Recommendations for information security awareness training for college students

Information Management and Computer Security

Volumn 22, Issue 1, 2014, Pages 115-126

  Kim, Eyong B ^a  

^a UNIVERSITY OF HARTFORD   (United States)

Author keywords

College students' information security awareness; Information security; Information security awareness training; Students; Training

Indexed keywords

COLLEGE STUDENTS; DESIGN/METHODOLOGY/APPROACH; GRADUATE STUDENTS; INFORMATION SECURITY AWARENESS; NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY; NEW ENGLAND;

NETWORK SECURITY; PERSONNEL TRAINING; SECURITY OF DATA; SURVEYS;

STUDENTS;

EID: 84893649270     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/IMCS-01-2013-0005     Document Type: Review

References (41)

1. Abraham, S. and Chengalur-Smith, I. (2010), "An overview of social engineering malware: trends, tactics, and implications", Technology in Society, Vol. 32 No. 3, pp. 183-196.
2. Aytes, K. and Terry, C. (2004), "Computer security and risky computing practices: a rational choice perspective", Journal of Organizational and End User Computing, Vol. 16 No. 3, pp. 22-40.
3. Bakhski, T., Papadaki, M. and Furnell, S. (2009), "Social engineering: assessing vulnerabilities in practice", Information Management & Computer Security, Vol. 17 No. 1, pp. 53-63.
4. Ceraolo, J.P. (1996), "Penetration testing through social engineering", Information Systems Security, Vol. 4 No. 4, pp. 37-48.
5. Cisco Systems (2008), "Data leakage worldwide: the high cost of insider threats", available at: www.cisco.com/en/US/solutions/collateral/ ns170/ns896/ns895/white-paper-c11-506224.pdf
6. Computer Security Institute (2010), CSI Survey 2010/2011: The 15th Annual Computer Crime and Security Survey, Computer Security Institute, available at: https://cours.etsmtl.ca/log619/documents/divers/CSIsurvey2010.pdf
7. DBIR (2011), Verizon, Data Breach Investigation Report, available at: www.verizonbusiness.com/resources/reports/rp-data-breach-investigations-report- 2011-en-xg.pdf (accessed 10 December 2012).
8. Dimensional Research (2011), The Risk of Social Engineering on Information Security: A Survey of IT Professionals, available at: www.checkpoint.com/press/downloads/socialengineering-survey.pdf
9. Dlamini, M.T., Eloff, J.H.P. and Eloff, M.M. (2009), "Information security: the moving target", Computer & Security, Vol. 28 Nos 3/4, pp. 189-198.
10. Dodge, R.C., Carver, C. and Ferguson, A.J. (2007), "Phishing for user security awareness", Computers and Security, Vol. 26 No. 1, pp. 73-80.
11. Ernst & Young (2008), Global Information Security Survey, Ernst & Young, London.
12. Gardner, H. (2004), Changing Minds: The Art and Science of Changing Our Own and Other People's Mind, Harvard Business School Press, Boston, MA.
13. Goldstein, I.L. and Ford, J.K. (2002), Training in Organizations: Needs Assessment, Development, and Evaluation, 4th ed., Wadsworth, Belmont, CA.
14. Hadnagy, C.J., Aharoni, M. and O'Gorman, J. (2010), Social Engineering Capture the Flag Results, Defcon 18 Social Engineering CTF, available at: www.social-engineer.org/resources/sectf/Social-Engineer-CTF-Report.pdf
15. Hansche, S. (2001), "Designing a security awareness program: part 1", Information Systems Security, January/February, pp. 14-22.
16. Ingerman, B.L. and Yang, C. (2011), "Top 10 IT issues 2011", Educause Review, May/June, pp. 26-40.
17. Kaiser, H.F. (1958), "The varimax criterion for analytic rotation in factor analysis", Psychometrika, Vol. 23, pp. 187-200.
18. Karakasiliotis, A., Furnell, S. and Papadaki, M. (2007), "An assessment of end user vulnerability to phishing attacks", Journal of Information Warfare, Vol. 6 No. 1, pp. 17-28.
19. King, S.B., King, M. and Rothwell, W.J. (2001), The Complete Guide to Training Delivery, AMACOM: A Division of American Management Association, New York, NY.
20. Kruger, H.A. and Kearney, W.D. (2006), "A prototype for assessing information security awareness", Computers & Security, Vol. 25 No. 4, pp. 289-296.
21. Lunt, B.M., Ekstrom, J.J., Gorka, S., Hislop, G., Kamali, R., Lawson, E., LeBlanc, R., Miller, J. and Reichgelt, H. (2008), Curriculum Guidelines for Undergraduate Degree Programs in Information Technology, Association for Computing Machinery (ACM) IEEE Computer Society, New York, NY.
22. Maconachy, W.V., Schou, C.D., Ragsdale, D. and Welch, D. (2001), "A model for information assurance: an integrated approach", Proceedings of the 2001 IEEEWorkshop on Information Assurance and Security, United States Military Academy, West Point, NY, 5-6 June.
23. Microsoft (2010), "P2P file sharing: know the risks, security for your home", March 9, available at: www.microsoft.com/canada/protect/ protect-yourself/protect-your-data/article.aspx?article=p2p-file-sharing-know- the-risks (accessed December 10, 2012).
24. NIST SP 800-16 (1998), National Institute of Standards and Technology (NIST), Information Technology Training Requirements: A Role- and Performance-based Model (NIST Special Publication 800-16), US Department of Commerce, Washington, DC.
25. NIST SP 800-50 (2003), National Institute of Standards and Technology (NIST), Building an Information Technology Security Awareness and Training Program (NIST SP 800-50), US Department of Commerce, Washington, DC.
26. Nunnally, J.C. (1978), Psychometric Theory, 2nd ed., McGraw-Hill, New York, NY.
27. Okenyi, P.O. and Owens, T.J. (2007), "On the anatomy of human hacking", Information Systems Security, Vol. 16, pp. 302-314.
28. Puhakainen, P. and Siponen, M.T. (2010), "Improving employees' compliance through information systems security training: an action research study", MIS Quarterly, Vol. 34 No. 4, pp. 757-778.
29. PwC Survey (2013), Changing the Game Key Findings from the Global State of Information Security Survey 2013, available at www.pwc.com/gx/en/consulting- services/informationsecurity-survey/assets/2013-giss-report.pdf
30. Shaw, R.S., Chen, C.C., Harris, A.L. and Huang, H.J. (2009), "The impact of information richness on information security awareness training effectiveness", Computers & Education, Vol. 52, pp. 92-100.
31. Siponen, M.T. (2000), "A conceptual foundation for organizational information security awareness", Information Management & Computer Security, Vol. 8 No. 1, pp. 31-41.
32. Siponen, M.T., Pahnila, S. and Mahmood, A. (2007), "Employees' adherence to information security policies: an empirical study", New Approaches for Security, Privacy and Trust in Complex Environments Proceedings of the 22nd International Federation for Information Processing Conference, pp. 133-144.
33. Sleezer, C.M. (1993), "Training needs assessment at work: a dynamic process", Human Resource Development Quarterly, Vol. 4, pp. 247-264.
34. Straub, D.W. (1990), "Effective is security: an empirical study", Information Systems Research, Vol. 1 No. 3, pp. 255-276.
35. Straub, D.W. and Welke, R.J. (1998), "Coping with systems risk: security planning models for management decision making", MIS Quarterly, Vol. 22 No. 4, pp. 441-464.
36. Vincent, A. and Ross, D. (2001), "Personalize training: determine learning styles, personality types and multiple intelligences online", The Learning Organization, Vol. 8 No. 1, pp. 36-43.
37. von Solms, B. and von Solms, R. (2004), "The 10 deadly sins of information security management", Computers & Security, Vol. 23, pp. 371-376.
38. Workman, M. (2007), "Gaining access with social engineering: an empirical study of the threat", Information Systems Security, Vol. 16, pp. 315-331.
39. Workman, M., Bommer, W.H. and Straub, D. (2008), "Security lapses and the omission of information security measures: a threat control model and empirical test", Computers in Human Behavior, Vol. 24 No. 6, pp. 2799-2816.
40. Zemke, R.E. (1994), "Training needs assessment: the broadening focus of a simple construct", in Howard, A. (Ed.), Diagnosis for Organizational Change: Methods and Models, Guilford Press, New York, NY, pp. 139-151.
41. Wood, C.C. (2002),"The human firewall manifesto",Computer Security Journal, Vol. 18 No.1,pp.15-18.