1 / 32

EDULEARN 2012

EDULEARN 2012. Post-Secondary Education Network Security: Addressing the End User Challenge. ICERI 2010. Dr. David Andersson Dept. of Information Technology, American Public University System Charles Town, WV 25414 da1446@online.apus.edu Dr. Karl Reimers

neorah
Télécharger la présentation

EDULEARN 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EDULEARN 2012 Post-Secondary Education Network Security: Addressing the End User Challenge.

  2. ICERI 2010 Dr. David Andersson • Dept. of Information Technology, American Public University System • Charles Town, WV 25414 • da1446@online.apus.edu Dr. Karl Reimers • Tillman School of Business, Mount Olive College • Mount Olive, NC 28365 • kreimers@moc.edu

  3. SIGNIFICANCE OF THE PROBLEM • Currently, research of young adults and students indicates that 7 out of 10 frequently ignore IT policies, and 3 of 5 believe they are not responsible for protecting information and devices. • In the past, fallout from poor IT habits was buffered by the IT department's iron control over the infrastructure. • Schools have a vested interest in ensuring that their students receive a minimum of personal computer security training.

  4. SIGNIFICANCE OF THE PROBLEM • Substantiating that students do not simply “pick up” good PC end user habits before they enter college, Cisco’s 2011 Annual Security Report found that about one in four college students and employees experiences identity theft before the age of 30. • The following findings provide insight into the frequency of identity theft among this generation (Cisco, 2011).

  5. SIGNIFICANCE OF THE PROBLEM Adhering to IT policies. Seventy percent of employees admitted to breaking policy with varying regularity. A staggering sixty-one percent reported believing they are not responsible for protecting information and devices, believing instead that IT and/or service providers are accountable. Risky behavior. Fifty-six percent of employees surveyed reported they have allowed others to use their computers without supervision, family, friends, coworkers, and people they did not know.

  6. SIGNIFICANCE OF THE PROBLEM Eighty-six percent of college students were more likely than young employees to engage in risky online behavior such as allowing others to use their computer unsupervised, leaving personal belongings and devices unattended in public, asking a neighbor for access to a computer or the Internet or accessing a neighbor's wireless connection without permission. Security and online privacy. Thirty-three percent of college students don’t think about privacy and do not mind sharing personal information online.

  7. SIGNIFICANCE OF THE PROBLEM Digital Generation Gap Today’s college students have not only grown up using computers and other digital devices, they consider access to the Web and social networking services a right. 7 of every 10 employees worldwide admitted to breaking policy with varying regularity. Among many reasons the most common was the belief that employees were not doing anything wrong (33 percent); 1 in 5 cited the need to access unauthorized programs and applications to get their job done, while 19 percent admitted the policies are not enforced (Cisco, 2011).

  8. SIGNIFICANCE OF THE PROBLEM Dan Lichter, Director of Systems and Networks Infrastructure at Saint Xavier University, reports that college student immediately begin deploying ad hoc, unapproved network devices in the college dorms with no regard for the implications of what they are doing; yet, they complain loudly and frequently until the problems caused by their actions are fixed, representing a major drain on his resources (D. Lichter, Director, Systems and Networks Infrastructure at Saint Xavier University, personal communication, Dec 14, 2011).

  9. SIGNIFICANCE OF THE PROBLEM • Further, we are seeing modes of attack on corporate networks shifting away from mass probing of large numbers of computers to social engineering thrusts targeted at particular individuals. • An employee or student who is active on social networking sites can carelessly let on where they work or what they know and will be noticed and targeted. • Hackers can use them to gain entry into the system and work their way up to more senior people and parts of the network containing sensitive information.

  10. PROPOSED SOLUTION • Regional focus groups of major employers from New Bern, Greenville, and Wilmington, NC., (MOC Focus Groups, 2010) indicated that students needed more training with MS office productivity tools and basic computer end user security literacy. • The CIS Department at Mount Olive College is addressing the challenge of technology/business applications literacy by implementing a new e-learning solution. • A customized, self-paced, web-based 100-level tutorial on computer end-user security.

  11. PROCESS DESCRIPTION • Under the direction of the CIS Department Chair, a customized case study utilizing the System Development Life Cycle (SDLC) was integrated into a CIS 495 (Capstone) class. • The foundation of the tutorial would be constructed by senior CIS students with the instructor – who is professionally certified in MS Office - acting as a project manager and course facilitator. • The students were very enthusiastic about the real-world project and the practicality and utility of the project.

  12. PROCESS DESCRIPTION • Rather than a specific course embedded within the general education requirements, a targeted web-based learning solution will be employed in an advanced freshmen seminar class to enhance students basic computer literacy (operating systems, applications, and end user security). • Not only will students learn to navigate the virtual realm of the Internet in a secure manner, but also they will pay special attention to the social and ethical implications of using Internet and Web 2.0 technologies.

  13. PROCESS DESCRIPTION • Note that the proposed solution does not provide the breadth and depth of the existing specific course. • The proposed solution is intended to assist students in Mount Olive College programs where the current program curriculum does not provide for a specific class.

  14. PROCESS DESCRIPTION • A holistic approach combining pedagogy and employing superior web usability heuristics is central to the project. • The web-based tutorial must be intuitive, easy to navigate with standardized modules. • Students taking the tutorial need only be focused on learning and synthesizing the course content.

  15. PROCESS DESCRIPTION • The self-paced tutorial is hosted on a service provider website utilizing a registered domain name (www.tecteach101.com). • Specific knowledge domains are established which include: computer basics, e-commerce, wireless connections, digital ethics, e-mail, Web Collaboration, Internet Research Tools, and Web 2.0. • For ease of web maintenance and updating, each topic must be a stand-alone module.

  16. PROCESS DESCRIPTION • Within each knowledge domain, CIS 495 students were charged with selecting the most important tasks associated with each learning module. • The selection process was comprehensive and the task list was vetted by the CIS 495 students, freshmen students, focus groups (business employers), and the CIS 495 instructor and a research associate. • The final task list was modified and approved by the MIS Program Coordinator.

  17. PROCESS DESCRIPTION • CIS 495 students were organized, divided into teams and instructed to research and create security tutorials from targeted subjects.

  18. PROCESS DESCRIPTION Tutorial Topics • Passwords • Windows updates • Social networking • Firewalls • Ethics • Spam & phishing • Backups 7 maintenance • Anti-virus • Wireless networks • Mobile computing

  19. PROCESS DESCRIPTION When students enter the tutorial, they see the simplistic home page picture

  20. PROCESS DESCRIPTION • Some scrolling may appear on a page, all modules appear on the left. • It would be intuitive for a student to read the directions and then progress through the modules starting form top to bottom (i.e., starting with computer basics and finishing with Mobline computing). • Because of the wide range of browser settings (e.g., Internet Explorer), a warning appears at the top of each module notifying users that certain content may be blocked; thus, the warning instructs users on how to deal with a problem if it occurs.

  21. PROCESS DESCRIPTION The security tutorial home page

  22. PROCESS DESCRIPTION The “social networking” module is a typical module.

  23. PROCESS DESCRIPTION • Students are first exposed to learning when they preview a short video describing a particular module (e.g., passwords). • Then the student will view a presentation. • Each heading directs the student to a separate webpage that greets the user information relevant to the topic.

  24. PROCESS DESCRIPTION Wireless presentation

  25. POTENTIAL CONSTRAINTS • A blend of traditional project management and project management 2.0 employed to plan and accomplish the overall project. • Because of the short time duration to accomplish the project, it was imperative to outline the project mission with specific deliverables in accordance with tradition top-down project management methodology.

  26. POTENTIAL CONSTRAINTS • All students are required to use the Internet Explorer v7.0 or v8.0 browser. • While this may change as the software tutorial is refined, the time and resource constraints required that a compatibility standard be selected. • As shown in the next figure, MS Internet Explorer currently has the greatest market share.

  27. POTENTIAL CONSTRAINTS March 2012 browser market share

  28. CONCLUSION • Thecustomized, self-paced, web-basedenduser digital securityawarenesslearningactivityreinforcesstudentretention of the material presented by providingquestions at theend of eachlearning module to reinforcelearning. • The project earned the 2012 Mount Olive College President’s Award for Student Research; and the site has been approved to educate incoming freshmen about technology and its proper use.

  29. ICERI 2010 Questions? Dr. David Andersson • Dept. of Information Technology, American Public University • da1446@online.apus.edu or dlandersson@hotmail.com Dr. Karl Reimers • Tillman School of Business, Mount Olive College • kreimers@moc.edu

  30. REFERENCES References Cisco. (2011). Cisco 2011 annual security report. Retrieved Dec 14, 2011, from: http://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_2011.pdf Richardson, R. (2008). CSI computer crime and security survey. Retrieved July 11, 2010, from CMP.com: http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf Internet Crime Complaint Center (IC3). (March 2010). 2009 Internet Crime Report, http://www.ic3.gov/media/annualreports.aspx Arian, M. (2004, July 27). Computer security basics. Retrieved July 12, 2010, from securitydocs.com: http://www.securitydocs.com/library/2411

  31. REFERENCES References Motiee, S., Hawkey, K., & Beznosov, K. (2010). The challenges of understanding users' security-related knowledge, behaviour, and motivations. Proceedings. of SOUPS 2010 Usable Security Experiment Reports (USER) Workshop. FBI. (2010). How to protect your computer. Retrieved July 12, 2010, from FBI Website: http://www.fbi.gov/cyberinvest/protect_online.htm Lichter, D., Director, Systems and Networks Infrastructure at Saint Xavier University, personal communication, Dec 14, 2011) Snyder, B. (2011, Dec 15). Young people to IT security – ‘What, me worry?’. Infoworld. Retrieved 16 Dec 2011 from: http://podcasts.infoworld.com/d/the-industry-standard/young-people-it-security-what-me-worry-181778?page=0,1&_kip_ipx=689619490-1324254853&source=IFWNLE_nlt_sec_2011-12-15&_pxn=0

  32. REFERENCES References MOC Focus Groups, 2010. Mount Olive College, Mount Olive, NC. Mount Olive College (nd). Mission & Covenant. Mount Olive College, Mount Olive, NC. Retrieved 13 May 2012. from: http://www.moc.edu/index.php/mission-covenant Hilberg, J., & Meiselwitz, G. (2008). Undergraduate fluency with information and communication technology: perceptions and reality. In J. J. Ekstrom, & M. Stockman (Eds.), Proceedings of the 9th Conference on Information Technology Education, SIGITE 2008 (pp. 5-10). Cincinnati: ACM. Andersson, D. and Reimers, K. (Jul-Sep 2010). Utilizing Software Application Tools to Enhance Online Student Engagement and Achievement. i-Managers Journal of Educational Technology, Nagercoli, India, i-Manager Publishing. Parsons, Amy L. & Lepkowska-White, Elzbieta (2009). Group Projects Using Clients versus Not Using Clients: Do Students Perceive Any Difference? Journal of Marketing, v31 n2 p 154-159.

More Related