Computer security practices and perceptions of the next generation of corporate computer users.

The purpose of this article is to present the results of an empirical study of the computer security practices and perceptions of the next generation of corporate computer users, undergraduate university students. The authors surveyed undergraduate university students who represented 42 different majors. The findings relate to the students' usage of antivirus programs, firewalls, password security, and security patches. Student perceptions of computer security and its importance are also reported. Research in this area is important for two reasons. First, potential employers may find the results useful in assessing their vulnerability to unsafe practices from entry level employees. Secondly, research in this area can give those responsible for providing computer security education a better understanding of students' computer security training needs.

Keywords: data protection; data security; IS security; security risk

Full Text :COPYRIGHT 2008 IGI Global
INTRODUCTION

For as long as computers have achieved widespread use in industry, computer security has been critical to the effective functioning of organizations. However, in the mid 1990s when the widespread sharing of information over the Internet and the growth of e-commerce became commonplace in organizations, computer security became more important than ever and moved to center stage (Duffy & Walstrom, 2003; Gordon, Loeb, Lucyshyn, & Richardson, 2004). In the first quarter of 2006 alone, e-commerce revenues in the United States totaled $25.2 billion dollars, up 7% from the fourth quarter 2005. Worldwide e-commerce revenues were estimated at $976.1 billion dollars (U.S. Census Bureau, 2006). With extensive commerce taking place online, individuals and companies now face a constant challenge of securing their computers and business transactions from sophisticated cyber criminals.

Society's concerns about the growing threats to computer security are well-founded. For example, when the first virus infected ARPANET in 1987, no one had any idea that within a few years computer viruses would become epidemic. We are now at the point that highly successful new viruses are introduced every week (Schultz, 2004). In addition, the newer, polymorphic viruses are capable of changing their signature every time they replicate and infect a new and different file type in order to keep from being detected.

Clearly, computer security is vital to today's organizations and economy. Industry statistics illustrate the seriousness of threats to computer security. With 137,529 reported security incidents in 2003 alone (CERT/CC, 2006), effective information security has become a necessity rather than an afterthought. Given the substantial number of security incidents in organizations and the growing reliance of corporations on the Internet, there is a need for further research by both practitioners and academicians in the area of computer security. Leach (2003) suggests that the internal threat to computer security is more pressing than external threats and is the "result of poor user security behavior." Goodwin (2005) indicates that IT training is targeted to the CIO, whereas it should be targeted to the "bottom of the pyramid." In light of the known threat caused by the improper computer security practices and perceptions of the users, many researchers bemoan that computer security awareness is just beginning to be addressed in the literature (Collins, Rawlinson, Manwani, & Allen, 2005; Dhillon & Blackhouse, 2001; Goodwin, 2005; Kirkpatrick, 2006; Leach, 2003; Siponen, 2000).

Some authors have issued a call for more computer security awareness, education, and training (Dhillon & Blackhouse, 2001; Kirkpatrick, 2006). Before university professors can effectively respond to this call to action, we must have a clear understanding of students' current computer security practices and perceptions. Therefore, the purpose of this study is to perform empirical research that documents computer security practices and perceptions among undergraduate university students.

Information gleaned through this study should be of interest to both practitioners and academicians. Because the student population of computer users is the next generation of corporate computer users, documenting students' unsafe computing practices and perceptions is important to potential employers as an aid in assessing their vulnerability to unsafe practices from entry level employees.

If universities are to provide organizations with employees who are responsible computer users, the designers of university curriculum must have a better understanding of students' computer security training needs. Computer security training for university students can be more effective if faculty have a profile of students' current computer security practices and perceptions.

RELATED LITERATURE

The related literature that is part of this study examines two aspects of computer security. First, the literature indicating the impact computer crime is having on the bottom line in organizations is summarized. This is followed by an examination of what is found in the literature pertaining to unsafe computing practices by computer users.

Impact of Computer Crime on Organizations

Unfortunately, in spite of attempts to stop or slow the problem, computer crime continues to have a substantial negative impact on the bottom line in organizations. The following recent research cited from practitioner literature warns of the ongoing threat to organizations' computing environment caused by computer crime.

This drain on corporate profits within the USA has been well documented during the last 10 years by the Computer Security Institute (CSI) and the FBI. The 2005 CSI/FBI survey of computer security professionals at 700 organizations documents the growing threat of computer crime. The first, second, and third source of the greatest annual dollar amount of financial loss is virus attacks ($42.8 million); unauthorized access ($31.2); and theft of proprietary information ($30.9), respectively (Gordon, Loeb, Lucyshyn, & Richardson, 2005).

The damage caused by computer viruses can be viewed on a global level. One study reported that the recent Sobig.F virus caused an estimated $29.7 billion of economic damages worldwide (Goldsborough, 2004). Goldsborough (2004) stated that, "It's difficult not to catastrophesize the virus problem."

A further drain on the bottom line in organizations caused by computer crime can be seen from examining the typical size of an organization's information security budget relative to the organization's overall IT budget. In one multi-industry survey, 27% of the respondents indicated that between 6% and 10% of the total IT budget was devoted to security (Gordon et al., 2005). The state government sector had the highest average annual computer security spending per employee at $497 (Gordon et al., 2005). Forrester Research estimates that in Fortune 500 companies, the average spent for IT security is .0025% of revenue or slightly less than what they spend on coffee (Clarke, 2002).

Concerns about issues such as security, privacy, and authentication capabilities are considered by many in the IT industry to be continuing challenges to the implementation of technological advances in use of the Web to conduct business (Becker, 2004; Lim & Wen, 2003). If computer security issues are not adequately addressed, the expansion of Web services will continue to be impeded.

The CSI/FBI computer crime and security survey indicated that Web site computer security incidents exponentially increased in 2004 as compared to the 2003 survey results (Gordon et al., 2005). One example of the security threat to companies utilizing online transactions is that of cyber-extortion. Cyber-extortion, in which cybercriminals threaten to release confidential information unless their pay off demand is met, is growing in frequency and intensity (Gow, 2005.)

Another area of computer crime that is on the rise is identity theft. Becoming a victim of identity theft via an online attack is growing; an estimated 500,000 to 700,000 Americans are victims of identity theft every year (Hinde, 2003). According to the Federal Trade Commission, the dollar loss has grown to over $343 million in 2002 and victims spend over 175 hours attempting to restore their reputation by contacting credit card companies, the credit bureaus, and the local police (Hinde, 2003). Growing at an annual rate of 29%, identify theft is the fastest growing crime in the United Kingdom (Customer Management, 2006.)

Unsafe Practices by Computer Users

Unsafe computing practices by users are documented in the business and academic literature. For example, a recent CNNMoney study that documented unsafe computer practices among users found that too often there is not a match between a user's perception of their computer's security and the actual security of their computer. The study indicated that 77% of the respondents stated their computer was well protected. However, the findings indicated otherwise: four out of five had spyware or adware programs; most computers did not have updated antivirus software and 66% had been infected by a virus; 67% did not have a firewall; and 38% of wireless networks were not encrypted (CNNMoney, 2004).

Cappel (2001/2002) conducted a study among Midwest USA employers. Over half of the respondents held IT/IS leadership positions (e.g., as Chief Information Officers/Vice President, IS/IT Directors, or IS Managers/ Consulting Managers, or Project Leaders) and almost 60% had 13 or more years of professional work experience. The authors found a significant disconnect between expected and actual skills for security.

In another survey, Hinde (2003) documented unsafe computer practices among a sample of 130 IT professionals and chief executive officers. Hinde found that 66% of the respondents had given their password to their colleagues and, of the users with more than 10 passwords, 49% wrote down their passwords or stored them in an unencrypted file on their computer.

In light of those findings, it is not surprising that many researchers are specifically stating that there is a need to require the individual to assume more responsibility when it comes to computer security (Aytes & Connolly, 2004; Goldsborough, 2004; Hinde, 2003; Rhodes, 2001; Schultz, 2004; Tuesday, 2001; Wade, 2004). In a recent editorial, Schultz (2004) reflected the views of many when he issued a call to look more at how to engineer changes in human behavior and develop a wiser user community.

Numerous studies have discussed the importance of reducing computer security risk through giving additional careful attention to computer user security awareness and training (Aytes & Connolly, 2004; Businesses Respond, 2005; Furnell, Gennatou, & Dowland, 2002; Gordon et al., 2005; Kirkpatrick, 2006; Pollitt, 2005; Whitman & Mattord, 2004). Results from one study indicated the majority of computer security practitioners from a cross section of industries viewed security awareness training as important; however, those respondents stated that their organizations did not invest enough in security awareness training (Gordon et al., 2005).

As a part of this study, an exhaustive search of the literature was completed in order to find empirical research that examined university students' practices and perceptions related to computer security. We found one study limited to business students that examined the computer security practices of students at two universities (Aytes & Connolly, 2004). As a part of the Aytes and Connolly study, business students were asked to self-report the frequency of engaging in five security-related practices: share passwords; voluntarily change passwords; open e-mail attachments from an unknown sender without virus checking; open e-mail attachments from a known sender without virus checking; and regular backups. The findings indicated that 49% of the business students engaged in risky computing behavior at least occasionally and 28% did so frequently or all the time (Aytes & Connolly, 2004).

It has been stated that "the more knowledge we have about the causes and consequences of computer security breaches ..., the more likely it is that computer security will improve" (Gordon et al., 2004). Yet, the recent study by Aytes and Connolly (2004) reported that there is a lack of research that shows why computer users engage in unsafe behaviors. Those researchers were also unable to find any systematic evidence in the research literature as to which unsafe practices were prevalent.

Stanton, Stam, Mastrangelo, and Jolton (2004) stated that "Because of the importance of end user security-related behaviors, having a systematic viewpoint on the different kinds of behaviors that end users enact could provide helpful benefits for managers ..." Thus, the related literature indicates that, if universities are to provide industry with entry-level employees who possess the proper skills and knowledge, those responsible for the university curriculum need to examine the issue of computer security awareness training for students. The authors of this study believe that both practitioners and curriculum designers need to have a clear idea of the knowledge gap that exists among university students regarding safe computing practices. It would help if we better understood the students' perceptions related to numerous computer security issues. This information can be useful in planning an appropriate response to the computer security awareness training needs of students and new hires.

METHODOLOGY

To encourage participation in the survey and increase our response rate, a one-page questionnaire was constructed to obtain data from undergraduate students at one large state university on the east coast. Undergraduate students were selected because the authors felt that this was the first opportunity for young adults to be responsible for their own safe computing practices. The questionnaire was developed based on a previous study of the literature and a previous pilot study directed at three specific majors (Teer, Kruck, & Kruck, 2007). Several questions on the survey were designed to obtain respondents' demographic information. The survey incorporated questions pertaining to the students' behavior concerning: antivirus programs, firewalls, and password security. In addition, the students' perceptions of computer security were obtained.

Students from a variety of courses were surveyed during the spring of 2006. Students were randomly selected around campus, with no more than 10 at any one gathering. Two limitations inherent in this study should be noted. First, the values obtained were participants' stated perceptions and no attempt was made to validate the accuracy of the responses. Second, care should be exercised when generalizing the results to individuals from other universities.

Responses were anonymous and students were not asked to put their names on the questionnaire. Three hundred eighty surveys were completed and 355 students provided usable responses for a response rate of 96%. Some questionnaires were unusable because students did not complete all questions. In addition, students not in an undergraduate program were eliminated. Forty-two different majors, with an average of eight students per major, completed the surveys and those majors listed 10 or more times include over 70% of the participants. Table 1 summarizes the respondent background information.

RESULTS

The findings relative to student behavior are grouped within the topics of antivirus programs, firewalls, number of viruses in the past year, passwords, and operating system security patches. The second section of the findings relate to the students' perceptions of the importance of computer security.

Students' Antivirus Behavioral Practices

As part of this survey, several questions were designed to determine students' general antivirus behavioral practices. Students were asked about their use of antivirus programs, regularity of updating those programs, frequency of antivirus scans, and the number of times their computer has been infected with a virus.

The majority of the students surveyed, 86%, have installed antivirus protection on their own personal computers. The university the students attend provides two different antiviral solutions (Symantec Antivirus Corporate Edition & Norton Antivirus Corporation Edition). In addition, the university used in this survey requires an antivirus solution installed on any computer that is directly attached to the university network (on-campus housing); this may contribute to the high installation rate among respondents. With regard to updating the virus definition file, 67% of the students responded that they "regularly" update. Of those with installed virus protection, only 17% scanned daily, 43% scanned weekly, and 31% scanned monthly, with 9% of the respondents stating they "never" scan.

The responses to the question regarding the number of viruses students had experienced in the last 12 months indicated that 61% of the students had one or more viruses during the past year. A breakdown of these instances showed that 28% of the students reported encountering 0 viruses in the past 12 months; 38% encountered 1 to 5 viruses; 10% had 6 to 9 viruses; and 13% of the students had 10 or more viruses. The remaining 11% were not sure how many viruses they had in the last 12 months. Table 2 shows the percentage response of antivirus behavior.

Firewalls

When participants were asked about the use of firewalls on their personal computers, 62% of the students report they use a firewall, 22% report they do not have a firewall, and 16% of the students were "unsure" if they have a firewall enabled. The 16% of students who were "unsure" may point to a lack of knowledge about the purpose and use of firewalls by the student population. Table 3 indicates the use of firewall software.

Passwords

Responses to password security questions were mixed. Sixty-two percent of users reported that they have intentionally given a password to another person. The university attended by the students completing the survey requires an online security training course which covers general computing security along with specific security related to the confidentiality of passwords. This training is required every 6 months, at which time the student's password must be changed.

Seventy-one percent reported that they use passwords on their home computers. This means that more than one-quarter of students' home computers are unprotected. Sixty-two percent of computers are insecure because passwords have been distributed to other people. Table 4 presents the percentage response for each behavior.

Operating System Security Patches

Sixty-three percent of the respondents stated that they apply patches to their operating system when they become available. Again, this result may be affected by automatic updating recently becoming integrated with operating systems and upgrades. That leaves over one-third of the computers vulnerable to the latest operating system attack. These results are presented in Table 5.

Importance of Security

Students were asked their perceptions of the importance of security as it relates to three aspects: the security of their own personal computer; the importance of computer security to the student; and the importance of computer security to business. The majority of students, 58%, felt that their personal computers are "somewhat secure" and 24% indicating they felt their computers are "very secure." Only 14% felt that their computers were "very insecure" or "somewhat insecure."

When asked how important computer security is to a student user, 62% responded that it was "very important" to them and 4% responded that it was "somewhat unimportant" or "not important." Finally, when asked how important computer security is in a business environment, the students were nearly unanimous, 94%, in saying that it is "very important." Table 6 summarizes percentage response of the students' perceptions for each issue.

DISCUSSION AND NEEDED

FUTURE RESEARCH DIRECTIONS

Authors of articles in a variety of journals have issued the call for more research in the area of computer security awareness. In response to this increasingly important topic, this empirical research examined the computer security practices and perceptions of undergraduate university students. This article indicates a need to develop effective computer security training for university students. University students were surveyed because these young adults are typically away from home and, for the first time, are responsible for their own safe computing practices.

Unfortunately, numerous unsafe computer security practices and perceptions of students were documented in this study.

Fourteen percent of student participants don't use or don't know if they use an antivirus program and 33% reported that they either do not or are unsure if they regularly install updates to their antivirus program. Sixty-one percent of the students stated that they had one or more viruses during the past year. Among the respondents, 37% reported that they do not apply patches to their operating system when they become available or are unsure if patches are applied. Clearly those results indicate students are leaving there personal computers vulnerable to viruses and attacks. Future research is needed to examine the reasons why students fail to protect their personal computer against viruses.

Seventy-one percent reported that they use passwords on their computers. This means over one-quarter of students' home are computers unprotected; and 62% of computers are insecure because passwords have been distributed to other people. Yet 82% of participants state that their own personal computer is "very secure" or "somewhat secure." These results are very similar to what was found in the previously cited CNNMoney study that documented a disconnect between a users' perception of their computer security and the actual security of their computer.

This study found that a student's perception of the security on their computer is generally "somewhat secure," and students also felt that it was "very important" for their computer to be secure. When students are asked to respond to the importance of computer security to businesses, they responded almost unanimously that it was important. The combination of these responses may point to a general lack of knowledge among students on both the real need for computer security and how to better protect their computers because more than one-third of the students do not update their virus definition file and almost 40% do not or don't know if they have a firewall. Computer users who update their operating system have their firewall turned on automatically; thus students no longer have to be proactive or knowledgeable about firewalls. But, in so doing they may lack the knowledge and skills to equip themselves with the most effective firewall.

A couple of informal comparisons can be made between the findings of this study and studies of business people. The results of the CSI/FBI 2005 survey indicated 97% had of the respondents had a firewall and 96% of respondents employed a virus protection solution as compared to the 62% of student respondents who stated they used a firewall and 86% employed a virus protection. The results from our survey regarding students' behavior toward passwords can be compared to the password behavior noted among a sample of business people including IT professionals and chief executives. Sixty-six percent of the business respondents had given their password to a colleague (Hinde, 2003), as compared to the 62% of student respondents stating that they shared their passwords.

The present study reported in this manuscript examined the prevalence of unsafe computing practices among one population , undergraduate university students. One possible extension of this research would be to examine unsafe computing practices among students at other universities or graduate students.

University faculty must do more to assure that students sent to the workplace are not bringing unsafe computer practices to the corporate environment and to a university environment (Anderson & Schwager, 2002; Monds & Wang, 2003). The growing vulnerability of corporate computer information systems, as well as threats to the security of personal computers, dictates that those responsible for curriculum in all programs throughout the university must insure that students are obtaining an adequate level of understanding and skill on the fundamentals of computer security. Those who learn and apply effective computer security as students will be better equipped to resolve the computer security challenges they will face in their corporate roles.

REFERENCES

Anderson, J. E., & Schwager, P. H. (2002). Security in the information systems curriculum: Identification and status of relevant issues. Journal of Computer Information Systems, 42(3), 16-24.

Aytes, K., & Connolly, T. (2004). Computer security and risky computing practices: A rational choice perspective. Journal of Organizational and End User Computing, 16(3), 22-40.

Becker, S. A. (2004). A usability study of Internet privacy policies for state and commercial Web sites. International Journal of Services and Standards, 1(1), 52-68.

Businesses respond to cybercrime and security trends. (2005). The CPA Journal, 75(1), 9.

Cappel, J. (2001/2002). Entry-level IT job skills: A survey of employers. Journal of Computer Information Systems, 42(2), 76-83.

CERT/CC Statistics 1988-2006. (2006). Retrieved November 30, 2007, from http://www.cert.org/stats/cert_stats.html

Clarke, R. (2002). Forum on technology and innovation: Sponsored by Sen. Bill Frist (R-TN), Sen. Jay Rockefeller (D-WV), and the Council on Competitiveness. Retrieved November 30, 2007, from http://www.techlawjournal.com/security/20020214.asp

CNNMoney. (2004). Home PCs not so safe? Retrieved November 30, 2007, from http://money.cnn.com/2004/10/25/technology

Collins, B., Rawlinson, R., Manwani, S., & Allen, K. (2005, September). How can we spread the security message? Computer Weekly, 27, 32.

Customer management: Policing the crisis. (2006, January 27). Precision Marketing, 22.

Dhillon, G., & Blackhouse, J. (2001). Current directions in IS security research: Toward socio-organizational perspectives. Information Systems Journal, 11(2), 127-153.

Duffy, T. J., & Walstrom, K. A. (2003). Changes in student computer technology attitudes over time. Journal of Computer Information Systems, 43(3), 27-33.

Furnell, S. M., Bennatou, M., & Dowland, P. S. (2002). A prototype tool for information security awareness and training. Logistics Information Management, 15(5/6), 352-357.

Goldsborough, R. (2004). Arming yourself in the virus war. Tech Directions, 63(8), 14.

Goodwin, B. (2005, November 29). Investment in security training on the wrong track, say senior staff. Computer Weekly, 58.

Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Richardson, R. (2004). 2004 CSI/FBI computer crime and security survey. CSI Publications.

Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Richardson, R. (2005). 2005 CSI/FBI computer crime and security survey. CSI Publications.

Gow, B. (2005). The growing threat of cyber-extortion. Risk Magazine, 52(4), 72.

Hinde, S. (2003). Careless about privacy. Computers & Security, 22(4), 284-288.

Jaques, R. (2004). Demand for IT security pros growing fast. PC Magazine. Retrieved November 30, 2007, from http://www.pcmag.co.uk/print/1159247

Kirkpatrick, J. (2006). Protect your business against dangerous information leaks. Machine Design, 78(3), 66.

Leach, J. (2003). Improving user security behavior. Computers and Security, 22(8), 685-692.

Lim, B., & Wen, H. J. (2003). Web services: An analysis of the technology, its benefits, and implementation difficulties. Information Systems Management, 20(2), 49-57.

Monds, K. E., & Wang, C. (2003). CDC's new epidemic: An investigation into awareness, attitudes, actions, and knowledge of computer viruses among students utilizing campus computer labs. Journal of Computer Information Systems, 43(3), 118-126.

Pollitt, D. (2005). Energis trains employees and customers in IT security. Human Resource Management International Digest, 13(2), 25-29.

Rhodes, K. A. (2001). Operations security awareness: The mind has no firewall. Computer Security Journal, 17(3), 1-12.

Schultz, E. (2004). Worms and viruses: Are we losing control? Computers & Security, 23(3), 179-180.

Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31-41.

Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24(2), 124-133.

Teer, F. P., Kruck, S. E., & Kruck, G. P. (2007). Empirical study of students' computer security practices/ perceptions. Journal of Computer Information Systems, 47(3), 105-110.

Tuesday, V. (2001). Human factor derails best-laid security plans. Computerworld, 35(18), 52.

U.S. Census Bureau. (2006). Retrieved November 30, 2007, from http://www.census.gov/mrts/www/data/html/06Q1.html

Wade, J. (2004). The weak link in IT security. Risk Management, 51(7), 32-37.

Whitman, M. E., & Mattord, H. J. (2004). Making users mindful of IT security. Security Management, 48(11).

S. E. Kruck is an associate professor in the computer information systems and management science department at James Madison University, Harrisonburg Virginia. Dr. Kruck earned a PhD from the Department of Accounting and Information Systems at Virginia Polytechnic and State University and is also a CPA in the state of Virginia.

S. E. Kruck, James Madison University, USA

Faye P. Teer, James Madison University, USA

Dr. Kruck's research focuses on curriculum development and computer security. Dr. Kruck teaches management information systems and computer security courses at both the graduate and undergraduate levels and has been the recipient of the Madison Scholar Award and the Alumni Distinguished Faculty Award.

Faye Teer is professor of information systems in the computer information systems and management science department at James Madison University. Dr. Teer received the Doctor of Business Administration degree from Louisiana Tech University. She has taught statistics and computer information systems courses at James Madison University since 1986. Her research, primarily in the area of curriculum development and course design, has resulted in publications in a variety of journals. She has supported students' study abroad by serving as faculty member in residence during semesters in Paris, Geneva, London, and Antwerp.

Table 1. Demographic information

Number of Percentage
Responses Response
Gender
Male 191 54%
Female 164 46%

Academic Level
Freshman 29 8%
Sophomore 77 22%
Junior 66 19%
Senior 183 52%

Major
Finance 37 10%
Management 33 9%
Marketing 32 9%
Computer Information Systems 24 7%
Media Arts and Design 20 6%
Computer Science 18 5%
Economics 12 3%
International Business 12 3%
Music 12 3%
Hospitality Tourism Management 11 3%
English 10 3%
Integrated Science and Technology 10 3%
Political science 10 3%
Psychology 10 3%

Table 2. Percentage response concerning antivirus
behavior

Percentage
Response

Use Antivirus Program
Yes 86%
No/Not sure 14%

Regular updates to Antivirus Program
Yes 67%
No/Not sure 33%

Frequency of Antivirus Scan
Daily 17%
Weekly 43%
Monthly 31%
Never 9%

Number of Virus in the Last 12 Months
None 28%
1 to 4 38%
5 to 9 10%
10 or more 13%
Not sure 11%

Table 3. Percentage response concerning use
of firewall

Percentage
Response

Use a Firewall
Yes 62%
No/Not sure 38%

Table 4. Percentage response concerning
password security

Percentage
Response

Intentionally given out password
Yes 62%
No/Not sure 38%

Home computer password protected
Yes 71%
No 29%

Table 5. Percentage response concerning installation
of security patches

Percentage
Response

Security patches applied
Yes 63%
No/Not sure 37%

Table 6. Perceptions toward computer security

Percentage
Response

Security of Own Personal Computer
Very secure 24%
Somewhat secure 58%
Not Sure 4%
Somewhat insecure 9%
Very insecure 5%

Importance of Computer Security to Student
Very Important 62%
Somewhat Important 31%
Undecided 3%
Somewhat Unimportant 2%
Not Important 2%

Importance of Computer Security to Business
Very Important 94%
Somewhat Important 4%
Undecided 1%
Somewhat unimportant 0%
Not Important 1%Source Citation:Kruck, S.E., and Faye P. Teer. "Computer security practices and perceptions of the next generation of corporate computer users." International Journal of Information Security and Privacy 2.1 (Jan-March 2008): 80(11). Computer Database. Gale. BROWARD COUNTY LIBRARY. 13 Sept. 2009
.