Purpose: This study aimed to diagnose the current cybersecurity posture of Yemeni universities, assess their readiness to adopt a comprehensive enhancement model, and develop a context-sensitive integrative framework supported by a practical web application.
Methodology: The study employed a descriptive-analytical quantitative design. Data were collected using a structured questionnaire from 93 individuals, including faculty members, administrative staff, and advanced cybersecurity students across five universities in Sana’a. The instrument measured four main dimensions: Technical Practices, Governance and Policies, Awareness and Capacity Building, and Model Adoption Readiness. Statistical analysis included descriptive statistics, Pearson correlation, and Two-way ANOVA using SPSS.
Findings: Results indicated a moderate implementation of basic technical controls, coupled with significant deficiencies in proactive measures (e.g., business continuity, penetration testing). Governance maturity was found to be low, characterized by constrained budgets and weak stakeholder engagement. Crucially, the dimension of Awareness and Capacity Building emerged as the strongest predictor of readiness for model adoption (r = 0.85, p < 0.01). Academic qualification, specifically a PhD, showed a positive and significant influence on readiness scores, while years of service had no notable effect.
Practical Implications and Value: The study proposes an empirically-grounded Cybersecurity Enhancement Model (CEM) comprising five integrated domains: Inclusive Governance, Technical Controls, Human-Centered Capacity Building, Risk Communication, and Continuous Improvement. A functional web application (CEM App) built with Python’s Flask framework is detailed to automate assessment, planning, and monitoring, providing an actionable tool for institutional implementation. This research represents a qualitative addition by offering a socio-technical framework specifically tailored for resource-constrained and conflict-affected higher education environments, bridging the gap between theory and practice.
Keywords: Cybersecurity, Higher Education, Integrative Framework, Institutional Readiness, Governance, Capacity Building, Yemen
