COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT USER/EMPLOYEE & NON-IT USER/EMPLOYEE
1. “COMPARE THE LEVEL OF SECURITY RISK BETWEEN IT
USER/EMPLOYEE & NON-IT USER/EMPLOYEE”
Amit Kumar
RTIE 2015
Scientific Assistant (Adhoc), Indira Gandhi Institute of Physical
Education & Sports Sciences, B-block, Vikaspuri, Delhi
2. Computer Security Risk : It is a risk related to information
technology.
Information Security : means protecting information and
information system from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction.
INTRODUCTIONRTIE 2015
But one of the most significant security risks that
organizations and corporation face today is not with
systems or applications but with the USER.
Computer security in the workplace is not the sole
responsibility of the IT staff. Everyone in the company or
organization has a role to play in security resources and
data.
4. To Compare the level of Security risk among different
subgroups based on experience in IT field
To Compare the level of Security risk among different
subgroups based on experience in NON-IT field
To Compare the level of Security risk between IT &
NON-IT group
To access the overall level of security Risk among user
RTIE 2015
OBJECTIVE OF THE STUDY
5. METHODOLOGY
Selection of the Subjects
80 subjects were selected. 40 represents the IT group and
remaining 40 represents the Non-IT Group
Further both group categorized according of their experience
RTIE 2015
6. RTIE 2015
The Data was collected from MNCs, colleges of Delhi Univ. & IP university,
Delhi Police Department.
Collection of Data
MNC College Delhi Police
DU IP
KVIT pvt ltd. IGIPESS SRM Burari Thana
Jingle Info Pvt ltd. RAJDHANI Adarsh Ngr Thana
KALINDI
Computer Center
Each subject was contacted individually & informed about the purpose of the
study. Necessary with regard to follow up of questionnaire was imported and
questionnaire was distributed.
Statistical Techniques
:-- Description Statistics :-- Two Way Anova Test
:-- One Way Anova Test :-- T test
7. RTIE 2015
Descriptive Statistics
Group Experience Mean Std.
Deviation
N
IT Group 0-2 58.64 10.624 14
3-4 58.38 8.434 8
5-10 49.91 6.848 11
10+ 36.86 3.024 7
Total 52.38 11.412 40
Non-IT
Group
0-2 68.09 2.914 11
3-4 68.00 7.130 13
5-10 68.12 2.997 8
10+ 59.50 3.207 8
Total 66.35 5.772 40
Table: It shows that the person having a experience in 10+ have a
low level of risk in both group. As it show in table in IT group mean
value of 10+ is 36.86 which is low in it group and 59.50 which is also
low in NON-IT group.
8. RTIE 2015
Two way ANOVA test (2x4)
There is significant difference in
interaction between groups i.e. IT
& NON-IT and different duration
of experiences. As the f value
was obtained 91.892 at p value
0.01 Since, the significant
difference was obtained between
the group and among different
experience. Therefore, analysis of
variance was obtained
Source Type III
Sum of
Squares
df Mean
Square
f Sig.
Group 4235.505 1 4235.505 91.892 **.000
group *
experience
583.402 3 194.467 4.219 **.008
Error 3318.640 72 46.092
Total 292197.000 80
(I) group (J) group
Mean
Difference
(I-J)
Std.
Error
Sig.a
IT Group Non-IT Group -14.983* 1.563 .000
Non-IT
Group
IT Group 14.983* 1.563 .000
• Table reveals that mean
difference (I-J) value is 14.983
which is significant at .01 level.
It means there is significant
difference in this course of risk
factor between IT Group & Non-
IT Group.
9. RTIE 2015
One way ANOVA test of IT user
Sum of
Squares
df Mean
Square
f Sig.
Between
Groups
469.316 3 156.439 6.787 .001
Within
Groups
829.784 36 23.050
Total 1299.10 39
(I)
experience
(J)
experience
Mean
Difference
(I-J)
Std.
Error
Sig.
0-2
3-4 .091 1.967 1.000
5-10 -.034 2.231 1.000
10+ 8.591* 2.231 .006
3-4
0-2 -.091 1.967 1.000
5-10 -.125 2.157 1.000
10+ 8.500* 2.157 .004
5-10
0-2 .034 2.231 1.000
3-4 .125 2.157 1.000
10+ 8.625* 2.400 .011
10+
0-2 -8.591* 2.231 .006
3-4 -8.500* 2.157 .004
5-10 -8.625* 2.400 .011
10. RTIE 2015
One way ANOVA test of NON-IT user
Sum of
Squares
df
Mean
Square
f Sig.
Between
Groups
2590.519 3 863.506 12.490 .000
Within
Groups
2488.856 36 69.135
Total 5079.375 39
(I)
Experience
(J)
experience
Mean Diff.
(I-J)
Std.
Error
Sig.
0-2
3-4 .268 3.685 1.000
5-10 8.734 3.350 .097
10+ 21.786* 3.849 .000
3-4
0-2 -.268 3.685 1.000
5-10 8.466 3.864 .206
10+ 21.518* 4.303 .000
5-10
0-2 -8.734 3.350 .097
3-4 -8.466 3.864 .206
10+ 13.052* 4.020 .025
10+
0-2 -21.786* 3.849 .000
3-4 -21.518* 4.303 .000
5-10 -13.052* 4.020 .025
11. RTIE 2015
T-test
Variable Experience
group
1 IT
2Non-IT
N Mean
Std.
Deviation
dt t-value
Risk
scores
Group
(0-2)
1 14 58.64 10.624 23 -2.855
2 11 68.09 2.914 15.425 -3.179
Group
(3-4)
1 8 58.38 8.434 19 -2.805
2 13 68.00 7.130 13.040 -2.690
Group
(5-10)
1 11 49.91 6.848 17 -7.009
2 8 68.12 2.997 14.522 -7.849
Group (10+)
1 7 36.86 3.024 13 -14.005
2 8 59.50 3.207 12.907 -14.065
12. FINDINGS
1. There was significant difference between the IT & NON-IT Group.
2. There was a significant difference among the Sub Group (based on
experience) of IT
3. There was a significant difference among the Sub Group (based on
experience) of Non- IT
RTIE 2015
CONCLUSION
This present study on 80 in which 40 representing to the IT group and 40 representing the
group of Non-IT, finds over 90% respondents say negligent or malicious or other insiders
have been responsible for at least one data breach within the organization.
When we analyzed the data group wise, we found in IT Group that the
approximate 20% IT user / employee were the safe user who follow the almost all the safety
guard while using the Workspace.
These safe users had having an experience more than 10 years. A great tool to
measure the effectiveness and strength of the organization’s security awareness program is
with a survey.
So it is a necessity to conduct security training awareness program by the
organization to their employee about security and security risk.
13. Reference
1. Hansson, Sven Ove; Edward N. Zalta, editor (Spring 2014). "Risk". The Stanford Encyclopedia of Philosophy.
Retrieved 9 Sep. 2014.
2. Webopedia. vulnerability scanning. Darien: Jupitermedia, undated, accessed 12 October 2014; available from
http://www.webopedia.com/TERM/V/vulnerability_scanning.html; Internet.
3. Wikipedia. Anti-virus software. Wikipedia, 2014, accessed 06 October 2014; available from
http://en.wikipedia.org/wiki/Anti-viral_software; Internet.
4. Wikipedia. Network Mapping. Wikipedia, 2014, accessed 12 October; available from
http://en.wikipedia.org/wiki/Network_Mapping; Internet.
5. Yip Chung, Christina. Anomaly Detection in Database Systems. Davis: UC Davis Computer Security Laboratory,
1999, accessed 12 October 2014; available from http://seclab.cs.ucdavis.edu/projects/anomaly.html; Internet.
6. Zwicky, Elizabeth D., S. Cooper and D. B. Chapman. Building Internet Firewalls,2nd Edition. Cambridge: O'Reilly,
2000.
7. Lillian Ablon, Martin C. Libicki, Andrea A. Golay. Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar :
RAND Corporation , 2014.
8. Tarek N. Saadawi, Louis H. Jordan Jr. Cyber Infrastructure Protection: Strategic studies Institute,2011.
9. Kanish, Bob. An Overview of Computer Viruses and Antivirus Software. Unknown: Kanish, 1996, accessed 12
October 2014; available from http://www.hicom.net/~oedipus/virus32.html; Internet.
10. Manu. Firewall Basics. Unknown: SecurityDocs.com, accessed 06Oct2014; available from
http://www.securitydocs.com/library/2413; Internet
RTIE 2015