Information Security Awareness in Higher Education Institutes: A Work in Progress (original) (raw)
Related papers
2011
As the 21st century approached, the current trend of technology product besides deliver the benefit on availability and accessibility on information, problem emerged regard information security. In order to analyze on how technology introduces new risks, it is necessary to discuss the technology lifecycle. Consider for instance the life cycle of technology as the diffusion of an innovation. Since technological innovations or IT solutions are being adopted to support business processes, the need to protect those IT solutions arises with its adoption. Accordingly, two important factors need much consideration in raising awareness are how organization influences significantly of end user's attitude and how the organization has the regular assessment or evaluation to measure the effectiveness of IS awareness policy inside the organization.
Journal of Innovation and Business Best Practice
The purpose of this study is to evaluate the levels of knowledge, attitude, and behavior of the end-user regarding Information Systems Security Awareness (ISSA) in higher education, specifically Kuwait University (KU), and to identify the areas which require attention. Factors such as knowledge, attitude and behavior affecting human awareness were identified and the Value-Focus-Thinking was used to identify Information Systems Security (ISS) focus-areas. The six ISS Focus-Areas were obtained such as commitment to ISS policy; effective use of passwords; safe usage of Internet and e-mail; being aware of ISS threats; backing up the important files; and required updates for operating system and antivirus programs. Furthermore, a questionnaire was designed based on the human awareness factors and the ISS focus-areas. The research population included the end-users of KU colleges. The study presents useful results for decision-makers in the field of ISS, to identify recent findings regarding the level of ISSA among end-users, and in order to develop better strategies to implement the required solutions such as training programs. In addition to the organizations, this study through concentrating on ISSA may assist individuals to protect their personal data privacy during their use of computers. The study recommends few relevant actions to improve the long term levels of knowledge, attitude and behavior, with the priority for improving attitude due to its identified poor level. Regarding the KU colleges, the study recommends giving priority to improvements to the seven colleges that had poor levels of ISSA.
Information Security Awareness of Greek Higher Education Students -Preliminary Findings
7th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2018
University students are tomorrow's executives that are expected to progress our world forward. Good Information Security Awareness (ISA) and computer ethics education are crucial for a better future world. In this article a quantitative survey with the use of questionnaires is presented, which was conducted in order to measure a combination of the respondents' knowledge and behavior as regards their ISA. Factors such as the gender, the educational level, and the study program are examined. This study is limited to IT-students of a Greek university. The results of our research have shown that educational level plays a role in ISA and computer ethics, but awareness on many aspects needs to be improved.
Computer Security Behavior and Awareness: An Empirical Case Study
International Journal on Perceptive and Cognitive Computing, 2019
The purpose of this study is to investigate the student’s behavior towards information security and test critical factors that are affecting its awareness, which was carried out among the undergraduate students of An-Najah National University, Palestine. Previous studies have shown that end-users present the weakest link in the security chain. The attacks on computer systems are continuously becoming serious problems which raise the interest among researchers. In achieving the goal of this study, surveys of 80 university students' data were collected and analyzed using SPSS to examine the theoretical model. It is hoped that the outcome of this study will contribute in developing a proper understanding of the factors influencing the behavior of university students towards information security behavior. Additionally, it is anticipated that the findings of this study to lead to more awareness programs that can be used to promote privacy and security protection behaviors of informat...
Information Security Awareness on Data Privacy in Higher Education
Proceedings of the 5th UPI International Conference on Technical and Vocational Education and Training (ICTVET 2018), 2019
There is always a negative aspect of a technology utilization. Security issues become a serious problem in information technology. The development of information technology makes access to data privacy is very important to note. The purpose of this study is to analyze and measure students understanding of the importance of understanding the privacy policy on public services. The method used in this research is survey method. The survey is done by collecting data of student survey result. This study was conducted face-to-face with the respondents and online. The results of this study indicate that 78% of students who are the majority of respondents realize the importance of private security in public services. Respondents are also aware of the risks that can occur if a violation of the privacy policies of others. Yet 65% of respondents feel unconcerned about their private security. Why? because respondents do not know how to maintain their privacy data and tools that can use which can make the data safe.
Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures
Procedia Computer Science, 2015
Information security awareness (ISA) is referred to as a state of consciousness where user ideally committed to the rules, recognize the potentiality, understand the importance of responsibilities and act accordingly. Despite the number of case occurred in information security breaches, especially at knowledge-based institution result from the reluctance of user's failure to comply with security guidelines, such effective measure should take place to anticipate the negative effect. Therefore, more attention is required to understand the roles of individual, institutional and environmental antecedent for optimization in raising the information security awareness. This paper elucidated the roles of its antecedent and measure in influencing ISA of user using survey method that contributes for better understanding by analyzing user perception. From the result, this study identified several important factor impacts to the awareness and its relationship to other factor such as religious indicator can influence peer performance but also social pressure. Thus higher education can focus the policy for encouraging them to have proper response from student and staff in avoiding security incident.
The Level of Information Security Awareness among Academic Staff in IHL
Journal of Telecommunication, Electronic and Computer Engineering, 2018
IS security awareness plays a significant role in the process of the overall information security of any organisation. Based on an empirical study of 368 academic staff in three institutions of higher learning (IHL), we found that the level of information security awareness can be considered good, but it can certainly be improved further. Employees need further training in this area mainly at institutions which only recently received the ISO/IEC 27001:2013 certification. Our sample seems to suggest that demographics such as the age of the respondents contributed to their information security risk tolerance and adherence behaviour.
IJERT-A Conceptual Model To Understand Information Security Awareness
International Journal of Engineering Research and Technology (IJERT), 2014
https://www.ijert.org/a-conceptual-model-to-understand-information-security-awareness https://www.ijert.org/research/a-conceptual-model-to-understand-information-security-awareness-IJERTV3IS080428.pdf Information technology plays an important role in everyday lives and it affects the status of information security. Commonly used meaning for information security in literature is the preservation of confidentiality, integrity and availability. The main aim of the research is to examine the information security awareness and influence information security culture through awareness before applying to any organization. Information security awareness provides some kind of safeguard for our information from outside attack. Most of the security incidents are occurred due to the negligence and unawareness of the users. It is important for all employees in society to keep the awareness of information security at higher level. Generally few users with poor awareness and many users with rich awareness of information security in society exist. End-users attitude and the evaluation of information security policy are the two important factors in raising information security awareness. The success of project management within organization requires security awareness. This paper proposes an information security awareness model (ISAM) which analyzes and identifies the most common events related to information security awareness and categorizes these events as low-level, mid-level, and high-level.
2016
As a result of the developments experienced in information technology, many such services as bill payment, shopping, e-government transactions, access to libraries and information sources, finding the routes to go are possible to find in virtual worlds. Transferring all these businesses and operations to the IT environments comes along with the security problems. Because the threats, which come to the information shared in these environments, increse rapidly and show great diversifications, the importance of works to be done on the security of information is increasing with each passing day. Today, especially those information and communication devices having internet access are used extensively by individuals. Every day, many new threats, with which the individuals encounter while they are using these devices, and new measures to be taken against these threats can be added to the present ones. This situation requires users to keep up to date constantly their information on this sub...
SECURING USER EXPERIENCE: A SURVEY ON INFORMATION SECURITYCONTROLS IN A HIGHER EDUCATION INSTITUTION
IAEME PUBLICATION, 2024
Information security in education is more important than ever in a digital world. As educational institutions use technology to improve learning, protecting sensitive data is crucial. Over time, information security has become a socio-technical issue, incorporating both technology and human elements. It is also widely believed that insiders with privileged access to the organization’s systems and data are the key information security concern. For instance, bring your own device, which offers users access to the internal network and sensitive data, benefits enterprisesbut also increases security threats. End users are the most vulnerable aspect of information security, but some researchers believe they are the most important asset in protecting enterprises. As “the first line of defense”, end users must be vigilant and skilled to secure organizations. Thus, organizations must include human factors in security. Despite various security technology studies, end-user factors have been little studied. Therefore, this research evaluates information security controls used by end-users, notably students in an educational setting. A Likert scale-based questionnaire was given to 378 university students as primary data collection. Validated scales and study objectivesrelated items based on the Center of Internet Security (CIS) Controls, which comprise basic security procedures for hygiene and cyber attack protection, were included in a structured survey questionnaire. Overall, the mean score indicates modest information security control maturity, with several areas having strong procedures but others needing improvement to enhance security. This study, like others, has limitations; for instance, the university’s current network infrastructure and security operations organizational setup were not included because of therisk of external and internal attacks. Disclosing this information could compromise the network infrastructure and other critical servers. Furthermore, the generalizability of this study’s findings may be limited to specific organizational contexts, as various qualities, corporate culture, and technology frameworks might have varying impacts on information security controls. Hence, it is imperative for future research to address these constraints by undertaking cross-industry investigations, integrating additional information security measures, employing a longitudinal study framework, and evaluating controls in the face of increasing cybersecurity risks.