Qualitative assessment based on questionnaires use in fact statistical quantitative methods to obtain results. Statistical estimation represents the basis for quantitative models." Muntenu states conclusion that in each of these approaches the "moral hazard of the analyst has influence on the results because human nature is subjective. He must use a sliding window approach according to business and information systems features, balancing from qualitative to quantitative assessment." (2004) qualitative study of information systems security is reported in a study conducted in U.S. academic institutions in the work of Steffani a. Burd, Principal Investigator for Information Security in Academic Institutions in a project funded by the United States Department of Justice for the National Institute of Justice reports in the Impact of Information Security in Academic Institution on Public Safety and Security in the United States (2005-2006) that "despite the critical information security issues faced by academic institutions, little research has been conducted at the policy, practice, or theoretical levels to address these issues, and few policies or cost-effective controls have been developed." (Burd, 2005-2006) the following are next listed:
1) the profile of issues and approaches, 2) to develop a practical road map for policy and practice, and 3) to advance the knowledge, policy, and practice of academic institutions, law enforcement, government and researchers.
In this study reported the design was on that incorporated three different methods of data collection, which included:
1) Quantitative field survey;
2) Qualitative one-on-one interviews, and 3) an empirical assessment of the institutions' network activity. (Burd, 2005-2006)
This study reports data collection specifically to have involved data collection in what was a simple random sampling of 600 academic institutions from the Department of Education's National Center for Education Statistics (NCES) Integrated Postsecondary Education Data System (IPEDS) database. Recruitment is reported to have been through use of postcard, telephone, and email including Web-based survey administration, and three follow-ups. Survey data collection is reported as having involved "simple random sampling of 600 academic institutions from the Department of Education's National Center for Education Statistics (NCES) Integrated Postsecondary Education Data System (IPEDS) database, recruitment via postcard, telephone, and email, Web-based survey administration, and three follow-ups." (Burd, 2005-2006) it is reported that network data collection involved "convenience sampling of two academic institutions, recruitment via telephone and email, installing Higher Education Network Analysis, recruitment via telephone and email, installing Higher Education Network Analysis (HENA) on participants systems and six months of data collection." (Burd, 2005-2006)
Network security is defined in this study as involving 'the protection of networks and their services from unauthorized modification, destruction or disclosure. Network security provides assurance that a network performs its critical functions correctly and there are no harmful side effects." (Burd, 2005-2006) This study states that for the purposes of the interview that was administered that vulnerability was defined as "the potential for a compromise of the confidentiality, integrity, or availability of the institution's network or information..." that may be "exploited by "outsiders" including students, faculty or staff. The section of the interview labeled 'Institution's Potential Vulnerability' asked the participants the questions as follows:
1) What do you consider are the top three vulnerabilities at your institution? (These responses were written into three provided spaces in the questionnaire.
2) Do you believe these top three areas of vulnerability at your institution are different from those of other universities? Answer options provided were:
a) yes;
b) no; and not sure.
3) Participants were asked to state on a scale 1-7 (with 1 is 'no' vulnerability and 7 is critical vulnerability) how they would rate the overall level of vulnerability in maintaining the security of the institution's network.
4) Participants were asked based on their observations whether they predict that the vulnerability of their institution in maintaining its network security in the upcoming one to three years will:
a) increase the upcoming 1-3 years;
b) decrease in the upcoming 1-3 years;
remain the same in the upcoming 1-3 years; or d) not sure. (Burd, 2005-2006)
In the next section of the interview entitled "Institutions Potential Threat' it is reported that for the purpose of this interview that 'threat' is defined "as the potential your institution's network may pose to compromising individuals, organizations, or critical infrastructure including;
Threats to individuals may include identity theft, credit card fraud, and spam;
Threats to organizations may include theft or disclosure of information, dedicated denial of services (DDOS) against specific organizations, worms, viruses, or spam;
Threats to critical infrastructure may include DDOS to SCADA and communication systems or compromise of sensitive or classified information, including research and development (e.g., DARPA, HASARPA). (Burd, 2005-2006)
The interview reported by Burd (2005-2006) asks the following questions in this section of the interview:
1) Based on your institution's information security posture, which of the following are ways your institution may pose a threat to individuals, other organizations, or critical infrastructure? (Please check all that apply.)
Attacking critical infrastructure (e.g,. DDOS on SCADA, communications) attacking specific organizations (e.g., DDOS, virus, worms, bots)
Phishing scams
Stealing individuals' private information (e.g., for identity theft...
E-Commerce A fresh channel of distributing personal information has been opened up by the internet. It is now the fastest developing electronic means of communication the world has ever seen. For instance, in the U.S. after the widespread use of electricity nearly 46 years later only 30% of American homes had access to electricity and almost 38 years elapsed before 30% of households had telephones with only 17% enjoying television. For
Health-Care Data at Euclid Hospital Security and Control: A White Paper Protecting Health-Care Data The efficiency of the modern healthcare system is increasingly becoming reliant on a computerized infrastructure. Open distributed information systems have been initiated to bring professionals together on a common platform throughout the world. It needs to be understood that easy and flexible methods of processing and communication of images; sound and texts will help in visualizing and thereby
Regulating Internet Privacy Privacy regulation has remained pinnacle of issues that got birth with internet. Every innovation in technology is at the expense of privacy; it is no more there as most of technicians believe. A layman using internet does not find how and when his personal information is can be traced by someone else; privacy at workplace that was once enjoyed by the employees is no more at one's disposal,
But research is very mixed on what that answer is when the data is voluntarily revealed. For example, if someone "likes" Apple on Facebook and Apple then in turn markets Apple products to that person, it should be asked whether Apple is acting improperly. Companies with products that compete with Apple could do the same thing. Research bears out that this question comes down to personal and professional ethics
Conger, 2009). Recommendations for Organizations The many factors of data mining and their use for profiling customers and their needs also create opportunities for organizations to build greater levels of trust with their customers as well. And trust is the greatest asset any marketer can have today. The following are a series of recommendations for how organizations can address demographic influences that impact their marketing strategies in light of concerns surrounding
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now