Stobert & Biddle (2014) examined user behaviour of managing passwords. This study involved a series of interviews with 27 universitystudents to determine how users coped with having to deal with a large number of passwords. They found that all but one user interviewed re-used the same password on multiple sites. Most of the participants appeared unaware of prominent password managers, with some participants expressing distrust in this type of software. Another finding of this study was that most of the users had little understanding or knowledge of using single sign-in where it was provided, which would address the issue of having to create and remember new passwords. Wash, Rader, Berman, & Wellmer (2016) examined a series of self-report survey responses with some 134 participants to determine how frequently entered passwords are re-used across multiple sites. As well as the survey, users installed custom written log data collection software on their personal computers so a comparison could be done on the user’s self-reported beliefs and behaviours with their actual password characteristic and re-use. This research determined that users tend to re-use passwords that they have to enter frequently, and those passwords tend to be among the users’ strongest passwords. More interestingly, because the software was able to log user’s password entries, they could also see where a user had entered an incorrect password on a different site, in the most cases the user would use their “go-to” password to try and authenticate on that site.
In secondary school and university curriculums and textbooks, the definition of data protection and protection of data should be separated more obviously because these definitions were mixed up by the students. Data protection means “legal processing of personal data; principles, rules, procedures, tools for data processing and methods which guarantee the protection of data subjects” , protection of data means those protection methods which are executed on data in the interest of the data subjects and the data processors. The “leading character” of data protection is the data subject, protection of data focuses on the data. That is why, the concept of informationsecurity can approach from two sides: from legal and from technical side as well as there is one goal of these two sides: data of data subject should be protected. This is what I call “unified approach” which I suggest following in secondary school and university level, i.e. to teach data protection and informationsecurity in the same course/subject.
5 The duped Internet users may choose ‘Yes’ on the malicious advertising that is being prompt to download legitimate plugin. This shows that the end users with low securityawareness level will be deceived by this malvertising tactic on the Internet. The current approaches in terms of informationsecurityawareness and education are descriptive and most of the researches have not explored the potential offered by motivation or behavioral theories (Mikko, T., 2000).
To test the actual passwords, the following steps were performed. Using a command prompt, the following command was executed: pwdump3e.exe DC_NAME results.txt, where DC_NAME is the name of the domain controller that the utility will use to extract the text file of password hashes. This file was moved to a workstation for further evaluation. A program named RainbowCrack was used to determine the password values (RainbowCrack Project, 2010). The results were imported into Excel 2007 as a baseline. With the baseline established, four interventions were developed and delivered over a six-week period to determine their effectiveness on raising the compliance rate.
The duration of online activities increases due to the popularity of internet that include the use of e- mail and social media (Halevi, Lewis & Memon, 2013). In order to protect data, a culture of security should be established for an institution for its members by means of different delivering methods (Terlizzi, Meirelles & Viegas Cortez da Cunha, 2017). Electronic communications, like social media, can also be used to convey ISA (Ma’ruf & Setyowati, 2018). The same communication media that people use regularly, like social media, should be used for CSA communication (Spitzner, 2018).
Students of the University of Ibadan are generally aware of online information sources. But most of them are not aware of the individual online resources that are made available by the university library for students’ use. This lack of awareness results in a very low use of the online resources that are made available for the students. Thus, the frequency of using the online resource by the students is low. In addition, the study revealed that there is a very low level of satisfaction among the students who use the online resources. This research shows that most of the students became aware of the availability of online information source through their lecturers. The library has a role to play in creating awareness among the universitystudents about the availability of online information sources. This will encourage increased frequency in the use of those online information sources and better research output. Students should be educated on the use of online resources and need to always find out from the library available resources they can tap into for research and knowledge advancement.
It is noticed that new technology is very easy to adopt and be adapted with, but most institutions do forget to put a security measure in place in order to safeguard the organization information from being tampered with. Information Integrity is essential, and this is about trustworthiness, origin, completeness and correction of information, with due obstruction of unauthorized modification of information (Al-Awadi et al., 2007; Baker & Wallance, 2007). The integrity of informationsecurity in this context is not concerned about organizations only, but also expands to the integrity of the source of information and the users who are in charge of the organizations’ information systems. Most importantly, it is observed that threats of information leakage are experienced more when the students share the data of the organization and is compromised by an intruder’s intervention. Many encountered problems of threats and viruses in Universiti Utara Malaysia (UUM) are sometimes as a result of negligence on the part of the staff or the administrators that are in charge of the organization information and data mart.
The information consider one of the most resources which organizations are very dependent on. If that information of an organization face damage, the organizations could endure difficult problems, that is, in the form of loss of gain, loss of client’ trust and probably law action etc. Thus, the information must be secured and protected. Informationsecurityawareness is focusing about ensures that all staff are aware about the rules and laws that relative on securing the data inside the organizations. Subsequently, Informationsecurityawareness must be a form an integral aspect of each companies’ informationsecurity management plan.
Another important factor in security was the perception of trust in computer systems. The trust perception was evaluated through three questions: Trust of the Internet (Do you have reason to believe that you are being observed online without your consent?) and trust of the university system (“Do you think that your data on the university sys- tem is secure?” and “Do you think your communication through Learning Manage- ment System is secure?”). Interestingly 62% of respondents (64% females and 62% males and 58% aged 18-24 and 67% aged 25-36) believe they are observed online without their consent. It seems that the percentage goes up with older age groups. It would be interesting to investigate what factors make them believe they are watched online and how. Is it just their search behavior or more?
available in the library, they will effectively and efficiently use them for academic and research activities. Apart from this, it is important to note that for students to make the utmost use of these resources, they need ICT skills which will help them to gain independent use of various electronic information resources available in the library and on the web. However, it has been observed that undergraduate students in developing countries including Nigerian lack searching skills and they are also facing some challenges such as poor infrastructural facilities high cost of subscription, poor awareness of the available electronic information resources in the library among others resulted to the underutilization of these information resources by the students. Therefore, it is against this backdrop that this study was set out to examine awareness and utilization of electronic information resources among the undergraduate students in Osun State University.
a visible link between different words sharing a morphological relationship, but they are not always pronounced. 7 Morphograms are likely to help French readers to grasp the morphological relations between words and to develop awareness of the morphological structure of the language. Moreover, although morphograms introduce inconsistencies at the graphophonological level, they represent consis- tencies at a graphosemantic level, which could be particularly relevant for dyslexic readers. This hypothesis about the role of orthography in the development of mor- phological awareness is not limited to French because alphabetic languages all encode morphology in print to some extent. Across such languages, there are nonetheless differences in consistency between speech and print in morphological encoding. The involvement of orthography in the development of morphologi- cal awareness across languages may depend precisely upon these differences in consistency. More generally, the involvement of orthography in the development of morphological awareness is supported by the fact that dyslexic readers appear to be sensitive to the morphological information contained in written language. The few studies conducted on alphabetic orthographies with dyslexic children and teenagers show that they process the morphological structure of the written language in word identification and that this processing does not seem to be deficient (Burani, Marcolini, De Luca, & Zoccolotti, 2008; Carlisle et al., 2001; Elbro & Arnbak, 1996; but see Deacon, Parrila, & Kirby, 2006, for contrary results with dyslexic universitystudents; see also Deacon, Parrila, & Kirby, 2008, for a literature review of morphological processing by dyslexic readers).
this experiment as an awareness tool. Users must not only learn but they must be able to experience what is required in order to learn and, thereby, influence attitudes. The goal of awareness is to influence attitude. There are a number of gaps in this research work. Firstly the research looks at one type of security behaviour only. Secondly, Ferguson admits that training is not enough but, nevertheless, the effectiveness of training was not measured to ascertain whether or not it had made a difference. A control group was not used. Finally, this research shows that security professionals may expect too much from employees. For example, in this case the participants were expecting an email so it may have been unfair to expect them not to click on the link in the spoofed email that did appear legitimate. It may, for example, be too much to ask of our employees not to click on web links, as this is an integral part of the work environment and people click on them everyday. Jagatic, Johnson, Jakobsson and Menczer, (2007:96) also used contextual phishing. They demonstrate that a large amount of information (accessible via social networking sites on the Internet) was easily obtainable and could effectively be used for phishing attacks. The researchers also wanted to measure the way in which social context information could influence the success of phishing attacks. They confronted challenges in carrying out human subject research experiments and had to adhere to federal standards in this respect. They also used a control group. The difference with this research is that these researchers tricked the users by spoofing emails that appeared as if they had come from friends in the users’ social network. Seventy-two percent (out of 487 targeted students) of the students were taken in by the (harmless
He and Johnson (2012) conducted a research in a healthcare organisation, in which they argued that ISS could not be promoted without the implementation and utilization of ISS awareness training. However, He and Johnson (2012) suggested that the training program must cover key areas of ISS i.e. analysis of day-to-day responsibilities of IS users; training for the secure use of IS; training to deal with particular issues like new viruses attack on system; proper employees segmentation during training; and define clear roles of establishing, implementing and delivering training program (He & Johnson, 2012). Similarly, Knapp & Ferrante (2012), presented another example of an ISSA program, which consisted of two parts, i.e. Awareness Briefings contains training sessions, and Continuing Awareness Material contains printed stuff (Knapp & Ferrante, 2012). It highlights that the training program should be delivered through briefings such as training sessions and continuing awareness stuff such as printed material (posters or booklets) (Herold, 2010). Lehrfeld, et al., (2013) claimed that the most fundamental element of an ISS of an organization is an ISS awareness program, which is developed to enhance the behaviour of employees to ensure high level of security of both information and information assets of an organization. Furthermore, Lehrfeld, et al., (2013) suggested that an ISS awareness training program should be delivered by utilizing basic techniques such as training campaigns, use of video, case studies and related material.
William was elected to the ISSA Hall of Fame in 2006 by the ISSA International Board of Directors. ( Information Systems Security Association )
Mr. Tompkins holds two Bachelor of Science degrees, Psychology and
Computer Information Science, from Troy State University in Alabama and Certification in Risk Management from University of Texas at Austin
Like in any other organisation, informationsecurity is one of the concerns for the educational institutions . The availability of vast amounts of computing power and open access has attracted the attention of malicious entities towards higher educational institutions (HEIs) . Students make a large portion of users in HEIs and are attractive candidates for online threats . The Internet is an integral part of universitystudents’ daily life. They use computers and internet for a variety of purposes  such as accessing email, completing course assignments, accessing course materials, using online course management systems, retrieving grades, purchasing books and other stuff, paying fees and conducting other transactions that involve their personal information. Students leave a significant amount of their sensitive information online. This dependency can expose students to different informationsecurity threats that can not only compromise their informationsecurity but also of the others around them, such as family members, peers and even their educational institutions. For example, an unaware student can download malware into their home computer by clicking on the ad which may collect critical information from all those who use the computer. Moreover, “bring your own device” (BYOD) policies makes students responsible for the security of the device. However, an incompetent device owner can compromise the security of the educational institutions.
consists of notations and/or written and/or electronic evidence of an arrest, detention, complaint, indictment, information or other formal criminal charge relating to an identifiable person. CHRI includes identifying information pertaining to the individual as well as the disposition arising from sentencing, correctional supervision, and release of any charges. CHRI is collected by criminal justice
All Department data, on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information. The term includes information whose improper use or disclosure could adversely affect the ability of an agency to accomplish its mission, proprietary information, records about individuals requiring protection under various confidentiality provisions such as the Privacy Act and the HIPAA Privacy Rule, and information that can be withheld under the Freedom of Information Act. Examples of VA sensitive information include the following: individually-identifiable medical, benefits, and personnel information, financial, budgetary, research, quality assurance, confidential commercial, critical
Most organisations provide smartphones in order to maintain contact with employees. However, as they are now a common accessory, many employees are given permission to bring their own devices to work and to access the company network. Whilst there may be a potential cost advantage in allowing an employee to use their personal device as a work phone, it does pose security threats. In addition to the threats listed above, smartphones can be susceptible to security breaches when third party applications are downloaded onto the device. These applications could harbour malware which is not only programmed to collect data from the device, but also infiltrate the network and glean data from that source too.
Figure 5. Research model
The role of channel use for information acquisition
In our research model, we first consider the role of employees’ use of internal and external channels for information acquisition, which should positively impact ISA of employees. Employees can acquire securityinformation internally through channels provided by their organization (Bauer et al. 2013a), or by using a range of different external channels (Craig and Allen 2013). Previous research suggests that it is information processing through which individuals acquire relevant information related to evaluating and conducting behavior (Campbell 1963; Fishbein and Ajzen 1975). However, the specific sources for the manipulation of ISA and implications in the informationsecurity context are not sufficiently understood. A recent study suggests that text-based, game-based, and video-based methods are effective in building ISA seen as learnt states through which individuals derive consistent, compliant informationsecurity behaviors (Abawajy 2012b). These and other methods can be part of organizational ISA programs, which should be carefully designed to understand their overall levels of effectiveness in fulfilling their purpose (Albrechtsen and Hovden 2010; Hagen et al. 2011). One important aspect is the provision of information about the ISP and related instructions (Thomson and von Solms 1998), in particular on an iterative basis. Literature suggests to regularly send reminders to users about current informationsecurity risks and threats, such as phishing attacks or careless behaviors concerning passwords (Wilson and Hash 2003). This iterative process targets the individuals’ level of attitude-relevant knowledge of threats and risks in the context of the ISP. Consequently, we propose that the individual utilization of different channels in the area of informationsecurity should be valuable for developing ISA. As related studies have not differentiated between internal and external channel use (Abawajy 2012b), we propose two separate hypotheses: