Towards a framework for the integration of information security into undergraduate computing curricula

Gomana, Lindokuhle Gcina, Thomson, Kerry-Lynn

January 2017

Information is an important and valuable asset, in both our everyday lives and in various organisations. Information is subject to numerous threats, these can originate internally or externally to the organisation and could be accidental, intentional or caused by natural disasters. As an important organisational asset, information should be appropriately protected from threats and threat agents regardless of their origin. Organisational employees are, however, often cited as the “weakest link” in the attempt to protect organisational information systems and related information assets. Additionally to this, employees are one of the biggest and closest threat-agents to an organisation’s information systems and its security. Upon graduating, computing (Computer Science, Information Systems and Information Technology) graduates typically become organisational employees. Within organisations, computing graduates often take on roles and responsibilities that involve designing, developing, implementing, upgrading and maintaining the information systems that store, process and transmit organisational information assets. It is, therefore, important that these computing graduates possess the necessary information security skills, knowledge and understanding that could enable them to perform their roles and responsibilities in a secure manner. These information security skills, knowledge and understanding can be acquired through information security education obtained through a qualification that is offered at a higher education institution. At many higher education institutions where information security is taught, it is taught as a single, isolated module at the fourth year level of study. The problem with this is that some computing students do not advance to this level and many of those that do, do not elect information security as a module. This means that these students may graduate and be employed by organisations lacking the necessary information security skills, knowledge and understanding to perform their roles and responsibilities securely. Consequently, this could increase the number of employees who are the “weakest link” in securing organisational information systems and related information assets. The ACM, as a key role player that provides educational guidelines for the development of computing curricula, recommends that information security should be pervasively integrated into computing curricula. However, these guidelines and recommendations do not provide sufficient guidance on “how” computing educators can pervasively integrate information security into their modules. Therefore, the problem identified by this research is that “currently, no generally used framework exists to aid the pervasive integration of information security into undergraduate computing curricula”. The primary research objective of this study, therefore, is to develop a framework to aid the pervasive integration of information security into undergraduate computing curricula. In order to meet this objective, secondary objectives were met, namely: To develop an understanding of the importance of information security; to determine the importance of information security education as it relates to undergraduate computing curricula; and to determine computing educators’ perspectives on information security education in a South African context. Various research methods were used to achieve this study’s research objectives. These research methods included a literature review which was used to define and provide an in-depth discussion relating to the domain in which this study is contained, namely: information security and information security education. Furthermore, a survey which took the form of semi-structured interviews supported by a questionnaire, was used to elicit computing educators’ perspectives on information security education in a South African context. Argumentation was used to argue towards the proposed framework to aid the pervasive integration of information security into undergraduate computing curricula. In addition, modelling techniques were used to model the proposed framework and scenarios were used to demonstrate how a computing department could implement the proposed framework. Finally, elite interviews supported by a questionnaire were conducted to validate the proposed framework. It is envisaged that the proposed framework could assist computing departments and undergraduate computing educators in the integration of information security into their curricula. Furthermore, the pervasive integration of information security into undergraduate computing curricula could ensure that computing graduates exit higher education institutions possessing the necessary information security skills, knowledge and understanding to enable them to perform their roles and responsibilities securely. It is hoped that this could enable computing graduates to become a stronger link in securing organisational information systems and related assets.

Computer security -- Study and teaching

Educational technology

Computer networks -- Security measures

人類安全:安全研究之新議程

蔡育岱

Unknown Date

人類安全自其概念提出以來至今已逾十年，始終沒有獲得安全研究領域的重視。冷戰結束後，雖有非傳統安全在研究上對傳統安全侷限於軍事問題的缺漏進行修補，但依舊忽略「個人」對於安全研究的價值。本文認為，目前既有的安全研究已不能迎合全球化時代國際關係的發展趨勢，而把「個人」排除在安全研究的討論之外或是予以邊緣化，則為一種理解上的疏失。實際上，無論傳統安全所強調的軍事領域，或是非傳統安全所關注的貧窮、發展、疾病等問題，其核心與基礎的安全價值均構築在每一個「個人」身上，這歸因於安全概念就像一道不可分割的光譜，儘管歸結出許多不同面向，但當其中一個安全面向受到影響時，其他面向也會受到波及；互賴現象不只適用於經濟關係，也同樣適用安全領域。對此，本研究論證了何以人類安全具備在判斷安全是否落實、因應全球化的國際局勢，以及回應「內部」威脅來源等三方面的優勢，用以彰顯安全研究宜從「國家」到「個人」之必要性。 此外，本文建議以建構主義來詮釋人類安全，認為人類安全的形塑過程，就是一種建構主義的觀點。儘管國際關係中的建構主義目前在安全所涉及的範疇，只著力於安全社群或安全文化論點，但建構主義是探索人類意識與國家認同與利益的形成，如果透過建構主義來解釋國際社會現象，尤其是人類安全，那將使人類安全觀點更趨意義，爰本論文在釐清人類安全概念與回顧建構主義理論基礎後，同時說明了建構主義與人類安全的關連，並勾勒起兩者間之對話。 / Even though the concept of Human Security first emerged more than a decade ago, it never gained much attention in the field of security study. In the post-Cold War era, non-traditional security study somehow rectifies the defect of traditional security study, which focuses simply on military affairs, but it is not comprehensive enough to understand the crucial role which ‘People’ play in security study. From authors’ view, the present comprehension of security study can no longer catch up with the main development trend of international relations in the age of globalization. To exclude ‘People’ from discussing or to marginalize it is a definite miscalculation of what ‘security’ really is. Either traditional security, which pays mainly attention to territorial matters, or non-traditional security, which cares more about poverty, development, disease and so on, its core and essential value of security is no doubt based on ‘People’. Actually, the concept of security is a spectrum which cannot be divided; also, the spectrum has considerable inter links and overlaps. An effect to one dimension of security is likely to travel to all forms of security. The phenomenon of interdependency on economic dimension is also relevant to security studies. This article demonstrates that the study of human security can help resolve threats from both internal and external forces, respond to the challenges of globalization, and achieve true security. It manifests the necessity of the study of security from focusing on “state” to the “people”. Besides, the main purpose of this article is exploring human security by constructivism. The emergence of human security also can be seen as a view of constructivism. This article argues that although the orthodox of security study on constructivism focus on security community or security culture, the constructivism also explores the issues of human consciousness and national identity and interest formation. Hence, the contents of human security will be more meaningful if through applying constructivism to explaining phenomena of international society. In the light of this analysis, three specific issues will be examined: the emergence of the concept of human security, review of the theory of constructivism, and enabling a dialogic interaction between constructivism and human security.

人類安全

安全研究

建構主義

國際關係理論

Human Security

Security Study

Constructivism

IR Theory

Higher education in peace and security studies in Kenyan universities : students' perceptions of the quality of teaching and learning

Asembo, Kenedy Onyango

08 1900

Human security conceptions, service quality theory, critical social theory, and humanistic and social reconstructionist conceptualization of the curriculum have been used in this study to diagnose the quality of higher education (HE) in peace and security courses offered in Kenyan universities from the perspective of the student. The discourse emanates from the Kenya Government’s recognition of HE as key in solving the challenges affecting the country’s peace and security. This conceptualization is crucial in fast-tracking security reforms and dealing with the persistent peace and security challenges which the country faces. However, delivering quality HE amidst the recent explosion in demand for University education in Kenya has been a challenge and discourses on the dwindling quality of teaching and learning (QTL) delivered to University students in the country abound. The on-going dialectic contends that quality assurance in education is customer driven and the role of the student in evaluation of quality of education is categorical in determining viability of the programmes and self efficacy of the graduands. Using the positivistic-interpretivist paradigm, a total of 152 diploma and undergraduate students from five universities in Kenya participated in the study. Data were collected by use of a modified Service Performance (SERVPERF) questionnaire and interview schedules. The data were analysed both qualitatively by generating themes and categories and quantitatively by use of Statistical Package for Social Sciences (SPSS). The study found that whereas students hold high perceptions of course relevance, their overall perceptions of the QTL in such aspects as facilities, lecturers, teaching methodology, curriculum evaluation and programme content design was low. The study recommends that the universities should mobilize resources to improve the quality of their teaching and learning resources while intensifying practical training and improving the quality of assessment to minimize overreliance on written examinations in evaluating students. Further study of the role of HE in peace and security studies in reinforcing peacebulding and security management in the East African region is equally imperative. / Curriculum and Instructional Studies / D. Ed. (Curriculum and Instructional Studies)

Higher education

Students

Service

Quality

Teaching and learning

Perceptions

University

Peace

Security

327.17207116762

College students -- Kenya -- Attitudes

Higher education in peace and security studies in Kenyan universities : students' perceptions of the quality of teaching and learning

Asembo, Kenedy Onyango

08 1900

Human security conceptions, service quality theory, critical social theory, and humanistic and social reconstructionist conceptualization of the curriculum have been used in this study to diagnose the quality of higher education (HE) in peace and security courses offered in Kenyan universities from the perspective of the student. The discourse emanates from the Kenya Government’s recognition of HE as key in solving the challenges affecting the country’s peace and security. This conceptualization is crucial in fast-tracking security reforms and dealing with the persistent peace and security challenges which the country faces. However, delivering quality HE amidst the recent explosion in demand for University education in Kenya has been a challenge and discourses on the dwindling quality of teaching and learning (QTL) delivered to University students in the country abound. The on-going dialectic contends that quality assurance in education is customer driven and the role of the student in evaluation of quality of education is categorical in determining viability of the programmes and self efficacy of the graduands. Using the positivistic-interpretivist paradigm, a total of 152 diploma and undergraduate students from five universities in Kenya participated in the study. Data were collected by use of a modified Service Performance (SERVPERF) questionnaire and interview schedules. The data were analysed both qualitatively by generating themes and categories and quantitatively by use of Statistical Package for Social Sciences (SPSS). The study found that whereas students hold high perceptions of course relevance, their overall perceptions of the QTL in such aspects as facilities, lecturers, teaching methodology, curriculum evaluation and programme content design was low. The study recommends that the universities should mobilize resources to improve the quality of their teaching and learning resources while intensifying practical training and improving the quality of assessment to minimize overreliance on written examinations in evaluating students. Further study of the role of HE in peace and security studies in reinforcing peacebulding and security management in the East African region is equally imperative. / Curriculum and Instructional Studies / D. Ed. (Curriculum and Instructional Studies)

Higher education

Students

Service

Quality

Teaching and learning

Perceptions

University

Peace

Security

327.17207116762

College students -- Kenya -- Attitudes

Assessing information security compliant behaviour using the self-determination theory

Gangire, Yotamu

02 1900

Information security research shows that employees are a source of some of the security incidents in the organisation. This often results from failure to comply with the Information Security Policies (ISPs). The question is, therefore, how to improve information security behaviour of employees so that it complies with the ISPs. This study aims to contribute to the understanding of information security behaviour, especially how it can be improved, from an intrinsic motivation perspective. A review of the literature suggested that research in information security behaviour is still predominantly based on the extrinsic perspective, while the intrinsic perspective has not received as much attention. This resulted in the study being carried out from the perspective of the self-determination theory (SDT) since this theory has also not received as much attention in the study of information security behaviour. The study then proposed an information security compliant behaviour conceptual model based on the self-determination theory, (ISCBMSDT). Based on this model, a questionnaire, the ISCBMSDT questionnaire, was developed using the Human Aspects of Information Security Questionnaire and SDT. Using this questionnaire, a survey (n = 263) was carried out at a South African university and responses were received from the academic, administrative and operational staff. The following statistical analysis of the data was carried out: exploratory factor analysis, reliability analysis, analysis of variance (ANOVA), independent samples test (t-tests) and Pearson correlation analysis. The responses to the survey questions suggest that autonomy questions received positive perception followed by competence questions and relatedness questions. The correlation analysis results show the existence of a statistically significant relationship between competence and autonomy factors. Also, a partial significant relationship between autonomy and relatedness factors as well as between competence and relatedness factors was observed. The exploratory factor analysis that was performed on the questionnaire produced 11 factors. Cronbach alpha was then computed for the eleven factors and all were found to be above 0.7, thus suggesting that the questionnaire is valid and reliable. The results of the research study also suggest that competence and autonomy could be more important than relatedness in directing information security behaviour among employees. / School of Computing / M. Tech. (Information Technology)

Information security policies (ISP)

Information security policy compliance

Self-determination theory

Intrinsic motivation

005.80711

Information policy -- South Africa