1. Provide the citation and attach a pdf of the article. 

Alharbi, T., & Tassaddiq, A. (2021, May 10). Assessment of Cybersecurity Awareness among Students of Majmaah University. MDPI. https://www.mdpi.com/2504-2289/5/2/23/htm

PDF

2. What is the abstract of the article? 

“Information exchange has become increasingly faster and efficient through the use of recent technological advances, such as instant messaging and social media platforms. Consequently, access to information has become easier. However, new types of cybersecurity threats that typically result in data loss and information misuse have emerged simultaneously. Therefore, maintaining data privacy in complex systems is important and necessary, particularly in organizations where the vast majority of individuals interacting with these systems is students. In most cases, students engage in data breaches and digital misconduct due to the lack of knowledge and awareness of cybersecurity and the consequences of cybercrime. The aim of this study was to investigate and evaluate the level of cybersecurity awareness and user compliance among undergraduate students at Majmaah University using a scientific questionnaire based on several safety factors for the use of the Internet. We quantitatively evaluated the knowledge of cybercrime and protection among students to show the need for user education, training, and awareness. In this study, we used a quantitative research methodology and conducted different statistical tests, such as ANOVA, Kaiser–Meyer–Olkin (KMO), and Bartlett’s tests, to evaluate and analyze the hypotheses. Safety concerns for electronic emails, computer viruses, phishing, forged ads, popup windows, and supplementary outbreaks on the Internet were well-examined in this study. Finally, we present recommendations based on the collected data to deal with this common problem” (Alharbi, T., & Tassaddiq, A, p. 1, 2021).

3. Was the study experimental or non-experimental? 

The study about testing students at Majmaah University’s knowledge on cybersecurity awareness was non-experimental. The researchers did not use any treatment or give any participants anything to improve their understanding of cybersecurity before taking the survey. Instead, the university students were randomly selected to answer fifty question survey about different aspects of cybersecurity.

4. Was the research qualitative or quantitative? 

The research was quantitative because the researchers utilized their survey to provide statistics to their audience. For example, in section 4 of the article, the researchers offered numeric pie charts about the students’ enthusiasm for taking the survey. Following this pie chart, there is an extensive table about the demographic of the population studied, including age, gender, the type of degree in college, year of study, and how often the participants used their devices. As the article continues in section 4, the researchers present several statistical tables and graphs generated from the participants’ answers on the questionnaire.

5. What was the population studied? Why do you say that? 

The population studied was undergraduates at Majmaah University, ranging from 18 to 25 years old. The researchers explain their intended population in the first paragraph of section 3, and the authors mention this in their abstract. Also, at the beginning of section 4, the authors state, “We intended to analyze the entire group of students defined as the population, and the respondents were the sample selected as a subset of the population” (p. 5).

6. What sample was used for this study?

The sample used for this study was 576 students at Majmaah University who completed the online questionnaire. Out of the 576 students, 353 were males, and 223 females answered the survey. The researchers based their data on the 576 students’ answers, which is why they are the study’s sample.

7. What was the method of measurement? 
   • If the research was quantitative, was the measurement scale used, Nominal, Ordinal, Interval, or Ratio?

There were a variety of charts, tables, and graphs used in this research study. All the measurement scales were used in this study. Most of the tables and graphs have a combination of the measurement data scales. The following is where the types of measurement have been found in the study.

• Nominal data were demonstrated in table 1 by using dichotomous and categorical variables. For instance, the table categorizes the students participating in the questionnaire by including gender, age, type of degree, year of study, and daily used device. However, the researchers use ratio data in the table to find the percentage of each variable.
• Ordinal data has been presented in the study in the pie chart above the “4. Results” section and tables 3 through 5. The pie chart is based on the students’ excitement taking the questionnaire. However, there is ratio data presented in the pie chart slices to show the precise percentage of the variables.
• Table 3 through 5 uses Likert scales to collect students’ opinions on password, browser, and social network platform security questions. Although, you can argue that there is ratio data presented because of the percentage of the variable people answered.
• The bar graph about “4.3 Knowledge of Cybersecurity Countermeasures” presents ordinal data because the chart compares the use of different social platforms among the participants.
• Table 7 is sample adequacy using Kaiser–Meyer–Olkin (KMO) and Bartlett’s tests making it interval data because the researchers “evaluate the relationship among the data within the constructs we analyzed”(p. 10).
• Table 8 represents the component correlation matrix. The matrix presents interval data because the data correlates with the components observed in the study.
• Ratio data is demonstrated in Table 2 indicates because the researchers made a percentage of out of the variables people answered on the table.
• Table 6 presents Cronabach’s alpha within the study to measure the internal consistency, making this ratio data, even though Cronabach’s alpha could be categorized as interval data.
• Table 9 is an analysis of ANOVA, and this table can be considered ratio data.

8. What was the method of analysis? 
   • If the research was quantitative, what statistical tools were used to analyze the data?

Several analysis methods were used in this study, and the following techniques that the authors used can be found in section five of the article.

• The authors first mentioned using Cronbach’s alpha to determine “for the reliability of the scale used in this study” (p. 9). In the study, the alpha value was 0.811, which allowed the researchers to conduct further research.
• Following this section about utilizing Cronbach’s alpha, the researchers use factor analysis to confirm their purposes and summarize the data collected. The authors also mentioned that they adopted the “Kaiser–Meyer–Olkin (KMO) and Bartlett’s tests” to determine if the data collected was fit for the factor analysis (p. 10). The data presented in Table 7 shows the Kaiser-Meyer-Olin and Bartletts tests of sampling adequacy. The results of the sampling adequacy were calculated to 0.795, and the significant value was 0.000. These two calculations helped the researchers conclude that the data collected was appropriate for observing possible factor outcomes in the study.
• In table 8, the researchers used a component correlation matrix to express the inverse relationship between the “password habit component and the level of cybersecurity awareness” (p. 10).
• Table 9 uses the statistical analysis of ANOVA to determine the “standard deviation and variability for each question used in this study and for each extracted component collectively” (p. 10). This statistical analysis was able to help the researchers conclude that the constructs analyzed were reliable for examining the level of the participants’ cybersecurity awareness.
• The researchers used a model summary, as shown in table 10. The purpose of the model summary was to evaluate the respondents’ awareness of all the cybersecurity factors. The calculated R-Square Change of 55% is the participants’ level of understanding, which means that the participants’ awareness is average. With the p-value equivalating to 0.000, the findings in this model are reliable.
• Finally, the researchers provide table 11 to show each coefficient value’s impact on the study. The beta value of security tools helped the researchers conclude that 28.6% of the participants had basic cybersecurity knowledge, including firewalls and antivirus software. The phishing component calculated 58.1% of the participants knew the concept of phishing. The cryptology component showed 19.6% of the respondents were not aware of service providers’ measures to secure their services. Next, the social networking component helped establish that 14.2% of the participants were mindful of cyber-attacks through social media.

9. What was the conclusion of the study?

The researchers concluded that Majmaah University should promote awareness of cybersecurity. The researchers propose to raise awareness by using “email, oral presentations, newsletters, and SMS messages” (p. 13). Another way Majmaah University can increase their awareness was by using training programs that can be “be video-based, text-based, or game-based, as the target here is adult students” (p. 13). The researchers further explain that the students may need to undergo training or be interviewed and suggest that people should be taught about cybersecurity early.

10. Why is this study useful to you? Explain in detail. 

This study was helpful because the results helped me realize that careless students can compromise a university’s network. For example, a student who does not know about phishing emails could interact with an email with viruses. The phishing email could also look like a valid email from a professor asking for information about them that could compromise their email account. If a phisher has a student account, the hacker could send emails to professors with an attachment to expose the university’s valuable information. This trend would keep going until the whole network is revealed. Knowing about cybersecurity awareness is essential because it takes one person to unmask a network’s private information. If I start an Internet Service business, I will need to ensure my employees have this awareness so my business will not be susceptible to DDOS attacks.

11. What would be the next logical step in extending this study? 

As stated by the researchers, “Different datasets should be obtained from different universities, and the findings should be systematically compared with those presented in this paper” (p. 13).

Researchers could also extend this study by comparing the students’ cybersecurity knowledge after participating in training programs. This idea will show if the cybersecurity training programs at the University are helpful by comparing the students’ knowledge before taking the classes and their knowledge after taking the program.