Login Signup
Verified Document

Security And Online Privacy Regulations: Research Proposal

Related Topics:
Security Breach Firewalls Social Security Database Security
Open Document Cite Document

Qualitative assessment based on questionnaires use in fact statistical quantitative methods to obtain results. Statistical estimation represents the basis for quantitative models." Muntenu states conclusion that in each of these approaches the "moral hazard of the analyst has influence on the results because human nature is subjective. He must use a sliding window approach according to business and information systems features, balancing from qualitative to quantitative assessment." (2004) qualitative study of information systems security is reported in a study conducted in U.S. academic institutions in the work of Steffani a. Burd, Principal Investigator for Information Security in Academic Institutions in a project funded by the United States Department of Justice for the National Institute of Justice reports in the Impact of Information Security in Academic Institution on Public Safety and Security in the United States (2005-2006) that "despite the critical information security issues faced by academic institutions, little research has been conducted at the policy, practice, or theoretical levels to address these issues, and few policies or cost-effective controls have been developed." (Burd, 2005-2006) the following are next listed: 1) the profile of issues and approaches, 2) to develop a practical road map for policy and practice, and 3) to advance the knowledge, policy, and practice of academic institutions, law enforcement, government and researchers.

In this study reported the design was on that incorporated three different methods of data collection, which included:

1) Quantitative field survey;

2) Qualitative one-on-one interviews, and 3) an empirical assessment of the institutions' network activity. (Burd, 2005-2006)

This study reports data collection specifically to have involved data collection in what was a simple random sampling of 600 academic institutions from the Department of Education's National Center for Education Statistics (NCES) Integrated Postsecondary Education Data System (IPEDS) database. Recruitment is reported to have been through use of postcard, telephone, and email including Web-based survey administration, and three follow-ups. Survey data collection is reported as having involved "simple random sampling of 600 academic institutions from the Department of Education's National Center for Education Statistics (NCES) Integrated Postsecondary Education Data System (IPEDS) database, recruitment via postcard, telephone, and email, Web-based survey administration, and three follow-ups." (Burd, 2005-2006) it is reported that network data collection involved "convenience sampling of two academic institutions, recruitment via telephone and email, installing Higher Education Network Analysis, recruitment via telephone and email, installing Higher Education Network Analysis (HENA) on participants systems and six months of data collection." (Burd, 2005-2006)

Network security is defined in this study as involving 'the protection of networks and their services from unauthorized modification, destruction or disclosure. Network security provides assurance that a network performs its critical functions correctly and there are no harmful side effects." (Burd, 2005-2006) This study states that for the purposes of the interview that was administered that vulnerability was defined as "the potential for a compromise of the confidentiality, integrity, or availability of the institution's network or information..." that may be "exploited by "outsiders" including students, faculty or staff. The section of the interview labeled 'Institution's Potential Vulnerability' asked the participants the questions as follows:

1) What do you consider are the top three vulnerabilities at your institution? (These responses were written into three provided spaces in the questionnaire.

2) Do you believe these top three areas of vulnerability at your institution are different from those of other universities? Answer options provided were:

a) yes;

b) no; and not sure.

3) Participants were asked to state on a scale 1-7 (with 1 is 'no' vulnerability and 7 is critical vulnerability) how they would rate the overall level of vulnerability in maintaining the security of the institution's network.

4) Participants were asked based on their observations whether they predict that the vulnerability of their institution in maintaining its network security in the upcoming one to three years will:

a) increase the upcoming 1-3 years;

b) decrease in the upcoming 1-3 years;

remain the same in the upcoming 1-3 years; or d) not sure. (Burd, 2005-2006)

In the next section of the interview entitled "Institutions Potential Threat' it is reported that for the purpose of this interview that 'threat' is defined "as the potential your institution's network may pose to compromising individuals, organizations, or critical infrastructure including;

Threats to individuals may include identity theft, credit card fraud, and spam;

Threats to organizations may include theft or disclosure of information, dedicated denial of services (DDOS) against specific organizations, worms, viruses, or spam;

Threats to critical infrastructure may include DDOS to SCADA and communication systems or compromise of sensitive or classified information, including research and development (e.g., DARPA, HASARPA). (Burd, 2005-2006)

The interview reported by Burd (2005-2006) asks the following questions in this section of the interview:

1) Based on your institution's information security posture, which of the following are ways your institution may pose a threat to individuals, other organizations, or critical infrastructure? (Please check all that apply.)

Attacking critical infrastructure (e.g,. DDOS on SCADA, communications) attacking specific organizations (e.g., DDOS, virus, worms, bots)

Phishing scams

Stealing individuals' private information (e.g., for identity theft...

Research data is stated as technical, medical and government related data and private data includes social security number, drivers license number, date of birth, and medical data. Specifically stated is: "It may be resident on the network or in transit. It includes data located in the centralized network as well as on departmental and individual computers." (Burd, 2005-2006) Value is stated to address "the monetary and non-monetary aspects of information, including costs associated with creating the information losses due to compromised information, recovery costs, and implications of compromise (e.g., reputation damage, law suits).Questions asked in this section of the survey entitled: "Information Sharing and Value" include the following:
1) What do you consider to be the three most valuable types of information at your institution? Participants were asked the responses in this question as follows:

most valuable second-most valuable third most valuable" the following information:

Grades, evaluations and recommendations

Private identifying data (e.g., social security number, drivers license, date of birth)

Private financial data (e.g., credit history, credit card information, family's finances)

Private medical data

Institution intellectual property (e.g., coursework, distance learning, articles)

Institution research data (e.g., technical, medical, government-related)

SCADA and communications data

Other (please specify)

Burd, 2005-2006)

2) Why do you consider this information to be the most valuable at your institution? For providing answers the participants were asked to write their answer in blanks that were provided. (Burd, 2005-2006)

3) With which government agencies, if any, do you share sensitive information?

DARPA/HSARPA

REN-ISAC

SEVIS

US-CERT

Other (please specify)

None of the above Not sure (Burd, 2005-2006)

4) Which methods do you use to secure sensitive information at your institution?

Identity management

Internal firewall

Physical separation

Role-based access control

Other (please specify)

None of the above Not sure (Burd, 2005-2006)

5) Which methods do you use, if any, to share sensitive information with government organizations?

Email (encrypted)

Email (unencrypted)

FTPHTTP

HTTPS

VPN (SSL or IPSec)

Other (please specify)

None of the above Not sure (Burd, 2005-2006)

6) Which vetting procedures, if any do you use for it staff who handle sensitive information?

Reference check - sometimes

Reference check - always

Criminal background check - sometimes

Criminal background check - always (Burd, 2005-2006)

7) Which vetting procedures, if any do you use for administrative staff who handle sensitive information?

For the purpose of this study 'end user' is described as "any individual who accesses information at your institution including the following:

1) Students (full- and part-time, on-campus and off-campus)

2) Faculty (both full-time and part-time; on campus and off campus)

3) Staff (both full-time and part-time; on-campus and off-campus); and 4) Affiliates (contractors, visitors, library users, alumni) (Burd, 2005-2006)

Questions in this section of the study entitled: 'included those as follows:

1) What are the key issues you encounter with end users in attempting to maintain information security at your institution? (Please select all that apply) a. Culture

Belief in freedom of information

Low security or safeguards on information

Privacy issues

Resistance to security measures

Senior management does not support information security efforts b. Policy

Policy does not exist

Policy is not adequate

Policy is not sufficiently enforced c. Awareness and Knowledge

Insufficient awareness of security issues (e.g., wireless security threats)

Inadequate understanding of actions (e.g., storing sensitive information on palm pilots)

Inadequate knowledge of the internet and computing (e.g., phishing scams)

Limited technical ability (e.g., don't know how to install antivirus software) d. Technology, Structure & Systems

Distributed computing systems (e.g., departmental computers)

Emerging technology (e.g., wireless, instant messaging, P2P networking)

Remote access issues

Rogue, unsupported computing systems (e.g., departments' systems)

Unpatched systems (e.g., operating system and application holes)

2) of all the end user security issues listed above, which is your biggest challenge?

3) When you consider…

Continue Reading...
Sources used in this document:
Bibliography

Burd, Steffani a. (2006) Impact of Information Security in Academic Institutions on Public Safety and Security: Assessing the Impact and Developing Solutions for Policy and Practice. Final Report." NCJ 215953, United States Department of Justice. National Institute of Justice, Oct 2006.

Muntenu, Adrian (2004) Managing Information in the Digital Economy: Issues & Solutions Information Security Risk Assessment: The Qualitative vs. Quantitative Dilemma

Full text PDF: http://www.ncjrs.gov/pdffiles1/nij/grants/215953.pdfMunteanu, Adrian (2004) the Information Security Risk Assessment: The Qualitative vs. Quantitative Dilemma. Managing Information in the Digital Economy: Issues & Solutions.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security and Control of Health Data
Words: 3766 Length: 10 Document Type: Term Paper

Health-Care Data at Euclid Hospital Security and Control: A White Paper Protecting Health-Care Data The efficiency of the modern healthcare system is increasingly becoming reliant on a computerized infrastructure. Open distributed information systems have been initiated to bring professionals together on a common platform throughout the world. It needs to be understood that easy and flexible methods of processing and communication of images; sound and texts will help in visualizing and thereby

Read More
Essay
Consumer Privacy: Regulations and Ethics:
Words: 2099 Length: 6 Document Type: Research Paper

Conger, 2009). Recommendations for Organizations The many factors of data mining and their use for profiling customers and their needs also create opportunities for organizations to build greater levels of trust with their customers as well. And trust is the greatest asset any marketer can have today. The following are a series of recommendations for how organizations can address demographic influences that impact their marketing strategies in light of concerns surrounding

Read More
Essay
Regulations Internet Privacy -- Let
Words: 929 Length: 3 Document Type: Term Paper

The same survey quoted by Ries noted that 92% of respondents do not trust online companies to keep personal information confidential and 82% believe that the government should regulate use of personal information by online companies. (FTC Study, 2-3) If companies do not respond, not only will business stand in danger of being over-regulated by the government, but also consumers may not trust sites and withdraw their business. This was

Read More
Essay
Privacy Protection Act the United
Words: 2315 Length: 8 Document Type: Term Paper

For example, almost all companies doing business on the Internet will have a link disclosing their privacy policy and the steps they will take to ensure the customer's privacy. Privacy matters become an issue because, in order to transact business of the Internet, one is required to enter such personal information as credit card numbers, addresses, emails and personal phone numbers. The vast majority of online businesses will have policy disclosure

Read More
Essay
Security Issues of Online Communities
Words: 15576 Length: 60 Document Type: Term Paper

This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are:

Read More
Essay
Privacy Rules Hippa Over the Years, Various
Words: 2501 Length: 8 Document Type: Essay

Privacy Rules HIPPA Over the years, various regulations have been enacted to ensure increased amounts of protection for the general public. The Health Insurance Portability and Accountability Act (HIPPA) was designed for several different reasons. The most notable include: to ensure that laid off employees are receiving continuous health insurance coverage, prevent fraud / abuse and to protect the privacy of all patients. This is significant, because it created a new

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now