1

CHAPTER I

THE PROBLEM AND ITS SCOPE

INTRODUCTION

Rationale

Globally, there has been a surge in cyber threats and attacks targeting

individuals, organizations, and educational institutions. In an era characterized

by the rising tide of cyber threats, it becomes imperative to identify this

knowledge gap to understand the potential vulnerabilities these students face

(Oruc, 2022). Additionally, the Philippines, like many countries, has

implemented data protection regulations, making it imperative for schools to

ensure the security of sensitive student data (Sutton, 2018). All these factors

underscore the necessity of this study, as it is essential to understand the

level of cyber security awareness among Grade 12 students, identify potential

knowledge gaps, and develop strategies to equip them with the skills needed

to navigate the digital landscape safely and responsibly. In essence, the

study's purpose or justification is to address the immediate and long-term

challenges posed by cyber threats and data protection regulations in the

context of the school and broader local and national contexts.

Locally, within DCPNHS, the widespread integration of technology in

education and communication means that students are exposed to online

risks, such as phishing identity theft, spamming, and privacy breaches. As

educational institutions are responsible for the well-being of their students,

there is a growing need to address these cyber security challenges (Yang,

 2

2023).The need to evaluate the level of cyber security awareness among

Grade 12 Academic Track students at DCPNHS is based on several key

factors.It is impossible to overestimate the significance of cyber security

knowledge and awareness in a time characterized by digital connection (J.

Hejase, 2015).

The imperative to undertake this study is further underscored by the

dynamic nature of the cyber threat landscape. In recent years, cyberattacks

have grown in sophistication and scale, and the methods employed by

malicious actors constantly evolve. This ever-changing landscape means that

existing educational programs might not adequately equip students with the

latest knowledge and skills to protect themselves and their digital

assets (Makhachashvili et al., 2020).This study addresses the research

problem of whether Grade 12 students possess sufficient cyber security

awareness to safeguard themselves and their digital assets.

Thus, there is a clear and urgent need to assess the current level of

cyber security awareness among Grade 12 Academic Track students at

DCPNHS to ensure that the educational institution is effectively preparing its

students for the digital challenges they will encounter not only during their

academic pursuits but also in their future careers and personal lives

This study's primary purpose is to comprehensively assess the current

state of cyber security awareness among Grade 12 Academic Track students

at DCPNHS. By doing so, it aspires to fill a critical knowledge gap, addressing

the growing cyber threats and the unique digital challenges faced by students.

The ultimate goal is to equip these students with the essential knowledge and

skills required to navigate the digital landscape safely and responsibly.

 3

Moreover, the study seeks to ensure the institution's compliance with data

protection regulations and to enhance the employability and overall well-being

of the students. By shedding light on the existing knowledge gaps and

potential vulnerabilities, this research is of paramount importance to both the

school and the broader community. It serves as a proactive step toward

securing the digital future of these students and, by extension, contributing to

a safer and more resilient digital society.

Review of Related Literature

This section provides an overview of related studies in the Assessment

of Cyber security Awareness of students.

Protected Motivation Theory

The Protection Motivation Theory (PMT) is a psychological model that

was developed to understand how individuals respond to threats and engage

in protective behaviours. It has been widely used to study various domains,

including health, environmental issues, and cybersecurity. PMT posits that

people’s motivation to protect themselves depends on their perception of

threat and the efficacy of protective actions (Wikipedia). Specifically, the

theory suggests that individuals are motivated to protect themselves against

cyber threats when they perceive the threat to be significant and believe that

the protective action will be effective (Rogers, 1983).

 4

Cybercrime Prevention Act of 2012

In accordance with Republic Act 10175, also referred to as the

“Cybercrime prevention act of 2012” It is a law that entirely deals with

offenses done against and using computer systems. It contains procedural

rules, substantive rules for crimes, and rules for international cooperation.

Individuals are exposed to the possibility of falling victim to cyber-attacks to a

greater extent as more individuals become online users. Through this Act,

which informs the public of the consequences of breaking the law, the national

government hopes to lower the risk of cyberattacks. However, there isn’t

enough proof to say that cyberattacks would go down just by people being

aware of the penalties. Thus, in order to secure the safety of these students,

the researchers have understood the significance of conducting this study to

fully grasp the level of cyber security awareness regarding cyber assaults

among Grade 12 Academic Track students of Dr. Cecilio Putong National

High school.

Recent study has been done to highlight the seriousness of malware

assaults, and proven that there are over 200,000 malware instances

worldwide daily, including phishing scams, ransom ware, and malicious

scans.

The level of end users’ knowledge of the risks posed by cyberattacks to

networks and the best practices that can be applied to reduce these risks is

referred to as their level of cyber security. An assault carried out by online

criminals using one or more computers on one or more computers or

 5

networks is known as a cyberattack. Identify theft, spamming, phishing, and

cyber worms, etc. are examples of cyber-attacks. End users would become

more vulnerable to risks if they were unable to recognize a cyberattack

without the aid of cyber security awareness. According to the Verizon Data

Breach Investigations Report (DBIR) 2021, the majority of data breaches were

caused by human error, including as clicking on malicious websites or falling

for social engineering scams. This highlights the need for equipping students

with the knowledge and skills to recognize and respond to cyber threats

effectively (Verizon, 2021). This emphasizes the necessity of giving students

the knowledge and abilities necessary to identify and successfully counteract

cyber threats (Verizon, 2021).

Several researches have investigated this topic in depth of the threats

of cybercrime today and local awareness levels. Elrasheed & Nadir, for

instance, assessed the cybersecurity awareness in the Alnamas region, a

neighbourhood in southern Saudi Arabia, by 132 undergraduates with

backgrounds in information technology were questioned, and it was

discovered that 15% of the participants had experienced 80.7% of those

surveyed were interested in training to combat cybercrime. Social media was

used in 69.6% of cybercrimes, 57% of which were sexual in nature, and

without their awareness.

The study “Cybersecurity Awareness of Majmaah Students: A Survey

Study” by Alshammari et al. (2021) examined the level of knowledge and

behavior of undergraduate students at Majmaah University in Saudi Arabia

regarding various cybersecurity issues. They used a questionnaire with 25

 6

questions to collect data from 384 students from different majors and

academic levels. Their results showed that the students had an above

average awareness of cybersecurity threats, such as email security, computer

viruses, phishing, fake ads, pop-up windows, and software updates. However,

they also identified some gaps and weaknesses in the students’

understanding and practice of cybersecurity, such as password management,

data backup, and social media privacy. They suggested some

recommendations to improve the cybersecurity awareness and education

among the students, such as conducting workshops, seminars, campaigns,

and online courses.

Chandarman and Niekerk (2017) performed a survey of students at a

private tertiary institution in South Africa's KwaZulu-Natal Province, which

demonstrated a positive self-awareness of several cybersecurity risks.

However, there was a clear need to improve cybersecurity awareness training

in order to ensure that students' knowledge, conduct, and attitudes about

cybersecurity were correct.

Similarly, a study involving students from Yobe State University's

Computer Science Department discovered strong awareness of privacy and

trust but a lack of fundamental skills in password management, phishing, and

two-factor authentication (Garba et al. 2020). Moallem (2019) researched

cybersecurity awareness among university students in the San Francisco Bay

area, finding that while the majority of respondents evaluated themselves as

having average or better cybersecurity awareness, it was unclear if this

information converted into secure behavior.

 7

Previous study has looked into a variety of cybersecurity issues,

including password security, cyberbullying, phishing, malware, downloading,

sharing, using paid content, two-factor authentication, trust, privacy, and

identity theft. These studies emphasize the multifaceted nature of

cybersecurity awareness, which includes understanding the importance of

information security, recognizing various types of cyber threats, protecting

personal information, securely managing passwords, and assessing the

trustworthiness of software platforms.

In this context, cybersecurity awareness among college students refers

to both their knowledge of potential cyber risks and their ability to protect

themselves. Key concerns include cybersecurity understanding, privacy

protection, password management, and trust in software platforms. It is critical

to examine students' comprehension of these aspects and their adoption of

proper security measures in order to effectively limit cyber hazards

(Frydenberg et al., 2020).

Africa has high internet penetration rates, resulting in an increase of

cyberattacks (Eboibi, 2021). Because of fragile answers to cybersecurity

challenges, the continent is viewed as a center of cybercrime (Kabandal et al.

2018). Cybercrime has a huge influence on Africa's GDP, costing billions of

dollars and mostly involving online frauds (Interpool, 2021). Despite these

issues, there is minimal cybersecurity research in African governments, and

there is an important lack of cybersecurity experts (Kshiteri, 2019). African

countries have built legislative frameworks to combat cybercrime, but

enforcement remains a challenge. In South Africa, initiatives to raise

cybersecurity awareness are visible, although research in this field is limited

 8

(Kritzinger et al., 2017). A lack of knowledge of cybersecurity dangers, along

with weak digital infrastructure, exacerbates the continent's security

vulnerabilities. Public awareness initiatives are critical in combatting

cybercrime, and have the ability to drastically lower risks. However, poor ICT

literacy levels impede cybersecurity awareness initiatives in Africa (Bada, Von

Solms et al., 2019).

Several studies have looked at cybersecurity knowledge among

college students from various areas. Alotaibi et al. (2016) discovered that

students at Saudi institutions lacked enough cybersecurity expertise and were

ignorant of the protection of their information. Senthilkumar and

Easwaramoorthy (2017) observed that college students in Tamil Nadu, India,

have higher-than-average knowledge of cybersecurity concerns, indicating a

need for improved security awareness initiatives. Moallem (2019) researched

students' attitudes about cybersecurity in Silicon Valley, identifying a lack of

awareness of information security and calling for frequent training to enhance

comprehension and conduct. Moallem (2019) also addressed the need of

privacy awareness and theft prevention, underlining the necessity for defined

action plans to raise cybersecurity awareness.

Zwilling et al. (2020) investigation of the relationship between users'

protective behaviors, cybersecurity mindfulness, and understanding across

multiple nations revealed adequate knowledge but little real-world application.

Research conducted at Nigerian institutions revealed that while students

understood the basics of cybersecurity, they were unaware of the importance

of information protection (Garba et al., 2020). The possibility of deceit among

users with inadequate information was highlighted by Aljeaid et al. (2020)

 9

assessment of end-user knowledge of phishing attacks and responsiveness to

cybersecurity risks.

Level of Cybersecurity Awareness

Alharbi and Tassaddiq conducted a study at Majmaah University with

the goal of determining the extent of user compliance and cybersecurity

knowledge among undergraduate students. To statistically assess students'

awareness of cybercrime and protection, the study used a scientific

questionnaire based on a number of Internet safety elements. They found that

the majority of pupils were familiar with basic cybersecurity concerns such

electronic emails, computer viruses, phishing, false advertisements, pop-up

windows, and other online outbreaks.

Alotaibi et al. examined the degree of college students' awareness of

cybersecurity. They found that the majority of students in Saudi colleges had

insufficient cybersecurity expertise since they were unaware of the protection

of their personal data.

Level of cyber security awareness of students from Academic Track in

terms of:

Identity theft
 10

The unauthorized use of someone else’s personal information, like a

Social Security number, is known as identity theft. This is often done to steal

money or credit (Merriam webster).

The study’s goal was to examine the features of Australia’s identity

theft response system from the viewpoint of a single victim, as described in

the publication “The identity theft response system” by Wyre et al. Victims can

anticipate that their identification information will continue to be misused as

the crime is known to have long-lasting effects. Furthermore, it is well

recognized that identity credential misuse can take many different forms,

making prevention challenging. But little is known about how identity theft

victims actually react to the crime and, consequently, how response actors—

which include financial institutions, law enforcement, and other organizations

—interact and depend on one another to meet the demands of victims. The

main goal of this project is to fill in this knowledge gap by gathering actual

information about the identity theft response system, its social, task, and

information requirements, and how they serve the needs of victims (Wyre et

al., 2020).

Data from 211 victims of identity theft who had previously received

assistance from IDCARE were used in the study. The national identification

and cybercrime community assistance service for Australia is called IDCARE.

Through a contact center, it provides specialized counselling services to

victims of identity theft. These services include extensive instructions on how

to handle identity theft and emotional assistance if the victims need it.

IDCARE provided anonymous case files and notes from these prior
 11

engagements under an approved ethics research program (USC E/16/052),

as well as information from phone interviews conducted for the purpose of this

study with specific victims over a 12-month period after the initial discovery of

the identity theft. These interviews were conducted to learn more about the

requirements of the victims, the organizations they interacted with, the duties

they undertook for those organizations, and the success these interactions

had in meeting their needs. Two-thirds of the 600 or so IDCARE clients who

were invited to take part in the study declined, leaving a final sample of 211

(Wyre et al., 2020).

Thirty-six days after the initial compromise, the credentials were

misused. It took the respondents, on average, 62 days after the initial

compromise to realize that their credentials had been misused. This illustrates

that a victim’s ability to respond to identity theft occurs after the initial theft.

Approximately 68% of survey participants discovered their identity theft on

their own, as opposed to learning about it from a third party. This shows that

the majority of identity theft victims’ initial interaction or response is centered

on self-detection. The window of time between an individual’s identity being

compromised and their initial discovery (either by themselves or others) is

probably the best one for subsequent identity misuse (Wyre et al., 2020).

Many of the victims interviewed for this study came to the conclusion

that the threat had subsided because they had not seen any further identity

theft. According to Wyre et al. (2020), there was no conclusive method to

determine whether or not they remained at danger, therefore this was their

only sign of recovery.

 12

Identity theft go beyond financial losses and also include significant

emotional and physical symptoms. Criminal justice system officials working

with identity theft victims should be aware of these consequences so they can

point victims to programs and services designed to address the emotional and

physical aftermath. The current study was unable to incorporate any victim

treatment measures (such as individual counseling, group therapy, or other

resources) that participants may have accessed because of data restrictions

(Katelyn Golladay, and Kristy Holtfreter, 2017).

Spamming

Information that is distributed or sent to huge recipients without their

knowledge. Spam can be divided into a wide range of categories, including

webspam, mobile, and Voice over Internet Protocol (VOIP). Spam on social

networking sites, instant messages, and phones spams from Usenet

newsgroups, IM, and email spam as the most well-known type of spam.

Today, email has been permanently integrated into our lives, for which the

majority of research efforts have been made improving the usability and

convenience of email and almost no money at all. Consequently, an email

system become a significant and fundamental communication strategy for a

large number of persons because transfers are easily made electrical signals

sent in seconds at clearly visible zero cost (Khan et al., 2015).

In a study by Kumar et al., (2020) email, often known as electronic mail

spam, is the "use of email to send a group of people unsolicited emails or

promotional email recipients. Unwanted email indicates that the recipient has

not given consent to receive those emails. "The acceptance since the last ten
 13

years, of employing spam emails has increased. Junk mail becomes a

significant internet misfortune. Spam is a waste of speed, space, and

message storage.

In another study, Manasrah, A., Akour, M., & Alsukhni, E. (2015) they

sought to investigate the awareness and attitudes of university students at

three major universities in Jordan. A total of 600 students from college of

education, science and IT colleges were surveyed. Most of the students in the

study were aggressive about spam and cybercrime, but few took action to

stop them.

A student's major plays an important role in raising awareness about

spam and cybercrime. Furthermore, he believed that this could lead to

students opening and reading spam emails, which could lead to them on

becoming victims of cybercrime, and he mainly considered four factors. These

factors are technological, social, economic, and religious.

Their results show that some key participants in the education sector

rarely use email accounts, while others may be motivated to follow specific

emails, although they have some knowledge of spam and cybercrime.

These participants are more vulnerable to cybercrime. In the end, they

have summarized research directions and recommendations to increase user

awareness and prepare to combat spam and cybercrime.

Phishing
 14

Phishing is a form of online fraud in which fraudsters trick others into

supplying sensitive data, including credit, financial, and personal information

passwords and credit card information (Katkuri, 2018). SMS phishing, often

known as SMiShing, is the alternative phishing attack. It utilizes mobile text

messaging or short messaging services (SMS) on their phones. Typically,

SMiShing targets its victims by texting them with messages that impersonate

authorities in the law, the banking industry, and IT police departments. They

will request information from their victims for them to gain access to sensitive

accounts or to perpetrate identity theft, financial fraud, or other illicit activities.

them. In addition to SMiShing, vishing is a form of telephone-based phishing

attacks. Search engine phishing is another kind of assault phishing, a

phishing attempt that makes use of bogus web pages (Boateng & Amanor,

2014). The scammer will make false web pages that advertise inexpensive

goods and amazing offers. The websites have a lot in common with the

original websites (Suganya, 2016). Attacks by phishers will be detrimental to

people, society, and the nation. Money loss for people, society, and the

economy is one of the impacts. Theft of sensitive and valuable information

about clients, partners, and organizations is another sort of financial loss

(Kamruzzaman et al., 2016). Phishing attacks can also decrease

stakeholders' and customers' trust in online transactions. Additionally, they

can harm a company's reputation as a brand.

The study examines the impact of social engineering influence, anti-

phishing knowledge, and security concern on phishing awareness among

Generation Y in Kuala Lumpur. Results show a negative relationship between

social engineering influence and phishing awareness, while a positive

 15

relationship exists between anti-phishing knowledge and phishing awareness.

Security concerns also positively affect phishing awareness. The findings

suggest that people should stay updated on phishing methods, read phishing

materials, secure their data, and install anti-viruses. Companies and

government agencies can benefit from this study to spread awareness and

take action against phishing threats. However, the study's limitations include

its scope, focusing on Generation Y, and its use of only three independent

variables (Hasnan, S. 2021).

In the paper "An Investigation into Students' Responses to Various

Phishing Emails and Other Phishing-Related Behaviors" authored by Edwin

Donald Frauenstein in 2018, the study explores the evolving landscape of

phishing attacks and its implications for internet users. This essay reviews the

key findings of the study and their relevance in the context of online security.

Frauenstein's study reveals a growing awareness among average

computer and internet users regarding phishing emails impersonating

financial institutions (Frauenstein, 2018). This finding raises concerns for

information security practitioners, as educational and training efforts

predominantly concentrate on protecting customers of financial institutions. It

underscores the importance of broadening security education beyond this

focus.

The research also emphasizes the effectiveness of phishing attacks

when they incorporate contextual elements of interest or concern to the user

(Frauenstein, 2018). These contextual elements create a heightened sense of

urgency or credibility, making users more susceptible to manipulation. Thus, it

 16

is essential for users to remain vigilant, as phishing attempts often leverage

personal interests.

Frauenstein's work brings attention to the expanding reach of phishing

attacks into social media platforms (Frauenstein, 2018). Users are

increasingly enticed to click on enticing videos and links, creating a new

frontier for attackers. The context of social media, where users do not

traditionally expect phishing attempts, makes this development particularly

noteworthy.

The study suggests that phishing on social media is likely to evolve

further. Attackers may incorporate additional contextual elements, using Open

Source Intelligence to target specific user groups (Frauenstein, 2018). This

underscores the need for ongoing vigilance and adapting security practices to

the changing tactics of phishers.

Frauenstein's research indicates a future research focus on how

responses to phishing attacks correlate with gender and age (Frauenstein,

2018). Understanding demographic influences on susceptibility is a crucial

step toward tailoring security education and awareness initiatives effectively.

Cyber worms

A worm is a type of malware or malicious software that can replicate

rapidly and spread across devices within a network. As it spreads, a worm

consumes bandwidth, overloading infected systems and making them

unreliable or unavailable. Worms can also change and delete files or

introduce other malware.

 17

Conficker worm spread in November 2008, it was targeting Microsoft

Windows operating system that has once infected 15 million hosts. The worm

system defense must be automatically detected. Before we defend against

worm, we must get the worm strategy by analysis of worm behavior. So

therefore, we propose Behavioral Scanning Worm Detection (BSWD) for

detecting internet worm behavior that uses TCP and UDP scanning attack.

We selected four different worms for validation of worm behavioral detection.

The BSWD corrected results detected the MSBlaster worm behavior more

than 99%, the behavior of Sesser, Dabber, Protoride behavior more than 97%

of correction. Our algorithm result recognizes the worms’ behavior in one

minute.

Conficker worm has several techniques to spread itself. One of these

techniques is a packet buffer overflow. The worm sends packet buffer

overflow to the vulnerable machine that allows a packet buffer overflow. The

excess code can overflow the buffer and execute in the vulnerable machine,

possibly causing problems. With Conficker, the attacking computer is a web

server that sends out an initial piece of code to random Internet Protocol (IP)

address. The worm induces a buffer overflow that causes the infected

machine to call the attacking computer over the internet or a Local Area

Network (LAN).

The attacking machine sends installation code for Conficker worm to

the victim machine. Conficker worm attack’s Windows 2000, Windows XP,

Windows Vista, Windows Server 2003, Windows Server 2008, and Windows

7 beta function [2]. Worms can use Transmission Control Protocol (TCP),
 18

User Datagram Protocol (UDP), and Internet Control Message Protocol

(ICMP) for scanning, and normally the request in TCP protocol is SYN flag but

there are worms that use stealth TCP scanning like Ramen worm. The study

calls it stealth TCP scanning, because it sends a single frame to a TCP port

without any TCP handshaking or additional packet transfers. (Mohammad M.

Rasheed and Munadil K. Faaeq, 2019)(Dengyin, Z., Ye, W.: SIRS: internet

worm propagation model and application. In: International Conference on

Electrical and Control Engineering, pp. 3029-3032 (2010).

 19

THE PROBLEM

Statement of the Problem

This study aims to assess the level of cyber security awareness among

Grade 12 Academic Track students at Dr. Cecilio Putong National High

School.

This aims to answer the following questions:

1. What is the level of cyber security awareness of the Grade 12 Academic

Track Students in terms of?

1.1. Identity theft

1.2. Spamming

1.3. Phishing

1.4. Cyber worms?

2. How do students self-assess their awareness regarding identity theft,

spamming, phishing, and cyber worms?

3. Is there a significant relationship between cyber security awareness among

the Grade 12 Academic students?

 20

Hypothesis
Ho: There is no significant relationship between cyber security awareness

among the students of grade 12 academic track.

Ha: There is a significant relationship between cyber security awareness

among the students of grade 12 academic track.

Theoretical Framework

An Evaluation of the Level of Cyber

Security Awareness among Grade 12
Academic Track of Dr. Cecilio Putong
National High School

Legal Basis
R.A 10175 Cyber Crime
Prevention Act of 2012

IV DV
Level of Cyber Identity Theft
Security
Spamming
Awareness
Phishing
Cyber worms

Figure1: Theoretical Framework

 21

Significance of the Study

This study can help Grade 12 Academic students become more aware

of the importance of cybersecurity in their daily lives. As they prepare to enter

college or the workforce, they are likely to rely heavily on digital tools and

online platforms. Understanding the basics of cybersecurity can help them

protect their personal information, finances, and digital assets.

General Students: A study like this can enhance students' digital literacy and

empower them to use digital technologies more safely. They can learn about

secure online practices, including strong password creation, recognizing

phishing attempts, and being mindful of their online presence. As Grade 12

students are on the cusp of entering college or the workforce, their level of

cybersecurity awareness can impact organizations and institutions where they

will study or work. A lack of awareness might result in security incidents, data

breaches, or personal harm.

School Administrators: It uses the findings to develop and implement

policies and guidelines aimed at improving cyber security awareness and

practices within the school or institution. This could include introducing

cybersecurity education as a part of the curriculum.

General Teachers: The study can help teachers understand the current state

of cyber security awareness among their students. This knowledge can inform

curriculum development and enable teachers to incorporate relevant cyber

security topics into their lessons.

 22

Scope and Limitations

In the ongoing study conducted during the first semester of the

academic year 2023-2024, the researchers primary scope encompasses

students who currently possess internet access and own gadgets that are

susceptible to cyber security concerns. By focusing on this specific subset of

the Grade 12 student population, the researchers aim to gain insight into the

cyber security awareness of those who are actively engaged with online

technologies. This scope acknowledges the relevance of internet access and

personal devices in shaping individuals' cyber security awareness.

This study focuses on cyber security awareness among Grade 12

Academic Track students at DCPNHS, focusing on the ABM, STEM, and

HUMMS strands. The researchers acknowledge the need for a homogenous

academic track to understand the nuances of cyber security awareness. The

study does not extend into the second semester, which may affect the

assessment of potential changes in awareness and capabilities over the entire

academic year. However, the quantitative approach and well-defined scope

provide valuable insights into cyber security awareness among Grade 12

students. The study considers demographic factors like gender, age, and

technology exposure, and compares students from different academic tracks

to understand differences in awareness levels. Qualitative data will be

collected through interviews and open-ended surveys to understand students'

experiences and perceptions. The study also explores the integration of cyber
 23

security education into the academic curriculum to understand the educational

landscape's impact on students' awareness and capabilities.

RESEARCH METHODOLOGY

Research Design

The study will adopt a correlational research design, which is a

form of non-experimental design that examines the relationships between

variables without any control or manipulation by the researchers (Bhandari,

2023). Using correlational design on assessing cybersecurity awareness of

students is that it can help us understand the relationships between different

variables that are relevant to cybersecurity, such as knowledge, attitude,

behavior, and demographic factors.

Research Environment

The study will be conducted in Dr. Cecilio Putong National High School

or DCPNHS; is a public secondary educational institution at Tagbilaran City,

Bohol, Philippines. It is located along Carlos P. Garcia or CPG Avenue.

The campus is 21,674 sq. meter with 45-60 students per class, DCPNHS

has the biggest number of students in Bohol province with more than 6000

enrollees. The senior high school department offers the Academic, Sports,

Arts and Design, and Technical Vocational Track. As the leading educational

institution in Bohol, DCPNHS serves as a microcosm of the broader

educational landscape in the province. This makes the study outcomes more

pertinent to the regional context.

Research Participants
 24

The research participants consist of Grade 12 students enrolled in the

Academic Track at DCPNHS. This specific group forms the target population

for the study, and their insights are integral to the assessment of cyber

security awareness within the academic context. The researchers chose

Academic Track students as respondents because they are more likely to use

digital platforms and devices for their academic and personal purposes, and

thus face more cyber security risks and challenges than other students.

Academic Track students may also have different levels of cyber security

awareness and knowledge, depending on their year level, work exposure, and

education level. Therefore, evaluating their level of cyber security awareness

can help identify their strengths and weaknesses, and provide

recommendations for improving their cyber security practices and skills. A

study conducted by (Leigh and Simmons, 2023) states why cyber security

awareness is important for students, especially those who use digital devices

and share information online frequently.

While addressing concerns about potential bias, the researchers emphasize that the choice

of Academic Track students does not hinge on assumptions of inherent academic

intelligence. Instead, the selection is driven by a focus on specific behaviors related to digital

usage within this subgroup. The decision to concentrate on Academic Track students stems

from their distinctive patterns of digital engagement for academic and personal purposes.

This criterion is not meant as an evaluation of their intellectual capabilities but rather as a

recognition of the unique digital landscape they navigate in the context of their

educational journey.

Research Instrument
 25

This research uses a survey questionnaire to assess the cyber security

awareness of Senior High School students in the Academic Track students.

The questionnaire aims to understand the students' perceptions of cyber

threats, their understanding of the importance of cyber security, and their

practices for safeguarding digital information. It also explores their exposure

to cyber education, usage of online resources, and attitudes towards adopting

secure online behaviors. The instrument aims to provide a comprehensive

understanding of the multifaceted aspects of cyber security within their

educational setting.

The survey questionnaire employed in the study has been crafted by

drawing insights from various sources that explore people's understanding

and practices related to online security. The questions have been adapted

from different studies:

1. Cyber Security Awareness: Questions have been incorporated

from a 2014 study by Velki, Solic, and Ocevcic, focusing on the awareness

levels of individuals regarding online security.

2. Identity Theft: Questions in this section are derived from a survey

conducted by the Bureau of Justice Statistics in 2016, specifically

examining how individuals safeguard themselves against identity theft.

3. Spamming: Some questions have been adapted from a 2012

survey by Ahuja and Kumar, exploring factors influencing individuals'

experiences with spam emails.

 26

4. Phishing: Questions in this section have been included from a

2014 study by Arachchilage and Love, shedding light on individuals'

knowledge about and avoidance of phishing attempts.

5. Cyber Worms: Questions in this section have been adapted from

a 2014 survey by Singhal, focusing on individuals' encounters with

computer viruses.

By incorporating questions from diverse studies, the researchers aim to

capture a comprehensive understanding of how these students’ approach and

think about cyber security within the unique context of their school

environment.

Research Procedure

Gathering of Data.

Initially, the researchers will submit a formal request to the school

registrar's office, seeking the provision of a comprehensive list of Academic

Track students for the first semester of the school year 2023-2024. Following

the receipt of this list, the researchers will proceed to employ a cluster

sampling approach to select representatives from each strand within the

Academic Track. This method aims to ensure a representative and unbiased

sample while allowing for a focused examination of specific educational

strands.

Second, a letter sent addressing to the School Principal as to their

students are the respondents in the research entitled “An Evaluation of the

Level of Cyber Security Awareness among the Academic Track Senior High

School Students of Dr. Cecilio Putong National High School S.Y. 2023-2024”.
 27

Third, after distributing the questionnaires, the researchers will gather

the instrument, and the data that was taken from the survey was tally for the

data interpretation.

Fourth, after the data gathering, the result will be checked, evaluated,

analyze, and interpreted with the use of statistical tools that seek to answer

the problem 1, 2, 3 and 4.

Ethical Considerations. In observance of the ethical procedures in

conducting research, the researcher faithfully observed outmost privacy of

their respondents and consent to their respondents, the information will be

protected, and the researchers asked permission to conduct the study and will

remain confidential.

Sample

In the pursuit of unbiased and comprehensive research, the

researchers have chosen a cluster sampling probabilistic method that

incorporates a stratified approach. This approach not only ensures

representation from each educational strand—STEM, ABM, and HUMSS—but

also guarantees the inclusion of the entire Academic Track data.

By selecting 12 participants from each section from the HUMSS strand,

20 participants from each section of the STEM strand, and 20 participants

from the ABM strand. This strategy safeguards against potential bias and

maintain a broader perspective encompassing the entirety of the Academic

Track.

The researchers emphasize that this method is designed to promote

inclusivity and mitigate any skewed representation, fostering a comprehensive

 28

understanding of cyber security awareness within the Academic Track at

large. This commitment to a fair and unbiased approach aligns with the ethical

considerations underlying the research design.

Statistical Treatment of Data.

Level of Cyber Security Awareness:

Descriptive statistics, including measures of central tendency and

dispersion, will be employed to present an overall summary of the cyber

security awareness level among Grade 12 Academic Track students.

Level of Cyber Security Awareness (Subcategories):

For each subcategory (identity theft, spamming, phishing, cyber

worms), descriptive statistics will be utilized to present the level of awareness.

Comparisons between subcategories may involve inferential statistics such as

analysis of variance (ANOVA) or non-parametric tests.

Relationship between Cyber Security Awareness and Threats:

Correlation analysis, such as Pearson's correlation coefficient, can be

employed to assess the strength and direction of the relationship between

overall cyber security awareness and specific cyber threats. Additionally,

regression analysis may be used to explore the predictive nature of cyber

security awareness on cyber threats.

These statistical treatments aim to provide a comprehensive analysis

of the cyber security awareness among Grade 12 Academic Track students,

considering both overall awareness levels and cyber threats.

 29

OPERATIONAL DEFINITION OF TERMS

 Awareness – Knowledge or perception of a situation or fact.

 Cybercrime – Encompasses a wide range of criminal activities that are

carried out using digital devices and/or networks.

 Cyber security – Is the application of technologies, processes, and

controls to protect systems, networks, programs, devices and data

from cyber-attacks.

 Cyber threats - Is a malicious act that seeks to damage data, steal

data, or disrupt digital life in general.

 Digital – Refers to electronic technology that uses discrete values,

generally zero and one, to generate, store and process data.

 Online – used to describe an activity, service, etc. that is only available

on the internet.
 30

 Malware – Is a file or code, typically delivered over a network, that

infects, explores, steals or conducts virtually any behavior an attacker

wants.

 Risk – A situation involving exposure to danger.

 Spam – unsolicited usually commercial messages (such as emails, text

messages, or Internet postings) sent to a large number of recipients.

 Technology – Is the application of conceptual knowledge for achieving

practical goals, especially in a reproducible way.

 Virus – A computer program that can copy itself and infect a computer

without permission or knowledge of the use.

CHAPTER II

PRESENTATION, ANALYSIS, AND INTERPRETATION OF DATA

This chapter deals with the presentation, analysis, and interpretation of

the results of the study.

Table 1. Summary of level of Cyber security awareness of the Grade 12

Academic Track students.

This chapter examines into the detailed presentation, analysis, and

interpretation of the study's findings. The contingency tables serve as a basic

tool for interpreting the varied responses, directing following questions about

the cyber security awareness landscape among the surveyed students.

 31

CYBER AWARENESS

80
70
60
50
40
30
20
10
0
STRONGLY DISAGREE NEITHER AGREE STRONGLY
DISAGREE AGREE

Q1 Q2 Q3 Q4 Q5

Figure 1: Cyber Security Awareness Bar Result

To achieve a randomized and representative selection from the whole

population of trainees, the current study used a cluster sampling approach.

The sample comprises of respondent who were intentionally chosen to

represent a varied cross-section of the Academic Track. The research seeks

to provide thorough insights into the cyber security knowledge of Academic

Track students with a total sample size of 140 out of 456 trainees.

Contingency Tables

RESPONSES

QUESTIONS 1 2 3 4 5 Total

I understand what cyber

0 3 5 60 72 140
security is.
0.0 % 2.1 % 3.6 % 42.9 % 51.4 % 100.0 %

I regularly educate myself

about new types of cyber
0 13 23 76 28 140
threats and best practices for
cyber security.
0.0 % 9.3 % 16.4 % 54.3 % 20.0 % 100.0 %
 32

Contingency Tables

RESPONSES

QUESTIONS 1 2 3 4 5 Total

I am aware of the legal and

ethical implications of cyber- 1 10 17 72 40 140
attacks.
0.7 % 7.1 % 12.1 % 51.4 % 28.6 % 100.0 %

I know how to use antivirus

software and understand its
10 16 43 47 24 140
role in protecting against cyber
threats.
7.1 % 11.4 % 30.7 % 33.6 % 17.1 % 100.0 %

I am aware of the importance

of using secure networks (e.g.,
4 6 24 55 51 140
VPN, secure Wi-Fi) to protect
against cyber threats.
2.9 % 4.3 % 17.1 % 39.3 % 36.4 % 100.0 %

Legend: 1 – Strongly Disagree 2 – Disagree 3 – Neither

4 – Agree 5 – Strongly Agree

Figure 2. Level of Cyber Security Awareness Percentage Result

The study reveals a positive trend in respondents' attitudes and

knowledge related to cyber security. The majority of respondents (51.4%)

strongly agree that they understand cyber security, regularly educate

themselves about new types of cyber threats and best practices, and are

aware of the legal and ethical implications of cyber-attacks. A significant

proportion of respondents (51.4%) are aware of the legal and ethical

implications of cyber-attacks, while a majority (33.6%) are aware of how to

use antivirus software and its role in protecting against cyber threats. The

distribution of respondents is more evenly spread, with 39.3% strongly

agreeing and 36.4% agreeing that they are aware of the importance of using

secure networks.
χ² Tests

Value df p

χ² 113 16 < .001

 33

Figure 3. χ² Tests

The x² test results indicate a strong association between the variables,

indicating that responses to these questions are not independent. The results

suggest a positive trend in respondents' attitudes and knowledge related to

cyber security, with the x² test highlighting a statistically significant association

between the different aspects explored in the questions.

The study also emphasizes the importance of incorporating education

on secure network practices (Alharbi and Tassaddiq, 2019). This underscores

the need for continued efforts to promote knowledge on common cyber

security factors and enhance the overall cyber security posture of students.
 34

IDENTITY THEFT

90
80
70
60
50
40
30
20
10
0
STRONGLY DISAGREE NEITHER AGREE STRONGLY
DISAGREE AGREE

Q1 Q2 Q3 Q4 Q5

Figure 4. Identity Theft Result

RESPONSES

QUESTIONS 1 2 3 4 5 Total

I understand what identity theft

2 2 8 48 80 140
is.
1.4 % 1.4 % 5.7 % 34.3 % 57.1 % 100.0 %

I am aware of the different

5 20 25 61 29 140
methods used in identity theft.
3.6 % 14.3 % 17.9 % 43.6 % 20.7 % 100.0 %

I know potential consequences

of becoming a victim of identity 2 3 10 65 60 140
theft.
1.4 % 2.1 % 7.1 % 46.4 % 42.9 % 100.0 %

I use strong, unique passwords

for all my online accounts to 1 4 14 48 73 140
prevent identity theft.
0.7 % 2.9 % 10.0 % 34.3 % 52.1 % 100.0 %

I am careful about sharing

personal information online to 1 13 16 25 85 140
prevent identity theft.
0.7 % 9.4 % 10.8 % 18.0 % 61.2 % 100.0 %
The presented contingency tables encapsulate the responses from
Figure 5. Identity Theft Tally
participants regarding various aspects of identity theft awareness. Each

question is categorized into scales, ranging from 1 (indicating strongly

disagree) to 5 (indicating strongly agree).

The study reveals that 57.1% of respondents have a strong

understanding of identity theft, with 34.3% reporting moderate understanding.

 35

A significant 43.6% of respondents are aware of various techniques used in

identity theft, with 20.7% agreeing on level 4. A significant 46.4% of

respondents have a high level of awareness of potential effects of identity

theft, with 42.9% agreeing on level 4. A majority of respondents (52.1%)

strongly agree with using strong, unique passwords, indicating widespread

adoption of secure password practices. A noteworthy 61.2% of respondents

are cautious when disclosing personal information online, demonstrating a

conscientious approach.

The study's findings support the recognition that identity theft has far-

reaching emotional and physical implications, in addition to financial loss. The

statement of criminal justice system personnel being aware of these

repercussions aligns with the idea that individuals with increased knowledge

may be better positioned to seek or advocate for assistance. It underscores

the need to not only prevent identity theft but also deal with its consequences.

The study's findings align with Katelyn Golladay and Kristy Holtfreter's (2017)

findings, which emphasize the importance of understanding and addressing

the broader implications of identity theft.

SPAMMING

100
80
60
40
20
0
STRONGLY DISAGREE NEITHER AGREE STRONGLY
DISAGREE AGREE

Q1 Q2 Q3 Q4 Q5

Figure 6. Spamming Bar Graph Result

Fgure 7. Spamming Data Tally

questions

1. I know the
importance of
keeping my email
Observed
address private to
avoid receiving
 36

The study analysed the importance of keeping email addresses

private, awareness of spam-related risks, knowledge of spam risks and

consequences, understanding of spamming and identification of spam, and

awareness of measures to prevent spam. The contingency tables showed that

the majority of respondents (61.4%) rated their email address private as

highly important, while 32.1% gave a rating of 4. The lowest ratings (1 and 2)

together comprised only 2.8%.

The majority of respondents (50.0%) had a high awareness of spam-

related risks, with 39.3% rating it as a risk. The majority (45.7%) had a good

understanding of spamming and how to identify it, with 39.3% rating it as a

threat. The lowest ratings (1 and 2) together comprised only 6.5%.

χ² Tests

Value df p

χ² 26.1 16 0.053
N 700

Figure 8. Spamming χ² Tests

The x² test results showed a generally positive trend in respondents'

understanding and awareness of email security and spam-related issues. The

p-value of 0.053 suggests a borderline significance, close to the 0.05

threshold, indicating that there might be some association between the

variables but not strong enough to reach conventional statistical significance.

In summary, while individual responses show a positive trend, the x²

test suggests a need for cautious interpretation and further investigation may
 37

be required to determine the significance of the associations between the

variables.

The study reveals that respondents are generally aware of spam-

related issues, emphasizing the rise of email spam and the potential

consequences of lack of recipient and sender verification. It also highlights the

vulnerability of email systems to abuse, particularly spam emails and

phishing, and the significant awareness of the risks and consequences of

spamming, as indicated by respondents' ratings in contingency tables.

PHISHING
80
70
60
50
40
30
20
10
0
STORNGLY DISAGREE NEITHER AGREE STRONGLY
DISAGREE AGREE

Q1 Q2 Q3 Q4 Q5

RESPONSES

QUESTIONS Figure19. Phishing

2 Bar
3 4 5 Total
Graph
I know how to identify phishing
emails or messages. I understand 4 10 30 58 38 140
what phishing is.
2.9 % 7.1 % 21.4 % 41.4 % 27.1 % 100.0 %

I know how to check if a website

is secure (e.g., HTTPS, padlock
4 12 35 51 38 140
icon, etc.) to avoid phishing
scams.
2.9 % 8.6 % 25.0 % 36.4 % 27.1 % 100.0 %

I know the potential risks and

consequences of falling for a 0 7 19 65 49 140
phishing scam.
 38

RESPONSES

QUESTIONS 1 2 3 4 5 Total
0.0 % 5.0 % 13.6 % 46.4 % 35.0 % 100.0 %

I know the importance of not

sharing sensitive personal or
1 4 10 48 77 140
financial information over email
or phone calls.
0.7 % 2.9 % 7.1 % 34.3 % 55.0 % 100.0 %

I am aware that phishing scams

can be used to steal sensitive
information such as usernames, 3 0 19 47 71 140
passwords, and credit card
details.
2.1 % 0.0 % 13.6 % 33.6 % 50.7 % 100.0 %

Figure 10. Phishing Result Tally

The survey reveals that the majority of respondents (41.4%) are aware

of how to identify phishing emails or messages, with a significant portion

either agreeing or strongly agreeing. A smaller percentage disagrees (7.1%)

and 2.9% strongly disagree, suggesting room for improvement in knowledge

or awareness.

The majority (36.4%) are aware of checking website security, with a

significant portion agreeing or strongly agreeing. However, a minority

expresses uncertainty or disagreement, suggesting the need for targeted

education or information.

A significant percentage (46.4%) are aware of the potential risks and

consequences of falling for a phishing scam, with a majority agreeing or

strongly agreeing. A very small percentage expresses disagreement,

suggesting a strong consensus on the significance of safeguarding personal

and financial details.

 39

The majority (55.0%) are aware of the potential theft associated with phishing

scams, with a high level of awareness regarding the potential theft of sensitive

information through phishing scams. A very small percentage expresses

disagreement, indicating a strong consensus on the awareness of the risks

associated with phishing.

χ² Tests

Value df p

χ² 65.8 16 < .001

N 700

Figure 11. Phishing χ² Tests

The x² test results indicated a strong association between the

variables, indicating that responses to these questions are not independent.

The results suggest a positive trend in respondents' attitudes and knowledge

related to phishing, with a statistically significant association between the

different aspects explored in the questions.

In conclusion, respondents generally exhibit a good level of awareness

and understanding of phishing-related issues. They show confidence in

identifying phishing attempts, checking website security, and understanding

the risks and consequences of falling for phishing scams. There is a high level

of consensus on the importance of not sharing sensitive information and

awareness of the potential theft associated with phishing scams.

RESPONSES

QUESTIONS 1 2 3 4 5 Total

I have experienced a cyber

57 48 16 13 6 140
worm attack before.
40.7 % 34.3 % 11.4 % 9.3 % 4.3 % 100.0 %

I know how cyber worms

17 27 31 45 20 140
spread in a network.
 40

RESPONSES

QUESTIONS 1 2 3 4 5 Total
12.1 % 19.3 % 22.1 % 32.1 % 14.3 % 100.0 %

I know how to protect my

12 17 40 46 25 140
devices from cyber worms.
8.6 % 12.1 % 28.6 % 32.9 % 17.9 % 100.0 %

I know the common signs that

a device has been infected by 19 33 40 38 10 140
a cyber-worm.
13.6 % 23.6 % 28.6 % 27.1 % 7.1 % 100.0 %

I know about the recent major

cyber worm attacks and their 23 29 44 27 17 140
impacts.
16.4 % 20.7 % 31.4 % 19.3 % 12.1 % 100.0 %
Figure 12. Cyber-worms Result Tally

CYBER-WORMS

60
50
40
30
20
10
0
STRONGLY DISAGREE NEITHER AGREE STRONGLY
DISAGREE AGREE

Q1 Q2 Q3 Q4 Q5

Figure 13. Cyber-worms Bar Graph

The study reveals that a significant proportion of respondents (40.7%)

have experienced a cyber-worm attack, with knowledge about the spread,

protection, signs of infection, and recent major attacks varying among

respondents. The distribution of knowledge about how cyber worms spread in

a network varies among respondents, with 32.6% claiming to have knowledge

and 8.5% not. Regarding device protection, 34.0% expressing confidence in

knowing how to protect their devices, while 13.5% do not feel knowledgeable

about protection methods. The majority of respondents (29.8%) claim to know

 41

common signs of infection, while 8.5% express uncertainty. Recent major

cyber worm attacks and their impacts are also known, with 32.6% claiming

knowledge about these attacks.

χ² Tests

Value df p

χ² 120 16 < .001

Figure 14. Cyber-worms χ² Tests

The x² test results indicate a strong association between the variables,

indicating that the responses to these questions are not independent.

In summary, the results suggest varying levels of experience and

knowledge among respondents regarding cyber worm attacks, with the x² test

highlighting a statistically significant association between the different aspects

explored in the questions.

Descriptives

95% Confidence
Interval

Mean SE Lower Upper Median Mode SD Variance

CYBER
3.95 0.0365 3.87 4.02 4.00 4.00 0.966 0.933
AWARENESS
IDENTITY
4.20 0.0361 4.13 4.27 4 5.00 0.957 0.915
THEFT
SPAMMING 4.30 0.0321 4.24 4.37 4 5.00 0.859 0.737
PHISHING 4.08 0.0356 4.01 4.15 4.00 5.00 0.943 0.889
WORMS 2.87 0.0482 2.77 2.96 3.00 3.00 1.279 1.637

Note. The CI of the mean assumes sample means follow a t-distribution with N - 1 degrees of
freedom

Figure 15. Descriptive Statistics

The mean (M) represents the average self-assessment score, and

higher values indicate a greater perceived awareness in each category.

 42

Students, on average, rated their awareness highest in spamming, phishing,

and identity theft.

The standard error (SE) provides a measure of the precision of the

mean estimate. A lower SE indicates a more precise estimate. The small SE

values suggest that the mean estimates are likely reliable. 95% Confidence

Interval

(CI): The 95% CI gives a range within which the true population mean

is likely to fall.

Narrower CIs for spamming, phishing, and identity theft suggest more

precision in estimating the true awareness levels compared to cyber worms.

The median and mode offer insights into central tendency and the most

frequent response, respectively. Having the median and mode close to the

mean suggests a relatively symmetric distribution of self-assessment scores.

Standard deviation and variance indicate the spread or variability in

self-assessment scores. Cyber worms have a higher standard deviation and

variance, indicating greater variability or disagreement among students in

their self-assessment for this category.

The overall trend indicates that students feel more confident and self-

aware in their understanding of spamming, phishing, and identity theft.

Cyber worms exhibit more variability, suggesting a wider range of opinions or

uncertainties among students regarding their awareness in this area.

 43

Correlation Matrix

CYBER IDENTITY
SPAMMING PHISHING WORMS
AWARENESS THEFT

CYBER Pearson's
—
AWARENESS r
df —
p-value —
95% CI
—
Upper
95% CI
—
Lower

IDENTITY Pearson's
0.708 *** —
THEFT r
df 695 —
p-value < .001 —
95% CI
0.743 —
Upper
95% CI
0.669 —
Lower

Pearson's
SPAMMING 0.718 *** 0.844 *** —
r
df 695 699 —
p-value < .001 < .001 —
95% CI
0.752 0.864 —
Upper
95% CI
0.680 0.822 —
Lower

Pearson's
PHISHING 0.711 *** 0.801 *** 0.720 *** —
r
df 698 695 695 —
p-value < .001 < .001 < .001 —
95% CI
0.745 0.826 0.754 —
Upper
95% CI
0.672 0.773 0.682 —
Lower

Pearson's
WORMS 0.639 *** 0.675 *** 0.694 *** 0.769 *** —
r
df 695 697 700 695 —
p-value < .001 < .001 < .001 < .001 —
95% CI
0.681 0.714 0.731 0.798 —
Upper
95% CI
0.593 0.633 0.654 0.737 —
Lower

Note. * p < .05, ** p < .01, *** p < .001

Figure 16. Pearson Correlation Matrix

 44

The analysis of the correlation matrix reveals significant relationships

among various cyber security awareness variables. Cyber Awareness exhibits

strong positive correlations with Identity Theft (r = 0.708, p < .001), Spamming

(r = 0.718, p < .001), Phishing (r = 0.711, p < .001), and Worms (r = 0.639, p <

.001). These correlations suggest that as Cyber Awareness increases,

awareness of Identity Theft, Spamming, Phishing, and Worms also tends to

increase.

Furthermore, Identity Theft demonstrates very strong positive

correlations with Spamming (r = 0.844, p < .001), Phishing (r = 0.801, p

< .001), and moderate positive correlation with Worms (r = 0.675, p < .001).

The robust correlations underscore a consistent pattern where heightened

awareness of Identity Theft aligns with increased awareness of other cyber

threats.

Likewise, significant positive correlations are observed between

Spamming and Phishing (r = 0.720, p < .001), Spamming and Worms (r =

0.694, p < .001), as well as Phishing and Worms (r = 0.769, p < .001). These

correlations reinforce the notion that a higher awareness in one cyber security

aspect corresponds with elevated awareness in other areas.

Conclusively, based on the strong and significant positive correlations

found in the analysis, the null hypothesis (H0: There is no significant

relationship between cyber security awareness variables) is rejected in favor

of the alternative hypothesis (H1: There is a significant relationship between

cyber security awareness variables). This implies that an increase in

awareness of any particular cyber security aspect is associated with an

increase in awareness across various other cyber threats. The results

 45

emphasize the interconnected nature of cyber security awareness,

highlighting the importance of holistic and comprehensive education in

mitigating diverse cyber threats.

H0: There is no significant relationship between cyber security awareness

among the Grade 12 Academic students.

The paper "A Study on Cybersecurity Awareness Among Students in Yobe

State University, Nigeria: A Quantitative Approach” presents results that

indicate the need for cyber security awareness among students at all levels,

thereby rejecting the hypothesis (Garba et al.)

CHAPTER III

SUMMARY, FINDINGS, CONCLUSION, AND RECOMMENDATIONS

This chapter sequentially presents the summary of the study, the

findings, conclusions, and recommendations offered.

Summary of Findings

The purpose of this study was to assess the level of cyber

security awareness among Grade 12 Academic Track students at Dr. Cecilio

Putong National High School. The results served as the basis for the

proposed intervention program. This study aims to answer the following

 46

questions: What is the level of cyber security awareness of the Grade 12

Academic Track Students in terms of Identity Theft, Spamming, Phishing, and

Cyber Worms, how do students self-assess their awareness regarding identity

theft, spamming, phishing, and cyber worms, and if there’s a significant level

of cyber security awareness among the Grade 12 Academic students.

The location for the study is in Dr. Cecilio Putong National High School

or DCPNHS. With a total of 456 Academic Track Students, a Clustered

sampling was employed with 12 respondents from each section of HUMSS,

20 respondents from each section of STEM, and 20 respondents from ABM.

With a total of 140 survey respondents.

This study utilized a quantitative descriptive research design using

adapted questionnaires from various authors.

The results of the Cyber Security Awareness shows that majority of the

respondents understand cyber security, regularly educate themselves about

new types of cyber threats and best practices and are aware of the legal and

ethical implications of cyber-attacks. As for the results of Identity theft, it

reveals that 57.1% of respondents have a decent understanding of identity

theft, with 34.3% with moderate understanding. In the findings of spamming,

the study reveals that respondents are aware of spam-related issues,

emphasizing the rise of email spam and the potential consequences of lack of

recipient and sender verification. With phishing, they exhibit confidence in

spotting phishing efforts, vetting the security of websites, and comprehending

the dangers and repercussions of falling for phishing schemes. As for Cyber
 47

Worms, finding shows a high percentage of 40.7% of the respondents not

being aware of cyber worms’ attack.

The relationship between cyber security awareness among the Grade 12

Academic students reveals that there is no significant relationship between

cyber security awareness among the Grade 12 Academic students as per

(Garba et al.) where results should indicate the need for cyber security

awareness among students at all levels, thereby rejecting the hypothesis.

Conclusion

Based on the results, the researchers concluded that grade 12

Academic Track students of Dr. Cecilio Putong National High School have a

reasonable level of cyber security awareness. It can be concluded that most

students are aware of the cyber security concerns and are active on ongoing

education about the emergence of cyber threats, keeping with the

cybersecurity emphasis on lifelong learning.

According to the findings, the study of Alshammari et al. (2021)

supports as the students' awareness of cybersecurity risks, including those

related to computer viruses like cyber worms, phishing, spamming, and

identity theft had and has an above average.

Recommendations

Considering the salient findings of the study, the following are hereby

recommended by the researcher:

 48

Implement continuous monitoring and feedback mechanisms to track

changes in awareness over time. This will help in evaluating the effectiveness

of educational interventions and adjusting as needed.

Collaborate with cybersecurity experts or professionals to design

interventions and educational materials. Their insights can enhance the

content and relevance of awareness programs.

The lower awareness in cyber worms warrants targeted educational

efforts. Consider implementing additional educational modules, workshops, or

resources focused on cyber worms to enhance students' understanding.

REFERENCES
Alharbi, T., & Tassaddiq, A. (2021). Assessment of Cybersecurity Awareness
among Students of Majmaah University. Big Data and Cognitive
Computing, 5(2), 23. https://doi.org/10.3390/bdcc5020023

Ali, M. M., & Zaharon, N. F. M. (2022). Phishing—A Cyber fraud: The types,
implications and governance. International Journal of Educational
Reform, 33(1), 101–121. https://doi.org/10.1177/10567879221082966

Al-Janabi, S., & Al-Shourbaji, I. (2016). A study of cyber security awareness in

educational environment in the Middle East. Journal of Information &
Knowledge Management, 15(01), 1650007.
https://doi.org/10.1142/s0219649216500076

Alotaibi, F., Furnell, S., Stengel, I., & Papadaki, M. (2016). A survey of cyber-
security awareness in Saudi Arabia. 11th International Conference for
Internet Technology and Secured Transactions.
https://doi.org/10.1109/icitst.2016.7856687
Alzubaidi, A. (2021). Measuring the level of cyber-security awareness for
cybercrime in Saudi Arabia. Heliyon, 7(1), e06016.
https://doi.org/10.1016/j.heliyon.2021.e06016
 49

Frauenstein, E. D., & Flowerday, S. (2016). Social network phishing:

Becoming habituated to clicks and ignorant to threats? Conference:
Information Security South AfricaAt: Rosebank, Johannesburg.
https://doi.org/10.1109/issa.2016.7802935

Golladay, K. A., & Holtfreter, K. (2017b). The Consequences of Identity Theft

Victimization: An examination of emotional and physical health
outcomes. Victims & Offenders, 12(5), 741–
760. https://doi.org/10.1080/15564886.2016.1177766

Khan, W. Z., Khan, M. K., Muhaya, F. T. B., Aalsalem, M. Y., & Chao, H.
(2015). A comprehensive study of email spam Botnet detection. IEEE
Communications Surveys and Tutorials, 17(4), 2271–2295.
https://doi.org/10.1109/comst.2015.2459015

Manasrah, A. M., Akour, M., & Alsukhni, E. M. (2015). Toward improving

university students awareness of spam email and cybercrime: Case
study of Jordan. First International Conference on Anti-Cybercrime
(ICACC). https://doi.org/10.1109/anti-cybercrime.2015.7351955

Rasheed, M. M., Norwawi, N. M., Ghazali, O., & Faaeq, M. K. (2019).

Detection algorithm for internet worms scanning that used user
datagram protocol. International Journal of Information and Computer
Security, 11(1), 17. https://doi.org/10.1504/ijics.2019.096847

Suganya, V. (2016). A review on phishing attacks and various anti phishing

techniques. International Journal of Computer Applications, 139(1), 20–
23. https://doi.org/10.5120/ijca2016909084

Wyre, M., & Lacey, D. (2020). The identity theft response system.
https://doi.org/10.52922/ti04299

Yeboah-Boateng, E. O., & Amanor, P. M. (2014). Phishing, SMiShing &

Vishing: An Assessment of Threats against Mobile Devices.
Department of Electronic Systems, 5(4), 297–307.
https://vbn.aau.dk/da/publications/phishing-smishing--
vishing(6289ebbb-00ef-453b-ad28-6f274a198770)/export.html

Zaharon, N. F. M., Ali, M. M., & Hasnan, S. (2021). Factors affecting

awareness of phishing among Generation Y. Asia-Pacific Management
Accounting Journal, 16(2), 409–444.
https://doi.org/10.24191/apmaj.v16i2-15

Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Çetin, F., & Basım, H. N.
(2020b). Cyber Security Awareness, Knowledge and Behavior: A
Comparative study. Journal of Computer Information Systems, 62(1),
82–97. https://doi.org/10.1080/08874417.2020.1712269
 50

Appendix A

TRANSMITTAL LETTERS
 51

Appendix B

INFORMED CONSENT FOR THE RESEARCH PARTICIPANTS

 52

Appendix C
QUESTIONNAIRE

“AN EVALUATION OF THE LEVEL OF CYBER SECURITY AWARENESS

AMONG THE SENIOR HIGH SCHOOL ICT STRAND STUDENTS OF
DR.CECILIO PUTONG NATIONAL HIGH SCHOOL S. Y. 2023-2024 ”

Dear Respondent:
Thank you for participating in this research. This survey aims to
evaluate the level of cyber security awareness among Senior High School ICT
Strand students at Dr. Cecilio Putong National High School for the school year
2023-2024. Your honest responses are essential for a comprehensive
understanding of cyber security awareness. As our respondent, we humbly
ask for your participation in this survey which will only take approximately ten
to fifteen (10-15) minutes of your time. Your cooperation will be a great help to
us in completing this research study. Rest assured that your response will be
handled with outmost confidentiality. Thank you and God bless!
 53

Please answer the following questions and thank you very much for
your time. Rest assured that your answers will be kept strictly confidential.
Sincerely yours,
The Researchers

Demographic Information:
1. Name (optional):_________________ 4. Age: __
2. Grade Level: __
- Animation
- CSS
3. Gender:
- Male
- Female
- Other (please specify): ____________

Directions: Please check and rate yourself based on the given statements
below using the following scales:

5 – Strongly Agree 4 – Agree 3 – Neither Agree or Disagree

2 – Disagree 1 – Strongly Disagree

Questionnaires

(1) (2) (3) (4) (5)

Item Description Strongly Disagree Neither Agree Strongly
Disagre Agree
e

Cyber Security Awareness

1. I understand what
cyber security is.
2. I regularly educate
myself about new
types of cyber
threats and best
practices for cyber
security.
3. I am aware of the
legal and ethical
implications of cyber
attacks.
 54

4. I know how to use

antivirus software
and understand its
role in protecting
against cyber
threats.
5. I am aware of the
importance of using
secure networks
(e.g., VPN, secure
Wi-Fi) to protect
against cyber
threats.

Identity theft
1. I understand what
identity theft is.
2. I am aware of the
different methods
used in identity
theft.
3. I know the potential
consequences of
becoming a victim of
identity theft.
4. I use strong, unique
passwords for all my
online accounts to
prevent identity
theft.
5. I am careful about
sharing personal
information online to
prevent identity
theft.

Spamming
1. I know the importance
of keeping my email
address private to
avoid receiving spam.
2. I am aware that spam
can sometimes
contain malware or
links to malicious
websites.
3. I know the potential
risks and
consequences of
spamming.
 55

4. I know how to identify

spam messages or
emails.
5. I understand what
spamming is.

Phishing
1. I know how to identify
phishing emails or
messages.
2. I know how to check if
a website is secure
(e.g., HTTPS, padlock
icon, etc.) to avoid
phishing scams.
3. I know the potential
risks and
consequences of
falling for a phishing
scam.
4. I know the importance
of not sharing
sensitive personal or
financial information
over email or phone
calls.
5. I understand what
phishing is.

Cyber Worms

1. I have experienced a
cyber worm attack
before.
2. I know how cyber
worms spread in a
network.
3. I know how to protect
my devices from cyber
worms.
4. I know the common
signs that a device has
been infected by a
cyber worm.
5. I know about the
recent major cyber
worm attacks and their
 56

impacts.
 57

CURRICULUM VITAE

CURICULUM VITAE

CABAONG, REA C.
Taloto, Tagbilaran City, Bohol
09918789927
[email protected]
 58

Personal Background

Date of Birth: March 16, 2006

Place of Birth: Bocaue, Bulacan

Home Address: Basak, Taloto, Tagbilaran City, Bohol

Citizenship: Filipino

Civil Status: Single

Sex: Female

Educational Background

High School: Dr. Cecilio Putong National High School

Elementary: Booy Elementary School

 59

CURICULUM VITAE

ENERO, CORCINE L.
Cogon, Tagbilaran City, Bohol
09108591786
[email protected]

Personal Background

Date of Birth: October 22, 2005

Place of Birth: Tagbilaran City

Home Address: Tamblot St., Tagbilaran City

Citizenship: Filipino

Civil Status: Single

Sex: Male

Educational Background

High School: Dr. Cecilio Putong National High School

Elementary: Tagbilaran City Central Elementary School

 60

CURICULUM VITAE

MIGRIÑO, SAMANTHA FAITH U.

Mansasa, Tagbilaran City, Bohol
09560541795
[email protected]

Personal Background

Date of Birth: November 23, 2005

Place of Birth: Tagbilaran City

Home Address: Miguel Parras Extension Mansasa District Tagbilaran City

Citizenship: Filipino

Civil Status: Single

Sex: Female

Educational Background

High School: Dr. Cecilio Putong National High School

Elementary: City East Elementary School

 61

CURICULUM VITAE

OCHARON, KLEINHUGH
ROTCIV R.
Agahay, Maribojoc, Bohol
09073717922
[email protected]

Personal Background

Date of Birth: August 3, 2006

Place of Birth: Tagbilaran Cit Bohol

Home Address: Sitio Baliwan, Purok 2, Agahay Maribojoc, Bohol

Citizenship: Filipino

Civil Status: Single

Sex: Male

Educational Background

High School: Dr. Cecilio Putong National High School

Elementary: Cabawan Elementary School, Maribojoc

 62

CURICULUM VITAE

PILOTON, CEDRIC CLYDE L.

Totolan Dauis, Bohol
09923363927
[email protected]

Personal Background

Date of Birth: July 28, 2005

Place of Birth: Tagbilaran City

Home Address: Purok 2, Totolan Dauis, Bohol

Citizenship: Filipino

Civil Status: Single

Sex: Male

Educational Background

High School: Dr. Cecilio Putong National High School 2024

Elementary: Holy Name University

 63

CURICULUM VITAE

SUGANOB, MARY GRACE C.

Totolan Dauis, Bohol
09079064489
[email protected]

Personal Background

Date of Birth: September 8, 2006

Place of Birth: Cambagui, Sevilla, Bohol

Home Address: Purok 2, Baha-baha, Totolan, Dauis, Bohol

Citizenship: Filipino

Civil Status: Single

Sex: Female

Educational Background

High School: Dr. Cecilio Putong National High School 2024

Elementary: Cambagui Elementary School

 64

Prepared by:

DR. LEGARDO R. PALACA JR

Chairman, Division Technical Committee in Research

In Colloboration with:
DR. MARIA ANTOINNETE DUGANG
Education Program Supervisor in………….

Division Technical Committee in Research

Secondary Schools’ Research Coordinator