Cybersecurity Program for Philippine Higher Education Institutions (HEIs): A Multiple-Case Study

Francisco Dente Esponilla II, Noly M. De Ramos


Cybersecurity challenges among higher education institutions encourage the need to design a model that would serve the capacity building to address multiple cases in cybersecurity. Cybersecurity incidents have shown the pervasiveness of an extensive series of malicious interests and the mounting intricacy of cyber-threats, as well as their implications to government, institutions, and individuals across the globe. The program logic model will illustrate how State Universities and Colleges activities and programs work that can be employed for planning, implementation, communication, and assessment. The current study is a multiple case study of cybersecurity threats and challenges of Selected Philippine State Universities and Colleges in the National Capital Region. Sample participants were purposively selected Information Technology (IT) experts from various selected State College and Universities. A structured interview being the main instrument of the study investigates threats and challenges of cybersecurity to assess an active and proactive approach to developing a model framework for security resources in respective academic institutions. Responses gathered from the interview were consolidated and analyzed through a thematic coding process. The result of the study revealed the following challenges in cybersecurity are user education, cloud security, information security strategy, and unsecured personal devices.  Hence, the major higher educational institutions like the Commission on Higher Education (CHED), Department of Information and Communication Technology (DICT) and Philippine Association of the State Colleges and Universities (PASUC) as the collaborating stakeholders for the creation of the cybersecurity program logic model in higher education.


Academic integrity, Cybersecurity, Cybercrime, Internet of things, Program Logic Model


M. D. Cavelty, & A. Wenger, “Cyber security meets security politics: Complex technology, fragmented politics, and networked science,” Contemporary Security Policy, 2020.

D. Benoliel, “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study,” North Carolina J. Law Technology, vol. 16, no. 3, pp. 435–486, 2015.

M. Richardson, P. Lemoine, W. Stephens, and R. Waller, “Educational Planning,” vol. 27, no. 2, 2020, [Online].

P. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology,” Computer Security Incident Handling Guide, Aug. 2012, doi: 10.6028/nist.sp.800-61r2.

M. Venter, R. J. Blignaut, K. Renaud, and M. A. Venter, “Cyber security education is as essential as ‘the three R’s,’” Heliyon, vol. 5, no. 12, p. e02855, Dec. 2019, doi: 10.1016/j.heliyon.2019.e02855.

Reuters Staff, “Cyber attack hits 200,000 in at least 150 countries: Europol,” U.S., May 14, 2017. (accessed Mar. 21, 2021).

M. Bada and J. Nurse, “The Social and Psychological Impact of Cyber-Attacks,.”

M. Hasib, “Cybersecurity leadership: powering the modern organization.” Tomorrow’s Strategy Today, LLC, 2014.

Razzaq, A. Hur, H. F. Ahmad, and M. Masood, “Cyber security: Threats, reasons, challenges, methodologies and state of the art solutions for industrial applications,” in Proceedings - 2013 11th International Symposium on Autonomous Decentralized Systems, ISADS 2013, 2013.

Hussain Bhat, T., & Khan, “Cybercrimes, security and challenges,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 4, no. 5, 2015.

C. Tagert, “Cybersecurity Challenges in Developing Nations,” PhD Thesis, 2010.

K. P. Newmeyer, “Cybersecurity Strategy in Developing Nations: A Jamaica Case Study,” 2014.

S. Caponi, “Cybersecurity Trends for 2014,” Corporate Compliance Insights, Feb. 21, 2014.

D. N. Burrell, A. S. Aridi, and C. Nobles, “The critical need for formal leadership development programs for cybersecurity and information technology professionals,” in Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018, 2018.

M. Cleveland, S., Cleveland, “Towards Cybersecurity Leadership Framework,” in thirteenth Midwest Association for Information Systems Conference, 2018, pp. 1–5.

J. A. Lester, D.L.; Parnell, “The Desktop Manager,” Adv. Manag. J., vol. 71, no. 4, 2006.

Daniel, “Big Data and analytics in higher education: Opportunities and challenges,” Br. J. Educ. Technol., 2015.

K. Campbell, L. A. Gordon, M. P. Loeb, and L. Zhou, “The economic cost of publicly announced information security breaches: empi...: EBSCOhost,” J. Comput. Secur., 2003.

H. Cavusoglu Ph.D., B. Mishra Ph.D., and S. Raghunathan Ph.D., “The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers,” Int. J. Electron. Commer., 2004.

S. Al-Janabi and I. Al-Shourbaji, “A Study of Cyber Security Awareness in the Educational Environment in the Middle East,” J. Inf. Knowl. Manag., 2016.

T. Hunt, “Cyber Security Awareness in Higher Education,” Cent. Washingt. Univ., 2016.

K. P. Newmeyer, “Elements of national cybersecurity strategy for developing nations,” Natl. Cybersecurity Inst J, vol. 1, pp. 9–19, 2015.

F. Norris, L. Mateczun, A. Joshi, and T. Finin, “Cybersecurity challenges to American local governments,” in Proceedings of the European Conference on e-Government, ECEG, 2017.

S. Seuring and M. Müller, “Core issues in sustainable supply chain management - A Delphi study,” Bus. Strateg. Environ., 2008.

K. Jansson and R. Von Solms, “Phishing for phishing awareness,” Behav. Inf. Technol., 2013.

R. D. Butler, “An Examination of Issues Surrounding Information Security in California Colleges,” 2013.

K. H. A Al-Shqeerat, F. M. A Al-Shrouf, M. R. Hassan, and A. -Jordan Hassen Fajraoui, “Cloud Computing Security Challenges in Higher Educational Institutions -A Survey,” Int. J. Comput. Appl., 2017.

P. T. Jaeger, J. Lin, and J. M. Grimes, “Cloud computing and information policy: Computing in a policy cloud?” J. Inf. Technol. Polit., 2008.

AlamgirKhan, “Preventing Phishing Attacks using One Time Password and User Machine Identification,” Int. J. Comput. Appl., 2013.

J. Subranaian, L., Liu, J., & Winterdyk, “Cyber-Terrorism and Cyber Security: A Global Perspective,” Asian Criminol., 2016.

Duncan, S. Creese, and M. Goldsmith, “An overview of insider attacks in cloud computing,” Concurrency Computation. 2015.

T. T. Pham, “Protecting Client Data: Law firms Look to Shore Up Data Security,” Duo Security, 2015. .

Y. Rezgui and A. Marks, “Information security awareness in higher education: An exploratory study,” Comput. Secur., 2008.

F. E. Catota, M. Granger Morgan, and D. C. Sicker, “Cybersecurity incident response capabilities in the Ecuadorian financial sector,” J. Cybersecurity, 2018.

V. Raskin, C. F. Hempelmann, K. E. Triezenberg, and S. Nirenburg, “Ontology in information security: A useful theoretical foundation and methodological tool,” in Proceedings New Security Paradigms Workshop, 2001.

K. P. Patten and M. A. Harris, “The need to address mobile device security in the higher education IT curriculum,” J. Inf. Syst. Educ., vol.24, no. 1, pp. 41-52, 2013.

Raths, “Crossing the Device Divide: With the Help of Browser-Based Software, Students in BYOD Districts Can Be on the Same Page Even If They Have Different Devices,” T H E J. (Technological Horizons Educ.), 2013.

H. V. Nguyen, “Cybersecurity Strategies for Universities With Bring Your Own Device Programs,” Walden University, 2019.

M. Rogers, A. Singhal, and M. M. Quinlan, “Diffusion of innovations,” in An Integrated Approach to Communication Theory and Research, Third Edition, 2019.

Suhendi and Purwano, “Constructivist Learning Theory: The Contribution to Foreign Language Learning and Teaching,” The 1st Annual International Conference on Language and Literature. Volume 2018.

J. Corbin, and A. Strauss, “Basics of Qualitative Research (3rd ed.): Techniques and Procedures for Developing Grounded Theory - SAGE Research Methods,”, 2012.

N. Ole Pors, “Qualitative Research for the Information Professional. A Practical Handbook (2nd ed.),” Journal of Documentation. 2005.

R. K. Yin, “Case Study Research and Applications: Design and Methods: Yin, Robert K.: 9781506336169: Books,”, 2021.

Carayannis, E.;Turner, “Innovation diffusion and technology acceptance: The Case of PKI technology,” Technovation, vol. 26, no. 7, pp. 847–855, 2006.

S. Brinkmann and S. Kvale, “Planning an interview study,”, 2018. (accessed Mar. 21, 2021).

R. Panko, Business data networks and telecommunications, 7th Edition. Upper Saddle River, NJ: Prentice Hall, 2008.

Hayes, M. L. Parchman, and R. Howard, “A logic model framework for evaluation and planning in a primary care Practice-based Research Network (PBRN),” Journal of the American Board of Family Medicine. 2011.

Morrison, J. P. Lee, P. J. Gruenewald, and C. Mair, “The reliability of naturalistic observations of social, physical and economic environments of bars,” Addiction Research & Theory, vol. 24, no. 4, pp. 330–340, Feb. 2016, doi: 10.3109/16066359.2016.1145674.

K. E. Luck, S. Daucet, and A. Luke, “The Development of a Logic Model to Guide the Planning and Evaluation of a Navigation Center for Children and Youth with Complex Care Needs,” Child & Youth Services, 2020.

S. C. Blog, “What are program logic models?” 2018.

P. F. McCawley, “The Logic Model for program planning and evaluation,” Univ. Idaho, 2002.

W. K. K. Foundation, Using Logic Models to Bring Together Planning, Evaluation, and Action: Logic Model Development Guide. One East Michigan Avenue East Battle Creek, Michigan 49017-4012: W.K. Kellogg Foundation, 2004.

X. Luo and Q. Liao, “Awareness education as the key to ransomware prevention,” Inf. Syst. Secur., 2007.

J. Kinder, S. Katzenbeisser, C. Schallhart, and H. Veith, “Proactive detection of computer worms using model checking,” IEEE Trans. Dependable Secur. Comput., 2010.

K. A. Rendle, C. M. Abramson, S. B. Garrett, M. C. Halley, and D. Dohan, “Beyond exploratory: A tailored framework for designing and assessing qualitative health research,” BMJ Open, 2019.

J. Winterton, “Business Research Methods,” Management Learning. 2008.

L. Yeomans, “Qualitative methods in business research,” Action Learn. Res. Pract., 2017.

L. Myyry, M. Siponen, S. Pahnila, T. Vartiainen, and A. Vance, “What levels of moral reasoning and values explain adherence to information security rules? An empirical study,” Eur. J. Inf. Syst., 2009.

M. Garrison, C.; Ncube, “A longitudinal analysis of data breaches,” Inf. Manag. Comput. Secur., vol. 19, no. 4, pp. 216–230, 2011.

K. F. Steinmetz, “Introduction: Technocrime at the Margins,” 2018 | Volume 6, Issue 2, Dec. 2018, doi: 10.21428/88de04a1.1d0b3f17.

J. Howell, G. W. Burruss, D. Maimon, and S. Sahani, “Website defacement and routine activities: considering the importance of hackers’ valuations of potential targets,” Journal of Crime and Justice, 2019. (accessed Mar. 21, 2021).

M. Abaido, “Cyberbullying on social media platforms among university students in the United Arab Emirates” 2019. International Journal of Adolescence and Youth, 25(1), 407-420.

Acarali, M. Rajarajan, N. Komninos, and B. B. Zarpelão, “Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks,” Security and Communication Networks, vol. 2019, pp. 1–13, Feb. 2019, doi: 10.1155/2019/3745619.

A. Moore, R. Trzeciak, and T. Shimeall, “Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition -Version 3.1 Dawn Cappelli,” 2009.



  • There are currently no refbacks.

Copyright (c) 2022 Institute of Advanced Engineering and Science

International Journal of Evaluation and Research in Education (IJERE)
p-ISSN: 2252-8822, e-ISSN: 2620-5440

View IJERE Stats

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.