The information revolution is affecting every aspect of society including education resulting in a concept known as digital learning or e-learning. One problem of digital learning environments and tools is the security and privacy of the learners. How to ensure the security and privacy of digital learners remains a major challenge leading to exposure among naive students. The objective of the study was to explore digital security and privacy culture among students and to propose a novel framework to enhance the security and privacy culture of students using a framework based on the competence learning theory. The Design Science Research (DSR) was adopted as a research paradigm with quantitative and qualitative data gathered from the implementation of the framework. 300 students from a college of education were purposively sampled for the study. A WhatsApp message was sent to the student requesting their confidential information under pretexting and impersonation to assess how security and privacy conscious they were. A framework was developed and implemented based on the theory of competence learning. The results showed high levels of vulnerabilities among students at 67.67% before the implementation of the framework in Round 1. This vulnerability reduced to 1.67% after the implementation of the framework in Round 2 and further reduced to 0% in Round 3. The paper concluded that the lack of security and privacy awareness of the students made them unconsciously incompetent (UI). Exposure to the vulnerability made them consciously incompetent (CI), whiles further rounds of exposures led them to be consciously competent (CC). further exposure will eventually result in unconsciously competent (UC) as students become resistant and or immune to security and privacy attacks. The implication of this study is that, as more students converge in the digital space, the need to build their immunity and resistance against cyber-attacks is critical to avoid exposures. Learning to be security conscious should be consistent and routine to ensure that students have renewed behavior changes to become resistant and immune to online attacks.

Article visualizations:

Albladi, S., M., and George R. S. Skinner. (2019). A Conceptual model to Predict Social Engineering Victims. IEEE 12th international conference on global security, safety and sustainability, ICGS3-2019.

Al-hamdani, W. (2018). Secure E-learning and Cryptography. Kentucky State University.

Bandura, A., Freeman, W. H., & Lightsey, R. (1999). Self-Efficacy: the exercise of control. Journal of cognitive psychotherapy, 13(2), 158-166. https://doi.org/10.1891/0889-8391.13.2.158.

Bratina, T., and Krasna, M., (2017). Students’ attitudes towards digital security. Faculty of Education, Koroska, Slovenia.

Chapman, A. (2019). The conscious competence model. https://www.businessballs.com/self.awareness/conscious-competence-learning-model.

Drew Harold (2018). The new lesson plan for elementary school: surviving the internet. Washington Post (April, 2021). https://www.washingtonpost.com/business/economy/the-newlesson-plan.

Giambrone, A., (2015). Can data improve education without compromising privacy? The Atlantic (June, 2015). Retrieved from https://www.theatlantic.com/education. (April, 2022).

Hussain Aldawood & Geoffrey Skinner (2019). An Academic Review of Current Industrial and Commercial Cyber Security Social Engineering Solutions, ICCSP 2019, January 19-21, 2019, Kuala Lumper, Malaysia DOI: https://doi.org/10.1145/3309074.3309083

Kongsvik, J., R. (2021). Using the competency matrix to support teacher change efficacy by boosting teacher efficacy when implementing new techniques from professional development workshops, PhD Thesis, retrieved from https://www.proquest.com/openview/c1b8c1ee8ab2d8d46854fa0f8a13ff9e/1?pq-origsite=gscholar&cbl=18750&diss=y

Kumar, M. Chaudhary, and N. Kumar (2015). Social engineering threats and awareness: a survey, European Journal of Advances in Engineering and Technology, vol.2, no.11, pp.15-19, 2015.

Lindsey Kalter and Erin Smith (2016). ACLU of Massachusetts. Encourage students to beef up student data privacy. Boston Herald. https://www.govtech.com/education/k-12/ACLU

Manthey, D., and Fitch, M. (2012). Stages of the competence for medical procedures. Clinical Teacher, 9(5).317-319. https://doi.org/10.1111/j.1743-498x.2012.00561.x

Mellissa Mazmanian and Simone Lannette (2017). An ethnography of parenting in the digital age. In Proceedings of the 2017 ACM Conference on computer-supported cooperative work on social computing (CSCW’17). ACM, New York, USA. https://doi.org/10.11145/2998181.2998218.

Miguel, J., Cabale, S., Xhafa, F., and Prieto, J. (2014). Security in online learning assessment towards an effective trustworthiness approach to support e-learning teams. In advanced information networking and applications (AINA), 2014 IEEE28TH Conference on (PP.123-130).

Natasha Singer (2017). How Google took over the classroom. The New York Times (May, 2022). Retrieved from https://nytimes.com/2017/05/13/technology/googl-educate-chromebooks-schools.html.

Saidu, A., Mohammed, A., C., Mohammed, M. (2018). E-learning security challenges, implementation and improvement in developing countries: A review, Retrieved from https://www.iiste.org/Journals/index.php/IKM/article/view/40633

Sonnenberg, C. and vom Brocke, J. (2014). Evaluations in the science of the artificial -reconsidering the build-evaluate pattern in design science research. Proc. of DESRIST 2012, Las Vegas, NV, pp. 381-397

Venable, J., Pries-Heje, J., and Baskerville, R. (2016). FEDS: A Framework for Evaluation in Design Science Research. European Journal of Information Systems 25(1): 77-89.