Categories
Internet

Information Security awareness of graduate students using information system

Abstract

The goal of this paper is to show how graduate students level of awareness using information systems and where does information security lies. This research proposal is intent on showing an understanding of course objectives in computer information systems, and understanding of security awareness. Graduate students are taught how to use information systems, but not taught how to successfully navigate through the internet framework without the risks of data intrusion, virus, or identity theft.

This research proposal proposes an approach which systematically introduces methodologies in order to accurately assess the level of awareness of information security in the use of Information Systems from graduate students. The benefit of this approach is to create an understanding of Graduate students’ usage of information systems, their awareness of information security, and what types of programs or training is needed to raise awareness of Information Security. The research can be used in universities nation-wide to enable them to access the proper training, programs, and protocols for information security awareness on all education levels.

Information Security awareness of graduate students using the information system

Introduction

Universities are sources of relevant information by the very nature of business they conduct. Thousands of students, undergraduate and graduate, and countless members of their staff utilize the university network for significant personal information for the institution, and for employment purposes within and outside the university. Universities have the responsibility to secure their information, among the unique need to provide systems with open access to for use by staff, students, visitors, and other personnel. While research and policies points at the need for open access for intellectual freedom, the need to ensure information security cannot be compromised.

In this research proposal, we will try to take a deep look at the information security level of awareness within Graduate students’ use of information systems. Using the aid of the knowledge of the concepts of information security as well as published literature, past research, and case studies on the levels of information system usages among graduate students. This research proposal will come to the conclusion that substantial challenges exposed by other studies of both universities and the corporate institutions policies, organization culture, user awareness, staffing, and management support are challenges that universities must address in order to protect the users. The findings of this research proposal contribute to the existing research and literature on information security implementation and management, as well as the fundamental levels of awareness in the higher education sector.

Research Problem

To understand the importance of information security awareness the concept of Information Technology must first be defined. “Information technology systems have increasingly become beneficial for various organizations. Information technology systems are used in a variety of ways including data processing, storage, and transmission.”(Mahabi, 2010) Information technology covers the area of managing technology and expands to other areas that include computer software, information systems, computer hardware, programming languages but are not limited to things such as processes, and data constructs.(Igosun, n.d)  To summarize, information technology” is anything that renders data, information or perceived knowledge in any visual format whatsoever, via any multimedia distribution mechanism, is considered part of the Information Technology (IT) domain” (Igosun, n.d). Computer security is utilized to prevent or detect unauthorized actions by users of the system. The protection of data (information security) is the most important. The protection of networks is necessary to prevent loss of server resources as well as to protect the network from being used for illegal purposes.

In today’s society information is readily available for access from any location. People is used to being able to access data at anytime and anywhere through the usage of a wide range of computer devices. However, as information is readily accessible, security will continue to be compromised, and resources will be hindered from in terms of security and control of which computers to permit access.

Information security has the tasks of involving the safeguarding of resources for computing technology, responsibility of ensuring that data is secure and confidential, and limit access to prevent unauthorized users. When information security is effectively implemented within information systems, it involves taking physical security measures to ensure hardware and data are not stolen through physical and virtual prevention. Ability to minimize the risks for error, due to outages, or other implications that result in data loss, by providing a backup strategy.

Research Objectives

The research objective of this research proposal is to know the level of awareness and utilization of Graduate students in terms information systems and awareness of information security that covers computer viruses, unauthorized access, and hardware failure and theft. As the Internet expands, and graduate students continue to access computer networks, there will continually be a need for new improvements to security protocols in order to reduce potential threats and challenges characteristic from these new technologies and software applications and other network devices.

Graduate students’ level of awareness about information security measures are used a big aid in helping to acquire the correct knowledge about protecting their identity, research, and technology. When Graduate students acquire knowledge on how to navigate on the internet from their obtained knowledge of information security, they are able to successfully prevent measures that will inhibit their computer systems. Due to the evolution of technology and computer, this proposal want to implement the importance of knowing information security so that graduate students are better capable of handling data and other computer problems in the future.

This study was anchored on the by using the concept of Dynamic Awareness theory (DAT) that offers the alternative explanation of trying to create awareness within the distributed work groups. Dynamic Awareness Theory brings attention to the pivotal role of the end users, and the social norms practiced in the awareness creation. The DAT theory further explains that to the dynamic nature of awareness creation: as the awareness increases over time and decreases when end users are not actively attentive of the creation. The person’s awareness is not a static state which can be arbitrarily turned on and off. It is rather a slow build-up of information about his surroundings (Kai Riemer, Russel Haines, 2008). This theory of awareness is use to Conceptualize each individual of their daily awareness about what happen in their community because awareness requires active maintenance because it diminishes over time.

Literature Review

In, Tshou’s et. Al Analyzing Information Security Awareness through Networks of Association, the group researches the different approaches to raising awareness of information security. They approach the topic but first defining what information systems are and their reliance to the organization, for collecting and processing information.(Tshou, et.al, 2010) With the continuance of the increasing flow of information through computer networks has increased the necessary needs for security measures to be implemented in organizations. The level of awareness is a priority that must be properly executed within organizations. In the race of between protecting information systems and information security, “humans and their interactions with information and communication technologies play a fundamental role and is frequently regarded as the weakest link of security.”(Tshou, et.al, 2010) The different approaches to communicate security messages are categorized by promotional, informational, and enforcing. It proposes the framework for understanding and analyzing the implementation of security awareness activities.

Studies from other universities have been conducted in order to access security awareness in Information Systems when dealing with the perspective of the end-user, (students and faculty). In, Information Security Awareness: System Administrators and End-users Perspectives at Florida State, Mahabi, conducts a two part research study that studies the technical, and non-technical approaches of analyzing the level of awareness within the university. “Specifically focusing on system administrator and user perception of information security practices and user awareness.” (Mahabi, 2010) She collected her research by a detailed survey and interviews, research documents, policies, and other methods. This part of the research concluded that the system administrators were more than aware of information security for information systems. However when conducting the second part, when evaluating end users. The level of awareness was significantly lower. Her study is used in aiding the proposal due to its results on the understanding of problems that hinder the approaches to information security awareness. (Mahabi, 2010)

Scholarly use of information: graduate students’ information seeking behavior, Carole George, et.al, researches the questions of graduate students’ information behavior related to their process of inquiry and scholarly activities. When using this literature knowing Graduate students typical internet behavior is essential when defining what Information Systems they rely on the most. “Graduate students help to shape their research activities, and university library personnel provide guidance in finding resources. The Internet plays a vital role, although students continue to use print resources. Convenience, lack of sophistication in finding and using resources and course requirements affect their information behavior. Findings vary across disciplines and between programs” (George, et.al, 2006) their methods include research, interviews, and surveys. In knowing what influences, and where do they typical research more security awareness needs to know in order to avoid potential security risks.

A comparative study of information security and ethics awareness in diverse university environments.is another piece of research literature that tackles the academia world in accessing the importance of information security within the university. The research iterates “people involved in management information systems face several challenges, especially when it comes to securing their information systems.” (North, 2010) It is clearly made evident in academic institutions. When the university provides the resources of computer technology to students, there is the belief that the students are aware of the information security risks. “There is a common belief that students who attend technology universities have more awareness of security and ethics than those who do not. “(North, 2010) This study was conducted in order to accurately compare the levels of information security and ethics awareness of students in diverse university environments. Using data collecting from surveys by to different universities. The results of this research showed that the technology driven college were aware than the Liberal centric university.  Based on the study’s analysis they also made several recommendations help increase the awareness of computer security and ethics in different university environments.

Research Questions

In order to get an accurate assessment of Graduate awareness a series of questions in the research study needs to be asked and adequately answered for correct results. The variables of this study will be the independent variables of the levels of awareness from, information security programs, courses, prior knowledge, or training. The dependent variable remains to be the graduate student’s level of awareness and utilization of information security measures for Information systems that consist of the possible risks of viruses, unauthorized access, hardware failure, and theft.  The levels of awareness and security risks depends on the experiences Graduate students encountered in their information system usage, in which it is the basis of the reasons for the awareness of the students. The following are short-list of research questions be asked in order to get a qualitative measurement of awareness levels.

  1. What is the level of awareness of the students about computer security measures against the following threats?
  2. Virus
  3. Unauthorized access
  4. Hardware failure
  5. What is the level of utilization of the students on computer security measures?
  6. Are the students able to tell if their computer has been hacked?
  7. If a problem where to occur does the student know who to contact within the university?
  8. What is the most practiced computer security measure by the student?
  9. opening online documents
  10. opening emails; attached documents
  11. going on unrecognizable websites; other countries
  12. scanning computer for viruses
  13. What is the least practiced computer security measure by the respondents?
  14. Is there a significant difference between the level of awareness and utilization of the computer security measures by the respondents?
  15. Did the respondents have prior knowledge of Information Security procedures?
  16. courses
  17. programs
  18. prior knowledge from other sources; including internet, IT book, or word of mouth.

The most common computer security measures used throughout organizations and colleges are anti-virus, firewall, and other spyware detection and prevention methods.

Research Method

For this research proposal,  the research methods will be used are a qualitative approach to surveying graduate students, and security personnel in order to conduct  this type of research in order to obtain certain information about the computer security measures. The researchers will use a descriptive assessment method in order to meet the objective of the study. Which is to gather the data in order to be collected and analyzed for proper conclusions.

Research Design

For the research to be properly measure to determine the graduate students’ level of information security awareness and their utilization of computer security on information systems, the descriptive assessment method of research is used. This is used by the researches because the objective of this study is to determine the level of awareness and utilization within the Graduate students without affecting them in any way. Descriptive research design exhibits specific subject and as a precursor to more quantitative studies. The actual questionnaire will be conducted throughout both school semesters, in order or to obtain in any increases in knowledge of security measures. The procedure used is carefully, analyzed in order to obtain accurate information.

Research Environment

The researchers conducted a research within the school’s technology department. The

Respondents of the study will be the graduate student and also have the security personnel, and system administrations as participants of the study.

Research Instruments

For this proposal, the research will utilize a questionnaire as the research instrument. It is the most common instrument or tool of research for obtaining data beyond the physical reach of the observer. The questionnaire will evaluate the level of awareness of Graduate students towards computer security measures in terms of potential security risks. In the second half of the questionnaire, it will try to analyze the level of utilization of all Graduate Students, behavior, and types of Information systems, towards computer security measures.

Data Gathering Procedures for the research, the gathering data procedure, will include the results from the questionnaires, interviews, and data analyzes from potential evaluation of information systems. The results gathered throughout this research hope to find the level of awareness that is needed in order to know the correct protocol to be implemented in information security, to protect graduate students, and others of the university against any potential threat to their computing activities. This research will aid others on exploring a deeper analysis of the topic at hand.

References

Bogart, Kelley. Information Security Awareness: How to Get Users Asking for More.(n.d) Shaping the Future of IT. Retrieved from http://iasec.eller.arizona.edu/docs/whitepepers/IS_awareness.pdf

Delone, William, McLean, Ephraim. Information Systems Success: The Quest for the Dependent Variable. (1992).Retrieved from http://infosys.highwire.org/content/3/1/60.short

 Firewalls and Internet Security – The Internet Protocol (n.d.). Retrieved from http://www.cisco.com/web/about/ac123/ac147/ac174/ac200/about_cisco_ipj_archive_a

George, Carole, et.al. (2006). Scholarly use of information: graduate students’ information seeking behavior. Carnegie Mellon University. Retrieved from http://informationr.net/ir/11-4/paper272.html

Hentea, Marian. A Perspective on Achieving Information Security Awareness. Issues in Informing Science and Information Technology. (2005). Southwestern Oklahoma State University, Retrieved from http://proceedings.informingscience.org/InSITE2005/I14f89Hent.pdf.

Mahabi, Victoria. Information Security Awareness: System Administrators and End-users Perspectives at Florida State, (2010). Florida State University. Retrieved from http://diginole.lib.fsu.edu/cgi/viewcontent.cgi?article=3412&context=etd

North, Max, et.al. A comparative study of information security and ethics awareness in diverse university environments. (2010) Journal of Computing Sciences. Retrieved from http://dl.acm.org/citation.cfm?id=1747178

Rosenthal, Dr. Paul  Does IS Education Address Enterprise IT User Concerns? The Business Forum.(n,d) retrieved from http://www.bizforum.org/whitepapers/calstatela-6.htm

Simon, Judith, et.al. Increasing Information Security Awareness in Non-security Courses: A Virtual Team Approach. (2010) University of Memphis. Retrieved from http://www.cisse.info/archives/category/14-papers?download=154:0615-2010

Security awareness Survey. (n.d) San.edu. Retrieved from http://www.sans.edu/student-files/projects/SecurityAwarenessSurveyPub.pdf

Taylor, Shirley, Todd, Peter A.Understanding Information Technology Usage: A Test of Competing Models. (1995) Information Systems Research. Retrieved from http://isr.journal.informs.org/content/6/2/144.short

The Need for Information Security Awareness Training Is Growing. (n.d) Information Security Awareness Training: Villanova University. Retrieved from http://www.villanovau.com/information-security-awareness-training/

Tshou, Aggleki, et.al. Analyzing Information Security Awareness through Networks of Association. (2010). Trust, Privacy and Security in Digital Business Lecture Notes in Computer Science. Retrieved from http://link.springer.com/chapter/10.1007%2F978-3-642-15152-1_20

Users and Practices. (n.d) Sans.edu. Retrieved from http://www.cs.uwp.edu/Classes/Cs490/project/UserSecurityAwareness.ppt

Welcome To Igosun World Of Technology. (n.d.). Igosun. Retrieved from http://www.igosun.net/