Information Security Awareness in Higher Education Institutes: A Work in Progress

The demands for information security in Higher Education Institutions (HEIs) are expanding as HEIs are vulnerable because of the involvement of human factors. Hence, maintaining data privacy is paramount, especially in HEIs, where most individuals interacting with systems and applications are the main stakeholders (lecturers, students, and non-academic staff). In this regard, existing literature and security experts claim that enhancing users' Information Security Awareness (ISA) is one of the most effective protective techniques. Therefore, this study aims to propose a conceptual security awareness framework consisting of devices, application areas, and security practices and their related activities for HEIs. Moreover, five conceptual dimensions are suggested that affect users' ISA and are necessary for HEIs while measuring the ISA of their stakeholders. For investigating and understanding these issues, interviews were conducted with IT security experts working in HEIs.