IIARD International Institute of Academic Research and Development

INTERNATIONAL JOURNAL OF SOCIAL SCIENCES AND MANAGEMENT RESEARCH (IJSSMR )

E-ISSN 2545-5303
P-ISSN 2695-2203
VOL. 11 NO. 4 2025
DOI: 10.56201/ijssmr.vol.11no4.2025.pg499.515

---

Cybersecurity and Governance in Online Education: Addressing Policy Gaps in Protecting Students' Digital Identities

Chukwudum Collins Umoke, Sunday Odo Nwangbo, Oroke Abel Onwe, Kennedy Ololo

---

Abstract

The expansion of online education has introduced new forms of digital vulnerability, particularly in relation to student data privacy and cybersecurity. While educational technologies offer greater access and personalization, they also expose learners—especially minors and marginalized students—to data breaches, surveillance, and algorithmic exploitation. Existing policy frameworks such as FERPA, COPPA, and GDPR offer limited protection, failing to address cloud-based architectures, third-party vendors, and behavioral analytics embedded in digital learning environments. This study develops the Student-Centric Cybersecurity Governance Model (SCCGM)—a conceptual framework designed to prioritize student digital identity protection through integrated cybersecurity strategy and ethical governance. Using a qualitative documentary methodology, the study synthesizes literature and policy insights across four domains: systemic threat vectors, privacy and data governance ethics, national and institutional policy gaps, and cybersecurity best practices. Findings reveal a fragmented governance landscape in which regulatory inaction and underutilization of global frameworks leave students vulnerable to preventable cyber threats. The SCCGM offers a structured model to guide institutions, policymakers, and educators in developing transparent, rights-based, and future-ready cybersecurity protocols. As online learning becomes a core component of global education, this model serves as a roadmap for aligning digital transformation with student protection and educational equity.

keywords:

Digital Identity, Cybersecurity governance, Data Privacy, Online learning, Policy

---

References:

Amine, A. M., Chakir, E. M., Issam, T., & Idrissi Khamlichi, Y. (2023). A review of
cybersecurity management standards applied in higher education institutions.
International Journal of Safety and Security Engineering, 13(6), 635–645.
https://doi.org/10.18280/ijsse.130614
AP News. (2023, December 20). FTC proposes strengthening children's online privacy rules
to
address
tracking,
push
notifications.
Retrieved
from
https://apnews.com/article/352ba63293832ee930f0c137aac735de
ASCD.
(n.d.).
The
Challenge
of
Data
Privacy.
Retrieved
from
https://www.ascd.org/el/articles/the-challenge-of-data-privacy
Bondoc, C. E., & Malawit, T. G. (2020). Cybersecurity for higher education institutions:
Adopting regulatory framework. Global Journal of Engineering and Technology
Advances, 2(3), 99–108. https://doi.org/10.30574/GJETA.2020.2.3.0013
Chantal, M., Shengnan, H., Viberg, O., & Cerratto-Pargman, T. (2023). Privacy as Contextual
Integrity in Online Proctoring Systems in Higher Education: A Scoping Review. arXiv
preprint arXiv:2310.18792. https://arxiv.org/abs/2310.18792
Crabb, J., Hundhausen, C., & Gebremedhin, A. H. (2024). A critical review of cybersecurity
education in the United States. Proceedings of the ACM Technical Symposium on
Computer Science Education, 1–9. https://doi.org/10.1145/3626252.3630757
EdTech Magazine. (2024, April). Data Governance Policies Are a Must for Schools. Retrieved
from
https://edtechmagazine.com/k12/article/2024/4/data-governance-in-schools-
perfcon
EdTech Magazine. (2024, November 15). Remote Desktops Pose Security Risks for Online
Learners. https://edtechmagazine.com/higher/article/2024/11/remote-desktops-pose-
security-risks-online-learners
Fouad, N. S. (2021). Securing higher education against cyberthreats: From an institutional risk
to a national policy challenge. Journal of Cyber Policy, 6(1), 30–47.
https://doi.org/10.1080/23738871.2021.1973526
García-Gómez, S. (2022). Cyber security threats to educational institutes: A growing concern
for
the
new
era
of
cybersecurity.
Preprints.
https://doi.org/10.20944/preprints202211.0128.v1
Hajny, J., Ricci, S., Piesarskas, E., Levillain, O., Galletta, L., & De Nicola, R. (2021).
Framework, tools and good practices for cybersecurity curricula. IEEE Access, 9,
98307–98319. https://doi.org/10.1109/ACCESS.2021.3093952
Johns Hopkins University. (2024, August 20). Unseen Dangers Lurking in Storing Student
Data in the Cloud. https://ep.jhu.edu/news/cloudy-with-a-chance-of-breach-unseen-
dangers-lurking-in-storing-student-data-in-the-cloud/
Kelso, E., Soneji, A., Rahaman, S., Soshitaishvili, Y., & Hasan, R. (2024). Trust, Because You
Can't Verify: Privacy and Security Hurdles in Education Technology Acquisition
Practices. arXiv preprint arXiv:2405.11712. https://arxiv.org/abs/2405.11712
Kumar, A., Mishra, K., Mahto, R. K., & Mishra, B. K. (2024). A framework for institution to
enhancing cybersecurity in higher education: A review. LATIA Journal, 1(1), 10–23.
https://doi.org/10.62486/latia202494
Kumar, G. E. P., Pandey, S. K., Varshney, N., Kumar, A., & Singh, K. U. (2023). Cybersecurity
education: Understanding the knowledge gaps based on cybersecurity policy,
challenge, and knowledge. Proceedings of the International Conference on
Communication
Systems
and
Network
Technologies,
2023,
445–451.
https://doi.org/10.1109/CSNT57126.2023.10134610
Langner, G., Furnell, S., Quirchmayr, G., & Skopik, F. (2023). A comprehensive design
framework for multi-disciplinary cybersecurity education. In Foundations of
Information Security Education (pp. 117–132). Springer. https://doi.org/10.1007/978-
3-031-38530-8_9
LevelBlue. (2024, September 5). Enhancing Cybersecurity in Online Learning.
https://levelblue.com/blogs/security-essentials/tackling-the-unique-cybersecurity-
challenges-of-online-learning-platforms
Lewis, J. A., & Crumpler, W. (2019). The cybersecurity workforce gap. Center for Strategic
and International Studies. https://scispace.com/papers/the-cybersecurity-workforce-
gap-vjim7twfe4
Limnell, E., Salminen, M., Cullen, K., Latvanen, S., & Matilainen, T. (2023). Cybersecurity
education in European higher education institutions. Proceedings of the International
Conference
on
Higher
Education
Advances,
3(1),
125–138.
https://doi.org/10.4995/head23.2023.16336
Malecki, A. (2018). Cybersecurity in the classroom: Bridging the gap between computer access
and online safety. Education and Information Technologies, 23(4), 1731–1745.
https://scispace.com/papers/cybersecurity-in-the-classroom-bridging-the-gap-
between-2erfiqkiwr
Mukherjee, M., Le, N., Chow, Y. W., & Susilo, W. (2024). Strategic approaches to
cybersecurity learning: A study of educational models and outcomes. Information,
15(2), 117. https://doi.org/10.3390/info15020117
Mutimukwe, C., Twizeyimana, J. D., & Viberg, O. (2021). Students' Information Privacy
Concerns in Learning Analytics: Towards a Model Development. arXiv preprint
arXiv:2109.00068. https://arxiv.org/abs/2109.00068
MySanAntonio. (2025, February 8). Almost 800K Texans impacted by school software data
breach.
https://www.mysanantonio.com/business/article/powerschool-data-breach-
20153556.php
NASBE. (n.d.). Ensuring Student Data Privacy through Better Governance. Retrieved from
https://www.nasbe.org/ensuring-student-data-privacy-through-better-governance/
New America. (2024, December). Empowering Student Agency in the Digital Age: The Role
of Privacy in EdTech. Retrieved from https://www.newamerica.org/education-
policy/briefs/empowering-student-agency-in-the-digital-age-the-role-of-privacy-in-
edtech/
Otoom, A., Atoum, I., Al-Harahsheh, H., Aljawarneh, M., Al Refai, M. N., & Baklizi, M.
(2024). A collaborative cybersecurity framework for higher education. Information &
Computer Security, Advance online publication. https://doi.org/10.1108/ICS-02-2024-
0048
Petersen, R., Santos, D., Smith, M. C., & Witte, G. A. (2020). Workforce framework for
cybersecurity (NICE framework). NIST Special Publication 800-181 Revision 1.
https://doi.org/10.6028/NIST.SP.800-181r1
Prey Project. (2024, March 15). School phishing: essential tips to win the battle.
https://preyproject.com/blog/school-phishing-and-ransomware
Salminen, M., Cullen, K., Latvanen, S., & Matilainen, T. (2023). Cybersecurity education in
European higher education institutions. Proceedings of the International Conference
on
Higher
Education
Advances,
3(1),
125–138.
https://doi.org/10.4995/head23.2023.16336
Sophos.
(2024,
July
11).
The
State
of
Ransomware
in
Education
https://news.sophos.com/en-us/2024/07/11/the-state-of-ransomware-in-education-
2024/
Student Privacy Compass. (n.d.). Data Security: K-12 and Higher Education.
https://studentprivacy.ed.gov/data-security-k-12-and-higher-education
Sun, J. C. (2023). Gaps, guesswork, and ghosts lurking in technology integration: Laws and
policies applicable to student privacy. British Journal of Educational Technology,
54(5), 1083–1100. https://doi.org/10.1111/bjet.13379
The 74. (2025, February 4). Meet the Hired Guns Who Make Sure School Cyberattacks Stay
Hidden.
https://www.wired.com/story/meet-the-hired-guns-who-make-sure-school-
cyberattacks-stay-hidden
U.S. Department of Education. (2014, February). Protecting Student Privacy While Using
Online Educational Services: Requirements and Best Practices. Retrieved from
https://studentprivacy.ed.gov/sites/default/files/resource_document/file/Student%20Pr
ivacy%20and%20Online%20Educational%20Services%20%28February%202014%2
9_0.pdf
Virtru. (2021, March 15). Cybersecurity Risks in eLearning. https://www.virtru.com/blog/data-
centric-security/education/elearning
Watini, S., Davies, G., & Andersen, N. (2024). Cybersecurity in learning systems: Data

DOWNLOAD PDF

---

Back