Students’ Perceived Ethical Severity of e-Learning Security Attacks

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 1

Students’ Perceived Ethical Severity of Students’ Perceived Ethical Severity of

e-Learning Security Attackse-Learning Security AttacksBy:Yair Levy, Ph.D.Yair Levy, Ph.D.Nova Southeastern UniversityGraduate School of Computer and Information Sciences

andMichelle M. Ramim, Ph.D.Michelle M. Ramim, Ph.D.Nova Southeastern UniversityHuizenga School of Business and Entrepreneurship

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 2

OutlineOutline

• Introduction

• Objective

• Theoretical background

• Methodology and sample

• Results

• Conclusions

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 3

IntroductionIntroduction

• Growing use e-learning beyond higher education• Career technical education• Medical education• Corporate and military training• K–12 education

• 96% of 2-year and 4-year public higher education institutions provide some form of e-learning courses (U.S. Department of education, 2009)

• Challenge- provide a secured and accountable e-learning environment

• Valid authentication of users is a perpetual challenge amongst organizations

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 4

Introduction (Cont.)Introduction (Cont.)

• Strategic efforts to reduce cyber-security treats (Obama calls for cyber czar, 2009)

• A surge in incidents of unethical behavior reported in the U.S. news media (Cyberspace threats and Vulnerabilities, US Cert-gov)

• Cyber-security incidents have climbed sharply, particularly after 9/11/2001– NIMDA warm, Code Red

• Only small percentage of such sophisticated attacks are reported to the public

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 5

Introduction (Cont.)Introduction (Cont.)

• A need for a strategy to increase awareness and reduce cyber-security treats (EDUCAUSE)

• Majority hackers were found to be below the age of 30 (Harris, 2004)

• Nowadays, students are more technology savvy and may explore unethical actions under stress, including cyber attacks

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 6

ObjectivesObjectives

• Investigate users’ perceptions about unethical behaviors, specifically e-learning security attacks

• Some evidence from literature indicating that gender, age, and academic rank may have implications on ethical severity (Cronan et

al., 2006; Ramim, 2007)

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 7

Theoretical BackgroundTheoretical Background

• Ethical behavior is gender dependent (Cronan et

al., 2006; Dorantes, Hewitt, & Goles, 2006; Kreie & Cronan, 1998)

– Males appear to be less ethically driven– Females appear to be more ethically driven

• Age and academic rank were also found to show differences related to perceptions about ethical behaviors (Kreie & Cronan, 1998)

• Very little research has been done about such differences in the context of e-learning cyber-security attacks

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 8

FocusFocus

• Investigate students’ perceptions about the severity level of key e-learning security attacks

• Create awareness about e-learning security

• If students perceive the severity of key e-learning security attacks (eLSAs) to be low, then they might be more likely to engage or seek help in engaging on their behalf in such unethical behavior

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 9

Methodology and SampleMethodology and Sample

• Five key security attacks were investigated:– Attack to the server– Intercepting e-mails (reading, altering, blocking,

and/or deleting e-mails sent to someone else) – Unauthorized file sharing– Unauthorized access– Spoofing attack (impersonating as someone else to

falsify data)

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 10

Methodology and Sample (Cont.)Methodology and Sample (Cont.)

Table 1: The five e-learning security attacks

The scale:

Item # Item Description

eLSA1 Initiating a cyber-attack on the e-learning server via the Internet and causing it to be unavailable

eLSA2 Intercepting e-mails (reading and/or altering e-mails sent to someone else) eLSA3 Unauthorized file sharing during e-learning exams eLSA4 Unauthorized access to e-learning network resources eLSA5 Spoofing attacks by students who impersonate their peers to falsify data

1 2 3 4 5Ethical Somewhat

unethicalSlightly

unethicalUnethical Very

unethical

Student is: <-- Less ethical More ethical -->

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 11

Methodology and Sample (Cont.)Methodology and Sample (Cont.)

• 1,100 students attending online courses, both at the undergraduate and graduate level during Fall 2006 to Fall 2009

• 519 responses, represents about 47% response rate

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 12

Methodology and Sample (Cont.)Methodology and Sample (Cont.)

Table 2. Descriptive Statistics of Study Participants (N=519)

Item Frequency Percentage (%)GenderMale 251 48.4%Female 268 51.6%Age18 or under 2 0.4%19-24 221 42.6%25-29 150 28.9%30-34 61 11.8%35-39 24 4.6%40-44 26 5.0%45-54 30 5.8%55-59 4 0.8%60 or older 1 0.2%

Age18 or under 2 0.4%19-24 221 42.6%25-29 150 28.9%30-34 61 11.8%35-39 24 4.6%40-44 26 5.0%45-54 30 5.8%55-59 4 0.8%60 or older 1 0.2%What degree program are you currently enrolled in?Undergraduate 261 50.3%Graduate 258 49.7%

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 13

Four Research QuestionsFour Research Questions

RQ1: How severe do students perceive e-learning security attacks?

RQ2: Are there significant differences between males males and femalesand females on their perceived ethical severity of e-learning security attacks?

RQ3: Are there significant differences between undergraduate and graduate undergraduate and graduate students on their perceived ethical severity of e-learning security attacks?

RQ4: Are there significant differences between students’ age groups students’ age groups on their perceived ethical severity of e-learning security attacks?

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 14

ResultsResults

• Majority of the students appears to self-report their perceptions as ethically driven across all five e-learning security attacks

• The overall percentage of students reported, either ‘4’ (unethical) and ‘5’ (very unethical) when asked to rate their ethical severity about the five e-learning security attacks, was very high (90% on average) with:– Highest: (eLSA2) Intercepting e-mails @ 95%

– Lowest: (eLSA3) Unauthorized file sharing @ 85%

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 15

Results (Cont.)Results (Cont.)

• Majority of the students appear to understand the ethical severity of these e-learning security attacks

• A small percentage (3.3% on average), reported either ‘1’ (ethical) and ‘2’ (somewhat ethical) when asked to rate their ethical severity about the five e-learning security attacks – Highest: (eLSA3) Unauthorized file sharing @ ~6%– Lowest: (eLSA2) Intercepting e-mails @ ~2%

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 16

Results (Cont.)Results (Cont.)

• Significant (p<0.005) gender differences gender differences exist only for eLSA3 Unauthorized file sharing

• Overall across all five items (eLSA1- eLSA5), the results indicated that in regards to perceived ethical severity of e-learning security attacks males find these attacks less severe than females

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 17

Results (Cont.)Results (Cont.)

• Significant (p<0.001) age level age level differences differences exist only for eLSA1 (Initiating a cyber-attack on the e-learning server)

• Overall across all five items (eLSA1- eLSA5), the results indicated that graduate students appear to report these e-learning security attacks slightly higher (more severe) than undergraduate students

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 18

Results (Cont.)Results (Cont.)

• Significant age level differences age level differences for all items with eLSA1, eLSA3, eLSA5 (p<0.001), eLSA2 (p<0.01), and eLSA5 (p=0.01)

• Overall across all five items (eLSA1- eLSA5), the results indicated in regards to perceived ethical severity of e-learning security attacks, there is an increase trend where the older the student is, the more severe s/he ranks the attacks

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 19

ConclusionsConclusions

• A sample of 519 students attending e-learning courses in the U.S.

• Majority (~90%) of the students appear to self-report their perceptions as ethically driven across all the five e-learning security attacks

• It appears that the majority of the students do understand the ethical severity of these e-learning security attacks

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 20

Conclusions (Cont.)Conclusions (Cont.)

• Small percentage (3.3%) of the students reported specific security attacks to be ethical– file sharing scored the highest (~6%)

• In general, males find security attacks less severe than females

• It appears that males are more risk takers• Females tend to be risk averse than males• Undergraduate students appear to perceive

attacks only slightly less severe than graduate students

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 21

Conclusions (Cont.)Conclusions (Cont.)

• The older the student is, the more severe s/he ranks the attacks – i.e. more ethical

• Young male students, appear to find the e-learning security attacks significantly less ethically severe or not severe at all

• Younger students entering technical educational programs also learn how to conduct some of these exact security attacks – need for additional research!

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 22

Thank you!Thank you!

• Questions/comments?

• Thank you all for attending!

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 23

Michelle M. Ramim, Ph.D. Part-time ProfessorNova Southeastern UniversityHuizenga School of Business and Entrepreneurship The DeSantis Building3301 College AvenueFt. Lauderdale, FL 33314

E-mail: ramim@nova.eduSite: http://www.nova.edu/~ramim/

Contact Information - MichelleContact Information - Michelle

2010 - Dr. Yair Levy & Dr. Michelle Ramim – Chais 2010, Israel – February 10, 2010. 24

Yair Levy, Ph.D. Associate ProfessorNova Southeastern UniversityGraduate School of Computer and Information SciencesThe DeSantis Building - Room 40583301 College AvenueFort Lauderdale, FL 33314Tel.: 954-262-2006        Fax: 954-262-3915

E-mail: levyy@nova.edu

Site: http://scis.nova.edu/~levyy/

Contact Information - YairContact Information - Yair