Information Systems Security and Safety Measures: The Dichotomy between Students' Familiarity and Practice

Article excerpt


Information systems security and safety measures (ISSSM) are attributes that, if properly implemented, contribute to the safety of computer systems, networks and information. This proper implementation will prohibit or delay viruses, malware and hackers from continuing to plague the digital environment. It is our contention in this study that the problem of data and cyber insecurity could be reduced if more systems users become familiar with and use our suggested ISSSM. Information on the relationship between familiarity with and usage of safe computing practices is needed to address this problem. This study analyzes the relationship between students' familiarity with ISSSM and actual usage of these measures on a daily basis. We use survey data from a sample of 867 students for the study. Results indicate that familiarity with ISSSM translates into practical use for six of the ten attributes. The six attributes are simple passwords, sophisticated passwords, daily computer system scan, scan of email attachments, anti-virus software, and firewalls. That four attributes that did not show significant relationships between familiarity and usage underscore the need for educational institutions to supplement methods of disseminating information about safe-computing to students.


One burning issue concerning information security and safety in contemporary digital computing is how university students' computing behaviors enhance or depreciate the safety and security of information in their domain. The overwhelming interest in the subject of digital information systems security has focused on the coder and distributor of virus and spam ware programs all over the internet. The human access component that requires careful protection of data by the end-user has recently become a subject of major discourse. Since the world has millions of students who access the internet every minute of every day, it is imperative for safety and security of information focus to shift to this large group of users to determine if there is a concomitance between what they are familiar with and what they actually practice. Also, the incessant connectivity of corporate and educational digital communication infrastructure and critical information exchange via the World Wide Web created a state of unsurpassed vulnerability (Crowley, 2003) that is genie-like in scope. This vulnerability calls for a concerted effort to determine if end-users' familiarity with and usage of ISSSM are related.

In 1996, the National Research Council for information security alert and the 1998 Decision Directive 63 by the President on the vulnerability of critical data in cyberspace is indicative of the importance of the problem. To solve this problem requires training and education in management information systems and security specialization degrees. In the same line of thought (Zhang, 2005) agrees that to ensure security of information and avoid Spyware invasion of systems require avid vigilance and education in information security issues. Also, the end user needs further education on current computer protection and privacy methodologies and all students should be computersecurity literate. Security awareness (Siponen & Kajava, 1998) steadily evolved through the years in three stages: "drawing peoples' attention on security issues, getting users acceptance, and getting users to learn and internalize the necessary security activities." In terms of drawing people's attention to the challenges of information technology, the Federal Executive Council of Nigerian in 2001 approved a National Information Technology Development Agency (NITDA) (Federal Executive Council) to bring information technology closer to the people by ensuring that "the entire citizenry is empowered with information technologies through the development of a critical mass of IT proficient and globally competitive manpower." The organization of the paper from this point on is as follows: related literature, purpose of the study, methodology, data analysis, results, discussion, conclusion, and recommendation for further research. …