Article Preview
TopIntroduction
The significance of the data resources has been widely acknowledged and organizations invest a significant amount of resources on their security to ensure the business continuity (Colwill, 2009). In this regard, the importance of the human factor has been understood and while designing effective information security (IS) solutions merely technical solutions are not proposed((Furnell, Jusoh, & Katsabas, 2006; Herath & Rao, 2009). In order to strengthen the human element against diversity of the IS attacks and threats, IS policies, security training and education, and information security awareness (ISA) programs have been suggested by the researchers (Abraham, 2011; D’Arcy & Hovav, 2009; Pahnila, Siponen, & Mahmood, 2007). A review of literature (Lebek, Uffen, Breitner, Neumann, & Hohler, 2013; Tsohou, Kokolakis, Karyda, & Kiountouzis, 2008) suggests that ISA has been studied extensively in the context of commercial and business organizations, however, the same is not true for educational institutions.
Universities and other educational institutions are different from the commercial organizations both in terms of objectives as well as the human element. Unlike commercial organizations, the main objective of educational institutions is to impart knowledge and education among the youth. Educational institutions have a third entity – students – in addition to normal employer-employee entities that exist in the commercial organizations. Educational institutions especially universities, have been in the cross-hair of the cybercriminals due to availability of the vast computing power and the open access (Katz, 2005). The use of online resources such as the digital libraries and online courses, and internet based services such as online social networks, are on the rise during the recent years (B. Kim, 2014). This rapid growth in the usage exposes the students to different security threats that linger in the Internet. (Farooq, Ullah Kakakhel, Virtanen & Isoaho, 2015) identified 75 different security and privacy related threats related to university students.
Although there is a growing importance of the ISA for educational institutions, for example, (Ingerman & Yang, 2011) ranked IS as the one of the top areas of concern for the educational institutions, research is pretty scarce in this regard. A recent literature review of ISA awareness studies revealed that out of 24 ISA assessment studies found during 2005-2014 only 3 were focusing on college/university students (Rahim et al., 2015). Among the students’ focused ISA studies found in the literature, most of the time students from single disciplines were studied, for example Business and Economics (Jones, Chin, & Aiken, 2014; Kim, 2013). The authors were unable to find a study where ISA of students has been studied comprehensively across the different disciplines. This disparity urged the authors to conduct a cross-discipline ISA assessment study to analyze different ISA related issues faced by students from different educational background. An earlier investigation (Farooq, Isoaho, Virtanen & Isoaho, 2015) revealed that some of the students’ individual factors such as gender and training have statistically significant association with ISA as well as its constituent dimensions, knowledge and behavior. Area of living, another students’ individual factor, showed significant association with knowledge only. Other individual factors such as age, educational level, discipline, nationality and working experience did not show any significant correlation with ISA or its constituent dimension in aforementioned study. Among all the students’ individual factors mentioned above, gender turned out to be the strongest factor that is correlated to the ISA and its constituent dimensions. However, the genderwise difference were not thoroughly discussed in the aforementioned study.