EDULEARN 2012

EDULEARN 2012

Post-Secondary Education Network Security: Addressing

the End User Challenge.

ICERI 2010

Dr. David Andersson• Dept. of Information Technology, American

Public University System

• Charles Town, WV 25414

• [email protected]

Dr. Karl Reimers• Tillman School of Business, Mount Olive

College

• Mount Olive, NC 28365


SIGNIFICANCE OF THE PROBLEM

• Currently, research of young adults and students indicates that 7 out of 10 frequently ignore IT policies, and 3 of 5 believe they are not responsible for protecting information and devices.

• In the past, fallout from poor IT habits was buffered by the IT department's iron control over the infrastructure.

• Schools have a vested interest in ensuring that their students receive a minimum of personal computer security training.


• Substantiating that students do not simply “pick up” good PC end user habits before they enter college, Cisco’s 2011 Annual Security Report found that about one in four college students and employees experiences identity theft before the age of 30.

• The following findings provide insight into the frequency of identity theft among this generation (Cisco, 2011).


Adhering to IT policies. Seventy percent of employees admitted to breaking policy with varying regularity.

A staggering sixty-one percent reported believing they are not responsible for protecting information and devices, believing instead that IT and/or service providers are accountable.

Risky behavior. Fifty-six percent of employees surveyed reported they have allowed others to use their computers without supervision, family, friends, coworkers, and people they did not know.


Eighty-six percent of college students were more likely than young employees to engage in risky online behavior such as allowing others to use their computer unsupervised, leaving personal belongings and devices unattended in public, asking a neighbor for access to a computer or the Internet or accessing a neighbor's wireless connection without permission.

Security and online privacy. Thirty-three percent of college students don’t think about privacy and do not mind sharing personal information online.


Digital Generation Gap

Today’s college students have not only grown up using computers and other digital devices, they consider access to the Web and social networking services a right.

7 of every 10 employees worldwide admitted to breaking policy with varying regularity. Among many reasons the most common was the belief that employees were not doing anything wrong (33 percent); 1 in 5 cited the need to access unauthorized programs and applications to get their job done, while 19 percent admitted the policies are not enforced (Cisco, 2011).


Dan Lichter, Director of Systems and Networks Infrastructure at Saint Xavier University, reports that college student immediately begin deploying ad hoc, unapproved network devices in the college dorms with no regard for the implications of what they are doing; yet, they complain loudly and frequently until the problems caused by their actions are fixed, representing a major drain on his resources (D. Lichter, Director, Systems and Networks Infrastructure at Saint Xavier University, personal communication, Dec 14, 2011).


• Further, we are seeing modes of attack on corporate networks shifting away from mass probing of large numbers of computers to social engineering thrusts targeted at particular individuals.

• An employee or student who is active on social networking sites can carelessly let on where they work or what they know and will be noticed and targeted.

• Hackers can use them to gain entry into the system and work their way up to more senior people and parts of the network containing sensitive information.

PROPOSED SOLUTION

• Regional focus groups of major employers from New Bern, Greenville, and Wilmington, NC., (MOC Focus Groups, 2010) indicated that students needed more training with MS office productivity tools and basic computer end user security literacy.

• The CIS Department at Mount Olive College is addressing the challenge of technology/business applications literacy by implementing a new e-learning solution.

• A customized, self-paced, web-based 100-level tutorial on computer end-user security.

PROCESS DESCRIPTION

• Under the direction of the CIS Department Chair, a customized case study utilizing the System Development Life Cycle (SDLC) was integrated into a CIS 495 (Capstone) class.

• The foundation of the tutorial would be constructed by senior CIS students with the instructor – who is professionally certified in MS Office - acting as a project manager and course facilitator.

• The students were very enthusiastic about the real-world project and the practicality and utility of the project.

•

• Rather than a specific course embedded within the general education requirements, a targeted web-based learning solution will be employed in an advanced freshmen seminar class to enhance students basic computer literacy (operating systems, applications, and end user security).

• Not only will students learn to navigate the virtual realm of the Internet in a secure manner, but also they will pay special attention to the social and ethical implications of using Internet and Web 2.0 technologies.

PROCESS DESCRIPTION

• Note that the proposed solution does not provide the breadth and depth of the existing specific course.

• The proposed solution is intended to assist students in Mount Olive College programs where the current program curriculum does not provide for a specific class.

PROCESS DESCRIPTION

PROCESS DESCRIPTION

• A holistic approach combining pedagogy and employing superior web usability heuristics is central to the project.

• The web-based tutorial must be intuitive, easy to navigate with standardized modules.

• Students taking the tutorial need only be focused on learning and synthesizing the course content.

• The self-paced tutorial is hosted on a service provider website utilizing a registered domain name (www.tecteach101.com).

• Specific knowledge domains are established which include: computer basics, e-commerce, wireless connections, digital ethics, e-mail, Web Collaboration, Internet Research Tools, and Web 2.0.

• For ease of web maintenance and updating, each topic must be a stand-alone module.

PROCESS DESCRIPTION

PROCESS DESCRIPTION

• Within each knowledge domain, CIS 495 students were charged with selecting the most important tasks associated with each learning module.

• The selection process was comprehensive and the task list was vetted by the CIS 495 students, freshmen students, focus groups (business employers), and the CIS 495 instructor and a research associate.

• The final task list was modified and approved by the MIS Program Coordinator.

• CIS 495 students were organized, divided into teams and instructed to research and create security tutorials from targeted subjects.

PROCESS DESCRIPTION

Tutorial Topics

• Passwords

• Windows updates

• Social networking

• Firewalls

• Ethics

• Spam & phishing

• Backups 7 maintenance

• Anti-virus

• Wireless networks

• Mobile computing

PROCESS DESCRIPTION

When students enter the tutorial, they see the simplistic home page picture

PROCESS DESCRIPTION

PROCESS DESCRIPTION

• Some scrolling may appear on a page, all modules appear on the left.

• It would be intuitive for a student to read the directions and then progress through the modules starting form top to bottom (i.e., starting with computer basics and finishing with Mobline computing).

• Because of the wide range of browser settings (e.g., Internet Explorer), a warning appears at the top of each module notifying users that certain content may be blocked; thus, the warning instructs users on how to deal with a problem if it occurs.

The security tutorial home page

PROCESS DESCRIPTION

The “social networking” module is a typical module.

PROCESS DESCRIPTION

PROCESS DESCRIPTION

• Students are first exposed to learning when they preview a short video describing a particular module (e.g., passwords).

• Then the student will view a presentation.

• Each heading directs the student to a separate webpage that greets the user information relevant to the topic.

Wireless presentation

PROCESS DESCRIPTION

POTENTIAL CONSTRAINTS

• A blend of traditional project management and project management 2.0 employed to plan and accomplish the overall project.

• Because of the short time duration to accomplish the project, it was imperative to outline the project mission with specific deliverables in accordance with tradition top-down project management methodology.


• All students are required to use the Internet Explorer v7.0 or v8.0 browser.

• While this may change as the software tutorial is refined, the time and resource constraints required that a compatibility standard be selected.

• As shown in the next figure, MS Internet Explorer currently has the greatest market share.


March 2012 browser market share

CONCLUSION

• The customized, self-paced, web-based end user digital security awareness learning activity reinforces student retention of the material presented by providing questions at the end of each learning module to reinforce learning.

• The project earned the 2012 Mount Olive College President’s Award for Student Research; and the site has been approved to educate incoming freshmen about technology and its proper use.

ICERI 2010

Questions?

Dr. David Andersson• Dept. of Information Technology, American Public University

• [email protected] or [email protected]

Dr. Karl Reimers• Tillman School of Business, Mount Olive College


REFERENCES

References

Cisco. (2011). Cisco 2011 annual security report. Retrieved Dec 14, 2011, from: http://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_2011.pdf

Richardson, R. (2008). CSI computer crime and security survey. Retrieved July 11, 2010, from CMP.com: http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf

Internet Crime Complaint Center (IC3). (March 2010). 2009 Internet Crime Report, http://www.ic3.gov/media/annualreports.aspx

Arian, M. (2004, July 27). Computer security basics. Retrieved July 12, 2010, from securitydocs.com: http://www.securitydocs.com/library/2411

REFERENCES

References

Motiee, S., Hawkey, K., & Beznosov, K. (2010). The challenges of understanding users' security-related knowledge, behaviour, and motivations. Proceedings. of SOUPS 2010 Usable Security Experiment Reports (USER) Workshop.

FBI. (2010). How to protect your computer. Retrieved July 12, 2010, from FBI Website: http://www.fbi.gov/cyberinvest/protect_online.htm

Lichter, D., Director, Systems and Networks Infrastructure at Saint Xavier University, personal communication, Dec 14, 2011)

Snyder, B. (2011, Dec 15). Young people to IT security – ‘What, me worry?’. Infoworld. Retrieved 16 Dec 2011 from: http://podcasts.infoworld.com/d/the-industry-standard/young-people-it-security-what-me-worry-181778?page=0,1&_kip_ipx=689619490-1324254853&source=IFWNLE_nlt_sec_2011-12-15&_pxn=0

REFERENCES

ReferencesMOC Focus Groups, 2010. Mount Olive College, Mount Olive, NC. Mount Olive College (nd). Mission & Covenant. Mount Olive College, Mount Olive, NC.

Retrieved 13 May 2012. from: http://www.moc.edu/index.php/mission-covenant

Hilberg, J., & Meiselwitz, G. (2008). Undergraduate fluency with information and communication technology: perceptions and reality. In J. J. Ekstrom, & M. Stockman (Eds.), Proceedings of the 9th Conference on Information Technology Education, SIGITE 2008 (pp. 5-10). Cincinnati: ACM.

Andersson, D. and Reimers, K. (Jul-Sep 2010). Utilizing Software Application Tools to Enhance Online Student Engagement and Achievement. i-Managers Journal of Educational Technology, Nagercoli, India, i-Manager Publishing.

Parsons, Amy L. & Lepkowska-White, Elzbieta (2009). Group Projects Using Clients versus Not Using Clients: Do Students Perceive Any Difference? Journal of Marketing, v31 n2 p 154-159.

Documents

EDULEARN 2012