Cybersecurity and Governance in Online Education: Addressing Policy Gaps in Protecting Students' Digital Identities
Abstract
The expansion of online education has introduced new forms of digital vulnerability, particularly in relation to student data privacy and cybersecurity. While educational technologies offer greater access and personalization, they also expose learners—especially minors and marginalized students—to data breaches, surveillance, and algorithmic exploitation. Existing policy frameworks such as FERPA, COPPA, and GDPR offer limited protection, failing to address cloud-based architectures, third-party vendors, and behavioral analytics embedded in digital learning environments. This study develops the Student-Centric Cybersecurity Governance Model (SCCGM)—a conceptual framework designed to prioritize student digital identity protection through integrated cybersecurity strategy and ethical governance. Using a qualitative documentary methodology, the study synthesizes literature and policy insights across four domains: systemic threat vectors, privacy and data governance ethics, national and institutional policy gaps, and cybersecurity best practices. Findings reveal a fragmented governance landscape in which regulatory inaction and underutilization of global frameworks leave students vulnerable to preventable cyber threats. The SCCGM offers a structured model to guide institutions, policymakers, and educators in developing transparent, rights-based, and future-ready cybersecurity protocols. As online learning becomes a core component of global education, this model serves as a roadmap for aligning digital transformation with student protection and educational equity.
Keywords
Digital Identity
Cybersecurity governance
Data Privacy
Online learning
Policy
References
Amine, A. M., Chakir, E. M., Issam, T., & Idrissi Khamlichi, Y. (2023). A review of cybersecurity management standards applied in higher education institutions. International Journal of Safety and Security Engineering, 13(6), 635–645. https://doi.org/10.18280/ijsse.130614 AP News. (2023, December 20). FTC proposes strengthening children's online privacy rules to address tracking, push notifications. Retrieved from https://apnews.com/article/352ba63293832ee930f0c137aac735de ASCD. (n.d.). The Challenge of Data Privacy. Retrieved from https://www.ascd.org/el/articles/the-challenge-of-data-privacy Bondoc, C. E., & Malawit, T. G. (2020). Cybersecurity for higher education institutions: Adopting regulatory framework. Global Journal of Engineering and Technology Advances, 2(3), 99–108. https://doi.org/10.30574/GJETA.2020.2.3.0013 Chantal, M., Shengnan, H., Viberg, O., & Cerratto-Pargman, T. (2023). Privacy as Contextual Integrity in Online Proctoring Systems in Higher Education: A Scoping Review. arXiv preprint arXiv:2310.18792. https://arxiv.org/abs/2310.18792 Crabb, J., Hundhausen, C., & Gebremedhin, A. H. (2024). A critical review of cybersecurity education in the United States. Proceedings of the ACM Technical Symposium on Computer Science Education, 1–9. https://doi.org/10.1145/3626252.3630757 EdTech Magazine. (2024, April). Data Governance Policies Are a Must for Schools. Retrieved from https://edtechmagazine.com/k12/article/2024/4/data-governance-in-schools- perfcon EdTech Magazine. (2024, November 15). Remote Desktops Pose Security Risks for Online Learners. https://edtechmagazine.com/higher/article/2024/11/remote-desktops-pose- security-risks-online-learners Fouad, N. S. (2021). Securing higher education against cyberthreats: From an institutional risk to a national policy challenge. Journal of Cyber Policy, 6(1), 30–47. https://doi.org/10.1080/23738871.2021.1973526 García-Gómez, S. (2022). Cyber security threats to educational institutes: A growing concern for the new era of cybersecurity. Preprints. https://doi.org/10.20944/preprints202211.0128.v1 Hajny, J., Ricci, S., Piesarskas, E., Levillain, O., Galletta, L., & De Nicola, R. (2021). Framework, tools and good practices for cybersecurity curricula. IEEE Access, 9, 98307–98319. https://doi.org/10.1109/ACCESS.2021.3093952 Johns Hopkins University. (2024, August 20). Unseen Dangers Lurking in Storing Student Data in the Cloud. https://ep.jhu.edu/news/cloudy-with-a-chance-of-breach-unseen- dangers-lurking-in-storing-student-data-in-the-cloud/ Kelso, E., Soneji, A., Rahaman, S., Soshitaishvili, Y., & Hasan, R. (2024). Trust, Because You Can't Verify: Privacy and Security Hurdles in Education Technology Acquisition Practices. arXiv preprint arXiv:2405.11712. https://arxiv.org/abs/2405.11712 Kumar, A., Mishra, K., Mahto, R. K., & Mishra, B. K. (2024). A framework for institution to enhancing cybersecurity in higher education: A review. LATIA Journal, 1(1), 10–23. https://doi.org/10.62486/latia202494 Kumar, G. E. P., Pandey, S. K., Varshney, N., Kumar, A., & Singh, K. U. (2023). Cybersecurity education: Understanding the knowledge gaps based on cybersecurity policy, challenge, and knowledge. Proceedings of the International Conference on Communication Systems and Network Technologies, 2023, 445–451. https://doi.org/10.1109/CSNT57126.2023.10134610 Langner, G., Furnell, S., Quirchmayr, G., & Skopik, F. (2023). A comprehensive design framework for multi-disciplinary cybersecurity education. In Foundations of Information Security Education (pp. 117–132). Springer. https://doi.org/10.1007/978- 3-031-38530-8_9 LevelBlue. (2024, September 5). Enhancing Cybersecurity in Online Learning. https://levelblue.com/blogs/security-essentials/tackling-the-unique-cybersecurity- challenges-of-online-learning-platforms Lewis, J. A., & Crumpler, W. (2019). The cybersecurity workforce gap. Center for Strategic and International Studies. https://scispace.com/papers/the-cybersecurity-workforce- gap-vjim7twfe4 Limnell, E., Salminen, M., Cullen, K., Latvanen, S., & Matilainen, T. (2023). Cybersecurity education in European higher education institutions. Proceedings of the International Conference on Higher Education Advances, 3(1), 125–138. https://doi.org/10.4995/head23.2023.16336 Malecki, A. (2018). Cybersecurity in the classroom: Bridging the gap between computer access and online safety. Education and Information Technologies, 23(4), 1731–1745. https://scispace.com/papers/cybersecurity-in-the-classroom-bridging-the-gap- between-2erfiqkiwr Mukherjee, M., Le, N., Chow, Y. W., & Susilo, W. (2024). Strategic approaches to cybersecurity learning: A study of educational models and outcomes. Information, 15(2), 117. https://doi.org/10.3390/info15020117 Mutimukwe, C., Twizeyimana, J. D., & Viberg, O. (2021). Students' Information Privacy Concerns in Learning Analytics: Towards a Model Development. arXiv preprint arXiv:2109.00068. https://arxiv.org/abs/2109.00068 MySanAntonio. (2025, February 8). Almost 800K Texans impacted by school software data breach. https://www.mysanantonio.com/business/article/powerschool-data-breach- 20153556.php NASBE. (n.d.). Ensuring Student Data Privacy through Better Governance. Retrieved from https://www.nasbe.org/ensuring-student-data-privacy-through-better-governance/ New America. (2024, December). Empowering Student Agency in the Digital Age: The Role of Privacy in EdTech. Retrieved from https://www.newamerica.org/education- policy/briefs/empowering-student-agency-in-the-digital-age-the-role-of-privacy-in- edtech/ Otoom, A., Atoum, I., Al-Harahsheh, H., Aljawarneh, M., Al Refai, M. N., & Baklizi, M. (2024). A collaborative cybersecurity framework for higher education. Information & Computer Security, Advance online publication. https://doi.org/10.1108/ICS-02-2024- 0048 Petersen, R., Santos, D., Smith, M. C., & Witte, G. A. (2020). Workforce framework for cybersecurity (NICE framework). NIST Special Publication 800-181 Revision 1. https://doi.org/10.6028/NIST.SP.800-181r1 Prey Project. (2024, March 15). School phishing: essential tips to win the battle. https://preyproject.com/blog/school-phishing-and-ransomware Salminen, M., Cullen, K., Latvanen, S., & Matilainen, T. (2023). Cybersecurity education in European higher education institutions. Proceedings of the International Conference on Higher Education Advances, 3(1), 125–138. https://doi.org/10.4995/head23.2023.16336 Sophos. (2024, July 11). The State of Ransomware in Education https://news.sophos.com/en-us/2024/07/11/the-state-of-ransomware-in-education- 2024/ Student Privacy Compass. (n.d.). Data Security: K-12 and Higher Education. https://studentprivacy.ed.gov/data-security-k-12-and-higher-education Sun, J. C. (2023). Gaps, guesswork, and ghosts lurking in technology integration: Laws and policies applicable to student privacy. British Journal of Educational Technology, 54(5), 1083–1100. https://doi.org/10.1111/bjet.13379 The 74. (2025, February 4). Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden. https://www.wired.com/story/meet-the-hired-guns-who-make-sure-school- cyberattacks-stay-hidden U.S. Department of Education. (2014, February). Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices. Retrieved from https://studentprivacy.ed.gov/sites/default/files/resource_document/file/Student%20Pr ivacy%20and%20Online%20Educational%20Services%20%28February%202014%2 9_0.pdf Virtru. (2021, March 15). Cybersecurity Risks in eLearning. https://www.virtru.com/blog/data- centric-security/education/elearning Watini, S., Davies, G., & Andersen, N. (2024). Cybersecurity in learning systems: Data
