Information Systems Security and Safety Measures: The Dichotomy between Students' Familiarity and Practice

Article excerpt


One burning issue concerning information security and safety in contemporary digital computing is how university students' computing behaviors enhance or depreciate the safety and security of information in their domain. The overwhelming interest in the subject of digital information systems security has focused on the coder and distributor of virus and spam ware programs all over the internet. The human access component that requires careful protection of data by the end-user has recently become a subject of major discourse. Since the world has millions of students who access the internet every minute of every day, it is imperative for safety and security of information focus to shift to this large group of users to determine if there is a concomitance between what they are familiar with and what they actually practice. Also, the incessant connectivity of corporate and educational digital communication infrastructure and critical information exchange via the World Wide Web created a state of unsurpassed vulnerability (Crowley, 2003) that is genie-like in scope. This vulnerability calls for a concerted effort to determine if end-users' familiarity with and usage of ISSSM are related.

In 1996, the National Research Council for information security alert and the 1998 Decision Directive 63 by the President on the vulnerability of critical data in cyberspace is indicative of the importance of the problem. To solve this problem requires training and education in management information systems and security specialization degrees. In the same line of thought (Zhang, 2005) agrees that to ensure security of information and avoid spyware invasion of systems require avid vigilance and education in information security issues. Also, the end user needs further education on current computer protection and privacy methodologies and all students should be computer-security literate. Security awareness (Siponen & Kajava, 1998) steadily evolved through the years in three stages: "drawing peoples' attention on security issues, getting users acceptance, and getting users to learn and internalize the necessary security activities." In terms of drawing people's attention to the challenges of information technology, the Federal Executive Council of Nigerian in 2001 approved a National Information Technology Development Agency (NITDA) (Federal Executive Council) to bring information technology closer to the people by ensuring that "the entire citizenry is empowered with information technologies through the development of a critical mass of IT proficient and globally competitive manpower." The organization of the paper from this point on is as follows: related literature, purpose of the study, methodology, data analysis, results, discussion, conclusion, and recommendation for further research.


The vocabulary that covers information security is vast but for the sake of brevity, we are going to limit our related literature discourse to password protection security interests.


A password is a system protection or identity releasing, must-remember non-sensible or sensible combination of characters or word that grants or denies access to proprietary systems. Passwords can be categorized into simple and sophisticated. The simple passwords are easy to remember, easy to guess and non-hacker proof. Sophisticated passwords are more difficult to hack and require a combination of letters, numbers, and special characters to make them effective. On the whole, passwords can be algorithmically hashed by a person with avid interest in doing so. In explaining the password concept, (Weinshall and Kikpatrick, 2004) described it as a self-certifying method that requires a conscious effort to recollect. They argue that passwords should be seen as less perfect and therefore advocate the use of human natural characteristics for identification. The first level of software protection for any system is to understand how to create a password and use it to log into a protected system. …