compare the level of security risk between it user/employee & non-it user/employee
TRANSCRIPT
“COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMPLOYEE”
Amit Kumar
RTIE 2015
Scientific Assistant (Adhoc), Indira Gandhi Institute of Physical Education & Sports Sciences, B-block, Vikaspuri, Delhi
Computer Security Risk : It is a risk related to information technology.Information Security : means protecting information and information system from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
INTRODUCTIONRTIE 2015
But one of the most significant security risks that organizations and corporation face today is not with systems or applications but with the USER.Computer security in the workplace is not the sole responsibility of the IT staff. Everyone in the company or organization has a role to play in security resources and data.
Method of Data Security
INTRODUCTIONRTIE 2015
To Compare the level of Security risk among different subgroups based on experience in IT field
To Compare the level of Security risk among different subgroups based on experience in NON-IT field
To Compare the level of Security risk between IT & NON-IT group
To access the overall level of security Risk among user
RTIE 2015
OBJECTIVE OF THE STUDY
METHODOLOGY
Selection of the Subjects
80 subjects were selected. 40 represents the IT group and remaining 40 represents the Non-IT GroupFurther both group categorized according of their experience
RTIE 2015
RTIE 2015
The Data was collected from MNCs, colleges of Delhi Univ. & IP university, Delhi Police Department.
Collection of Data
MNC College Delhi Police
DU IP
KVIT pvt ltd. IGIPESS SRM Burari Thana
Jingle Info Pvt ltd. RAJDHANI Adarsh Ngr Thana
KALINDI
Computer Center
Each subject was contacted individually & informed about the purpose of the study. Necessary with regard to follow up of questionnaire was imported and questionnaire was distributed.
Statistical Techniques
:-- Description Statistics :-- Two Way Anova Test:-- One Way Anova Test :-- T test
RTIE 2015
Descriptive Statistics
Group Experience Mean Std. Deviation
N
IT Group 0-2 58.64 10.624 14
3-4 58.38 8.434 85-10 49.91 6.848 1110+ 36.86 3.024 7
Total 52.38 11.412 40Non-IT Group
0-2 68.09 2.914 113-4 68.00 7.130 13
5-10 68.12 2.997 810+ 59.50 3.207 8
Total 66.35 5.772 40
Table: It shows that the person having a experience in 10+ have a low level of risk in both group. As it show in table in IT group mean value of 10+ is 36.86 which is low in it group and 59.50 which is also low in NON-IT group.
RTIE 2015
Two way ANOVA test (2x4)
There is significant difference in interaction between groups i.e. IT & NON-IT and different duration of experiences. As the f value was obtained 91.892 at p value 0.01 Since, the significant difference was obtained between the group and among different experience. Therefore, analysis of variance was obtained
Source Type III Sum of Squares
df Mean Square
f Sig.
Group 4235.505 1 4235.505 91.892 **.000
group * experience
583.402 3 194.467 4.219 **.008
Error 3318.640 72 46.092
Total 292197.000 80
(I) group (J) groupMean
Difference (I-J)
Std. Error Sig.a
IT Group Non-IT Group -14.983* 1.563 .000Non-IT Group IT Group 14.983* 1.563 .000
• Table reveals that mean difference (I-J) value is 14.983 which is significant at .01 level. It means there is significant difference in this course of risk factor between IT Group & Non-IT Group.
RTIE 2015
One way ANOVA test of IT user
Sum of Squares
df Mean Square
f Sig.
Between Groups
469.316 3 156.439 6.787 .001
Within Groups
829.784 36 23.050
Total 1299.10 39
(I) experience
(J) experience
Mean Difference
(I-J)
Std. Error Sig.
0-23-4 .091 1.967 1.000
5-10 -.034 2.231 1.00010+ 8.591* 2.231 .006
3-40-2 -.091 1.967 1.000
5-10 -.125 2.157 1.00010+ 8.500* 2.157 .004
5-100-2 .034 2.231 1.0003-4 .125 2.157 1.00010+ 8.625* 2.400 .011
10+0-2 -8.591* 2.231 .0063-4 -8.500* 2.157 .004
5-10 -8.625* 2.400 .011
RTIE 2015
One way ANOVA test of NON-IT user
Sum of Squares df Mean
Square f Sig.
Between Groups
2590.519 3 863.506 12.490 .000
Within Groups
2488.856 36 69.135
Total 5079.375 39
(I) Experience
(J) experience
Mean Diff. (I-J)
Std. Error Sig.
0-23-4 .268 3.685 1.000
5-10 8.734 3.350 .09710+ 21.786* 3.849 .000
3-40-2 -.268 3.685 1.000
5-10 8.466 3.864 .20610+ 21.518* 4.303 .000
5-100-2 -8.734 3.350 .0973-4 -8.466 3.864 .20610+ 13.052* 4.020 .025
10+0-2 -21.786* 3.849 .0003-4 -21.518* 4.303 .000
5-10 -13.052* 4.020 .025
RTIE 2015
T-test
Variable Experience group 1 IT
2Non-ITN Mean Std.
Deviation dt t-value
Risk scores
Group (0-2)
1 14 58.64 10.624 23 -2.855
2 11 68.09 2.914 15.425 -3.179
Group (3-4)
1 8 58.38 8.434 19 -2.805
2 13 68.00 7.130 13.040 -2.690
Group (5-10)
1 11 49.91 6.848 17 -7.009
2 8 68.12 2.997 14.522 -7.849
Group (10+)
1 7 36.86 3.024 13 -14.005
2 8 59.50 3.207 12.907 -14.065
FINDINGS1. There was significant difference between the IT & NON-IT Group.
2. There was a significant difference among the Sub Group (based on experience) of IT
3. There was a significant difference among the Sub Group (based on experience) of Non- IT
RTIE 2015
CONCLUSIONThis present study on 80 in which 40 representing to the IT group and 40 representing the group of Non-IT, finds over 90% respondents say negligent or malicious or other insiders have been responsible for at least one data breach within the organization.
When we analyzed the data group wise, we found in IT Group that the approximate 20% IT user / employee were the safe user who follow the almost all the safety guard while using the Workspace.
These safe users had having an experience more than 10 years. A great tool to measure the effectiveness and strength of the organization’s security awareness program is with a survey.
So it is a necessity to conduct security training awareness program by the organization to their employee about security and security risk.
Reference
1. Hansson, Sven Ove; Edward N. Zalta, editor (Spring 2014). "Risk". The Stanford Encyclopedia of Philosophy. Retrieved 9 Sep. 2014.
2. Webopedia. vulnerability scanning. Darien: Jupitermedia, undated, accessed 12 October 2014; available from http://www.webopedia.com/TERM/V/vulnerability_scanning.html; Internet.
3. Wikipedia. Anti-virus software. Wikipedia, 2014, accessed 06 October 2014; available from http://en.wikipedia.org/wiki/Anti-viral_software; Internet.
4. Wikipedia. Network Mapping. Wikipedia, 2014, accessed 12 October; available from http://en.wikipedia.org/wiki/Network_Mapping; Internet.
5. Yip Chung, Christina. Anomaly Detection in Database Systems. Davis: UC Davis Computer Security Laboratory, 1999, accessed 12 October 2014; available from http://seclab.cs.ucdavis.edu/projects/anomaly.html; Internet.
6. Zwicky, Elizabeth D., S. Cooper and D. B. Chapman. Building Internet Firewalls,2nd Edition. Cambridge: O'Reilly, 2000.
7. Lillian Ablon, Martin C. Libicki, Andrea A. Golay. Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar : RAND Corporation , 2014.
8. Tarek N. Saadawi, Louis H. Jordan Jr. Cyber Infrastructure Protection: Strategic studies Institute,2011.9. Kanish, Bob. An Overview of Computer Viruses and Antivirus Software. Unknown: Kanish, 1996, accessed 12
October 2014; available from http://www.hicom.net/~oedipus/virus32.html; Internet. 10. Manu. Firewall Basics. Unknown: SecurityDocs.com, accessed 06Oct2014; available from
http://www.securitydocs.com/library/2413; Internet
RTIE 2015