IntechOpen

Home > Books > Leadership Studies in the Turbulent Business Eco-System [Working Title]

Open access peer-reviewed chapter - ONLINE FIRST

Information Security Awareness in Sub-Saharan African Schools: The Role of Educational Leadership in Turbulent Times

Written By

Mboneza N. Kabanda

Submitted: 15 January 2024 Reviewed: 20 February 2024 Published: 06 May 2024

DOI: 10.5772/intechopen.114332

Leadership Studies in the Turbulent Business Eco-System IntechOpen
Leadership Studies in the Turbulent Business Eco-System Edited by Muhammad Mohiuddin

From the Edited Volume

Leadership Studies in the Turbulent Business Eco-System [Working Title]

Dr. Muhammad Mohiuddin, Dr. Elahe Hosseini, Dr. Mohammed Julfikar Ali and Dr. Mohammad Osman Gani

Chapter metrics overview

7 Chapter Downloads

View Full Metrics
Advertisement

Abstract

The COVID-19 pandemic has influenced the increased adoption of digital tools in educational institutions across sub-Saharan Africa. The efficient flow of information within modern organizations heavily depends on using Information and Communication Technology (ICT). Like other organizations, the education sector has experienced a growth in the use of ICT, which has brought about potential threats to information security and users’ safety. In this regard, school leadership can play a pivotal role in ensuring information security by raising users’ awareness. Consequently, protecting school information systems and their users’ safety should be a top priority for school heads and other stakeholders. This paper aims to analyze different strategies school leadership can implement to raise information security awareness (ISA) among staff, teachers, and students and to develop a framework for sub-Saharan African schools considered newcomers in using information and communication technologies. This chapter focuses on the transformational leadership theory, the technology acceptance model (TAM), and the knowledge, attitude, behavior (KAB) model.

Keywords

  • information security awareness
  • cybersecurity
  • information technology
  • transformational leadership
  • educational technology

1. Introduction

Cybersecurity threats have risen in sub-Saharan Africa alongside the region’s fast technological development and increased connectivity in recent years. Schools are not exempt from these difficulties as vital centers for education and knowledge transfer. The urgent need to provide students, educators, and administrators with the skills to navigate cyberspace safely has arisen in response to the explosion of digital learning platforms and tools.

Information security awareness (ISA) is essential in institutions to safeguard confidential information and avoid security breaches. Several studies emphasize the significance of promoting information security education and training to enhance security awareness among students and staff [1, 2, 3, 4, 5, 6]. A key factor impacting an organization’s security is its employees’ level of information security awareness. Indeed, the organization ensures that workers are aware of and willing to adhere to information security practices, which helps prevent security incidents and breaches [7]. Staff members are more inclined to use secure practices and follow security protocols when they understand the significance of information security and its dangers [8]. Thus, this lessens the possibility of security incidents caused by carelessness or human mistakes [9]. On top of that, when employees participate in information security awareness programs, it helps foster a company-wide culture of security, where everyone does their part to keep confidential data safe [10, 11]. Organizations can improve their security measures and reduce the impact of possible security threats by fostering a security awareness culture.

Information and communication technologies (ICT) in education have grown worldwide. These technologies include computers for content delivery, online learning apps, cloud storage, learning management systems, computer-based assessment and training systems, and predictive learning analytics. Also, the COVID-19 pandemic has made these tools essential for online learning; however, many challenges arose, including access inequalities, technical difficulties, insufficient training, and information security issues [12, 13].

The need to increase information security awareness (ISA) has become even more urgent in today’s business environment, where smart working is gaining popularity. Proof of this can be found in a study by IBM. The study predicted that the COVID-19 pandemic would increase data breach costs and incident response times due to the rise in remote work [13]. Employees’ ISA becomes one of the critical aspects of protection against undesirable information security behaviors. However, there is limited synthesized knowledge about methods for enhancing ISA and integrated insights on factors affecting employees’ ISA levels within sub-Saharan African educational institutions.

A critical issue of insufficient information security awareness must be addressed in schools in sub-Saharan Africa in light of the ever-changing digital environment and the growing dependence on technology for educational goals [14, 15]. Indeed, things are not looking good when it comes to leaders taking the initiative and providing strategic guidance in turbulent times when cyber threats are on the rise and traditional learning models are facing interruptions. Having a well-defined leadership model at the strategy level is crucial [16, 17] for raising ISA among teachers, staff, and students, especially in turbulent situations for beginners in adopting digital technologies as it is now in most of the schools in sub-Saharan Africa. However, school administrators are not prepared to proactively tackle information security threats. This chapter examines the state of information security awareness in schools across sub-Saharan Africa and educational leadership’s role in addressing the challenges posed by turbulent times, such as information security threats. Though some ISA frameworks exist in the sub-Saharan region [9, 18], there is a need to develop a step-by-step ISA model for schools that are at the starting phase of the implementation of digital technologies, here addressed as beginners. The review of literature has helped, in the end, to develop an ISA framework for schools beginning the implementation of digital technologies in the sub-Saharan African schools. This will aid in reducing risks, increase preparedness, and protect the school information system.

Advertisement

2. Information security awareness

Information security awareness (ISA) can be defined as the extent to which individuals within an organization understand the significance of information security, the appropriate levels of security required, their security responsibilities, and their actions in line with these responsibilities [19, 20, 21]. It is a preventive measure establishing security procedures and principles to reduce information security risks due to human-related vulnerabilities [22].

ISA includes the knowledge of concepts and awareness of existing policies and behavioral changes that reduce employees’ vulnerability and protect against threats exploiting employees’ vulnerability, ultimately positively impacting the overall risks related to information assets [23, 24]. Security awareness programs are designed to strengthen the “people” factors, often the weak point of information security and a primary link to many security threats [25]. Furthermore, security education, training, and awareness programs positively and significantly impact information security culture [5].

2.1 Data sensitivity in educational institutions

Information, as an indispensable resource, is a crucial consideration for organizations. Managers often invest significant financial resources to ensure its continued protection and security [26]. Today, the success of any company relies on the use of computers and information systems [27]. However, in most sub-Saharan African countries, there is a weakness in the record management of legislation, policies, security, and organizational guidelines [28, 29, 30]. In addition, the lack of preparedness in the information system management sector, especially regarding security issues, can cause many losses to organizations in the sub-Saharan region. Indeed, attempts to preserve data are made sporadically in Africa, whereas Europe, North America, and Asia are at a very high level [28, 31].

Information security is prioritized in daily organizational activities [32]. In educational institutions, the priority is the transmission of knowledge to students. However, administrators also manage various aspects, including student and staff records, infrastructure, and other relevant information. Thus, collecting and storing information requires special attention, protection, and security [33, 34].

It is also essential to emphasize that information security concerns technical and nontechnical information security issues (human-related security issues) [35]. However, information security policy compliance in educational institutions remains insufficient, although they are subject to enormous daily security hazards [33]. For the sub-Saharan Africa region, considered a newcomer to the use of information systems (IS) in education, this situation can lead to many losses if not considered. When Africa is regarded as a neglected continent in IS research, less is known about managing security issues within educational institutions. However, like other business organizations, educational institutions experience the same threats and vulnerabilities [27, 36]. Indeed, educational institutions have enormous volumes of personally identifiable data, making them attractive targets for hackers [34]. Besides technology, educational institutions must also apply and set appropriate policies and standards to protect and secure their resources [36].

2.2 Importance of information security awareness

Users and employees are often identified as the weakest link in information security, making their awareness essential in risk management [13, 37, 38]. Awareness programs aim to change behavior and reinforce good security practices, making employees the most effective layer in an organization’s security defense [39]. Understanding the relationship between individuals’ ISA and security-related behavior is essential to guarantee information security [40]. Security awareness programs are often overlooked, leaving normal users vulnerable to cyberattacks [41]. Supplementing technical controls with security awareness, training, and education is necessary to address human vulnerabilities and create a security culture [42].

The level of ISA among students and staff varies, and there is a need to assess and improve this awareness to establish a secure ICT environment within educational institutions [23, 43]. Studies have also highlighted the influence of factors such as education level, leadership style, and perceived benefits of security countermeasures on ISA and compliance behavior [44, 45].

Moreover, ISA has been emphasized in the context of specific technologies, such as smartphones, and in addressing emerging threats, such as cybercrimes and hacker attacks [4, 46, 47]. It is crucial to recognize the evolving nature of security threats and to ensure that users are aware of technical security issues and safe internet usage. Establishing comprehensive security education, training, and awareness programs can significantly contribute to creating a secure and trustworthy ICT environment, fostering a culture of security consciousness, and mitigating the risks associated with cyber threats.

2.3 Information security awareness in sub-Saharan African schools

The current status of ISA in sub-Saharan African schools is of growing concern. Indeed, ISA in sub-Saharan Africa is at low levels [48]. This suggests a critical need for further improvement in this area. A study conducted in South Africa on integrating ICT security awareness into the South African school system revealed significant challenges, indicating a substantial problem with incorporating ISA into the South African educational system [49].

Assessing ISA and compliance in sub-Saharan African schools is crucial. Several studies have highlighted the need for integrating ICT security awareness into the education system [50]. The use of ICT in South Africa and the level of ICT security awareness among school learners have been investigated, revealing a gap between the two spheres [51]. To address this problem, a framework called the South African ICT Security Awareness Framework for Education (SAISAFE), which aims to integrate ICT security awareness into the education system [52], has been proposed.

Additionally, studies conducted in Sudan and Tanzania found that students in African higher education institutions had low levels of cybersecurity awareness [1453]. This highlights the need for increased cybersecurity education and awareness among African school students [54]. Thus, sub-Saharan African schools must implement extensive ISA programs to prevent the growing risks of data breaches. This may involve the development of tailored educational programs, integrating ISA into the curriculum, and implementing effective strategies to raise awareness and promote compliance with information security practices.

2.4 Information security threats in Africa

The digital landscape in the African region is undergoing rapid transformation. However, the absence of adequate measures for safeguarding cyberspace, the inadequacy of the legislative framework governing information security, and the limited awareness of the general public about cybersecurity concerns intensify the prevalence of cyber threats [52]. Various factors, including economic conditions, political stability, technological infrastructure, and levels of awareness and preparedness in different countries, influence the range of threats:

  1. Cybercrime and fraud: cybercrime and fraud are increasingly prevalent, with cybercriminals employing tactics such as phishing emails and messages to deceive individuals into divulging confidential information or downloading malware. Additionally, a variety of online scams, including lottery scams, romance scams, and investment scams, are aimed at unsuspecting victims.

  2. Malware and ransomware: malware, including ransomware, is a major threat that poses significant risks. Ransomware attacks typically entail the encryption of data and the subsequent demand for a ransom in exchange for its liberation, which can impact both businesses and individuals.

  3. Insider threats: insider threats, which may originate from intentional or unintentional actions by employees, pose a significant risk to sensitive information within an organization. These threats may arise from employees who act maliciously or those who inadvertently disclose confidential information.

  4. Hacktivism: certain cyberattacks in Africa may be instigated for political purposes with hacktivist groups aiming to infiltrate government websites or organizations to advance a specific cause.

  5. Inadequate cybersecurity infrastructure: certain African countries may encounter difficulties constructing and sustaining robust cybersecurity frameworks due to constrained resources, rendering them more susceptible to cybersecurity risks.

  6. Mobile security threats: the growing prevalence of mobile devices has brought about a corresponding increase in the risk posed by mobile malware. This threat is particularly pressing for individuals who have not implemented sufficient security measures on their smartphones.

  7. Low cybersecurity awareness: in many instances, the deficiency of knowledge and education about cybersecurity among individuals and businesses can contribute to the success of cyberattacks.

  8. Infrastructure attacks: the consequences of attacks on critical infrastructure, including power grids, water supply systems, and transportation networks, can be severe.

  9. Data protection issues: the lack of adequate data protection legislation and enforcement measures can lead to breaches of privacy and unauthorized access to personal data.

  10. Transnational threats: cybercriminal activity often transcends national boundaries, presenting a formidable challenge to law enforcement in their efforts to mitigate cybercrime.

2.5 Cyber security threats in educational institutions

Cybersecurity threats in educational institutions are a growing concern. The digital revolution has brought risks, such as attacks and malicious programs, which can hinder the education process and affect the infrastructure of higher education institutions [55]. Studies have shown that a significant percentage of college populations have experienced negative impacts of cyberspace threats, including fear, anxiety, and embarrassment [56]. The COVID-19 pandemic has further increased the threats to information security in higher education institutions, with malware attacks, DoS/DDoS attacks, and phishing attacks being the most common [57]. The active use of IT in various sectors makes corporate information security crucial as cyberattacks can result in significant financial losses and reputational ruin. [58]. Universities, colleges, and schools are prime targets for cybercriminals, with ransomware being the most common external attack and hacking for personal gain being the most common internal attack. Users themselves can pose an insider threat motivated by various factors [59]. Thus, cyber security in educational institutions requires awareness, training, and the implementation of solid policies to protect against these threats.

Organizations unprepared to face cyberattacks on their resources will experience substantial losses and reduced performance [60]. According to statistics, around 4000 ransomware attacks occur daily on enterprises. Each day, over 330,000 malware occurrences arise worldwide. Cases include phishing, malware, ransomware, malicious scans, and social engineering. These attacks cost organizations a lot. In 2015, cyberattacks cost 3 trillion U.S. dollars worldwide, 5 trillion in 2017, and 6 trillion in 2021 [61, 62, 63, 64, 65, 66, 67, 68]. Indeed, these figures highlight the critical impact of cyberattacks on organizational stability and sustainability. Considering the increasing threat of cyberattacks as organizations undergo digital transformation, there is a need for proactive cybersecurity measures in educational institutions to safeguard against evolving threats [69].

Advertisement

3. Role of school leadership in fostering information security awareness in turbulent times

Aligning cybersecurity with organizational leadership is increasingly vital as organizations transform into digital businesses and face IT-related risks and regulations [70]. While IT professionals play a significant role in implementing and maintaining security measures, leadership is responsible for creating a security culture, establishing policies and procedures, allocating resources, and making strategic decisions to protect the organization from cyber threats. Cybersecurity is a joint responsibility that falls upon both leaders and IT professionals. The traditional perspective of cybersecurity being limited to a few individuals in IT departments is inadequate in addressing the complex challenges. However, expecting everyone to become a cybersecurity expert is impractical. Instead, it is valuable to involve a heterogeneous range of disciplines, organizations, and skill sets in addressing cybersecurity challenges [71]. Cybersecurity managers need to work with managers from various organizations to ensure a unified approach to countering cyberattacks [72].

During turbulent times, managers and employees must adopt the right attitude to overcome the barriers and become more robust [73], although several organizations go bankrupt. As for school administrators, they can rely on their persuasive abilities to drive continuous school improvement in the face of high expectations, limited resources, and a variety of other challenges [74].

Leadership in modern schools is primarily considered a “people issue” that centers on shaping the attitudes, beliefs, and actions of others [75]. In turbulent times, however, school leadership is also responsible for assuring open and trustworthy communication with all impacted members of the school community, inspiring optimism, providing reassurance, and serving as a focal point for coordinated and productive efforts.

In normal conditions, companies assume they can predict the future by extrapolating from the past [76]. However, moments of crisis can disrupt all forecasts, requiring administrators to be comfortable adjusting their plans to deal with threats. Times of crisis provide administrators with opportunities to learn new strategies to ensure the continuity of the company’s activities. In this point of view, leaders are evaluated based on their ability to manage their organizations’ crises. Indeed, in school settings, reducing stress for students and staff through prompt action and preventative measures would boost faith in the school’s ability to handle emergencies. However, conflicting views on the actual effectiveness of leaders and some of the failures of ineffective leadership responses are revealed by studies when thinking about the role of leadership in handling crises and communications [77].

Similarly, like other organizations, schools are often confronted with challenges and unexpected crises such as natural disasters, accidents, shootings, and pandemics. These events tend to create a sense of panic and uncertainty [78, 79]. When the COVID-19 pandemic spread, schools were ordered to close. Principals were asked to take on multiple roles, including chief communicator to school communities, technology provider, launcher of an online learning platform, and logistics manager [78].

For developing nations, the COVID-19 pandemic had devastating effects. Consequently, it has prompted a thorough rethinking of global educational systems [80]. During turbulent moments such as the COVID-19 pandemic or cyberattacks, there is a need for a leadership style that will ensure the continuity of school activities. At this point, there is a need for a transformational leadership style. Transformational leadership style in a turbulent business ecosystem involves leaders who inspire and motivate their teams to adapt, innovate, and thrive amidst uncertainty and change. Indeed, transformational leadership aims to bring about personal growth and change in followers, as the term suggests [81].

3.1 Elements of transformational leadership

Transformational leadership is paramount for organizational success in this fastpaced and unpredictable commercial landscape. This leadership approach is considered one of the most potent styles that can positively impact personal and corporate outcomes [82]. James MacGregor Burns initially proposed the idea of transformational leadership. Burns argues that leaders exhibit transformational leadership when they inspire and motivate their followers to reach greater heights of moral and intellectual achievement [83, 84, 85, 86]. In subsequent years, scholar Bernard M. Bass built on Burns’s work to formulate what is now known as Bass’s theory of transformational leadership. Bass claims that the effect on subordinates indicates whether a leader is practicing transformational leadership. According to Bass, transformational leaders can inspire admiration, respect, and trust in their followers [84, 87]. Researchers in leadership generally agree that building trust is one of the many powerful outcomes of transformational leadership, commitment, and performance in organizations with a hierarchical structure [87, 88, 89, 90].

The four pillars of transformational leadership were proposed by Bass and Riggio [84]:

  1. Idealized influence (II): through their actions, transformational leaders set an example for those who follow them. The leaders are seen as trustworthy, respected, and admired. Leaders are characterized by the extraordinary abilities, perseverance, and resolve that their followers admire and aspire to emulate. The leader’s actions and the qualities others attribute to them make up idealized influence.

  2. Inspirational motivation (IM): through their actions, transformational leaders inspire and motivate others around them by giving their work purpose and posing healthy challenges. People feel more connected to the team. Passion and hope are on display. Successful leaders inspire their teams to imagine better futures by setting high, attainable goals, clearly communicating those expectations, and showing dedication to the collective vision.

  3. Intellectual stimulation (IS): transformative leaders inspire their followers to think outside the box by challenging preconceived notions, redefining problems, and finding fresh angles on old issues. Expressions of originality are highly valued. No one is oversights are held to a public standard. When problems must be solved, the process involves involving the followers, who are then asked for their creative ideas and input. The followers are encouraged to experiment with different approaches, and their opinions are not deemed unworthy of criticism just because they differ from the leaders. The leader gets others to look at problems from many perspectives.

  4. Individualized consideration (IC): in the role of coach or mentor, transformational leaders pay close attention to the unique needs of each follower to facilitate their success and development. Colleagues and followers are nurtured to reach ever-greater heights of potential. Individualized consideration can be practiced by establishing new learning opportunities in a nurturing environment. The fact that people are unique in their wants and requirements is acknowledged. “The leader spends time teaching and coaching.” [81, 91]

3.2 Transformational leadership and development of information security awareness

Transformational leadership components can uniquely contribute to developing ISA within organizations [17]. By incorporating these elements, school administrators can create an atmosphere of heightened security awareness that spreads throughout the entire school, making it easier to handle sensitive data.

  1. Idealized influence: educational leaders can be role models for information security practices. Educational leaders can set an example by prioritizing and adhering to information security protocols. When leaders are committed to security practices, followers are prone to adopt similar behaviors.

  2. Inspirational motivation: leaders can inspire and encourage educational institution members to understand the significance of information security. Leaders can inculcate a sense of purpose and commitment to safeguarding sensitive information by communicating a convincing vision of a secure environment. This motivation can extend throughout the organization, creating a shared responsibility for information security.

  3. Intellectual stimulation: the best way for leaders to ensure their organization’s data is secure is to encourage constant learning and analysis. Leaders can inspire staff and students to think critically by creating a space open to questions and promoting creative approaches to solving security problems.

  4. Individualized consideration: transformational leaders can demonstrate consideration for individuals’ unique needs and development concerning information security by providing resources, training, and support. This involves tailoring communication and support to address each member’s challenges and strengths.

Advertisement

4. The human factor in information security

The human factor in information security is a severe aspect that significantly influences the overall effectiveness of cybersecurity measures [13, 37, 38, 92]. While technological solutions are essential, human behavior, awareness, and actions are crucial in strengthening or weakening an organization’s security position. ISA refers to how well users comprehend the importance of their organization’s information security policies, procedures, and guidelines and how well they adhere to these principles [20, 21].

In addition, ISA refers to the focus of employees’ intention on security to recognize security concerns and respond appropriately. The same applies to their behavior regarding these directives, rules, and procedures [93, 94, 95]. Indeed, employees’ awareness of information security is a key component of a successful information security management program. The focus on users’ security awareness is crucial. Research reveals that 52% of businesses consider their employees their most significant cybersecurity risk [13, 38, 96]. Kaspersky highlights three sources of human factors and employee behavior leading to cyber threats: (a) workers disclosing sensitive information through mobile devices (47%), (b) employees losing their mobile devices, exposing the organization to risk (46%), and (c) inappropriate utilization of information technology resources by staff members (44%). In connection with the above reality, the Verizon 2023 Data Breach Investigations Report reveals that 74% of breaches involved a human element, including social engineering attacks, errors, or misuse [97].

On the one hand, workers may be careless and inadvertently compromise the company’s information systems. Still, on the other hand, they may lack the proper training to ensure they act in a way that safeguards the organization [38]. However, it is essential to note that sometimes, employees can willingly harm their companies by hiding a suspicious incident. In other cases, employees can decide to ruin their organization’s information system.

A typical list of priorities for enhancing the security of organizational facilities includes raising the level of cyber hygiene among employees because the human element is still the most vulnerable part of industrial automation systems. People can unwittingly put themselves at risk by visiting malicious websites, opening emails containing harmful attachments, or connecting infected USB drives [96]. In the digital age, protecting an organization’s sensitive information systems assets from threats and attacks while maintaining confidentiality, integrity, and availability is challenging [98, 99]. For this reason, managers in the public and private sectors place a high premium on information security. Information security has become a top priority for public and private management because the field of information systems (IS) has dealt with many problems and issues over the decades [32, 100].

4.1 Information security awareness assessment

Considering the role played by human subjects in information security risks, school leadership can use various methods to collect information related to the level of ISA of teachers, staff, students, and other users. The technology acceptance model (TAM) and knowledge, attitude, and behavior (KAB) models can help educational leadership dig deeper to get sufficient information about the ISA level of teachers, staff, and students.

4.1.1 Technology acceptance model (TAM)

The technology acceptance model (TAM) framework explores how users arrive to accept and use technology. TAM was generated by Fred Davis [101]. The idea was to bring everyone to use technology. Generally, according to Davis, attitude, as a key element to use the technology, influences behavioral intention.

The technology acceptance model indicates that various factors lead the user to decide how and when to use technology. The model focuses on two key factors:

  1. Perceived usefulness (PU): Fred Davis defines this factor as the extent to which a technology user considers that using a given technology tool will improve their performance.

  2. Perceived ease of use (PEOU): it explains the extent to which someone considering using a particular system will feel free to use it without difficulty. Indeed, there are minimum barriers when the technology is easy to use. Conversely, people have a negative attitude to using a tool they know is not easy to manipulate.

Many people have conducted several studies and elaborated more on the TAM framework. Two main improvements were made, which are the TAM 2 developed by Venkatesh and Davis [102] and the UTAUT (Unified Theory of Acceptance and Use of Technology) developed by Venkatesh, Morris, and Davis [103]. UTAUT is an essential tool for managers who want to learn about suitability when introducing new technology. From the results, managers can plan related training or do appropriate marketing toward users of the new system. Also, in the field of e-commerce, Venkatesh and Bala have proposed TAM3. This model includes the impacts of trust and perceived risk on system use [104].

4.1.2 Knowledge, attitude, and behavior (KAB) model

Knowledge, attitude, and behavior (KAB) or KAP (knowledge, attitude, and practice) model is well-known in the health sector as behavior change theory. In the 1960s, western scholars developed the KAB model. The model explains that the change in health style behavior depends on the knowledge and attitude of the patient [105]. Also, the KAB model is frequently used to assess behavior change in general [106].

In ISA, school leadership can use the KAB model to quickly help assess the level of understanding of security issues within organizations. In educational institutions, all involved people can be part of the survey to set rules, policies, and procedures related to information security concerns. It is a tool that helps plan for training in information security matters. With the KAB model, changes follow three continuous processes: knowledge acquisition, belief generation, and behavior formation [107].

In educational institutions, the KAB Model can help managers assess what is known, what has been done, and what is missing to adopt proper security-issue changes and practices. With this model, it can be understood that the knowledge of teachers, staff, and students about information security issues impacts their attitudes regarding it and that their attitudes influence the actions (behaviors) they take to preserve the safety of information. Knowledge assessment is built on the user’s understanding of acting in a specific condition [108]. Confidentiality, integrity, and availability of information depend on the user’s ability to understand these concepts: avoiding virus infection from unsafe emails and websites, maximizing data integrity from unauthorized access, and storing information in multiple safe locations. When equipped with proper knowledge, users will protect data from hazards and attacks, increasing the integrity, confidentiality, and availability of information.

Advertisement

5. Information security awareness strategies

5.1 Recruitment of information technology professionals

The rise of ICTs in the job market makes employees increasingly deskilled [109, 110]. This situation hinders sub-Saharan Africa, where ICT infrastructure is underdeveloped [109, 111, 112]. These indices specify that Africa could hardly keep up to date with the technological revolutions. In the management discourse, Africa has been qualified to incompetence exacerbated by low-capacity levels to cope with technological revolutions. However, good leadership can proactively respond to the unfolding global tide of technological advances [109].

Investments are indispensable for the efficient management and operation of information systems to facilitate the expansion of telecommunications infrastructure and technical capacity in African nations [113]. Also, recruiting IT professionals for educational institutions involves a unique set of considerations. These individuals are essential for ensuring that the technology infrastructure that supports teaching, learning, and administrative functions is always available and operates smoothly. Their contributions are vital to the school’s success and its mission to provide high-quality education and services. The recruitment process should align with the strategic goals and values of the educational institution. By considering the specific requirements of the academic setting, school administrators can successfully draw in and retain IT specialists who will play a crucial role in strengthening the technology framework and furthering the institution’s educational objectives. Their input must be sought in recommending the type of IT material that should be procured.

5.2 Information technology infrastructure acquisition

The sub-Saharan Africa region is a newcomer in the use of IT infrastructure. For this region, it is not easy to plan for ISA without planning for IT infrastructure. It involves considering various factors to ensure effective implementation and sustainability. Strategic planning is regularly conducted in many educational institutions. However, planning for IT is less considered [114]. Indeed, introducing IT into an organization’s daily activities is crucial since IT helps the organization meet its mission and vision [115, 116]. In this perspective, planning for information technology (IT) helps allocate funds for the various IT systems and school services. Below are some aspects to consider.

Educational leadership in sub-Saharan Africa can improve the learning experience for students and contribute to the region’s educational goals by developing a long-term IT infrastructure plan that considers the following elements:

  1. Develop a realistic budget covering hardware, software, training, maintenance, and potential future upgrades.

  2. Ensure reliable and high-speed internet connectivity.

  3. Choose suitable and durable hardware that aligns with the educational goals.

  4. Establish a robust network infrastructure that can handle the increased demand for connectivity.

  5. Address challenges related to electricity availability and reliability.

  6. Protect the IT infrastructure by implementing security measures. This may include firewalls, antivirus software, data encryption, and user authentication protocols.

  7. Provide comprehensive training programs for staff, teachers, students, and IT staff to ensure everyone can effectively use and manage the IT infrastructure.

  8. Develop or acquire educational content and software that aligns with the curriculum.

  9. Establish a system for regular maintenance and technical support.

  10. Establish a tracking and analyzing data system to determine how the IT infrastructure influences student achievement.

5.3 Training in information security awareness

Teaching information security concepts to students and staff is difficult in educational institutions, but it is vital for individuals and the school community [117]. Training on ISA focuses on the following areas [33]:

  1. The understanding and awareness of the situation

  2. The abilities of detection, alert, and response

  3. The strategies from different aspects: scientific, technical, industrial, and human capabilities

  4. The safety of information systems

  5. The setting of rules and procedures

  6. The employees’ awareness increases with training on information security (p. 59).

Training in ISA is crucial in protecting organizations’ data assets and mitigating the risks posed by cybercriminals and hackers. ISA training positively impacts phishing attacks and increases security awareness and practices [1, 118]. Policy, knowledge of IT, and education positively correlate with security awareness and practice. However, some studies reveal that behavior factors have a lower correlation [7, 11].

ISA training is also required to develop and strengthen a secure corporate culture and modify risk behavior. Organizations should also prioritize security culture and awareness to improve information security management (ISM). Employees should not let themselves be too busy to properly manage personal passwords, install updates, and ensure anti-malware protection is enabled [38]. A reasonable response to the issue of employee negligence is to train staff and recruit more committed individuals to assist in enforcing security policies.

5.4 Information security policy

Besides technology, educational institutions must also apply and set appropriate policies and standards to protect and secure their resources [36]. A data protection policy is vital to an effective information security plan [119]. Thus, it is essential to implement an effective information security policy. The primary objective of an information security policy is to create a structure that safeguards an organization’s confidential data from unauthorized access, disclosure, modification, and destruction.

The information security policy has various functions, such as safeguarding data and individuals, outlining proper conduct, permitting investigations and monitoring, outlining consequences for violations, establishing a standard for security, reducing vulnerability, and guaranteeing adherence to rules and regulations. To adequately safeguard information systems, organizations require a thorough policy process model that considers internal and external factors. The early detection of security issues is greatly aided by well-informed employees about their roles and the repercussions of failing to comply with security duties [120, 121].

5.5 Information security awareness framework for beginners

From the analysis of all the literature data used in this chapter, we can summarize the process of ISA in the theoretical framework below. This framework is designed for educational institutions planning to implement and use Information and communication technologies in their education system. This fits better with sub-Saharan Africa, a newcomer to using digital educational technologies (Figure 1).

Figure 1.

Information security awareness (ISA) framework for beginners (proposed by the Author).

Advertisement

6. Conclusion

This chapter has explored the important topic of ISA in schools in sub-Saharan Africa, highlighting the crucial role of educational leadership in navigating information security challenges. Literature has shown that schools must prioritize ISA to protect educational institutions and users’ personal information in this age of widespread cyberattacks. Increased awareness and preventative measures to strengthen the digital infrastructure against possible breaches are necessary due to the sensitive nature of data in educational settings.

As we have seen throughout this chapter, transformational leadership within schools must have visionary guidance beyond conventional teaching methods. To build a resilient and well-informed community, educational leaders, as change agents, must advocate for initiatives that make ISA a core institution value.

Education administrators can use the suggested framework to increase staff, faculty, and students’ knowledge of the need to protect sensitive data. By integrating these strategies into their leadership practices, institutions can cultivate a culture of cybersecurity, a mindfulness that transcends turbulent times. In sub-Saharan Africa, there is a need for sound equipment, IT professionals, collaboration, training, and the establishment of robust policies to strengthen the educational ecosystem against emerging cyber threats.

For further inquiries, quantitative studies can help to understand the extent to which ISA programs contribute to a decrease in cybersecurity incidents. This could involve tracking the incident rate before and after the implementation of awareness initiatives. Researchers can also conduct studies on innovative pedagogical approaches to foster ISA. The study can explore innovative pedagogical approaches for enhanced ISA through gamification, experiential learning, or interactive tools for staff, teachers, and students.

References

  1. 1. Asker H, Tamtam A. Knowledge of information security awareness and practices for home users: Case study in Libya. ESJ. 2023;2:22-27. DOI: 10.19044/esipreprint.2.2023p22
  2. 2. Kiss G. The information security awareness of the Slovakian kindergarten teacher students at starting and finishing the study in higher education. In: ERPA International Congresses on Education. Sakarya, Turkey: ERPA; 19-22 Jun 2019. p. 1-7. DOI: 10.1051/shsconf/20196601042
  3. 3. Casanove O de, Leleu N, Sèdes F. Applying PDCA to security, education, training and awareness programs. In: Clarke N, Furnell S, editors. Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6-8, 2022, Proceedings, 1st ed. Cham: Springer; 2022. p. 39-48. doi:10.1007/978-3-031-12172-2_4
  4. 4. Malik MS, Islam U. Cybercrime: An emerging threat to the banking sector of Pakistan. JFC. 2019;26(1):50-60. DOI: 10.1108/jfc-11-2017-0118
  5. 5. Md Azmi NAA, Teoh AP, Vafaei-Zadeh A, Hanifah H. Predicting information security culture among employees of telecommunication companies in an emerging market. ICS. 2021;29(5):866-882. DOI: 10.1108/ICS-02-2021-0020
  6. 6. Abdul Rahman HT, Oladipupo SO. Information security awareness among non-academic staff in the University of Ibadan, Nigeria. AJCST. 2019;8(2):77-84. DOI: 10.51983/ajcst-2019.8.2.2136
  7. 7. Heyasat H, Mubarak S, Evans N. Security culture and security education, training and awareness (SETA) influencing information security management. In: International Conference on Interactive Collaborative Robotics. Switzerland: Springer Nature; 2023. pp. 332-343. DOI: 10.1007/978-3-031-35308-6_28
  8. 8. Al-Shanfari I, Yassin W, Tabook N, Ismail R, Ismail A. Determinants of Information Security Awareness and Behaviour Strategies in Public Sector Organizations among Employees. IJACSA 2022;13(8):479-490. DOI: 10.14569/ijacsa.2022.0130855
  9. 9. Kritzinger E, Da Veiga A, van Staden W. Measuring organizational information security awareness in South Africa. Information Security Journal: A Global Perspective. 2023;32(2):120-133. DOI: 10.1080/19393555.2022.2077265
  10. 10. Alkhazi B, Alshaikh M, Alkhezi S, Labbaci H. Assessment of the impact of information security awareness training methods on knowledge, attitude, and behavior. IEEE Access. 2022;10:132132-132143. DOI: 10.1109/ACCESS.2022.3230286
  11. 11. Kori D, Naik R. Information security awareness among postgraduate students. In: Holland B, editor. Handbook of Research on Technological Advances of Library and Information Science in Industry 5.0. Hershey PA: Information Science Reference; 2023. pp. 270-286. DOI: 10.4018/978-1-6684-4755-0.ch014
  12. 12. Fouad NS. Securing higher education against cyberthreats: From an institutional risk to a national policy challenge. Journal of Cyber Policy. 2021;6(2):137-154. DOI: 10.1080/23738871.2021.1973526
  13. 13. Corallo A, Lazoi M, Lezzi M, Luperto A. Cybersecurity awareness in the context of the industrial internet of things: A systematic literature review. Computers in Industry. 2022;137:103614. DOI: 10.1016/j.compind.2022.103614
  14. 14. Eltahir ME, Ahmed OA. Cybersecurity awareness in African higher education institutions: A case study of Sudan. Information Science Letters. 2023;12(1):171-183. DOI: 10.18576/isl/120113
  15. 15. Ndiege JR, Okello G. Towards information security savvy students in institutions of higher learning in Africa: A case of a university in Kenya. In: Cunningham P, Cunningham M, editors. IST-Africa Week Conference (IST-Africa). Piscataway, NJ: IEEE; 2018. pp. 1-8
  16. 16. Lehto M, Limnéll J. Strategic leadership in cyber security, case Finland. Information Security Journal: A Global Perspective. 2021;30(3):139-148. DOI: 10.1080/19393555.2020.1813851
  17. 17. Almeida MC, Yoshikuni AC, Dwivedi R, Larieira CLC. Do leadership styles influence employee information systems security intention? A study of the banking industry. Global Journal of Flexible Systems Management. 2022;23(4):535-550. DOI: 10.1007/s40171-022-00320-1
  18. 18. Kritzinger E, Solms SH. A framework for cyber security in Africa. JIACS. 2013;2012:1-10. DOI: 10.5171/2012.322399
  19. 19. Kruger HA, Kearney WD. A prototype for assessing information security awareness. Computers & Security. 2006;25(4):289-296. DOI: 10.1016/j.cose.2006.02.008
  20. 20. Wiley A, McCormac A, Calic D. More than the individual: Examining the relationship between culture and information security awareness. Computers & Security. 2020;88:101640. DOI: 10.1016/j.cose.2019.101640
  21. 21. Bulgurcu B, Cavusoglu H, Benbasat I. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly. 2010;34(3):523. DOI: 10.2307/25750690
  22. 22. Budiningsih I, Soehari TD, Irwansyah I. The dominant factor for improving information security awareness. CP. 2019;38(3):490-498. DOI: 10.21831/cp.v38i3.25626
  23. 23. Chan H, Mubarak S. Significance of information security awareness in the higher education sector. IJCA. 2012;60(10):23-31. DOI: 10.5120/9729-4202
  24. 24. Okenyi PO, Owens TJ. On the anatomy of human hacking. Information Systems Security. 2007;16(6):302-314. DOI: 10.1080/10658980701747237
  25. 25. Chen CC, Dawn Medlin B, Shaw RS. A cross-cultural investigation of situational information security awareness programs. Information Management & Computer Security. 2008;16(4):360-376. DOI: 10.1108/09685220810908787
  26. 26. Farooq A, Isoaho J, Virtanen S, Isoaho J. Information security awareness in educational institution: An analysis of students’ individual factors. In: 2015 IEEE Trustcom/BigDataSE/ISPA. Helsinki, Finland: IEEE; 20-22 August 2015; 2015. pp. 352-359. DOI: 10.1109/Trustcom.2015.394
  27. 27. Hina S, Dominic PDD. Information security policies’ compliance: A perspective for higher education institutions. Journal of Computer Information Systems. 2020;60(3):201-211. DOI: 10.1080/08874417.2018.1432996
  28. 28. Adu KK, Ngulube P. Key threats and challenges to the preservation of digital records of public institutions in Ghana. Information, Communication & Society. 2017;20(8):1127-1145. DOI: 10.1080/1369118X.2016.1218527
  29. 29. Asogwa BE. The challenge of managing electronic records in developing countries: Implications for records managers in sub Saharan Africa. Records Management Journal. 2012;22(3):198-211. DOI: 10.1108/09565691211283156
  30. 30. Netshakhuma NS. The role of archives and records management legislation after colonialism in Africa. Records Management Journal. 2019;29(1/2):210-223. DOI: 10.1108/RMJ-09-2018-0024
  31. 31. Hertzog L, Chen-Charles J, Wittesaele C, Graaf K de, Titus R, Kelly J et al. Data management instruments to protect the personal information of children and adolescents in sub-Saharan Africa. IQ. 2023;47(2):1-15. DOI: 10.29173/iq1044
  32. 32. Liu C-W, Huang P, Lucas HC. Centralized IT decision making and cybersecurity breaches: Evidence from U.S. higher education institutions. Journal of Management Information Systems. 2020;37(3):758-787. DOI: 10.1080/07421222.2020.1790190
  33. 33. Al Zaidy A. Impact of training on employee actions and information security awareness in academic institutions [Ph.D. dissertation]. Ann Arbor: Northcentral University; 2020. Available from: https://www.proquest.com/dissertations-theses/impact-training-on-employee-actionsinformation/docview/2487991066/se-2?accountid=42729 [Accessed: November 29, 2023]
  34. 34. Yerby J, Floyd K. Faculty and staff information security awareness and behaviors. CISSE. 2018;6(1):1-23. Available from: https://cisse.info/journal/index.php/cisse/article/view/90 [Accessed: December 7, 2023]
  35. 35. Amankwa E, Loock M, Kritzinger E. A conceptual analysis of information security education, information security training and information security awareness definitions. In: The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014). London, UK: IEEE; 8-10 Dec 2014; 2014. pp. 248-252. DOI: 10.1109/ICITST.2014.7038814
  36. 36. Ismail Z, Masrom M, Sidek Z, Hamzah D. Framework to manage information security for Malaysian academic environment. JIACS. 2010;2010:1-16. DOI: 10.5171/2010.305412
  37. 37. Dada OS, Irunokhai E, Shawulu CJ, Nuhu A, Daniel EE. Information security awareness, a tool to mitigate information security risk: A literature review. Innovative Journal of Science. 2021;3(3):29-54. Available from: https://journals.rasetass.org/index.php/ijs/article/view/106 [Accessed: November 29, 2023]
  38. 38. Kaspersky Lab. The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within. Available from: https://www.kaspersky.com/blog/the-human-factor-in-it-security/ [Accessed: May 13, 2023]
  39. 39. Mauwa H. Information Security Awareness: Generic Content, Tools and Techniques. South Africa: MA; 2006
  40. 40. Jaeger L. Information security awareness: Literature review and integrative framework. In: Proceedings of the 51st Hawaii International Conference on System Sciences. 2018. Hilton, Hawaii. HICSS; 3-6 Jan 2018; 2018. pp. 4703-4712. DOI: 10.24251/hicss.2018.593
  41. 41. Aloul FA. The need for effective information security awareness. JAIT. 2012;3(3):176-183. DOI: 10.4304/jait.3.3.176-183
  42. 42. Hinson G. Information security awareness. In: Gupta M, Sharman R, editors. Handbook of Research on Social and Organizational Liabilities in Information Security. Hershey, PA: IGI Global; 2009. pp. 307-324. DOI: 10.4018/978-1-60566-132-2.ch019
  43. 43. Chuang Y-H, Chen C-Y, Wu T-C, Chao H-C. Establish a secure and trustworthy ICT environment for educational systems: A case study. Journal of Intelligent Manufacturing. 2012;23(4):965-975. DOI: 10.1007/s10845-011-0503-y
  44. 44. Humaidi N, Balakrishnan V. Leadership styles and information security compliance behavior: The mediator effect of information security awareness. IJIET. 2015;5(4):311-318. DOI: 10.7763/IJIET.2015.V5.522
  45. 45. Bostan A. Impact of education on security practices in ICT. Tehnicki Vjesnik - Technical Gazette. 2015;22(1):161-168. DOI: 10.17559/TV-20140403122930
  46. 46. Cranfield DJ, Venter IM, Blignaut RJ, Renaud K. Smartphone security awareness, perceptions and practices: A Welsh higher education case study. In: 14th International Technology, Education and Development Conference. Valencia, Spain; INTED; 2-4 March 2020. p. 3014-3023
  47. 47. Panskyi T, Korzeniewska E. Statistical and clustering validation analysis of primary students' learning outcomes and self-awareness of information and technical online security problems at a post-pandemic time. Education and Information Technologies. 2023;28(6):6423-6451. DOI: 10.1007/s10639-022-11436-3
  48. 48. Nasir S, Vajjhala N. Evaluating Information Security Awareness and Evaluating compliance in Sub-Saharan Africa: An interpretivist perspective. In: Proceedings of the 13th IADIS International Conference Information Systems 2020. Sofia, Bulgaria: IADIS; 2-4 Apr 2020. pp. 187-190. DOI: 10.33965/is2020_202006R025
  49. 49. Walaza M, Loock M, Kritzinger E. A framework to integrate ICT security awareness into the south African schooling system. In: Villiers C de, van der Merwe AJ, van Deventer JP, Matthee MC, Gelderblom H, Gerber A, editors. Proceedings of the Southern African Institute for Computer Scientist and Information Technologists Annual Conference 2014 on SAICSIT 2014 Empowered by Technology. New York, NY: ACM; 2014, p. 11-18. doi:10.1145/2664591.2664596
  50. 50. Dzyatkovskaya EN, Tsvetkova N. Information security of educational environments of school. In: SHS Web of Conferences: 2016 International Conference “Education Environment for the Information Age” (EEIA-2016). Moscow, Russia: EEIA; 6-7 Jun 2016. pp. 1-4. DOI: 10.1051/shsconf/20162901022
  51. 51. Filippidis A, Lagkas T, Mouratidis H, Nifakos S, Grigoriou E, Sarigiannidis P. Enhancing information security awareness programs through collaborative learning. ECGBL. 2022;16(1):803-810. DOI: 10.34190/ecgbl.16.1.896
  52. 52. Positive Technologies. Cybersecurity threatscape of African countries 2022-2023. Available from: https://www.ptsecurity.com/ww-en/analytics/africa-cybersecurity-threatscape-2022-2023/ [Accessed: December 7, 2023]
  53. 53. Semlambo AA, Mfoi DM, Sangula Y. Information systems security threats and vulnerabilities: A case of the Institute of Accountancy Arusha (IAA). JCC. 2022;10(11):29-43. DOI: 10.4236/jcc.2022.1011003
  54. 54. Walaza M, Loock M, Kritzinger E. Towards a framework for integrating ICT security awareness with South African education. Available from: https://uir.unisa.ac.za/bitstream/handle/10500/22443/mvelo%20walaza,%20marianne%20loock,%20elmarie%20kritzinger.pdf?sequence=1 [Accessed: December 3, 2023]
  55. 55. Yousif Yaseen KA. Importance of cybersecurity in the higher education sector 2022. AJCST. 2022;11(2):20-24. DOI: 10.51983/ajcst-2022.11.2.3448
  56. 56. Isobo S, Tamaramiebi V, Tomubari A. Investigating the impact of cyberspace threats on electronic device users in Nigerian tertiary institutions (a case study of IJBCOE, Sagbama). IJSRP. 2023;13(6):135-140. DOI: 10.29322/IJSRP.13.06.2023.p13819
  57. 57. Arina A. Network security threats to higher education institutions. OCG. 2022;341:323-333. DOI: 10.24989/ocg.v341.24
  58. 58. Karakaya M, Sevin A. A survey of cyber-threats for the security of institutions. In: 5th International Symposium on Innovative Approaches in Smart Technologies Proceedings. Online, Turkey: SETSCI; 28 May 2022. pp. 93-99. DOI: 10.36287/setsci.5.1.018
  59. 59. Lallie HS, Thompson A, Titis E, Stephens P. Understanding Cyber Threats Against the Universities, Colleges, and Schools. arXiv e-prints 2023. DOI: 10.48550/arXiv.2307.07755
  60. 60. Berlilana NT, Ruangkanjanases A, Hariguna T, Sarmini. Organization benefit as an outcome of organizational security adoption: The role of cyber security readiness and technology readiness. Sustainability. 2021;13(24):13761. DOI: 10.3390/su132413761
  61. 61. Rohan R, Pal D, Hautamäki J, Funilkul S, Chutimaskul W, Thapliyal H. A systematic literature review of cybersecurity scales assessing information security awareness. Heliyon. 2023;9(3):e14234. DOI: 10.1016/j.heliyon.2023.e14234
  62. 62. Keshavarzi M, Ghaffary HR. An ontology-driven framework for knowledge representation of digital extortion attacks. Computers in Human Behavior. 2023;139:107520. DOI: 10.1016/j.chb.2022.107520
  63. 63. Solomon A, Michaelshvili M, Bitton R, Shapira B, Rokach L, Puzis R, et al. Contextual security awareness: A context-based approach for assessing the security awareness of users. Knowledge-Based Systems. 2022;246:108709. DOI: 10.1016/j.knosys.2022.108709
  64. 64. Alzubaidi A. Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia. Heliyon. 2021;7(1):e06016. DOI: 10.1016/j.heliyon.2021.e06016
  65. 65. Shaikh FA, Siponen M. Information security risk assessments following cybersecurity breaches: The mediating role of top management attention to cybersecurity. Computers & Security. 2023;124:102974. DOI: 10.1016/j.cose.2022.102974
  66. 66. Hasan S, Ali M, Kurnia S, Thurasamy R. Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications. 2021;58:102726. DOI: 10.1016/j.jisa.2020.102726
  67. 67. Yeoh W, Wang S, Popovič A, Chowdhury NH. A systematic synthesis of critical success factors for cybersecurity. Computers & Security. 2022;118:102724. DOI: 10.1016/j.cose.2022.102724
  68. 68. Zwilling M, Klien G, Lesjak D, Wiechetek Ł, Cetin F, Basim HN. Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems. 2022;62(1):82-97. DOI: 10.1080/08874417.2020.1712269
  69. 69. Mohd Ariffin MA, Darus MY, Haron H, Kurniawan A, Muliono Y, Pardomuan CR. Deployment of honeypot and SIEM tools for cyber security education model In UITM. International Journal of Emerging Technologies in Learning. 2022;17(20):149-172. DOI: 10.3991/ijet.v17i20.32901
  70. 70. Blum D. Create your rational cybersecurity success plan. In: Blum D, editor. Rational Cybersecurity for Business. Berkeley, CA: Springer Nature; 2020. pp. 297-313
  71. 71. Popa I-C, Nastase M, Popa R-G. Strategic cybersecurity management. In: Proceedings of the 16th International Management Conference; 3-4 November 2022; Bucharest, Romania. Editura ASE; 2023. pp. 557-564. DOI: 10.24818/IMC/2022/03.15
  72. 72. Martin A, Collier J. Beyond awareness: Reflections on meeting the inter-disciplinary cyber skills demand. In: Austin G, editor. Cyber Security Education: Principles and Policies. 1st ed. Milton, UK: Routledge; 2021. pp. 55-73. DOI: 10.4324/9780367822576-3
  73. 73. Cangemi JP, Lazarus H, McQuade T, Fitzgerald J, Conner J, Miller R, et al. Successful leadership practices during turbulent times. Journal of Management Development. 2011;30(1):30-43. DOI: 10.1108/02621711111098343
  74. 74. Davis SH, Leon RJ. Developing a leadership brand: The heart of effective school leadership in turbulent times. Planning and Changing. 2014;45(1/2):3-18. Available from: https://search.proquest.com/openview/018f0456b003c07ee6aa8ecdd08e4e48/1.pdf?pq-origsite=gscholare [Accessed: November 29, 2023]
  75. 75. Smith L, Riley D. School leadership in times of crisis. School Leadership & Management. 2012;32(1):57-71. DOI: 10.1080/13632434.2011.614941
  76. 76. Sayles LR. Leadership for Turbulent Times. Greensboro, NC: Center for Creative Leadership; 1995
  77. 77. Carbajal S. Crisis Response in Higher Education: Interpreting Leadership Communication. Ed.D. United States - The University of Arizona; 2023
  78. 78. Urick A, Carpenter BW, Eckert J. Confronting COVID: Crisis leadership, turbulence, and self-care. Frontiers in Education. 2021;6:1-11. DOI: 10.3389/feduc.2021.642861
  79. 79. Nikjoo RG, Partovi Y, Biparva AJ. Crisis management programs in top universities worldwide to maintain educational activities in situational crises: A scoping review. Research and Development in Medical Education. 2022;11:21. DOI: 10.34172/rdme.2022.021
  80. 80. Shoaib MH, Sikandar M, Yousuf RI, Parkash M, Kazmi SJH, Ahmed FR, et al. Graduate and postgraduate educational challenges during the COVID-19 pandemic period: Its impact and innovations-a scoping review. Systematic Reviews. 2023;12(1):195. DOI: 10.1186/s13643-023-02359-2
  81. 81. Northouse PG. Leadership: Theory and Practice. 8th ed. Los Angeles, CA: SAGE; 2019
  82. 82. Alqatawenh AS. Transformational leadership style and its relationship with change management. Verslas: Teorija ir Praktika. 2018;19(1):17-24. DOI: 10.3846/btp.2018.03
  83. 83. Allen GP, Moore WM, Moser LR, Neill KK, Sambamoorthi U, Bell HS. The role of servant leadership and transformational leadership in academic pharmacy. American Journal of Pharmaceutical Education. 2016;80(7):113. DOI: 10.5688/ajpe807113
  84. 84. Bass BM, Riggio RE. Transformational Leadership. 2nd ed. Mahwah N.J: L. Erlbaum Associates; 2006
  85. 85. Burns JM. Leadership. New York: Open Road; 2009
  86. 86. Burns JM. Leadership. New York, NY: Harper & Row; 1978
  87. 87. Choi SL, Goh CF, Adam MBH, Tan OK. Transformational leadership, empowerment, and job satisfaction: The mediating role of employee empowerment. Human Resources for Health. 2016;14(1):73. DOI: 10.1186/s12960-016-0171-2
  88. 88. Podsakoff PM, MacKenzie SB, Moorman RH, Fetter R. Transformational leader behaviors and their effects on followers' trust in leader, satisfaction, and organizational citizenship behaviors. The Leadership Quarterly. 1990;1(2):107-142. DOI: 10.1016/1048-9843(90)90009-7
  89. 89. Avolio BJ, Zhu W, Koh W, Bhatia P. Transformational leadership and organizational commitment: Mediating role of psychological empowerment and moderating role of structural distance. Journal of Organizational Behavior. 2004;25(8):951-968. DOI: 10.1002/job.283
  90. 90. Wright BE, Pandey SK. Transformational leadership in the public sector: Does structure matter? Journal of Public Administration Research and Theory. 2010;20(1):75-89. DOI: 10.1093/jopart/mup003
  91. 91. Avolio BJ, Gibbons TC. Developing Transformational Leaders: A Life Span Approach. 1988
  92. 92. Lubua EW, Semlambo AA, Mkude CG. Factors affecting the security of information systems in Africa: A literature review. UDSLJ. 2023;17(2):94-114. DOI: 10.4314/udslj.v17i2.7
  93. 93. Lee WJ, Hwang I. Sustainable information security behavior management: An empirical approach for the causes of employees’ voice behavior. Sustainability. 2021;13(11):6077. DOI: 10.3390/su13116077
  94. 94. Zhen J, Dong K, Xie Z, Chen L. Factors influencing employees’ information security awareness in the telework environment. Electronics. 2022;11(21):3458. DOI: 10.21203/rs.3.rs-1544020/v1
  95. 95. Siponen MT. A conceptual foundation for organizational information security awareness. Information Management & Computer Security. 2000;8(1):31-41. DOI: 10.1108/09685220010371394
  96. 96. Goncharov E, Kruglov K, Dashchenko Y. Five ICS cybersecurity myths based on Kaspersky Lab ICS CERT experience. Automatisierungstechnik. 2019;67(5):372-382. DOI: 10.1515/auto-2019-0016
  97. 97. Verizon. DBIR 2023 Data Breach Investigations Report. Available from: https://www.verizon.com/business/resources/reports/dbir/ [Accessed: December 12, 2023]
  98. 98. Khando K, Gao S, Islam SM, Salman A. Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Security. 2021;106:102267. DOI: 10.1016/j.cose.2021.102267. Available from: https://www.sciencedirect.com/science/article/pii/s0167404821000912
  99. 99. Alavi R, Islam S, Jahankhani H, Al-Nemrat A. Analyzing human factors for an effective information security management system. International Journal of Secure Software Engineering. 2013;4(1):50-74. DOI: 10.4018/jsse.2013010104
  100. 100. Mykytyn PP. COVID-19 and its impacts on managing information systems. Information Systems Management. 2020;37(4):267-271. DOI: 10.1080/10580530.2020.1818900
  101. 101. Davis FD. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly. 1989;13(3):319-340. DOI: 10.2307/249008
  102. 102. Venkatesh V, Davis FD. A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management Science. 2000;46(2):186-204. DOI: 10.1287/mnsc.46.2.186.11926
  103. 103. Venkatesh V, Morris MG, Davis FD, Davis GB. User acceptance of information technology: Toward a unified view. MIS Quarterly. 2003;27(3):425-478. DOI: 10.2307/30036540
  104. 104. Venkatesh V, Bala H. Technology acceptance model 3 and a research agenda on interventions. Decision Sciences. 2008;39(2):273-315. DOI: 10.1111/j.1540-5915.2008.00192.x
  105. 105. Xu W, Sun G, Lin Z, Chen M, Yang B, Chen H, et al. Knowledge, attitude, and behavior in patients with atrial fibrillation undergoing radiofrequency catheter ablation. Journal of Interventional Cardiac Electrophysiology. 2010;28(3):199-207. DOI: 10.1007/s10840-010-9496-2
  106. 106. Yi Q , Hohashi N. Comparison of perceptions of domestic elder abuse among healthcare workers based on the knowledge-attitude-behavior (KAB) model. PLoS One. 2018;13(11):e0206640. DOI: 10.1371/journal.pone.0206640
  107. 107. Liu L, Liu Y-P, Wang J, An L-W, Jiao J-M. Use of a knowledge-attitude-behaviour education programme for Chinese adults undergoing maintenance haemodialysis: Randomized controlled trial. The Journal of International Medical Research. 2016;44(3):557-568. DOI: 10.1177/0300060515604980
  108. 108. Kaur J, Mustafa N. Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME. In: ICRIIS: 2013 International Conference on Research and Innovation in Information Systems 27-28 November 2013. New York: IEEE; 2014. pp. 286-290. DOI: 10.1109/ICRIIS.2013.6716723
  109. 109. Ndikumana ED. Africa and the fourth industrial revolution: Turning a curse into a resource through the prism of human capital. In: Benyera E, editor. Africa and the Fourth Industrial Revolution: Curse or Cure? Cham, Switzerland: Springer; 2022. pp. 91-107. DOI: 10.1007/978-3-030-87524-4_5
  110. 110. Coldwell DAL. Negative influences of the 4th industrial revolution on the workplace: Towards a theoretical model of entropic citizen behavior in toxic organizations. International Journal of Environmental Research and Public Health. 2019;16(15):2670. DOI: 10.3390/ijerph16152670
  111. 111. Delponte L, Grigolini M, Moroni A, Vignetti S, Claps M, Giguashvili N. ICT in the Developing World. Strasbourg, France: European Parliament; 2015
  112. 112. United Nations Economic Commission for Africa. Towards improved access to broadband in Africa. Available from: https://repository.uneca.org/bitstream/handle/10855/23894/b11869008.pdf?sequence=3&isAllowed=y [Accessed: December 5, 2023]
  113. 113. Arakpogun OE. Closing the digital divide in Africa: The role of mobile telecommunications and universal access and service policies [doctoral thesis]. Newcastle, UK: Northumbria University; 2018.Available from: https://nrl.northumbria.ac.uk/id/eprint/39643/1/arakpogun.ogiemwonyi_phd.pdf [Accessed: May 3, 2023]
  114. 114. Marcial DE. Information Systems Strategic Planning in Higher Education Institutions in the Philippines. Philippine Information Technology Journal 2013;6(2):1-8
  115. 115. Kasemsap K. The Role of Information System Within Enterprise Architecture and Their Impact on Business Performance. In: Global Business Expansion: Concepts, Methodologies, Tools, and Applications. Hershey, PA: IGI Global; 2018, pp. 1078-1102. DOI: 10.4018/978-1-5225-5481-3. ch049
  116. 116. Sharma G, Baoku L. Customer satisfaction in Web 2.0 and information technology development. Information Technology & People. 2013;26(4):347-367. DOI: 10.1108/ITP-12-2012-0157
  117. 117. Alghamdi MY, Younis YA. The use of computer games for teaching and learning cybersecurity in higher education institutions. JER is an International, Peer-reviewed Journal that Publishes Full-length Original Research Papers, Reviews, Case Studies in all Areas of Engineering. 2021;9(3A):143-152. DOI: 10.36909/jer.v9i3A.10943
  118. 118. Tufan A, Tuna G. Benefits of information security awareness training against phishing attacks: A field study. In: Handbook of Research on Cybersecurity Risk in Contemporary Business Systems. Hershey, PA: IGI Global; 2023. pp. 49-78. DOI: 10.4018/978-1-6684-7207-1.ch003
  119. 119. Höne K, Eloff J. Information security policy — What do international information security standards say? Computers & Security. 2002;21(5):402-409. DOI: 10.1016/S0167-4048(02)00504-7
  120. 120. Knapp KJ, Franklin Morris R, Marshall TE, Byrd TA. Information security policy: An organizational-level process model. Computer & Security. 2009;28(7):493-508. DOI: 10.1016/j.cose.2009.07.001
  121. 121. Etsebeth V. Information security policies-the legal risk of uninformed personnel. In: Proceedings of the ISSA. Pretoria, South Africa: ISSA; Jul 5-7 2006. pp. 1-10

Written By

Mboneza N. Kabanda

Submitted: 15 January 2024 Reviewed: 20 February 2024 Published: 06 May 2024

© 2024 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution 3.0 License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.