Risk management in digitalized educational environments: Teachers’ information security awareness levels

Abstract

With the spread of Information and Communication Technologies (ICT) tools and the Internet, Twenty first century technologies have significantly affected human life, and it has been desired to be obtained continuously. It has become challenging to protect information due to the increase in the methods by which malicious people can get information. As a result, it is crucial to determine people’s awareness levels by revealing the risks and threats to information security. In this context, a study was conducted to show the awareness levels of teachers who come after the family in raising conscious individuals in society. For this purpose, a quantitative research method was adopted for the problem and sub-problems that form the basis of the research. The survey model, one of the research designs used within the framework of the quantitative research method, was used. Information Security Awareness Scale was applied to 394 teachers, and according to the results obtained, it was determined that the information security awareness level of the teachers was moderate. According to the attacks and threats sub-dimension, which includes technical issues, it has been determined that the awareness levels of the teachers are at a medium level. The study results show that female teachers’ information security awareness levels are lower than male teachers. In comparison, the awareness levels of those who received information security awareness training and information technology teachers are higher.

Introduction

Until the twentieth century, investments that required physical infrastructures such as land and factories were replaced by information from the twenty-first century (Couldry and Mejias, 2019). With the spread of computers, smart devices, and the Internet, twenty-first century technologies have penetrated almost all areas of human life, and as a result, information has become even more valuable and obtained its value (Yıldız Korkmaz and Atasoy, 2016; Grusho et al., 2018). The classic combination of companies, states, institutions, individuals, and societies in the twenty-first century is that they live in the information age and must keep up with the information age requirements (Lin, 2021).

As of 2022, 67.1% of the 7.91 billion population worldwide are mobile phone users, 62.5% are internet users, and 58.4% are social media users (Digital, 2022). This indicates that we are faced with a digitalized world, and as a result, data production has reached an incredible speed (Alacadağlı, 2019). It is essential to transform the produced data into information by making it functional (Fukuyama, 2018) and for society. A strong community is formed with the correct use of information (Park, 2017). In addition, various difficulties and social problems can be solved for the community (Sajidan et al., 2020). The sustainability of a strong community can be achieved with the correct use of technology (Çalış Duman, 2022). The proper use of technology means integrating society with artificial intelligence, networked control, the Internet of things, provision of services with technology, robots, and cyber security (Nagahara, 2019). In addition, European Union countries have drawn attention to the importance of cyber security for sustainable development, stating that cyber security is a basic need in a sustainable society (Sulich et al., 2021). Cyber security is crucial because it protects information (de Bruijn and Janssen, 2017).

With Information and Communication Technologies (ICT) tools, people can access information easily (Ghafir et al., 2018) and fast (Rahmatullah et al., 2022) at home, school, and the workplace (Ortaş, 2018). This situation has also increased the number of threats to information security (Jouini et al., 2014; Irmak and Baz, 2019). Human-made threats sometimes cause risks in information security breaches and occasionally natural disasters (Metalidou et al., 2014; Yaşar and Çakır, 2015). Human is the most crucial factor in information security (Evans et al., 2018, 2019). It is impossible to talk about the successful provision of information security without human beings (Colwill, 2009; Bostan and Şengül, 2018). The human factor is why many cyber-attacks on computers and systems are successful (Hughes-Lartey et al., 2021). The attacks on people sometimes result from the negligence, ignorance, and carelessness of the user (Yaşar and Çakır, 2015) and sometimes from users abusing their authority (Parsons et al., 2014; Ghafir et al., 2018). When the information security breach incidents experienced by world-renowned IT companies in recent years are examined in detail, it has been seen that the primary source of the problem is the lack of awareness of the employees on information, information technologies, and information security (Khando et al., 2021).

To continue education and training after the closure of schools during the pandemic, 18 million 241 thousand 881 students and 1 million 117 thousand teachers started the distance education process in schools affiliated with the Ministry of National Education in Turkey on March 23, 2020. The process was provided through the Education Information Network (EBA) platform. According to the 2021 global digitalization report, the EBA platform used in distance education is one of the most hit pages in Google searches (Özok and Tayiz, 2020). Technological tools are used intensively at all levels, from primary to high school (Özok and Tayiz, 2020). This is because digital media is moving extensive data around the Internet (Avcı and Oruç, 2020), causing concern for data security and increased risk (Lewandowski, 2019; Gökçearslan et al., 2021). Factors drivi Baryannis ng trouble are the disclosure of personal information, exposure to inappropriate online content, online security risks, and threats to the use of the Internet and smart devices (Kritzinger, 2017). It is necessary to eliminate anxiety to ensure the sustainability of digitalized educational environments and reduce the risks.

Literature review

Information security

Information security is the safe delivery of information to the recipient without being seized by unauthorized persons (Höne and Eloff, 2002; Dlamini et al., 2009). Its security must be ensured to protect the information (Baykara et al., 2013; Grusho et al., 2018). In this context, it is necessary to protect the privacy, security, and accessibility components that form the basis of information security (Tchernykh et al., 2019). Providing information security, minimizing risks to information security, widespread use of the Internet (Aslay, 2017), increasing the number of cyber-attack methods (Jang-Jaccard and Nepal, 2014), and establishing a legal basis by lawmakers (İhtiyaroğlu, 2020) have become mandatory (Henkoğlu and Yılmaz, 2013).

Risk management

Risk is defined as “suffering loss,” while risk management is defined as “the process of carefully and in detail identifying and evaluating the risks that may occur while performing the work of institutions or businesses in advance and taking measures to eliminate or minimize risks” (TDK, 2022). From an information security perspective, the risk is when a threat exploits a vulnerability to damage information or data (Bubenko, 2007; ISO-ISO/IEC, 2008; Khidzir et al., 2010). In other words, the loss of confidentiality, integrity, and availability are the essential components of information security (Yeboah-Boateng, 2013). Risk management is a concept of increasing importance (Öznacar and Dagli, 2016) and can be defined as identifying potential risk (Spears and Barki, 2010) and reducing it to an acceptable level (Spears and Barki, 2010; Tummala and Schoenherr, 2011) and ensuring that it remains at this level. The definition of an acceptable level in risk management is not fully defined (Fan and Stevenson, 2018; Baryannis et al., 2019). Based on the definition, it can be stated that the acceptable level is the protection of the confidentiality, integrity, and accessibility components that form the basis of information security.

Digitalized education environment

Today, with the rapid development of information technology, the internet and technological products are used to research information and share ideas (Mashhadi and Kargozari, 2011). As a result, the fact that information is accessible at any time regardless of space and time has transformed the existing educational environments through the innovative structure of the age (Tılıç, 2020). As a result of this transformation, access to learning and educational resources can be at any time and place.

Information security in educational institutions

It is seen that attacks on educational institutions have increased with the transfer of the education and training environment to online environments due to the pandemic (Waldman, 2020; William, 2020; Levin, 2021). Attackers target schools due to the high number of people in the school and easier access to personal accounts (Richardson et al., 2020). In addition, on the cyber map published by Checkpoint, a world-renowned security product, educational institutions are the most targeted by attackers (Checkpoint, 2022). In this context, information security is essential in educational institutions to prevent attacks against teachers and students in online environments. Security risks can be eliminated by revealing teachers’ information security awareness levels (Al-Shehri, 2012; Bogart, 2012).

Information security awareness

The term “information security awareness” implies that users in an organization are ideally aware of their commitment to their security mission (Siponen, 2000; Kajzer et al., 2014). Minimizing security-related risks with awareness and maximizing the effectiveness of security techniques and procedures (Hart et al., 2020) have an important place in increasing the protection of information and data (da Veiga et al., 2020). To create this awareness, finding users who have received information security awareness training is essential. These users are critical to reducing threats within the organization (al Awawdeh and Tubaishat, 2014). It is essential to increase their awareness and provide an educational environment to eliminate or minimize the vulnerabilities caused by the human factor in information security (Kim, 2014; Aldawood and Skinner, 2019; Avcı and Oruç, 2020).

Teachers’ awareness

The sustainability of digitalized educational environments is essential in terms of the correct use of technology (Öznacar, 2018). Teachers are responsible for raising future citizens in a sustainable society (Baena-Morales et al., 2020). Teachers need to be trained on information security and many other issues. However, some studies on teachers have shown that the level of awareness is not good enough (Akgün and Topal, 2015; Al-Janabi and Al-Shourbaji, 2016). However, it has been noted that efforts to raise teachers’ awareness are limited to some institutional publications, announcements, and informative websites; thus, these attempts lack interaction with the target audience of teaching (Kadıoğlu, 2019).

Hypotheses

The human factor is essential in managing information security properly (Yerby and Floyd KevinFloyd, 2018; Odiaga et al., 2020). Protecting information and data is possible by ensuring that users are aware of information security and thus minimizing potential risks (Da Veiga, 2019). People’s level of information security, which is seen as the weakest link of information security, is directly related to awareness (Cox et al., 2001; Rezgui and Marks, 2008; Vardal, 2009). While more than half of the world’s population uses computer technology and communication technologies, it is essential how aware people are of the risks they may face (Gümüş, 2007; Keser and Güldüren, 2015). In this way, ensuring information security and minimizing risks is possible by raising awareness of people and using technological equipment correctly (Puhakainen, 2006; Şahinaslan et al., 2009; Al-Shehri, 2012). Especially in the information society we live in, in the age of technology where every field is rapidly digitalized, the level of information security awareness of teachers should be revealed in terms of following the developments, informing the society about the developments, and preparing them for the future. In this context, teachers’ information security awareness levels have been determined in previous studies, and the effects of different variables have been revealed. In the study conducted by Canoğulları (2021), it was determined that the information security awareness levels of teachers were slightly above the middle level, and according to the gender and branch variables, the results were in favor of male teachers, and in the branch variable, results were obtained in favor of Information Technologies teachers. In the study by Keser and Yayla (2021), it was found that teachers’ information security awareness levels were high and male teachers had higher awareness levels than female teachers. According to the branch distribution, it was determined that the awareness levels of Information Technologies teachers were higher than in other branches. The fact that the awareness levels of teachers who received awareness training were higher than those who did not is one of the results of this study (Keser and Yayla, 2021). Odiaga et al. (2020) found that teachers had little or no knowledge about basic information security awareness practices, roles, threats, risks, and attacks. The study by Kiss (2019) determined that pre-school teachers’ information security awareness levels were low. According to the results obtained in the study by Karabatak and Karabatak (2019) on administrators working in schools, it was determined that administrators’ information security awareness levels were slightly above the middle level. The same study also found that the awareness levels of male administrators were higher than the awareness levels of female administrators (Karabatak and Karabatak, 2019). Considering these studies, it is seen that studies on teachers’ awareness determination are limited (Chou and Chou, 2016; Canoğulları, 2021).

In this study, the following hypotheses were put forward based on previous research by applying the information security awareness scale to determine the information security awareness levels of primary and secondary school teachers working city of Amasya in Turkey:

H1: Teachers’ information security awareness levels are at a medium level.

H2: Information security awareness levels of teachers differ according to gender.

H3: Information security awareness levels of teachers differ according to their training status.

H4: Information security awareness levels of teachers differ according to their branches.

Methodology

Research design

In this study, the survey model, one of the quantitative research designs, was used for the problem and sub-problems that form the basis of the research. The purpose of using this model (Wallen and Fraenkel, 2013), which is used to collect data on the opinions, attitudes, and behaviors of individuals on a subject and to reveal the general structure of these individuals on the subject, is to determine the information security awareness levels of teachers and to examine their awareness levels in detail in terms of different variables.

Sample

Based on the study population determined within the scope of this study, a study group was formed with the convenience sampling technique (Yıldırım and Şimşek, 2008). The convenient sampling method was preferred because it is flexible in terms of time and economy. In addition, easy-to-reach participants were included because participation in the research is voluntary, and it accelerates the research (Yıldırım and Şimşek, 2008). Within the scope of the research, 394 primary and secondary school teachers were reached, and participation in the data collection tool was voluntary in city of Amasya in Turkey.

Instrument

The “Information Security Awareness Scale” developed by Çetinkaya et al., 2017 was used to obtain data from the participants. The scale has a three-factor structure and consists of 48 items. In the development of the scale, exploratory factor analysis was conducted using a study group of 316 participants, and it was determined that it consisted of 48 items under three dimensions. Subsequently, confirmatory factor analysis was applied to 200 participants, and the structure was confirmed. The overall reliability coefficient of the scale is 0.98. As the overall score on the scale and the scores for sub-factors increase, participants’ Information Security Awareness increases. The scale score ranges are shown in Table 1.

Data were collected in 3 months covering May and July 2021, after obtaining the necessary ethics committee permission to obtain the data. The data collection process was carried out meticulously to determine the awareness of information security, as teachers had to continue their classes online due to the mandatory closures and restrictions experienced during the pandemic process.

Data analysis

The study used Kolmogorov-Smirnov (KS) and skewness-kurtosis coefficients to determine whether the data showed a normal distribution. Shapiro-Wilks is used when the group size is less than 50, and KS is used when it is more than 50 (Kim and Park, 2019). KS test and skewness-kurtosis coefficients showed that the data showed normal distribution. In this context, descriptive statistics were applied for the first hypothesis, an independent t-test for the second and third hypotheses, and one-way ANOVA test for the fourth hypothesis.

Sample characteristics

According to the personal information obtained from the teachers, 52.3% of the teachers are female, and 47.7% are male. 26.1% stated that they received training, while 73.9% stated that they did not receive training. According to the branch distribution of the participants, 30.7% Classroom Teachers, 7.4% Pre-school, 4.8% Special Education, 4.6% Science, 5.8% Social Studies, 4.6% Religious Culture and Moral Knowledge, 7.1% Turkish, 5.8% English, 4.3% Information Technologies, 3.6% Physical Education, 4.3% Mathematics, 2.3% Turkish Language and Literature, 3.3% Technology Design, 4.1% Guidance, and 7.4% Vocational Branch teachers.

Research limitations

The study is limited to 364 primary and secondary school teachers for 3 months between May and July 2021. The study obtained results with gender, information security training status, and branch variables.

Results

Teachers’ information security awareness levels and score distribution by sub-factors is shown in Table 2. According to the Information Security Awareness Scale, teachers’ overall score average is 144.78+38.87, which is “medium.” The general security sub-factor score averages are 45.50+9.42, the attack and threats sub-factor score average are 43.40+15.91, and the mobile devices, privacy, and communication sub-factor score average is 55.88+16.61. The awareness level of general security and mobile devices, privacy, and communication sub-factors is “normal.” However, the level of the attacks and threats sub-factor was determined as “medium.” The averages of the items belonging to this factor are, respectively; Average score of “I know what hoax is” 2.52+1.13, average score of “I know how to deal with chain email” is 2.68+1.12, “Spyware (spyware) average score of 2.74+1.14, average score of” “I can tell if there is spyware on my computer” 2.43+1.09, average score of “I know how to prevent spyware from being installed on my computer” is 2.41+1, Average score of 1, “I know about security measures against identity theft” is 2.63+1.14, “I know what fake virus protection software is.” Average score of 2.59+1.13, average score of “I know what a Denial of Service (DoS) attack” is 2.26+1.07, average score of “I know what a phishing attack is” is 2.34+ Average score of 1.07, “I know what a social engineering attack is” 2.28+1.05, average score of “I know how to act to avoid being attacked by social engineering” is 2.29+1.04, “Cyberbullying (I know what cyberbullying is)” average score is 3+1.19, “I know how to protect myself against cyberbullying” average score is 2.83+1.2, “I know how to protect children against cyberbullying” average score is 2.82+1, 18, “I know the security measures to be taken against attacks that personal digital assistants (PDAs) may be exposed to” average score is 2.41+1.05, “I know what the active content used in web pages is for” average score is 2.49+ 1.06, “I know what cookies are used on web pages” her average score is 2.69+1.09.

Teachers’ information security awareness levels and sub-factors relations by gender is shown in Table 3. As a result of the independent t-test conducted to determine whether there is a significant difference between teachers’ information security awareness levels and sub-factors with gender, a significant difference was determined between teachers’ awareness levels and gender. Male teachers’ awareness levels are higher than female teachers. In addition, male teachers’ awareness levels are higher in sub-factors than female teachers’ awareness levels.

Teachers’ information security awareness levels and sub-factors relations by receiving education on information security is shown in Table 4. As a result of the independent t-test conducted to determine whether there is a significant difference between teachers’ information security awareness levels and sub-factors and their status of receiving education on information security, information security awareness levels of teachers who received training on awareness are higher than those who did not.

Teachers’ information security awareness levels and sub-factors relations by branch is shown in Table 5. As a result of the one-way ANOVA test conducted to determine the significant difference between teachers’ information security awareness levels and sub-factors and their branches, as a result of the data obtained, the information security awareness levels of information technology branch teachers are higher than other branch teachers.

Discussion

Teachers were expected to use technology quickly during the pandemic, produce materials that would enable students to learn, and be executives that will enable students to learn (Rapanta et al., 2020). Due to the mandatory closures experienced during the pandemic, education took place in digital environments, and as a result, the learning process has become more digital (Frolova et al., 2020). However, due to the focus on the execution of the process, research on concepts such as safety and possible risk situations has not been revealed (Arina and Anatolie, 2021). In this context, providing safer educational environments and raising awareness of attacks on information security that teachers may encounter is essential in the sustainability and risk management of digitalized educational environments.

H1: Teachers’ information security awareness levels are at a medium level.

As a result of the findings, teachers’ information security awareness levels were determined as “moderate.” This result is in line with the result of Kubacka et al. (2021) during the pandemic process. Among the studies conducted before the pandemic, Canoğulları (2021) also found a moderate level of awareness in the study conducted for teachers. However, in the study by Keser and Yayla (2021), it was determined that teachers’ information security awareness levels were high. While awareness levels of general security, mobile devices, privacy, and communication factors from sub-factors were at a “normal” level, the awareness level of attacks and threats sub-factor was determined as a “medium” level. When the items belonging to the factor are examined, it is seen that it contains technical terms. Teachers need to be more aware of attacks and threats in this context. Similar results were obtained in the studies of Filippidis et al. (2018). The participants, whose awareness level was average, pointed out that they needed to improve their awareness of the technical details of information security and the tools used in this field (Filippidis et al., 2018). The awareness levels of teachers who educate the future generations must be even higher to protect educational institutions, which are, in the first place, the target of attackers. It has been determined that teachers do not have sufficient knowledge about cyber-attacks, information theft, social engineering attacks, and malware, which are increasing daily. This situation can be interpreted as inadequate security of information in educational institutions.

H2: Information security awareness levels of teachers differ according to gender.

A relationship was found between gender and information security awareness level, general security, mobile devices, privacy, and communication factors sub-dimensions. It has been determined that the awareness level of women is lower than men in both the general scores and sub-factors obtained from the scale. One of the similar results obtained in the study is that there is a strong link between gender and awareness and that men have higher awareness levels than women (Farooq et al., 2015; Karabatak and Karabatak, 2019; Canoğulları, 2021; Keser and Yayla, 2021). The reason why information security awareness levels are in favor of males can be interpreted as male teachers using ICT tools more (Gudmundsdottir and Hatlevik, 2018). In addition, when we look at the statistics on the use of the Internet and ICT tools in Turkey, it is clear that men use ICT tools more than women (Digital, 2022).

H3: Information security awareness levels of teachers differ according to their training status.

Many studies demonstrate the importance of information security education (Ahlan et al., 2015; Zwilling et al., 2020; Hwang et al., 2021; Khando et al., 2021; Taha and Dahabiyeh, 2021). In these studies, training for information security reveals the importance of training in raising conscious individuals to ensure information security, preventing attacks against end users, and raising awareness about attack types. The fact that those who receive awareness training have higher levels of information security reveals the importance of receiving training on information security.

H4: Information security awareness levels of teachers differ according to their branches.

A significant difference was found between the branches of the teachers and the information security awareness levels and the sub-dimensions of general security, mobile devices, privacy, and communication factors. The difference is in favor of the Information Technologies Branch. There are studies supporting this result in the literature (Canoğulları, 2021; Keser and Yayla, 2021). It can be thought that the awareness levels of Information Technologies teachers are higher because they closely follow the technology due to their professional definitions and have a better command of the terms about information security.

In summary, it is essential to continue education safely (Akcil and Bastas, 2021) to minimize the risks of possible attacks in digitalized educational environments. In this context, protecting information with the measures to be taken for information security in educational environments means ensuring risk management. Considering this situation, in this study, teachers’ information security awareness levels were determined, and the effect of different variables was examined. The results obtained were discussed and presented to the literature.

Recommendations

Information security is a concept that is the responsibility of every individual user of ICT. Due to the increase in the methods of malicious people to obtain information, institutions and organizations should pay more attention to information security awareness training. Training on information security should be provided within a scope that includes all individuals from an early age. Efforts should be made to increase the tendencies of women toward information security by ensuring that they participate more in the process. Since information technology teachers closely follow the concepts related to technology and technological developments, it is recommended that they increase the associations of learning outcomes and in-class activities related to these concepts in educational environments.

References

• 1

  AhlanA. R.LubisM.LubisA. R. (2015). Information security awareness at the knowledge-based institution: Its antecedents and measures.Procedia Comput. Sci.72361–373. 10.1016/j.procs.2015.12.151

  • CrossRef
  • Google Scholar

• 2

  AkcilU.BastasM. (2021). Examination of university students’ attitudes towards e-learning during the COVID-19 pandemic process and the relationship of digital citizenship.Contemp. Educ. Technol.131–13. 10.30935/cedtech/9341

  • CrossRef
  • Google Scholar

• 3

  AkgünÖE.TopalM. (2015). Eğitim fakültesi son sınıf öğrencilerinin bilişim güvenliği farkındalıkları: Sakarya üniversitesi eğitim fakültesi örneği.Sakarya Univ. J. Educ.598–121. 10.19126/suje.73391

  • CrossRef
  • Google Scholar

• 4

  al AwawdehS.TubaishatA. (2014). “An information security awareness program to address common security concerns in IT unit,” in ITNG 2014 - Proceedings of the 11th international conference on information technology: New generations, Las Vegas, NV. 273–278. 10.1109/ITNG.2014.67

  • CrossRef
  • Google Scholar

• 5

  AlacadağlıE. (2019). Bilgi Yönetimi, Dijitallşem ve Türk SAğlık Sistemi.J. Turkish Stud.1467–86. 10.7827/TurkishStudies.14918

  • CrossRef
  • Google Scholar

• 6

  AldawoodH.SkinnerG. (2019). “Educating and raising awareness on cyber security social engineering: A literature review,” in Proceedings of 2018 IEEE international conference on teaching, assessment, and learning for engineering TALE, (Wollongong, NSW), 62–68. 10.1109/TALE.2018.8615162

  • CrossRef
  • Google Scholar

• 7

  Al-JanabiS.Al-ShourbajiI. (2016). A study of cyber security awareness in educational environment in the middle east.J. Inf. Knowl. Manage.15:1650007. 10.1142/S0219649216500076

  • CrossRef
  • Google Scholar

• 8

  Al-ShehriY. (2012). Information security awareness and culture.Br. J. Arts Soc. Sci.62046–9578.

  • Google Scholar

• 9

  ArinaA.AnatolieA. (2021). Cyber security threat analysis in higher education institutions as a result of distance learning.Int. J. Sci. Technol. Res.10128–133.

  • Google Scholar

• 10

  AslayF. (2017). Siber saldiri yöntemleri ve türkiye’nin siber güvenlik mevcut durum analizi.Int. J. Multidiscip. Stud. Innov. Technol.124–28.

  • Google Scholar

• 11

  AvcıÜOruçO. (2020). Üniversite öğrencilerinin kişisel siber güvenlik davranişlari ve bilgi güvenliği farkindaliklarinin incelenmesi.İnönü Üniversitesi Eğitim Fakültesi Dergisi21284–303. 10.17679/inuefd.526390

  • CrossRef
  • Google Scholar

• 12

  Baena-MoralesS.Martinez-RoigR.Hernádez-AmorósM. J. (2020). Sustainability and educational technology—A description of the teaching self-concept.Sustainability12:103091210309. 10.3390/su122410309

  • CrossRef
  • Google Scholar

• 13

  BaryannisG.ValidiS.DaniS.AntoniouG. (2019). Supply chain risk management and artificial intelligence: State of the art and future research directions.Int. J. Prod. Res.572179–2202.

  • Google Scholar

• 14

  BaykaraM.DaşR.KaradoğanI. (2013). “Bilgi güvenliği sistemlerinde kullanılan araçların incelenmesi,”Proceedings of the 1st International Symposium on Digital Forensics and Security (ISDFS’13), Vol. 20. 21.

  • Google Scholar

• 15

  BogartK. J. (2012). Information Security Awareness: How to Get Users Asking for More. Accessed date 20.03.2022 from https://silo.tips/download/information-security-awareness-how-to-get-users-asking-for-more.

  • Google Scholar

• 16

  BostanA.ŞengülG. (2018). Siber güvenlik farkindaliği oluşturma. in siber güvenlik ve savunma farkindalik ve caydiricilik.Ankara: Grafiker Yayınları, 145–158.

  • Google Scholar

• 17

  BubenkoJ. A. (2007). “From information algebra to enterprise modelling and ontologies — a historical perspective on modelling for information systems,” in Conceptual Modelling in Information Systems Engineering, edsKrogstieJ.OpdahlA. L.BrinkkemperS. (Berlin: Springer), 1–18. 10.1007/978-3-540-72677-7_1

  • CrossRef
  • Google Scholar

• 18

  Çalış DumanM. (2022). Toplum 5.0: Ýnsan odakli dijital dönüşüm.Sosyal Siyaset Konferansları Dergisi/J. So. Policy Conf.19309–336. 10.26650/jspc.2022.82.1008072

  • CrossRef
  • Google Scholar

• 19

  CanoğullarıE. (2021). Öğretmenlerin bilgi güvenliği konusundaki farkindaliklarinin incelenmesi.Kalem Uluslararasi Egitim ve Insan Bilimleri Dergisi11651–679. 10.23863/kalem.2021.219

  • CrossRef
  • Google Scholar

• 20

  ÇetinkayaL.GüldürenC.KeserH. (2017). Öğretmenler için bilgi güvenliği farkindalik ölçeği(BGFÖ) geliştirme çalişmasi.Milli Eğitim Dergisi21633–52.

  • Google Scholar

• 21

  Checkpoint (2022). Live Cyber Threat Map. Checkpoint. Available online at: https://threatmap.checkpoint.com/(accessed April 15, 2022).

  • Google Scholar

• 22

  ChouH. L.ChouC. (2016). An analysis of multiple factors relating to teachers’ problematic information security behavior.Comput. Hum. Behav.65334–345. 10.1016/j.chb.2016.08.034

  • CrossRef
  • Google Scholar

• 23

  ColwillC. (2009). Human factors in information security: The insider threat–Who can you trust these days?Inf. Secur. Tech. Rep.14186–196. 10.1016/j.istr.2010.04.004

  • CrossRef
  • Google Scholar

• 24

  CouldryN.MejiasU. A. (2019). Data colonialism: Rethinking big data’s relation to the contemporary subject.Telev. New Media20336–349. 10.1177/1527476418796632

  • CrossRef
  • Google Scholar

• 25

  CoxA.ConnollyS.CurrallJ. (2001). Raising information security awareness in the academic setting.Vine3111–16. 10.1108/03055720010803961

  • CrossRef
  • Google Scholar

• 26

  Da VeigaA. (2019). “Achieving a security culture,” in Cybersecurity education for awareness and compliance, (Pennsylvania: IGI Global), 72–100.

  • Google Scholar

• 27

  da VeigaA.AstakhovaL. V.BothaA.HerselmanM. (2020). Defining organisational information security culture—Perspectives from academia and industry.Comput. Secur.92:101713. 10.1016/j.cose.2020.101713

  • CrossRef
  • Google Scholar

• 28

  de BruijnH.JanssenM. (2017). Building cyber security Awareness: The need for evidence-based framing strategies.Gov. Inf. Q.341–7. 10.1016/j.giq.2017.02.007

  • CrossRef
  • Google Scholar

• 29

  Digital. (2022). Another year of bumper growth. We are social UK. Available online at: https://wearesocial.com/uk/blog/2022/01/digital-2022-another-year-of-bumper-growth-2/(accessed June 13, 2022).

  • Google Scholar

• 30

  DlaminiM. T.EloffJ. H. P.EloffM. M. (2009). Information security: The moving target.Comput. Secur.28189–198. 10.1016/j.cose.2008.11.007

  • CrossRef
  • Google Scholar

• 31

  EvansY.HeI. Y.JanickeH. (2018). “Analysis of published public sector information security incidents and breaches to establish the proportions of human error,” in Proceedings of the twelfth international symposium on human aspects of information security assurance, (HAISA), Dundee, Scotland, 191–202.

  • Google Scholar

• 32

  EvansM.HeY.LuoC.YevseyevaI.JanickeH.ZamaniE.et al (2019). Real-time information security incident management: A case study using the IS-CHEC technique.IEEE Access7142147–142175. 10.1109/ACCESS.2019.2944615

  • CrossRef
  • Google Scholar

• 33

  FanY.StevensonM. (2018). A review of supply chain risk management: Definition, theory, and research agenda.Int. J. Phys. Distrib. Logist. Manag.48205–230.

  • Google Scholar

• 34

  FarooqA.IsoahoJ.VirtanenS.IsoahoJ. (2015). “Information security awareness in educational institution: An analysis of students’ individual factors,” in Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, (Helsinki), 352–359. 10.1109/Trustcom.2015.394

  • CrossRef
  • Google Scholar

• 35

  FilippidisA. P.HilasC. S.FilippidisG.PolitisA. (2018). Information security awareness of greek higher education students - preliminary findings. 2018 7th international conference on modern circuits and systems technologies.Mocast20181–4. 10.1109/MOCAST.2018.8376578

  • CrossRef
  • Google Scholar

• 36

  FrolovaE. V.RogachO. V.RyabovaT. M. (2020). Digitalization of education in modern scientific discourse: new trends and risks analysis.Eur. J. Contemp. Educ.9313–336. 10.13187/ejced.2020.2.313

  • CrossRef
  • Google Scholar

• 37

  FukuyamaM. (2018). Society 5.0: Aiming for a new human-centered society.Japan: 47–50.

  • Google Scholar

• 38

  GhafirI.SaleemJ.HammoudehM.FaourH.PrenosilV.JafS.et al (2018). Security threats to critical infrastructure: the human factor.J. Supercomput.744986–5002. 10.1007/s11227-018-2337-2

  • CrossRef
  • Google Scholar

• 39

  GökçearslanŞGünbatarM. S.SarıtepeM. (2021). Ortaöğretim öğrencilerinin bilgi güvenliği farkindaliklarinin incelenmesi.Yuzunci Yil Universitesi Egitim Fakultesi Dergisi18354–373. 10.33711/yyuefd.867015

  • CrossRef
  • Google Scholar

• 40

  GrushoA. A.GrushoN. A.ZabezhayloM. I.TimoninaE. E. (2018). Protection of Valuable Information in Information Technologies.Automat. Control Comput. Sci.521076–1079. 10.3103/S0146411618080138

  • CrossRef
  • Google Scholar

• 41

  GudmundsdottirG. B.HatlevikO. E. (2018). Newly qualified teachers’ professional digital competence: Implications for teacher education.Eur. J. Teach. Educ.41214–231.

  • Google Scholar

• 42

  GümüşM. (2007). Kurumsal bilgi güvenliği yönetim sistemleri ve güvenliği.Istanbul: Yıldız Teknik Üniversitesi.

  • Google Scholar

• 43

  HartS.MargheriA.PaciF.SassoneV. (2020). Riskio: A serious game for cyber security awareness and education.Comput. Secur.95:101827. 10.1016/j.cose.2020.101827

  • CrossRef
  • Google Scholar

• 44

  HenkoğluT.YılmazB. (2013). Avrupa birliği (AB) bilgi güvenliği politikalari.Türk Kütüphaneciliği27451–471.

  • Google Scholar

• 45

  HöneK.EloffJ. H. P. (2002). Information security policy - What do international information security standards say?Comput. Secur.21402–409. 10.1016/S0167-4048(02)00504-7

  • CrossRef
  • Google Scholar

• 46

  Hughes-LarteyK.LiM.BotcheyF. E.QinZ. (2021). Human factor, a critical weak point in the information security of an organization’s Internet of things.Heliyon7:e06522. 10.1016/j.heliyon.2021.e06522

  • Pubmed Abstract
  • CrossRef
  • Google Scholar

• 47

  HwangI.WakefieldR.KimS.KimT. (2021). Security awareness_ the first step in information security compliance behavior.J. Comput. Inf. Syst.61345–356. 10.1080/08874417.2019.1650676

  • CrossRef
  • Google Scholar

• 48

  ÍhtiyaroğluU. (2020). Bilişim sistemine girme suçunun yargi kararlari bağlaminda incelenmesi.Hacettepe Hukuk Fakültesi Dergisi10406–440. 10.32957/hacettepehdf.726568

  • CrossRef
  • Google Scholar

• 49

  IrmakH.BazF. Ç (2019). Kurumsal bilgi güvenliği, tehditler ve alinmasi gereken önlemler üzerine inceleme. 2. Uluslararasi mardin artuklu bilimsel araştirmalar kongresi.Mardin: Farabi Yayınevi. 333–341.

  • Google Scholar

• 50

  ISO-ISO/IEC. (2008). ISO - ISO/IEC 27005:2008 - Information technology — security techniques — Information security risk management.Geneva: ISO.

  • Google Scholar

• 51

  Jang-JaccardJ.NepalS. (2014). A survey of emerging threats in cybersecurity.J. Comput. Syst. Sci.80973–993. 10.1016/j.jcss.2014.02.005

  • CrossRef
  • Google Scholar

• 52

  JouiniM.BenL.RabaiA.AissaB. (2014). Classification of security threats in information systems.Procedia Comput. Sci.32489–496. 10.1016/j.procs.2014.05.452

  • CrossRef
  • Google Scholar

• 53

  KadıoğluE. A. (2019). Design, development and implementation of an information security and cyberethics course for pre-service teachers: A design-based research [Phd Thesis].Cankaya: Middle East Technical University.

  • Google Scholar

• 54

  KajzerM.DarcyJ.CrowellC. R.StriegelA.van BruggenD. (2014). An exploratory investigation of message-person congruence in information security awareness campaigns.Comput. Secur.4364–76. 10.1016/j.cose.2014.03.003

  • CrossRef
  • Google Scholar

• 55

  KarabatakS.KarabatakM. (2019). “Information security awareness of school administrators,” in 7th International Symposium on Digital Forensics and Security, (Barcelos: ISDFS), 10.1109/ISDFS.2019.8757525

  • CrossRef
  • Google Scholar

• 56

  KeserH.GüldürenC. (2015). Bilgi Güvenliği Farkındalık Ölçeği (BGFÖ) Geliştirme Çalışması.Kastamonu Üniversitesi Kastamonu Eğitim Dergisi231167–1184.

  • Google Scholar

• 57

  KeserH.YaylaH. G. (2021). Fatih projesi uygulanan okullardaki ög̃retmenlerin bilgi güvenlig̃i farkındalık düzeylerinin incelenmesi.Millî Eg̃itim Dergisi509–40.

  • Google Scholar

• 58

  KhandoK.GaoS.IslamS. M.SalmanA. (2021). Enhancing employees information security awareness in private and public organisations: A systematic literature review.Comput. Secur.106:102267. 10.1016/j.cose.2021.102267

  • CrossRef
  • Google Scholar

• 59

  KhidzirN. Z.MohamedA.ArshadN. H. (2010). Information security risk factors: Critical threats and vulnerabilities in ICT outsourcing.Proceedings - 2010 International Conference on Information Retrieval and Knowledge Management: Exploring the Invisible World, CAMP’Shah Alam10194–199. 10.1109/INFRKM.2010.5466918

  • CrossRef
  • Google Scholar

• 60

  KimE. B. (2014). Recommendations for information security awareness training for college students.Inf. Manage. Comput. Secur.22115–126. 10.1108/IMCS-01-2013-0005

  • CrossRef
  • Google Scholar

• 61

  KimT. K.ParkJ. H. (2019). More about the basic assumptions of t-test: Normality and sample size.Korean J. Anesthesiol.72331–335. 10.4097/kja.d.18.00292

  • Pubmed Abstract
  • CrossRef
  • Google Scholar

• 62

  KissG. (2019). The information security awareness of the Slovakian kindergarten teacher students at starting and finishing the study in higher education.SHS Web Conf.66:01042. 10.1051/shsconf/20196601042

  • CrossRef
  • Google Scholar

• 63

  KritzingerE. (2017). Growing a cyber-safety culture amongst school learners in South Africa through gaming.S. Afr. Comput. J.2916–35. 10.18489/sacj.v29i2.471

  • CrossRef
  • Google Scholar

• 64

  KubackaA.BialyD.GolabR. (2021). Perception of information security in the process of distance learning during the COVID-19 pandemic on the example of university teachers’ experiences.Int. J. Res. E Learn.71–18. 10.31261/IJREL.2021.7.2.05

  • CrossRef
  • Google Scholar

• 65

  LevinD. A. (2021). The state Of K-12 cybersecurity: 2020 year in review. Available online at: https://k12cybersecure.com(accessed March 18, 2022).

  • Google Scholar

• 66

  LewandowskiJ. (2019). “[PDF] intentionally secure: Teaching students to become responsible and ethical users | semantic scholar,” in Emerging trends in cyber ethics and education, ed.BlackburnI. L. P. R. (Indiana: IGI Global), 118–130. 10.4018/978-1-5225-5933-7.ch006

  • CrossRef
  • Google Scholar

• 67

  LinF. (2021). “Big data platform for daily management of higher vocational students in the information age,”Proceedings of the 2021 International Symposium on Advances in Informatics, Electronics and Education (ISAIEE), (Germany: IEEE), 220–223. 10.1109/ISAIEE55071.2021.00061

  • CrossRef
  • Google Scholar

• 68

  MashhadiV. Z.KargozariM. R. (2011). Influences of digital classrooms on education.Procedia Comput. Sci.31178–1183. 10.1016/j.procs.2010.12.190

  • CrossRef
  • Google Scholar

• 69

  MetalidouE.MarinagiC.TrivellasP.EberhagenN.GiannakopoulosG.SkourlasC. (2014). Human factor and information security in higher education.J. Syst. Inf. Technol.16210–221. 10.1108/JSIT-01-2014-0007

  • CrossRef
  • Google Scholar

• 70

  NagaharaM. (2019). A research project of society 5.0 in kitakyushu.Hong Kong, China. 10.1109/CCTA.2019.8920449

  • CrossRef
  • Google Scholar

• 71

  OdiagaG. A.AbekaS.LiyalaS. (2020). An information security awareness framework for secondary school teachers in Kenya.Int. J. Innov. Res. Adv. Stud. (IJIRAS)788–98.

  • Google Scholar

• 72

  OrtaşI. (2018). Bilgi ve iletişim çağinda bilimsel bilgiye erişimin önemi ve türkiye nin bilgiye erişim potansiyeli (In the information and communication age, the importance of accessing scientific information and the information and communication potential of Turkey).Turk Kutuphaneciligi - Turkish Librariansh.32223–232. 10.24146/tkd.2018.39

  • CrossRef
  • Google Scholar

• 73

  ÖznacarB. (2018). “Risk management strategies in school development and the effect of policies on tolerance education,” in In open and equal access for learning in school management, (London: IntechOpen), 107–114. 10.5772/intechopen.70787

  • CrossRef
  • Google Scholar

• 74

  ÖznacarB.DagliG. (2016). Evaluation of risks for school directors in education in developed/Developing countries.Anthropologist231–10. 10.1080/09720073.2016.11891918

  • CrossRef
  • Google Scholar

• 75

  ÖzokH. I.TayizV. (2020). “Uzaktan eğitim ve teknoloji bağimliliği,” in Pandemi ve eğitim, (Ankara: Anı Yayıncılık), 293–310.

  • Google Scholar

• 76

  ParkS. (2017). “Information is power,” in Digital capital, (London: Palgrave Macmillan), 161–183. 10.1057/978-1-137-59332-0_8

  • CrossRef
  • Google Scholar

• 77

  ParsonsK.McCormacA.ButaviciusM.PattinsonM.JerramC. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q).Comput. Secur.42165–176. 10.1016/j.cose.2013.12.003

  • CrossRef
  • Google Scholar

• 78

  PuhakainenP. (2006). Design theory for information security awareness [Master Thesis].Oulu: Unıversity Of Oulu.

  • Google Scholar

• 79

  RahmatullahA. S.MulyasaE.SyahraniS.PongpaliluF.PutriR. E. (2022). Digital era 4.0.Linguist. Cult. Rev.689–107. 10.21744/lingcure.v6nS3.2064

  • CrossRef
  • Google Scholar

• 80

  RapantaC.BotturiL.GoodyearP.GuàrdiaL.KooleM. (2020). Online university teaching during and after the Covid-19 crisis: Refocusing teacher presence and learning activity.Postdigital Sci. Educ.2923–945. 10.1007/s42438-020-00155-y

  • CrossRef
  • Google Scholar

• 81

  RezguiY.MarksA. (2008). Information security awareness in higher education: An exploratory study.Comput. Secur.27241–253. 10.1016/j.cose.2008.07.008

  • CrossRef
  • Google Scholar

• 82

  RichardsonM. D.LemoineP. A.StephensW. E.WallerR. E. (2020). Planning for cyber security in schools: The human factor: Roadrunner search discovery service.Educ. Plan.27:17.

  • Google Scholar

• 83

  ŞahinaslanE.KantürkA.ŞahinaslanÖBorandağE. (2009). Kurumlarda bilgi güvenliği farkındalığı, önemi ve oluşturma yöntemleri.Akademik Bilişim911–13.

  • Google Scholar

• 84

  SajidanS. S.PerdanaR.AtmojoI. R. W.NugrahaD. A. (2020). Development of science learning model towards society 5.0: A conceptual model.J. Phys. Conf. Ser.15111–10. 10.1088/1742-6596/1511/1/012124

  • CrossRef
  • Google Scholar

• 85

  SiponenM. T. (2000). Conceptual foundation for organizational information security awareness.Inf. Manage. Comput. Secur.831–41. 10.1108/09685220010371394

  • CrossRef
  • Google Scholar

• 86

  SpearsJ. L.BarkiH. (2010). User participation in information systems security risk management.MIS Q. Manage. Inf. Syst.34503–522. 10.2307/25750689

  • CrossRef
  • Google Scholar

• 87

  SulichA.RutkowskaM.Krawczyk-JezierskaA.JezierskiJ.ZemaT. (2021). Cybersecurity and sustainable development.Procedia Comput. Sci.19220–28. 10.1016/j.procs.2021.08.003

  • CrossRef
  • Google Scholar

• 88

  TahaN.DahabiyehL. (2021). College students information security awareness: A comparison between smartphones and computers.Educ. Inf. Technol.261721–1736. 10.1007/s10639-020-10330-0

  • CrossRef
  • Google Scholar

• 89

  TchernykhA.SchwiegelsohnU.TalbiE.GhazaliBabenkoM. (2019). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability.J. Comput. Sci.36:100581. 10.1016/j.jocs.2016.11.011

  • CrossRef
  • Google Scholar

• 90

  TDK. (2022). Türk dil kurumu sözlükleri. Available online at: https://sozluk.gov.tr/(accessed August 10, 2022).

  • Google Scholar

• 91

  TılıçG. (2020). Eğitimde Dijitalleşme Kapsamında Oyunlaştırma Kavramı.Sanat ve Tasarım Dergisi, 26671–695.

  • Google Scholar

• 92

  TummalaR.SchoenherrT. (2011). Assessing and managing risks using the Supply Chain Risk Management Process (SCRMP).Supply Chain Manage. Int. J.16474–483. 10.1108/13598541111171165

  • CrossRef
  • Google Scholar

• 93

  VardalN. (2009). Yükseköğretimde bilgi güvenliği: Bilgi güvenlik yönetim sistemi için bir model önerisi ve uygulaması [Doktora].Washington, DC: Eğitim Bilimleri Enstitüsü.

  • Google Scholar

• 94

  WaldmanA. (2020). Cyber Attacks on Schools Tripled-Technology News. Available online at https://www.hurriyet.com.tr/teknoloji/okullara-yonelik-siber-saldirilar-uc-kat-artti-41612854. [Accessed date: March 18, 2022]

  • Google Scholar

• 95

  WallenN. E.FraenkelJ. R. (2013). Educational research: A guide to the process.Abingdon: Routledge.

  • Google Scholar

• 96

  WilliamT. (2020). K-12 Schools warned of increasing cyber-attacks in U.S. advisory - Bloomberg. Available online at: https://www.bloomberg.com/news/articles/2020-12-10/k-12-schools-warned-of-increasing-cyber-attacks-in-u-s-advisory(accessed March 18, 2022).

  • Google Scholar

• 97

  YaşarH.ÇakırH. (2015). Kurumsal siber güvenliğe yönelik tehditler ve önlemleri.Düzce Üniversitesi Bilim ve Teknoloji Dergisi3488–507.

  • Google Scholar

• 98

  Yeboah-BoatengO. E. (2013). Cyber-security challenges with smes in developing economies: Issues of confidentiality, integrity & availability (CIA).Denmark: Aalborg University.

  • Google Scholar

• 99

  YerbyJ.Floyd KevinFloydK. (2018). Faculty and staff information security awareness and behaviors.J. Colloq. Inf. Syst. Secur. Educ. (CISSE)61–23.

  • Google Scholar

• 100

  YıldırımA.ŞimşekH. (2008). Sosyal bilimlerde nitel araştirma yöntemleri. seçkin yayinlari.Ankara: Seçkin Yayınları.

  • Google Scholar

• 101

  Yıldız KorkmazN.AtasoyA. (2016). Öğrencilerde bilgi güvenliği farkindaliğinin değerlendirilmesi gönderim.Sağlıkta Performans ve Kalite Dergisi1181–95.

  • Google Scholar

• 102

  ZwillingM.KlienG.LesjakD.WiechetekŁCetinF.BasimH. N. (2020). Cyber security awareness, knowledge and behavior: A comparative study.J. Comput. Inf. Syst.621–16. 10.1080/08874417.2020.1712269

  • CrossRef
  • Google Scholar