on the severity of the violation which will be determined by investigations. Actions such as termination or others as deemed appropriate by Senior Management should be taken.
10 – ​Policy Exceptions
  • This policy is intended to address information security requirements.  If needed, waiver requests should be formally submitted to ISMS Manager, including justification and benefits attributed to the waiver.
  • The policy waiver period have maximum period of six months, and should be reassessed and re-approved, if necessary for maximum three consecutive terms. No policy should be provided waiver for more than three consecutive terms.


Place Order
Grab A 14% Discount on This Paper
Pages (550 words)
Approximate price: -
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Try it now!

Grab A 14% Discount on This Paper

Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.