Supporting students' knowledge and skills in information technology security through a security portal

Ciftci, Nilay Pancar
Delialioğlu, Ömer
This study aims to investigate the initial perceived knowledge and skills of high school students in information technology (IT) security and the effect of an online security support tool, the Security Portal (SP), on students' perceived knowledge and skills in IT security. The SP is a website designed and developed as an extracurricular learning tool to improve high school students' knowledge and skills in IT security. An exploratory research design with descriptive and inferential statistical analysis was conducted to answer the research questions. The data were collected from the participants through the Perceived Knowledge and Skills in IT Security questionnaire, administered as pre-test and post-test before and after using the SP. The results of the study indicated that the majority of students were not aware about their schools' IT security policies and rules. Similarly, students had limited knowledge of the rules for using IT devices at their homes. Students' perceived knowledge and skills in (i) virus infection, (ii) awareness about IT crimes and unlicensed products, (iii) security settings of operating systems, (iv) Windows firewall and defender, (v) security settings of Android OS except adding owner information (vi) security issues related to e-mails, except risk associated with opening e-mails from unknown senders, (vii) security issues of web browsers and SNSs except security and privacy settings of SNSs, could be improved by using such tools.


Increasing trustworthiness of security critical applications using trusted computing
Uzunay, Yusuf; Baykal, Nazife; Bıçakcı, Kemal; Department of Information Systems (2014)
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Attack tree based information technology security metric integrating enterprise objectives with vulnerabilities
Karabey, Buğra; Baykal, Nazife; Department of Information Systems (2011)
Security is one of the key concerns in the domain of Information Technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based methodology is essential in prioritizing the response strategies to these risks and also this approach is required for resource allocation schedules to mitigate such risks. In addition to t...
Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots
Aydın, Kıvanç; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion...
Malicious user input detection on web-based attacks with the negative selection algorithm
Karataş, Mustafa Mer; Acar, Aybar Can; Department of Cyber Security (2019)
In the cyber security domain, detection and prevention of intrusions is a crucial task. Intrusion attempts exploiting vulnerabilities in an organization’s servers or applications may lead to devastating consequences. The malicious actor may obtain sensitive information from the application, seize database records or take over the servers completely. While protecting web applications/services, discrimination of legitimate user inputs from malicious payloads must be done. Taking inspiration from the Human Imm...
Citation Formats
N. P. Ciftci and Ö. Delialioğlu, “Supporting students’ knowledge and skills in information technology security through a security portal,” INFORMATION DEVELOPMENT, pp. 1417–1427, 2016, Accessed: 00, 2020. [Online]. Available: