Öğretmen Adaylarının Bilgi Güvenliği Farkındalıkları: KAB Modeline Dayalı bir Analiz

Bilgi teknolojileri günlük hayatın ayrılmaz bir parçası haline gelmiştir. Bilgi teknolojilerinin güvenli kullanımında en ufak bir zafiyet dahi bireyleri, kurumları ve hatta toplulukları zor durumlara maruz bırakabilmektedir. Bu nedenle bilgi güvenliğinin önemli bir basamağı olan güvenli internet kullanımı konusuna önem verilmeli ve temel eğitimin ilk aşamasından başlayarak toplumun tüm bireylerinin bilinçlendirilmesine yönelik çalışmalar yürütülmelidir. Bu bağlamda öğrencilerin bilgi güvenliği konusunda aydınlatılmasında öğretmenlere önemli görevler düşmektedir. Bu nedenle geleceğin öğretmenleri olacak öğretmen adaylarının bilgi güvenliği farkındalık düzeyleri önemlidir. Bu çalışmanın iki temel amacı vardır: Bunlar: (A) Bilgi-Tutum-Davranış (KAB) modeline dayalı bilgi güvenliği farkındalığı için geçerli ve güvenilir bir ölçek geliştirmek ve (B) elde edilen veriler üzerinden öğretmen adaylarının bilgi güvenliği farkındalıklarını çeşitli boyutlarda incelemektir. Araştırma, çeşitli disiplinlerde eğitim gören 350 öğretmen adayı ile gerçekleştirilmiştir. Sonuç olarak dört faktörlü 71 maddeden oluşan bir ölçek elde edilmiştir. Ölçeğin geliştirilmesinde benimsenen KAB modelini oluşturan bilgi, tutum ve davranış bileşenleri arasında pozitif yönde ilişkiler olduğu tespit edilmiştir. Hem erkek hem de kadın öğretmen adaylarının farkındalık düzeylerinin orta düzeyde olduğu görülmüştür. Erkeklerin farkındalık puanlarının kadınlardan anlamlı düzeyde yüksek olduğu ortaya çıkmıştır. Ayrıca bilişim teknolojileri öğretmen adaylarının bilgi güvenliği farkındalık düzeylerinin diğer branşlarda öğrenim gören öğretmen adaylarına göre daha yüksek olduğu tespit edilmiştir.

Anahtar Kelimeler:

Bilgi güvenliği farkındalığı, bireysel farklılıklar, KAB modeli, öğretmen adayı, siber güvenlik

Pre-Service Teachers’ Information Security Awareness: An Analysis Based on the Knowl edge— Attit ude— Behavi or Model

Information technologies have become an integral element of everyday life. Even slight vulnerability in the safe use of information technologies may expose individuals, institutions, and even communities to difficult situations. Therefore, the issue of safe Internet use, also referred to as information security, is considered important and it is thought that efforts should be initiated to raise awareness among all members of the society starting from the first stage of the basic education. In this context, for enlightenment of students about information security, teachers assume an important role. Therefore, the levels of information security awareness of pre-service teachers, who will be the teachers of the future, are important. This study has two main aims. These are (A) to develop a valid and reliable scale for information security awareness based on knowl edge– attitude–behavior model and (B) examine the information security awareness of pre-service teachers in terms of various variables. The study was carried out with 350 pre-service teachers majoring in a variety of disciplines. As a result, a scale consisting of 71 items with 4 factors was obtained. It was found that there were positive correlations between the components of knowledge, attitude, and behavior that constitute the knowl edge– attitude–behavior model adopted in the development of the scale. It was noted that the awareness levels of both female and male pre-service teachers were medium. It was revealed that male’s awareness scores were significantly higher than females. Additionally, it was found that the awareness of pre-service IT teachers was higher than others.

Keywords:

Information security awareness, cyber security, pre-service teacher, knowl edge– attit ude–b ehavi or model, individual differences,

PDF

___

Agamba, J. J., & Keengwe, J. (2012). Pre-service teachers’ perceptions of information assurance and cyber security. International Journal of Information and Communication Technology Education, 8(2), 94–101. [CrossRef]
Akgün, Ö. E., & Topal, M. (2015). Eğitim Fakültesi Son Sınıf Öğrencilerinin Bilişim Güvenliği Farkındalıkları: Sakarya Üniversitesi Eğitim Fakültesi Örneği. Sakarya University Journal of Education, 5(2), 98–121. [CrossRef]
Albrechtsen, E., & Hovden, J. (2010). Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study. Computers and Security, 29(4), 432–445. [CrossRef]
Aloul, F. A. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176–183. [CrossRef]
Aslay, F. (2017). Cyber attack methods and current situation analysis of Turkey's cyber safety. International Journal of Multidisciplinary Studies and Innovative Technologies, 1(1), 24–28.
Aydaner, G., Çelik, U., & Nart, S. (2017). Public and private sector cooperation for cyber security. In Proceeding of the X. International conference on information security and cryptology (pp. 57–67). Ankara, Turkey.
Burkell, J. A., Fortier, A., Di Valentino, L., & Roberts, S. T. (2015). Enhancing key digital literacy skills: Information privacy, information security, and copyright/intellectual property. FIMS Publications. https ://ir .lib.uwo.c a/cgi /view conte nt.cg i?art icle= 1038& conte xt=fi mspub
Büyüköztürk, Ş. (2002). Factor analysis: Basic concepts and using to development scale. Educational administration. Theory and into Practice, 8(4), 470–483.
Büyüköztürk, Ş. (2017). Sosyal Bilimler için Veri Analizi El Kitabı [Handbook of data analysis for social sciences]. Pegem Publishing.
Cain, A. A., Edwards, M. E., & Still, J. D. (2018). An exploratory study of cyber hygiene behaviors and knowledge. Journal of Information Security and Applications, 42, 36–45. [CrossRef]
Çakır, H., Hava, K., Gülen, Ş. B., & Özüdoğru, G. (2015a). An investigation of pre-service teachers’ security awareness on social networking sites
Öğretmen adaylarının sosyal ağ sitelerinde güvenlik farkındalıklarının incelenmesi. International Journal of Human Sciences, 12(1), 887–902. [CrossRef]
Çakır, H., Özüdoğru, G., Bozkurt, Ş. B., & Hava, K. (2015b). An investigation of pre-service teachers’ privacy awareness on social networking sites. Journal of Kırşehir Education Faculty, 16(2), 235–249.
Cavus, N., & Ercag, E. (2016). The scale for the self‐efficacy and perceptions in the safe use of the Internet for teachers: The validity and reliability studies. British Journal of Educational Technology, 47(1), 76–90. [CrossRef]
Çokluk, Ö., Şekercioğlu, G., & Büyüköztürk, Ş. (2016). Sosyal Bilimler için Çok Değişkenli Istatistik SPSS ve LISREL Uygulamaları [Multivariate statistics for social sciences: SPSS and LISREL applications]. Pegem Publishing.
Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days? Information Security Technical Report, 14(4), 186–196. [CrossRef]
Domínguez, C. M. F., Ramaswamy, M., Martinez, E. M., & Cleal, M. G. (2010). A framework for information security awareness programs. Issues in Information Systems, 11(1), 402–409.
Eminağaoğlu, M., Uçar, E., & Eren, Ş. (2009). The positive outcomes of information security awareness training in companies - A case study. Information Security Technical Report, 14(4), 223–229. [CrossRef]
Eshet-Alkalai, Y. (2004). Digital literacy: A conceptual framework for survival skills in the digital era. Journal of Educational Multimedia and Hypermedia, 13(1), 93–106.
Ferrari, A. (2012). Digital competence in practice: An analysis of frameworks. Sevilla: JRC IPTS. [CrossRef]
Field, A. (2009). Discovering statistics using SPSS (3rd ed). Sage Publication.
Glaspie, H. W., & Karwowski, W. (2018). Human factors in information security culture: A Literature review. In D. Nicholson (Ed.). Advances in human factors in cybersecurity (pp. 269–280). Springer. [CrossRef]
Gökmen, Ö. F., & Akgün, Ö. E. (2015a). Analysis of computer education and instructional technology teacher candidates’ efficacy perceptions to teach information security. Elementary Education Online, 14(4), 1208–1221. [CrossRef]
Gökmen, Ö. F., & Akgün, Ö. E. (2015b). An analysis of computer education and instructional technology student teachers’ knowledge of information security according to several variables. Çukurova University Faculty of Education Journal, 44(1), 61–84.
Gökmen, Ö. F., & Akgün, Ö. E. (2016). Teacher candidates’ experiences of cyber crime and their views for the information security course content. Mustafa Kemal University Journal of Social Sciences Institute, 13(33), 178–193.
Güldüren, C., Çetinkaya, L., & Keser, H. (2016). Development of information security awareness scale (ISAS) for secondary education students. Elementary Education Online, 15(2), 682–695. [CrossRef]
IBM. (2015). IBM 2015 cyber security intelligence index for financial services.
ISF. (2002). Effective security awareness – Workshop report. Information Security Forum.
ISO/IEC. (2005). ISO/IEC 27002: Code of practice for information security management.
ISTE. (2008). ISTE standards: Teachers. https ://id .iste .org/ docs/ pdfs/ 20-14_ISTE Stan dards -T_PD F.pdf
Jenkins, J. L., Grimes, M., Proudfoot, J. G., & Lowry, P. B. (2014). Improving password cybersecurity through inexpensive and minimally invasive means: Detecting and deterring password reuse through keystrokedynamics monitoring and just-in-time fear appeals. Information Technology for Development, 20(2), 196–213. [CrossRef]
Karacı, A., Akyüz, H. İ., & Bilgici, G. (2017). Investigation of cyber security behaviors of university students. Kastamonu Education Journal, 25(6), 2079–2094. [CrossRef]
Kaspersky Lab (2015). The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide. https ://www.kas persk y.com /abou t/pre ss-re lease s/201 5_the -grea t-ban k-robbery- carba nak-c yberg ang-s teals --1bn -from -100- finan cial- institutio ns-wo rldwi de.
Ki-Aries, D., & Faily, S. (2017). Persona-centred information security awareness. Computers and Security, 70, 663–674. [CrossRef]
Kline, R. B. (2005). Principles and practice of structural equation modeling (2nd ed.). Guilford Press.
Kruger, H. A., & Kearney, W. D. (2006). A prototype for assessing information security awareness. Computers and Security, 25(4), 289–296. [CrossRef]
Lin, W., Yang, H. C., Hang, C. M., & Pan, W. H. (2007). Nutrition knowledge, attitude, and behaviour of Taiwanese elementary school children. Asia Pacific Journal of Clinical Nutrition, 16(Suppl. 2), 534–546.
Mamonov, S., & Benbunan-Fich, R. (2018). The impact of information security threat awareness on privacy-protective behaviours. Computers in Human Behavior, 83, 32–44. [CrossRef]
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017) Individual differences and Information Security Awareness. Computers in Human Behavior, 69, 151–156. [CrossRef]
Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. (2014). The human factor of information security: Unintentional damage perspective. Procedia – Social and Behavioral Sciences, 147, 424–428. [CrossRef]
Metzger, M. (2017). FBI says Ransomware soon becoming a billion dollar business. Scientia Media UK. https ://ww w.scm agazi neuk. com/f bi-says-ra nsomw are-s oon-b ecomi ng-bi llion -doll ar-bu sines s/art icle/14755 39
Ngoqo, B., & Flowerday, S. V. (2015). Information Security Behaviour Profiling Framework (ISBPF) for student mobile phone users. Computers and Security, 53, 132–142. [CrossRef]
Öğütçü, G., Cırakoğlu, O. C., & Cula, S. (2016). Information security in the world of digital natives: How internet addiction, sensation seeking and information security behaviours are related. International Journal of Management and Applied Science, 2(9), 79–84.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers and Security, 42, 165–176. [CrossRef]
Pearson (2015). Pearson student mobile device survey. https ://ww w.pea rsone d.com /wp-c onten t/upl oads/ 2015- Pears on-St udent -Mobile-De vice- Surve y-Col lege. pdf.
Pusey, P., & Sadera, W. A. (2011). Cyberethics, cybersafety, and cybersecurity: Preservice teacher knowledge, preparedness, and the need for teacher education to make a difference. Journal of Digital Learning in Teacher Education, 28(2), 82–85. [CrossRef]
Raykov, T., & Marcoulides, G. A. (2006). A first course in structural equation modeling (2nd ed). Erlbaum.
Schermelleh-Engel, K., Moosbrugger, H., & Müller, H. (2003). Evaluating the fit of structural equation models: Tests of significance and descriptive goodness-of-fit measures. Methods of Psychological Research, 8(2), 23–74.
Smith, G. T. (2012). Impact of security awareness programs on end-user security behaviour: A quantitative study of federal workers [Doctoral Dissertation]. Capella University.
Sonck, N., Livingstone, S., Kuiper, E., & de Haan, J. (2011). Digital literacy and safety skills. EU Kids Online, London School of Economics & Political Science. http: //epr ints. lse.a c.uk/ 33733 /Spafford, E. H. (1992). Opus: Preventing weak password choices. Computers and Security, 11(3), 273–278. [CrossRef]
Symantec. (2018). Executive summary 2018 Internet security threat report (ISTR-23). https ://do cs.br oadco m.com /doc/ istr- 23-ex ecutive-su mmary -en
Tekerek, M., & Tekerek, A. (2013). A research on students’ information security awareness. Turkish Journal of Education, 2(17341), 61–70. [CrossRef]
Tolvanen, M., Lahti, S., Miettunen, J., & Hausen, H. (2012). Relationship between oral health-related knowledge, attitudes and behaviour among 15–16-year-old adolescents - A structural equation modeling approach. Acta Odontologica Scandinavica, 70(2), 169–176. [CrossRef]
Turkish Statistical Institute [TurkStat]. (2021). Information and communication technology (ICT) usage survey on households and individuals. https ://da ta.tu ik.go v.tr/ Bulte n/Ind ex?p= Surve y-on- Infor matio n-and -Comm unica tion- Techn ology -(ICT )-Usa ge-in -Hous ehold s-and -by-Indivi duals -2021 -3743 7.
Wahyudiwan, D. D. H., Sucahyo, Y. G., & Gandhi, A. (2017). Information security awareness level measurement for employee: Case study at Ministry of Research, Technology, and Higher Education. In Proceeding of the 3rd International Conference on Science in Information Technology (ICSITech) (pp. 654–658). Bandung, Indonesia. [CrossRef]
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security (4th ed.). Course Technology Press.
Xu, W., Sun, G., Lin, Z., Chen, M., Yang, B., Chen, H., & Cao, K. (2010). Knowledge, attitude, and behaviour in patients with atrial fibrillation undergoing radiofrequency catheter ablation. Journal of Interventional Cardiac Electrophysiology, 28(3), 199–207. [CrossRef]
Yılmaz, E., Şahin, Y. L., & Akbulut, Y. (2016). Digital data security awareness of teachers. Sakarya University Journal of Education, 6(2), 26–45. [CrossRef] Educational Academic