SlideShare a Scribd company logo

Journal of Information Technology Education/tutorialoutletdotcom

W
williamtrumpz5m

FOR MORE CLASSES VISIT www.tutorialoutlet.com Journal of Information Technology Education:

Education
1 of 7
Download to read offline
Journal of Information Technology Education FOR MORE CLASSES VISIT www.tutorialoutlet.com Journal of Information Technology Education: Innovations in Practice Volume 11, 2012 Disaster at a University: A Case Study in Information Security Ramakrishna Ayyagari and Jonathan Tyks University of Massachusetts-Boston, Boston, MA, USA r.ayyagari@umb.edu; downtime6@gmail.co Executive Summary Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security
on a shoestring budget is always difficult and many small universities are challenged with balancing cost and effectiveness. Many colleges and universities have additional security challenges, such as relaxed working environments, less formalized policies and procedures, and employees that “wear many hats.” Therefore, it is not surprising to note that majority of data breaches since 2005 occur in educational settings. So, it is imperative that this segment (i.e., educational settings) be represented in classroom discussions to prepare future employees. To this end, we present a case that addresses a data breach at a university caused by lax security policies and includes an element of social engineering. The data breach at the university resulted in a number of students’ losing personally identifiable information. The resulting aftermath
placed a significant financial burden on the university as it was not prepared to handle an information security disaster. This case can be used as a pedagogical tool as it uniquely captured a data breach in a university setting. Readers of the case will identify that at the management level the case raised a number of issues regarding the security culture at the university and management of security function. The case also highlights the issues of lack of training and access control. Keywords: Information Security, Disaster Recovery, Data Breach. Introduction Security and disaster training is identified as the top IT required skill that needs to be taught in IS curriculums (Kim, Hsu, & Stern, 2006). Accordingly, information security and privacy have become core concepts in information system education (Hentea, Dhillon, & Dhillon, 2006; Kroenke, 2012; Laudon & Laudon, 2010). Instructors have several approaches to teach security and
privacy concepts. One can take a more traditional lecture based approach or a more hands-on approach that utilizes labs, case studies, etc. (Gregg, 2008). It is important to note that advances in pedagogical research place emphasis on Material published as part of this publication, either on-line or hands-on or active learning. Imparting in print, is copyrighted by the Informing Science Institute. knowledge based solely on lectures is Permission to make digital or paper copy of part or all of these criticized as there is less opportunity for works for personal or classroom use is granted without fee students to be actively engaged (Bok,
provided that the copies are not made or distributed for profit or commercial advantage AND that copies 1) bear this notice 1986). in full and 2) give the full citation on the first page. It is permissible to abstract these works so long as credit is given. To copy in all other cases or to republish or to post on a server or to redistribute to lists requires specific permission and payment of a fee. Contact Publisher@InformingScience.org to request redistribution permission. Accordingly, active learning has gained prominence among educators and researchers (Meyers & Jones, 1993). Students are eager and seek opportunities to Editor: Uolevi Nikula Information Security Disaster apply their knowledge to simulate realistic situations (Auster & Wylie, 2006). Research shows
that students find learning achieved through active participation to be more meaningful and valuable (Mitchell, 2004; Pariseau & Kezim, 2007; Wingfield & Black, 2005). One of the ways in which students can be engaged is through case studies (Bradford & Peck, 1997; Shapiro, 1984; Pariseau & Kezim, 2007). Case studies provide the students a unique opportunity to assume the roles of participants in the cases (Richards, Gorman, Scherer, & Landel, 1995). This provides an opportunity for students to reflect on their learning and apply it to crystallize their thoughts and arguments. Students are put into situations that can be ambiguous and force students to make decisions dealing with uncertainties (Richards et al., 1995). In fact, a recent study about learning preferences indicates that students place high value for case studies (Goorha & Mohan, 2009). Raising awareness regarding security issues faced by educational institutions is important because
the majority of reported breaches occur in educational settings. An analysis of all the data breaches from 2005 indicates that 21% of breaches occur in academic settings resulting

Recommended

Learning ethical hacking
Learning ethical hackingLearning ethical hacking
Learning ethical hackingmhmdtolba
 
Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...
Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...
Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...Dr. Nana Kofi Annan
 
Barriers to Effective Integration of Information and Communication Technology...
Barriers to Effective Integration of Information and Communication Technology...Barriers to Effective Integration of Information and Communication Technology...
Barriers to Effective Integration of Information and Communication Technology...International Journal of Science and Research (IJSR)
 
Using technology in Delivering Inclusive Teaching and Learning
Using technology in Delivering Inclusive Teaching and Learning Using technology in Delivering Inclusive Teaching and Learning
Using technology in Delivering Inclusive Teaching and Learning ELN The e-Learning Network
 
ICT Educational leadership
ICT Educational leadershipICT Educational leadership
ICT Educational leadershipCasual Teacher
 
Ijciet 06 09_005
Ijciet 06 09_005Ijciet 06 09_005
Ijciet 06 09_005IAEME Publication
 
Educ 612 e-learning
Educ 612 e-learningEduc 612 e-learning
Educ 612 e-learningISCOF-San Enrique Campus
 
ICT for Inclusion project
ICT for Inclusion projectICT for Inclusion project
ICT for Inclusion projectEuropean Agency for Special Needs and Inclusive Education
 

Recommended

Learning ethical hacking
Learning ethical hackingLearning ethical hacking
Learning ethical hackingmhmdtolba
 
Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...
Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...
Stump -a-model-for-the-adoption-implementation-and-use-of-m-learning-or-e-lea...Dr. Nana Kofi Annan
 
Barriers to Effective Integration of Information and Communication Technology...
Barriers to Effective Integration of Information and Communication Technology...Barriers to Effective Integration of Information and Communication Technology...
Barriers to Effective Integration of Information and Communication Technology...International Journal of Science and Research (IJSR)
 
Using technology in Delivering Inclusive Teaching and Learning
Using technology in Delivering Inclusive Teaching and Learning Using technology in Delivering Inclusive Teaching and Learning
Using technology in Delivering Inclusive Teaching and Learning ELN The e-Learning Network
 
ICT Educational leadership
ICT Educational leadershipICT Educational leadership
ICT Educational leadershipCasual Teacher
 
Ijciet 06 09_005
Ijciet 06 09_005Ijciet 06 09_005
Ijciet 06 09_005IAEME Publication
 
Educ 612 e-learning
Educ 612 e-learningEduc 612 e-learning
Educ 612 e-learningISCOF-San Enrique Campus
 
ICT for Inclusion project
ICT for Inclusion projectICT for Inclusion project
ICT for Inclusion projectEuropean Agency for Special Needs and Inclusive Education
 
The Implementation of E-learning System Governance to Deal with User Need, In...
The Implementation of E-learning System Governance to Deal with User Need, In...The Implementation of E-learning System Governance to Deal with User Need, In...
The Implementation of E-learning System Governance to Deal with User Need, In...TELKOMNIKA JOURNAL
 
Technology Enabled Learning
Technology Enabled LearningTechnology Enabled Learning
Technology Enabled Learningsiddiqur rehman
 
ICT in Educational Institutions: Create Enlightened Leaders
ICT in Educational Institutions: Create Enlightened LeadersICT in Educational Institutions: Create Enlightened Leaders
ICT in Educational Institutions: Create Enlightened LeadersCEMCA
 
21st century learning design
21st century learning design21st century learning design
21st century learning designMercy Chidi
 
Digital Portfolios
Digital PortfoliosDigital Portfolios
Digital Portfoliosasteggalllewis
 
Trusted Learning Analytics
Trusted Learning Analytics Trusted Learning Analytics
Trusted Learning Analytics Hendrik Drachsler
 
Ict in Educatoin
Ict in EducatoinIct in Educatoin
Ict in EducatoinAndielleRozenhout
 
Ict
IctIct
IctAndielleRozenhout
 
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014Palitha Edirisingha
 
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...Alexander Decker
 
Reconsidering digital education through a theory of practice
Reconsidering digital education through a theory of practice Reconsidering digital education through a theory of practice
Reconsidering digital education through a theory of practice Cristina Costa
 
A Cloud Computing Framework for Ethiopian Higher Education Institutions
A Cloud Computing Framework for Ethiopian Higher Education InstitutionsA Cloud Computing Framework for Ethiopian Higher Education Institutions
A Cloud Computing Framework for Ethiopian Higher Education InstitutionsIOSR Journals
 
9 mahmood shah risk 4 3
9 mahmood shah risk 4 39 mahmood shah risk 4 3
9 mahmood shah risk 4 3CCR-interactive
 
Advantages of using ict in teaching learning processes
Advantages of using ict in teaching learning processesAdvantages of using ict in teaching learning processes
Advantages of using ict in teaching learning processesKarlaReGo
 
Qualitative research
Qualitative researchQualitative research
Qualitative researchEngr.Muhammad Mujtaba Asad
 
Implication of ict assignment
Implication of ict assignmentImplication of ict assignment
Implication of ict assignmentAftab Bukhari
 
DeL McIver & Nottingham
DeL McIver & NottinghamDeL McIver & Nottingham
DeL McIver & NottinghamJim Nottingham
 
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...Ralf Klamma
 
DepED ICT4e
DepED ICT4eDepED ICT4e
DepED ICT4eRens Barrera
 
Educ9701 week 1 readings
Educ9701 week 1 readingsEduc9701 week 1 readings
Educ9701 week 1 readingsTrudy Sweeney
 
Journal of Information Technology Education Volume 11, 2012 .docx
Journal of Information Technology Education Volume 11, 2012 .docxJournal of Information Technology Education Volume 11, 2012 .docx
Journal of Information Technology Education Volume 11, 2012 .docxtawnyataylor528
 
Running head STUDENT TRANSFER .docx
Running head STUDENT TRANSFER .docxRunning head STUDENT TRANSFER .docx
Running head STUDENT TRANSFER .docxtoltonkendal
 

More Related Content

What's hot

The Implementation of E-learning System Governance to Deal with User Need, In...
The Implementation of E-learning System Governance to Deal with User Need, In...The Implementation of E-learning System Governance to Deal with User Need, In...
The Implementation of E-learning System Governance to Deal with User Need, In...TELKOMNIKA JOURNAL
 
Technology Enabled Learning
Technology Enabled LearningTechnology Enabled Learning
Technology Enabled Learningsiddiqur rehman
 
ICT in Educational Institutions: Create Enlightened Leaders
ICT in Educational Institutions: Create Enlightened LeadersICT in Educational Institutions: Create Enlightened Leaders
ICT in Educational Institutions: Create Enlightened LeadersCEMCA
 
21st century learning design
21st century learning design21st century learning design
21st century learning designMercy Chidi
 
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014Palitha Edirisingha
 
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...Alexander Decker
 
Reconsidering digital education through a theory of practice
Reconsidering digital education through a theory of practice Reconsidering digital education through a theory of practice
Reconsidering digital education through a theory of practice Cristina Costa
 
A Cloud Computing Framework for Ethiopian Higher Education Institutions
A Cloud Computing Framework for Ethiopian Higher Education InstitutionsA Cloud Computing Framework for Ethiopian Higher Education Institutions
A Cloud Computing Framework for Ethiopian Higher Education InstitutionsIOSR Journals
 
Advantages of using ict in teaching learning processes
Advantages of using ict in teaching learning processesAdvantages of using ict in teaching learning processes
Advantages of using ict in teaching learning processesKarlaReGo
 
Implication of ict assignment
Implication of ict assignmentImplication of ict assignment
Implication of ict assignmentAftab Bukhari
 
DeL McIver & Nottingham
DeL McIver & NottinghamDeL McIver & Nottingham
DeL McIver & NottinghamJim Nottingham
 
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...Ralf Klamma
 
Educ9701 week 1 readings
Educ9701 week 1 readingsEduc9701 week 1 readings
Educ9701 week 1 readingsTrudy Sweeney
 

What's hot (20)

The Implementation of E-learning System Governance to Deal with User Need, In...
The Implementation of E-learning System Governance to Deal with User Need, In...The Implementation of E-learning System Governance to Deal with User Need, In...
The Implementation of E-learning System Governance to Deal with User Need, In...
 
Technology Enabled Learning
Technology Enabled LearningTechnology Enabled Learning
Technology Enabled Learning
 
ICT in Educational Institutions: Create Enlightened Leaders
ICT in Educational Institutions: Create Enlightened LeadersICT in Educational Institutions: Create Enlightened Leaders
ICT in Educational Institutions: Create Enlightened Leaders
 
21st century learning design
21st century learning design21st century learning design
21st century learning design
 
Digital Portfolios
Digital PortfoliosDigital Portfolios
Digital Portfolios
 
Trusted Learning Analytics
Trusted Learning Analytics Trusted Learning Analytics
Trusted Learning Analytics
 
Ict in Educatoin
Ict in EducatoinIct in Educatoin
Ict in Educatoin
 
Ict
IctIct
Ict
 
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
Icthe policy01 cemca_kandy_palitha_edirisingha_6june2014
 
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
Exploring the trend of ict adoption in tertiary institutions in ghana a case ...
 
Reconsidering digital education through a theory of practice
Reconsidering digital education through a theory of practice Reconsidering digital education through a theory of practice
Reconsidering digital education through a theory of practice
 
A Cloud Computing Framework for Ethiopian Higher Education Institutions
A Cloud Computing Framework for Ethiopian Higher Education InstitutionsA Cloud Computing Framework for Ethiopian Higher Education Institutions
A Cloud Computing Framework for Ethiopian Higher Education Institutions
 
9 mahmood shah risk 4 3
9 mahmood shah risk 4 39 mahmood shah risk 4 3
9 mahmood shah risk 4 3
 
Advantages of using ict in teaching learning processes
Advantages of using ict in teaching learning processesAdvantages of using ict in teaching learning processes
Advantages of using ict in teaching learning processes
 
Qualitative research
Qualitative researchQualitative research
Qualitative research
 
Implication of ict assignment
Implication of ict assignmentImplication of ict assignment
Implication of ict assignment
 
DeL McIver & Nottingham
DeL McIver & NottinghamDeL McIver & Nottingham
DeL McIver & Nottingham
 
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
Community Learning Analytics - Challenges and Opportunities - ICWL 2013 Invit...
 
DepED ICT4e
DepED ICT4eDepED ICT4e
DepED ICT4e
 
Educ9701 week 1 readings
Educ9701 week 1 readingsEduc9701 week 1 readings
Educ9701 week 1 readings
 

Similar to Journal of Information Technology Education/tutorialoutletdotcom

Journal of Information Technology Education Volume 11, 2012 .docx
Journal of Information Technology Education Volume 11, 2012 .docxJournal of Information Technology Education Volume 11, 2012 .docx
Journal of Information Technology Education Volume 11, 2012 .docxtawnyataylor528
 
Running head STUDENT TRANSFER .docx
Running head STUDENT TRANSFER .docxRunning head STUDENT TRANSFER .docx
Running head STUDENT TRANSFER .docxtoltonkendal
 
Analyzing satisfacting
Analyzing satisfactingAnalyzing satisfacting
Analyzing satisfactingAziz Ahmad
 
A review of case-based learning practices in an online MBA program A program...
A review of case-based learning practices in an online MBA program A program...A review of case-based learning practices in an online MBA program A program...
A review of case-based learning practices in an online MBA program A program...Jessica Navarro
 
A Conceptual Review Of Interprofessional Expertise In Child Safeguarding
A Conceptual Review Of Interprofessional Expertise In Child SafeguardingA Conceptual Review Of Interprofessional Expertise In Child Safeguarding
A Conceptual Review Of Interprofessional Expertise In Child SafeguardingSimar Neasy
 
EDR 8204 Week 3 Assignment: Analyze Action Research
EDR 8204 Week 3 Assignment: Analyze Action ResearchEDR 8204 Week 3 Assignment: Analyze Action Research
EDR 8204 Week 3 Assignment: Analyze Action Researcheckchela
 
Clinical Field Experience A Assessment Strate.docx
Clinical Field Experience A Assessment Strate.docxClinical Field Experience A Assessment Strate.docx
Clinical Field Experience A Assessment Strate.docxmccormicknadine86
 
Towards a Structured Information Security Awareness Programme
Towards a Structured Information Security Awareness ProgrammeTowards a Structured Information Security Awareness Programme
Towards a Structured Information Security Awareness Programmetulipbiru64
 
Improving Delivery Effectiveness of Information Security Learning Continuum
Improving Delivery Effectiveness of Information Security Learning ContinuumImproving Delivery Effectiveness of Information Security Learning Continuum
Improving Delivery Effectiveness of Information Security Learning ContinuumMansoor Faridi, CISA
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher EducationRapid7
 
mathematics efficacy, anxiety and students performance in introductory techno...
mathematics efficacy, anxiety and students performance in introductory techno...mathematics efficacy, anxiety and students performance in introductory techno...
mathematics efficacy, anxiety and students performance in introductory techno...mustapha adeniyi
 
Building student trust in online learning environmentsYe D.docx
Building student trust in online learning environmentsYe D.docxBuilding student trust in online learning environmentsYe D.docx
Building student trust in online learning environmentsYe D.docxhartrobert670
 
GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2
GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2
GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2MatthewTennant613
 
Running head RESEARCH PROPOSAL IntroductionThis pap.docx
Running head RESEARCH PROPOSAL IntroductionThis pap.docxRunning head RESEARCH PROPOSAL IntroductionThis pap.docx
Running head RESEARCH PROPOSAL IntroductionThis pap.docxcharisellington63520
 
Twin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdf
Twin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdfTwin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdf
Twin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdfSreevalsan V.K.
 
The virtuality of privacy and security on the
The virtuality of privacy and security on theThe virtuality of privacy and security on the
The virtuality of privacy and security on thePlamen Miltenoff
 

Similar to Journal of Information Technology Education/tutorialoutletdotcom (20)

Journal of Information Technology Education Volume 11, 2012 .docx
Journal of Information Technology Education Volume 11, 2012 .docxJournal of Information Technology Education Volume 11, 2012 .docx
Journal of Information Technology Education Volume 11, 2012 .docx
 
Running head STUDENT TRANSFER .docx
Running head STUDENT TRANSFER .docxRunning head STUDENT TRANSFER .docx
Running head STUDENT TRANSFER .docx
 
Analyzing satisfacting
Analyzing satisfactingAnalyzing satisfacting
Analyzing satisfacting
 
A review of case-based learning practices in an online MBA program A program...
A review of case-based learning practices in an online MBA program A program...A review of case-based learning practices in an online MBA program A program...
A review of case-based learning practices in an online MBA program A program...
 
A Conceptual Review Of Interprofessional Expertise In Child Safeguarding
A Conceptual Review Of Interprofessional Expertise In Child SafeguardingA Conceptual Review Of Interprofessional Expertise In Child Safeguarding
A Conceptual Review Of Interprofessional Expertise In Child Safeguarding
 
EDR 8204 Week 3 Assignment: Analyze Action Research
EDR 8204 Week 3 Assignment: Analyze Action ResearchEDR 8204 Week 3 Assignment: Analyze Action Research
EDR 8204 Week 3 Assignment: Analyze Action Research
 
Clinical Field Experience A Assessment Strate.docx
Clinical Field Experience A Assessment Strate.docxClinical Field Experience A Assessment Strate.docx
Clinical Field Experience A Assessment Strate.docx
 
Towards a Structured Information Security Awareness Programme
Towards a Structured Information Security Awareness ProgrammeTowards a Structured Information Security Awareness Programme
Towards a Structured Information Security Awareness Programme
 
vanraaij2008.pdf
vanraaij2008.pdfvanraaij2008.pdf
vanraaij2008.pdf
 
PP for syncrinization
PP for syncrinizationPP for syncrinization
PP for syncrinization
 
Essays On Information Technology
Essays On Information TechnologyEssays On Information Technology
Essays On Information Technology
 
Improving Delivery Effectiveness of Information Security Learning Continuum
Improving Delivery Effectiveness of Information Security Learning ContinuumImproving Delivery Effectiveness of Information Security Learning Continuum
Improving Delivery Effectiveness of Information Security Learning Continuum
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher Education
 
mathematics efficacy, anxiety and students performance in introductory techno...
mathematics efficacy, anxiety and students performance in introductory techno...mathematics efficacy, anxiety and students performance in introductory techno...
mathematics efficacy, anxiety and students performance in introductory techno...
 
Building student trust in online learning environmentsYe D.docx
Building student trust in online learning environmentsYe D.docxBuilding student trust in online learning environmentsYe D.docx
Building student trust in online learning environmentsYe D.docx
 
GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2
GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2
GLOBAL ETHICS IN HIGHER EDUCATIONGlobal Grads 2
 
After The Deluge: Navigating IPR Policy and DRM in Learning Object Repositories
After The Deluge: Navigating IPR Policy and DRM in Learning Object RepositoriesAfter The Deluge: Navigating IPR Policy and DRM in Learning Object Repositories
After The Deluge: Navigating IPR Policy and DRM in Learning Object Repositories
 
Running head RESEARCH PROPOSAL IntroductionThis pap.docx
Running head RESEARCH PROPOSAL IntroductionThis pap.docxRunning head RESEARCH PROPOSAL IntroductionThis pap.docx
Running head RESEARCH PROPOSAL IntroductionThis pap.docx
 
Twin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdf
Twin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdfTwin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdf
Twin Behavioral Security Chung Galletta 2014 IFIP Roode Revised.pdf
 
The virtuality of privacy and security on the
The virtuality of privacy and security on theThe virtuality of privacy and security on the
The virtuality of privacy and security on the
 

Recently uploaded

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 

Recently uploaded (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 

Journal of Information Technology Education/tutorialoutletdotcom

  • 1. Journal of Information Technology Education FOR MORE CLASSES VISIT www.tutorialoutlet.com Journal of Information Technology Education: Innovations in Practice Volume 11, 2012 Disaster at a University: A Case Study in Information Security Ramakrishna Ayyagari and Jonathan Tyks University of Massachusetts-Boston, Boston, MA, USA r.ayyagari@umb.edu; downtime6@gmail.co Executive Summary Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security
  • 2. on a shoestring budget is always difficult and many small universities are challenged with balancing cost and effectiveness. Many colleges and universities have additional security challenges, such as relaxed working environments, less formalized policies and procedures, and employees that “wear many hats.” Therefore, it is not surprising to note that majority of data breaches since 2005 occur in educational settings. So, it is imperative that this segment (i.e., educational settings) be represented in classroom discussions to prepare future employees. To this end, we present a case that addresses a data breach at a university caused by lax security policies and includes an element of social engineering. The data breach at the university resulted in a number of students’ losing personally identifiable information. The resulting aftermath
  • 3. placed a significant financial burden on the university as it was not prepared to handle an information security disaster. This case can be used as a pedagogical tool as it uniquely captured a data breach in a university setting. Readers of the case will identify that at the management level the case raised a number of issues regarding the security culture at the university and management of security function. The case also highlights the issues of lack of training and access control. Keywords: Information Security, Disaster Recovery, Data Breach. Introduction Security and disaster training is identified as the top IT required skill that needs to be taught in IS curriculums (Kim, Hsu, & Stern, 2006). Accordingly, information security and privacy have become core concepts in information system education (Hentea, Dhillon, & Dhillon, 2006; Kroenke, 2012; Laudon & Laudon, 2010). Instructors have several approaches to teach security and
  • 4. privacy concepts. One can take a more traditional lecture based approach or a more hands-on approach that utilizes labs, case studies, etc. (Gregg, 2008). It is important to note that advances in pedagogical research place emphasis on Material published as part of this publication, either on-line or hands-on or active learning. Imparting in print, is copyrighted by the Informing Science Institute. knowledge based solely on lectures is Permission to make digital or paper copy of part or all of these criticized as there is less opportunity for works for personal or classroom use is granted without fee students to be actively engaged (Bok,
  • 5. provided that the copies are not made or distributed for profit or commercial advantage AND that copies 1) bear this notice 1986). in full and 2) give the full citation on the first page. It is permissible to abstract these works so long as credit is given. To copy in all other cases or to republish or to post on a server or to redistribute to lists requires specific permission and payment of a fee. Contact Publisher@InformingScience.org to request redistribution permission. Accordingly, active learning has gained prominence among educators and researchers (Meyers & Jones, 1993). Students are eager and seek opportunities to Editor: Uolevi Nikula Information Security Disaster apply their knowledge to simulate realistic situations (Auster & Wylie, 2006). Research shows
  • 6. that students find learning achieved through active participation to be more meaningful and valuable (Mitchell, 2004; Pariseau & Kezim, 2007; Wingfield & Black, 2005). One of the ways in which students can be engaged is through case studies (Bradford & Peck, 1997; Shapiro, 1984; Pariseau & Kezim, 2007). Case studies provide the students a unique opportunity to assume the roles of participants in the cases (Richards, Gorman, Scherer, & Landel, 1995). This provides an opportunity for students to reflect on their learning and apply it to crystallize their thoughts and arguments. Students are put into situations that can be ambiguous and force students to make decisions dealing with uncertainties (Richards et al., 1995). In fact, a recent study about learning preferences indicates that students place high value for case studies (Goorha & Mohan, 2009). Raising awareness regarding security issues faced by educational institutions is important because
  • 7. the majority of reported breaches occur in educational settings. An analysis of all the data breaches from 2005 indicates that 21% of breaches occur in academic settings resulting