“COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMPLOYEE”

  

Amit Kumar

RTIE 2015

Scientific Assistant (Adhoc), Indira Gandhi Institute of Physical Education & Sports Sciences, B-block, Vikaspuri, Delhi

Computer Security Risk : It is a risk related to information technology.Information Security : means protecting information and information system from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

  

INTRODUCTIONRTIE 2015

But one of the most significant security risks that organizations and corporation face today is not with systems or applications but with the USER.Computer security in the workplace is not the sole responsibility of the IT staff. Everyone in the company or organization has a role to play in security resources and data.

  

Method of Data Security

INTRODUCTIONRTIE 2015

To Compare the level of Security risk among different subgroups based on experience in IT field

To Compare the level of Security risk among different subgroups based on experience in NON-IT field

To Compare the level of Security risk between IT & NON-IT group

To access the overall level of security Risk among user

RTIE 2015

OBJECTIVE OF THE STUDY  

  

METHODOLOGY

Selection of the Subjects  

80 subjects were selected. 40 represents the IT group and remaining 40 represents the Non-IT GroupFurther both group categorized according of their experience

RTIE 2015

RTIE 2015

The Data was collected from MNCs, colleges of Delhi Univ. & IP university, Delhi Police Department.

Collection of Data  

MNC College Delhi Police

DU IP

KVIT pvt ltd. IGIPESS SRM Burari Thana

Jingle Info Pvt ltd. RAJDHANI Adarsh Ngr Thana

KALINDI

Computer Center

Each subject was contacted individually & informed about the purpose of the study. Necessary with regard to follow up of questionnaire was imported and questionnaire was distributed.

  

Statistical Techniques  

:-- Description Statistics :-- Two Way Anova Test:-- One Way Anova Test :-- T test

RTIE 2015

Descriptive Statistics

Group Experience Mean Std. Deviation

N

IT Group 0-2 58.64 10.624 14

3-4 58.38 8.434 85-10 49.91 6.848 1110+ 36.86 3.024 7

Total 52.38 11.412 40Non-IT Group

0-2 68.09 2.914 113-4 68.00 7.130 13

5-10 68.12 2.997 810+ 59.50 3.207 8

Total 66.35 5.772 40

Table: It shows that the person having a experience in 10+ have a low level of risk in both group. As it show in table in IT group mean value of 10+ is 36.86 which is low in it group and 59.50 which is also low in NON-IT group.

RTIE 2015

Two way ANOVA test (2x4)

There is significant difference in interaction between groups i.e. IT & NON-IT and different duration of experiences. As the f value was obtained 91.892 at p value 0.01 Since, the significant difference was obtained between the group and among different experience. Therefore, analysis of variance was obtained

Source Type III Sum of Squares

df Mean Square

f Sig.

Group 4235.505 1 4235.505 91.892 **.000

group * experience

583.402 3 194.467 4.219 **.008

Error 3318.640 72 46.092    

Total 292197.000 80      

(I) group (J) groupMean

Difference (I-J)

Std. Error Sig.a

IT Group Non-IT Group -14.983* 1.563 .000Non-IT Group IT Group 14.983* 1.563 .000

• Table reveals that mean difference (I-J) value is 14.983 which is significant at .01 level. It means there is significant difference in this course of risk factor between IT Group & Non-IT Group.

RTIE 2015

One way ANOVA test of IT user

  Sum of Squares

df Mean Square

f Sig.

Between Groups

469.316 3 156.439 6.787 .001

Within Groups

829.784 36 23.050    

Total 1299.10 39      

(I) experience

(J) experience

Mean Difference

(I-J)

Std. Error Sig.

0-23-4 .091 1.967 1.000

5-10 -.034 2.231 1.00010+ 8.591* 2.231 .006

3-40-2 -.091 1.967 1.000

5-10 -.125 2.157 1.00010+ 8.500* 2.157 .004

5-100-2 .034 2.231 1.0003-4 .125 2.157 1.00010+ 8.625* 2.400 .011

10+0-2 -8.591* 2.231 .0063-4 -8.500* 2.157 .004

5-10 -8.625* 2.400 .011

RTIE 2015

One way ANOVA test of NON-IT user

 Sum of Squares df Mean

Square f Sig.

Between Groups

2590.519 3 863.506 12.490 .000

Within Groups

2488.856 36 69.135    

Total 5079.375 39      

(I) Experience

(J) experience

Mean Diff. (I-J)

Std. Error Sig.

0-23-4 .268 3.685 1.000

5-10 8.734 3.350 .09710+ 21.786* 3.849 .000

3-40-2 -.268 3.685 1.000

5-10 8.466 3.864 .20610+ 21.518* 4.303 .000

5-100-2 -8.734 3.350 .0973-4 -8.466 3.864 .20610+ 13.052* 4.020 .025

10+0-2 -21.786* 3.849 .0003-4 -21.518* 4.303 .000

5-10 -13.052* 4.020 .025

RTIE 2015

T-test

Variable Experience group 1 IT

2Non-ITN Mean Std.

Deviation dt t-value

Risk scores

 

Group (0-2)

 

1 14 58.64 10.624 23 -2.855

2 11 68.09 2.914 15.425 -3.179

Group (3-4)

 

1 8 58.38 8.434 19 -2.805

2 13 68.00 7.130 13.040 -2.690

Group (5-10)

 

1 11 49.91 6.848 17 -7.009

2 8 68.12 2.997 14.522 -7.849

Group (10+) 

1 7 36.86 3.024 13 -14.005

2 8 59.50 3.207 12.907 -14.065

FINDINGS1. There was significant difference between the IT & NON-IT Group.

2. There was a significant difference among the Sub Group (based on experience) of IT

3. There was a significant difference among the Sub Group (based on experience) of Non- IT

RTIE 2015

CONCLUSIONThis present study on 80 in which 40 representing to the IT group and 40 representing the group of Non-IT, finds over 90% respondents say negligent or malicious or other insiders have been responsible for at least one data breach within the organization.

When we analyzed the data group wise, we found in IT Group that the approximate 20% IT user / employee were the safe user who follow the almost all the safety guard while using the Workspace.

These safe users had having an experience more than 10 years. A great tool to measure the effectiveness and strength of the organization’s security awareness program is with a survey.

So it is a necessity to conduct security training awareness program by the organization to their employee about security and security risk.

Reference

1. Hansson, Sven Ove; Edward N. Zalta, editor (Spring 2014). "Risk". The Stanford Encyclopedia of Philosophy. Retrieved 9 Sep. 2014.

2. Webopedia. vulnerability scanning. Darien: Jupitermedia, undated, accessed 12 October 2014; available from http://www.webopedia.com/TERM/V/vulnerability_scanning.html; Internet.

3. Wikipedia. Anti-virus software. Wikipedia, 2014, accessed 06 October 2014; available from http://en.wikipedia.org/wiki/Anti-viral_software; Internet.

4. Wikipedia. Network Mapping. Wikipedia, 2014, accessed 12 October; available from http://en.wikipedia.org/wiki/Network_Mapping; Internet.

5. Yip Chung, Christina. Anomaly Detection in Database Systems. Davis: UC Davis Computer Security Laboratory, 1999, accessed 12 October 2014; available from http://seclab.cs.ucdavis.edu/projects/anomaly.html; Internet.

6. Zwicky, Elizabeth D., S. Cooper and D. B. Chapman. Building Internet Firewalls,2nd Edition. Cambridge: O'Reilly, 2000.

7. Lillian Ablon, Martin C. Libicki, Andrea A. Golay. Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar : RAND Corporation , 2014.

8. Tarek N. Saadawi, Louis H. Jordan Jr. Cyber Infrastructure Protection: Strategic studies Institute,2011.9. Kanish, Bob. An Overview of Computer Viruses and Antivirus Software. Unknown: Kanish, 1996, accessed 12

October 2014; available from http://www.hicom.net/~oedipus/virus32.html; Internet. 10. Manu. Firewall Basics. Unknown: SecurityDocs.com, accessed 06Oct2014; available from

http://www.securitydocs.com/library/2413; Internet

RTIE 2015