Abstract
It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the world, however, is accompanied by malicious and mischievous activities online. With the traditional crimes such as fraud, identity theft, and harassment now being committed with the use of the Internet, and networked home computers being exploited to carry out attacks such as denial of service, spamming, phishing and virus/worm propagation, it has become important to investigate security and privacy issues as they pertain to individual Internet users. To date very little is known about what characteristics of internet users affect their computing and on-line behaviors as they relate to security online. While some attention has been paid to understand the security issues affecting corporations, research investigating security issues as they relate to home users is still in infancy. Drawing from disciplines such as criminology, sociology, consumer fraud, and information security, this study seeks to find the role of computing skills and computer training, social influence, and gender on person’s vulnerability to Internet crimes. Our findings are significant and shed light in this important area of Internet crime contributing to the information security literature.
TopIntroduction
Explosive growth in the use of the Internet around the globe has been noted by several surveys. The web statistics compiled by Internet World Stats (http://news.bbc.co.uk/2/hi/technology/3708260.stm).
Sparse yet some information security literature has focused on behavioral components of information security in an attempt to understand the security related behaviors of individuals (for example, (Hazari, 2005; Hu & Dinev, 2005; Sasse & Brostoff, 2001; Stanton et al., 2004; Stanton et al., 2005). While many of these studies have been conducted in organizational settings others have focused on behaviors pertaining only to the software use behaviors. Although, as discussed in detail later, we can draw valuable insights from these studies, many other online risks faced by individual internet users in home setting such as social engineering tactics or awareness issues were outside the scope of these studies. Drawing from disciplines such as criminology, sociology, consumer fraud, and information security, this paper lays a theoretical foundation to evaluate the role of computing skills and computer training, social influence, culture, individual values, age and gender on person’s vulnerability to online risks. We take the approach of understanding on-line risks and vulnerabilities and factors that relate to them. Such understanding will allow us to effectively design defense mechanisms to overcome these issues. Although, consumer fraud literature in marketing has used such approach, this approach is new to online risks and information security area.
This article is organized as follows. We first discuss various types of crimes committed on-line that affect individual citizens. Then we define vulnerability related to on-line activities based on distinct characteristics of each. Drawing from the disciplines of criminology, sociology and marketing (specifically consumer fraud literature in marketing), we present a theoretical model along with propositions to understand the role of computing skills and computer training, age and gender on person’s vulnerability to internet crimes.
Key Terms in this Chapter
Spyware: A software that gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Once installed, the spyware monitors user activities while on the Internet such as capture your keystrokes while typing the passwords, read and track your e-mail, record what sites you visit, record the credit card numbers; and transmits that information in the background to someone else.
Internet Crime (Cyber Crime): Internet crime consists of specific crimes dealing with computers and networks (such as hacking) and the facilitation of traditional crime through the use of computers (child pornography, hate crimes, telemarketing /Internet fraud). In addition to cyber crime, it may cover the use of computers by criminals for communication and document or data storage.
On-Line Victimization: Falling victim to internet crimes such as on-line harassment, computer intrusion, SPAM e-mail, internet fraud and identity theft.
Vulnerability to Internet Crimes: Weaknesses that may subject an internet user to become victim to an Internet Crime e.g. lack of awareness of current threats and system vulnerabilities, inability or delay in dealing with the system vulnerabilities. In this chapter the term vulnerability to Internet crime is defined as vulnerabilities related to on-line activities arising from various computing and internet activities, trusting tendencies as well as awareness issues related to on-line risks.
Victimology: The study of why certain people are victims of crime and how lifestyles affect the chances that a certain person will fall victim to a crime. This interdisciplinary field draws from a wide number of disciplines, including sociology, psychology, and criminology.
System Vulnerability (Vulnerability): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited.
Security: Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to data or computer systems.