Search results

The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT).

Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided.

College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources.

Universities can assess their ISAT for students based on the findings of this study.

If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.

The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, tools and techniques and realized the potential value of what they were learning in the industry.

The paper develops fundamental principles and arguments that inform the design and development of the teaching curriculum. The curriculum is aimed at security management professionals in general and consultants in particular. The paper explains the teaching method in detail including the specific topics of lectures, representative reading material, assessment tasks and feedback mechanisms. Finally, lessons learned by the authors and their conclusions are presented as a form of reflection.

The instructors recognized four key factors that played a role in the atmosphere of intellectual excitement and motivation. These were new concepts and ideas, an increased level of engagement, opportunities for students to make their own discoveries and knowledge presented in a practical context. Maintaining a high quality of teaching resources, catering for diverse student needs and incorporating learning cycles of assessment in a short period of time were additional challenges.

Most “information security” curricula described in research literature take a technology-oriented perspective. This paper presents a much-needed management point of view. The teaching curriculum (including assessment tasks) and experiences will be useful to existing and future teaching and research academics in “information security management”. Those interested in developing their own teaching material will benefit from the discussion on potential topic areas, choice of assessment tasks and selection of recommended reading material.

The purpose of this study is to understand the information security behaviour of the students of the University of Dhaka, Bangladesh in the use of smartphones. Bangladesh is well-known as one of the largest and fastest growing mobile phone market of the world, and the University of Dhaka is also the largest student’s assembly in the country in terms of using smartphones. Besides, the rising use of smartphones is also likely to be typical of other sub-continent countries.

To gain an understanding of the information security behaviours of the students of University of Dhaka, Bangladesh, a quantitative survey method was deployed in revealing the approaches of the students towards avoidance of various security risks. A total of 356 students participated in the study, although eight of the participants did not carry out the full survey because they do not use smartphones. The collected data were analysed with suitable statistical methods.

The findings of the study reveal that students of University of Dhaka possess a moderately secure behaviour in terms of avoiding harmful behaviours, using useful phone settings and add-on utilities and disaster recovery. This study also shows that the students do not behave securely in all aspects of using different security features in the same way, and it also varies somewhat according to gender, and between faculties and institutions. The university library is recommended as the focus for instruction and guidance on the best practice in smartphone use by students.

The study does not include any other universities of Bangladesh except University of Dhaka due to the shortage of time. A further study can be conducted to gain an understanding in a greater extent by including students of the other universities and perhaps also other countries.

This is the first paper in Bangladesh related to the study of information security behaviour regarding the use of smartphone among the student of University of Dhaka. This study will help to raise information security awareness among the students and encourage the authorities to adopt appropriate strategies and policies to resolve information security risks in the use of smartphones. Specially, the university library can take some initiatives in this case, such as providing advice, seminars, workshops and lectures to make the students aware about security issues.

Security, safety, environment and health have become an integral part of facility management (FM). Therefore, FM departments within organisations are required to put measures in place to safeguard facility users. This paper thus aims to investigate and compare the safety and security measures that are provided in the student housing of two universities in South Africa.

A mixed method approach was adopted; interview was used to collect qualitative data, whereas a questionnaire was used as an instrument to collect quantitative data. Content analysis was used to analyse the qualitative data, whereas both descriptive and inferential statistics were used to analyse the quantitative data.

It became evident that university B had a better provision of safety and security measures in the student housing than university A. The study also found that both universities had some lapses in the safety and security measures provided in the student housing. Measures that were lacking in both universities were weapon detector, closed-circuit television (CCTV), water sprinkler system, burglar bars on the doors, lift for disabled students, disabled toilet facility, traffic light, tags for vehicles, first aid box, accident book and medically trained personnel.

Data were collected from only two universities, making it difficult to generalise the findings of the research. For a broader perspective, a study that expands the number of participating universities is recommended.

The facility management and safety department in the universities can use the recommendations to improve on the safety and security measures required in the student housing. Moreover, the recommendations can contribute to the development of policy frameworks for student housing safety.

There is a paucity of studies on student housing safety/security worldwide, and South Africa in particular. With this study, the authors contribute to the body of knowledge in this area of research.

Various research investigations have found that students' awareness of information security issues continues to be poor and this is indeed a concern especially when students use information technologies pervasively to communicate, to socialize as well as to work on academic assignments. As it is important to understand students' behaviors towards information security and safety in the digital cyberspace, the purpose of this paper is to investigate their awareness and perception, in particular, of Bluetooth security threats and risks, and whether they are able to take preventive measures to protect themselves from such security vulnerabilities. Bluetooth technology is used in this study as it is a widely used form of wireless networks that facilitates computing resources to be connected anytime anywhere; however, it has security weaknesses like any other digital networks.

A field survey was conducted to collect the empirical data from students at a local university. The survey instrument/questionnaire was developed based on various literatures on Bluetooth applications, Bluetooth security vulnerabilities, and users' usage and perception on computer security and safety.

The results show that most students do not take precautions to mitigate against security vulnerabilities; however, there is a difference on students' perceptions based on their academic major or domain knowledge, for instance, engineering students have demonstrated significant awareness of security risks compared to students from the business and social science colleges. It is therefore not surprising to note that engineering students are more cautious users of Bluetooth, hence are more secure users of technologies.

The findings provide useful information for academic institutions to understand students' behavior towards security risks especially in terms of identity theft, unsecured systems and inadequate security practices. Indeed, the findings of this study highlight or emphasize the importance of promoting security awareness to student cohorts especially on the use of mobile computing applications such as Bluetooth or wireless. Perhaps, universities should design curriculum to incorporate the study of information and cyber security so as to inculcate a culture of cyber safety as well as to prepare these prospective employees as more secured users when they enter the workplace. Indeed, considering the increasing number of users who tend to be naïve on security vulnerabilities, this research adds a critical message also to manufacturers and software developers to design more robust security features so as to minimize security breaches.

This paper provides further evidence to the body of research investigations on information and computing security threats and students' perceptions and behavior towards security risks and vulnerabilities. More important, this paper confirms that most students are not secure users, and it seems they not very capable of protecting themselves from security threats.

Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated by a desire to understand why security risk assessments have not yet gained widespread adoption in agile development, this study aims to assess to what extent the Protection Poker game would be accepted by agile teams and how it can be successfully integrated into the agile practices.

Protection Poker was studied in capstone projects, in teams doing a graduate software security course and in sessions with industry representatives. Data were collected via questionnaires, observations and group interviews.

Results show that Protection Poker has the potential to be adopted by agile teams. Key benefits include good discussions on security and the development project, along with increased knowledge and awareness. Challenges include ensuring efficient use of time and gaining impact on the end product.

Using students allowed easy access to subjects and an ability to collect rich data over time, but at the cost of generalizability to professional settings. Results from interactions with professionals supplement the data from students, showing similarities and differences in their opinions on Protection Poker.

The paper proposes ways to tackle the main obstacles to the adoption of the Protection Poker technique, as identified in this study.

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa.

Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle.

The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises.

Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

Despite the increased use of wearables in education, little attention has been paid to why some students are more likely to adopt smartwatches than others. The question of what impacts the adoption of smartwatches in educational activities is still neglected. In addition, the question of how security determinants can affect the adoption of smartwatches by students has not been addressed yet. Hence, this study aims to develop a theoretical model by integrating the technology acceptance model (TAM) and protection motivation theory (PMT) to study students' adoption of smartwatches for educational purposes.

Questionnaires were distributed to university students in Malaysia. A total of 679 valid responses were collected. The collected data were analyzed using partial least squares-structural equation modeling (PLS-SEM).

The results of data analysis provide support for the proposed model. Furthermore, the findings indicated that perceived vulnerability, self-efficacy, response efficacy, response cost, ease of use and perceived usefulness have significant effects on students' behavioral intention to use smartwatches for educational purposes. In addition, perceived ease of use of smartwatches for educational purposes helps students to realize the benefits of this technology.

This is an original study that develops a new holistic theoretical model by combining the PMT and TAM to study the effects of ease of use, usefulness and security-related factors on the adoption of smartwatches for educational purposes. The study offers practical implications for universities and higher education institutions to improve students' learning experiences to ensure their sustainability using new and innovative ways by exploiting new technologies such as smartwatches.

Food insecurity is an evolving nutrition issue affecting both developed and underdeveloped college campuses. The purpose of this paper is to assess food insecurity and related coping strategies among Texas Tech University students.

This was a cross-sectional online survey in Lubbock, Texas, among college students (n=173). The outcome measures, socio-demographic factors, household food insecurity access) and dietary diversity were assessed using validated tools. Statistical analyses were performed using SPSS software. Socio-demographic differences in food security status were examined using χ², and means testing. Risks of student food insecurity were assessed using odds ratios (ORs).

Respondents were mostly female (70 percent), non-Hispanic white (58 percent) and young adults’ (median age: 22.0 (20.0, 27.0)), with a median monthly income of $1,000 (0.0, 1,500) and spent about a fifth of their income on food. More students were food insecure (59.5 percent) compared to those who experienced food security (40.5 percent) (p<0.001). Some of the severe food insecure students (16.7 percent) reported going to bed without food (6.9 percent) in the prior 30 days. Students with monthly food budgets of ⩽ $200 were 3.2 times more likely to be food insecure (OR=3.231: CI: 1.353–7.714; p=0.010) compared to those with higher food budgets. A students’ choice of priority monthly expenses was significantly associated with food security status; however, further risk assessment of dichotomous “prioritized food” and “prioritized other expenses” was not statistically significant.

Student’s food budget of $200 was the strongest determinant of food insecurity. Individual training on money management and meal planning are recommended. University policies should recognize and develop academic support policies addressing competing expenses with food.