Information Security Awareness Status of Business College: Undergraduate Students

Abstract Because end users are often the weakest link in a security chain, students need to practice security controls properly to improve information security on campus. This study surveyed undergraduate students in a business college to investigate their understanding and attitudes toward information security. Survey findings show that college students understand most information security topics suggested by National Institute of Standards and Technology (NIST) Special Report 800-50. Universities should provide easily accessible security training programs for students. Practical suggestions are provided to encourage students to participate in security training to enhance their security awareness level.

[1]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[2]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[3]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[4]  M. Bouaziz,et al.  An Introduction to Computer Security , 2012 .

[5]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[6]  R. Sitgreaves Psychometric theory (2nd ed.). , 1979 .

[7]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[8]  Richard Hackworth,et al.  OECD 'Guidelines for the Security of Information Systems" , 1993, Security and Control of Information Technology in Society.

[9]  Elena P. Antonacopoulou,et al.  The Relationship between Individual and Organizational Learning: New Evidence from Managerial Learning Practices , 2006 .

[10]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[11]  Matt Bishop Introduction to Computer Security , 2004 .

[12]  A. B. Ruighaver,et al.  Organisational security culture: Extending the end-user perspective , 2007, Comput. Secur..

[13]  Susan D. Hansche Designing a Security Awareness Program: Part 1 , 2001, Inf. Secur. J. A Glob. Perspect..

[14]  Joseph S. Sherif,et al.  Intrusion detection: the art and the practice. Part I , 2003, Inf. Manag. Comput. Secur..

[15]  Hennie A. Kruger,et al.  A prototype for assessing information security awareness , 2006, Comput. Secur..

[16]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[17]  Timothy T. Baldwin,et al.  TRANSFER OF TRAINING: A REVIEW AND DIRECTIONS FOR FUTURE RESEARCH , 1988 .

[18]  Thomas J. Owens,et al.  On the Anatomy of Human Hacking , 2007, Inf. Secur. J. A Glob. Perspect..

[19]  Joan Hash,et al.  Building an Information Technology Security Awareness and Training Program , 2003 .

[20]  I. S. Herschberg,et al.  Computer security: The long road ahead , 1987, Comput. Secur..

[21]  R. Power CSI/FBI computer crime and security survey , 2001 .

[22]  Rossouw von Solms,et al.  The 10 deadly sins of information security management , 2004, Comput. Secur..

[23]  William J. Rothwell,et al.  The Complete Guide to Training Delivery: A Competency-Based Approach , 2000 .

[24]  H. Kaiser The varimax criterion for analytic rotation in factor analysis , 1958 .

[25]  Michael Workman,et al.  Gaining Access with Social Engineering: An Empirical Study of the Threat , 2007, Inf. Secur. J. A Glob. Perspect..

[26]  John P. Ceraolo Penetration Testing Through Social Engineering , 1996, Inf. Secur. J. A Glob. Perspect..

[27]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[28]  Harold D. Stolovitch,et al.  Human performance technology: Research and theory to practice , 2000 .

[29]  J. Kevin Ford,et al.  Transfer of Training: An Updated Review and Analysis , 2008 .

[30]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[31]  Vincent J. Calluzzo,et al.  Ethics in Information Technology and Software Use , 2004 .