Journal of Business & Leadership: Research, Practice, and Journal of Business & Leadership: Research, Practice, and

Teaching (2005-2012) Teaching (2005-2012)

Volume 3 Number 1 Journal of Business & Leadership Article 26

1-1-2007

Computer Security Threats: Student Confidence In Their Computer Security Threats: Student Confidence In Their

Knowledge of Common Threats Knowledge of Common Threats

George Schmidt University of Arkansas - Fort Smith

Margaret Tanner University of Arkansas - Fort Smith

Thomas Hayes University of Arkansas - Fort Smith

Follow this and additional works at: https://scholars.fhsu.edu/jbl

Part of the Business Commons, and the Education Commons

Recommended Citation Recommended Citation Schmidt, George; Tanner, Margaret; and Hayes, Thomas (2007) "Computer Security Threats: Student Confidence In Their Knowledge of Common Threats," Journal of Business & Leadership: Research, Practice, and Teaching (2005-2012): Vol. 3 : No. 1 , Article 26. Available at: https://scholars.fhsu.edu/jbl/vol3/iss1/26

This Article is brought to you for free and open access by the Peer-Reviewed Journals at FHSU Scholars Repository. It has been accepted for inclusion in Journal of Business & Leadership: Research, Practice, and Teaching (2005-2012) by an authorized editor of FHSU Scholars Repository.

Schmidt. Tanner. and !!ayes .l 0urn al o r Bu sill CSS and Ll::1de rship : Rese 8rch. Practi ce. and Tea ching 2007. Vol J. No I . 211 -215

COMPUTER SECURITY THREATS: STUDENT CONFIDENCE IN THEIR KNOWLEDGE OF COMMON THREATS

George Schmidt, Uni ve rs ity of Arka nsas - Fort Smith Margaret Tann er, Uni versity of Arkan sas - Fort Smith Thomas Hayes, Univers ity of Ark ansas- Fort Smith

This paper investigates th e possible existence of overconfid ence by busin ess swtl ent s in th eir know ledge of different types of malware that ma y be present in curr ent computer information ~ystems. This article focus e.v 0 11 th e students' ability to understand a111/ itlentifj• thr ee main t) •pes: l'imses , Troja ns and spy ware. Th e result s are consi stent with

reset;rch s ugg esting that many stud ent s believe th eir computer kn owledge is adequate (Weston all(/ Barker, 2002), when the opposite may be tme. Furth er, in an educational setting, stud ents' ove rconfid en ce in tl1 eir computer kn owledJ.: e exacerbates th e problem of fa cultl' fa lsely assuminJ.: that s tuden ts hav e adequate computer knowledge (!llessin er J an d DeO/Ias, 2005).

I NT RO D UC TIO N

Ove

r

th e past two dccJ des. th e deve lopnlt: lll o f co mpul cr tec hno log y has 1x o foundl y imp Jc red 'i1·ru ::ill : C\U) p M I u l- ou1 ·

lives, from automobiles ro cducnrion 10 home e 1ll en:Ji llllle 111 For exa mpl e, rh e proli fc rarion o f rh e Int ern et has fon;vc 1·

chan ge d th e w:-~ y w .o: CO ill lllUili cate. E- m::~i l s and insta1 11 messag ing have rep iJce d wria en memos and th e relephone as th e primary means of co mmuni cat ion. A t rh e same t im e. malwa re, such as v iru ses and spy ware, has emerged to undermine furt her ad vancements and pose serious threats Io

persona I and business in form al ion. To address th ese conce ms, ir is impon ant Io have th e

kn ow ledge and ski ll s lO de: :d wirh rhreats posed by such mal icious so ft wa re. Co lleges and un ive rsiti es are a log ical settin g for ind iv idu als ro learn about v iruses and oth er fonn s of malware . Moreover, srud enr s in a co ll ege se ilin g are ex pec ted to be profi c ient w irh co mpu1 c1·s as a necessary pan o f co l lege lif

e (E isenberg & Johnson, 2002: W es ton & Bark e1·, 200 2) ln rerestin g ly, pri or 1·esea rch suggcsrs thai fac ult y lll :J)

falsely ass um e th ai stu denrs have adequate co mpul cr

know ledge when in fa cr, rh e oppos ite may be 11·ue ( M essineo and DeO II os. 200 5). In !urn , fac ulry wi ll lll Jke ass ignm enrs based on rh eir ex pec tari ons o f srud enr s' Iec lllli CJ I competenc ies, w hi ch may negari ' ely im pac r sru dcnl succes> . T o funh er comp lica re rhe l>'i uc, srud enb tend 10 be l1eve rh c11 · compu ter skill s arc adequate 10 meer rh eir instruc1o1·s' needs (Wes

ron and Bark er, 2002). In ot hn \\O I·ds. srudt.: ll l'> Ill<~) be·

OVei

TO nli denl in til c i1 · a billll eS

T he purpose o f rhi s sru dy is to e:--am ine "h u ller or no t stu denrs a1-e o ve 1-co n fid cnr "irh respecr ro rh eir kn ow ledge o f vari ous co rnpur cr sec urir y th rea rs (e.g .. v iruses) . Srud enr s who are overconfidenr arc mm e l ikely 10 be les s prepared Io face such threats 111 th e workp lace . Further. stu dents'

overconfidence exac e1·bates facul ry mi sconce pt ions regard in g studenl prepared ness. Thu s, 1es ulr s will be usef ul fo r fac ul ry and ad mini srrators in des igning curri cu la thar adcquar c l) prepare stud ents to enter th e wmkfo1·ce.

Malwarc

Computer pro fi c iency is ess enr ialr o success ar rh e co ll ege

:2 11

leve l

(E ise nb.o: 1·g & Johnson. 2002; W eston & Barker, 2002) . Tl1i s pro fi c iency should inc lude a wo1·kin g kn ow ledge o f mnlw ;u·e, inc ludi ng v iruses and spyware. Several types o f lll<liw are arc co nsidered in th e cu1Te nt stud); spec i fica ll y, we

a1-..: l ll ler cs red in v i1 ·uses, T roj ans. and spywa re. A computer v i1·us is a prog ram thai auac hes ir se l f Io oth er compu ler programs, ge ne1·a ll y w ithour th e user 's know ledge. Alth ough a

1xec ise defi niri on o f compu te r v iru ses can be elusive, Cru me (2000) pro vides a workin g definiri on o f ! he term . wh ich in cludes th e fo ll ow ing tw o crit eri a:

the comput er v irus executes it se l f w hen th e hos t program is run , and

rhe co mpu ter v irus repli ca te s by artaching a copy o f irse l f to orh er pro gram s w hen ir is executed

W hat makes vi1 ·u ses so insidi ous is Ihe i1 · abil ity to spread

1h1·oughout a hos t 's co mputer before causing any no ti cea ble d:~mage

( Hall . 200 --1 ). The ty pe or da mage va r ies considerabl y

depending 011 th e ll3Iur e o f rh e v irus. So me v iruses do m inim al

d :~ mage s

impl y by takin g up d isk space or process ing capac it y, and th ai da mJge may eve n be accidental (Max imum Secmir y.

200 I Most v iru ses, howeve r, ca use moderate ro ex tensive damage. Fo1· exJ 1np le. boot >ec tor vi ru ses. sp1·eC1d from Co

lnputc l· 10 com pul er 'ia ll opp\ di sks. ca n ult im ately pr eve nt

a ho'. I comp ul er' s operari ng sys1e1n fm m wo rkin g ( Maxi mum

<.:;c

cul·l

l\ . 200 I) . r-. l acm 'i ruscs, " hi ch Jll<tc k da ta fi les such as r-.

IICI'l1 '.0 fl \\ 'o1·J clocu men! S, ca n I'CSUI! in sig11ifica n1 los s o f

d<tla (r-. l a.\ imu ln Sc·c u1 ·ir;, 200 I ). T hese lll< l cro v iruses a1·e pa

n ic ula 1·ly dam agi11 g when se nt via enw il. U nsuspecring users

ma) ulrim arel) forw ard th e inf ec red m essage to m any use rs, makin g co ntainm ent o f' suc h v i1 ·u ses di f'l icu lt (C 1·ume. 2000).

Some v iruses arc es pcc ial l) dange rous because of their a bilir y to overw rite hard d1·ives and eff ec ti ve ly wip e c lea n the

Bas ic Input /O utpu t System ( BI OS) on a user 's sys tem. O n modern compur cr·s, rh e GIO S. w hich contains rh e necessary co n1m ::1 nds to rea d and w rite to ha1·d d r i \'es and oth er aux ili ary

equ ipment (e.g., keyboard) . can be upgraded to recognize new inpu t/o ur pul dev ices, such as an ex tern al hnrd d ri ve (Crum e, 2000) . Se veral v iruses . such as rile C lll v ir us is prog ramm ed to w ipe ourrh e B IO S 011 a use r 's system. renderin g the co mpurer

1

Schmidt et al.: Computer Security Threats: Student Confidence In Their Knowledge

Published by FHSU Scholars Repository, 2007

Schm id !. Tan ne r, and II a) es

use less (Crum e, 2000). A lthough th ey arc often consid ered a type of v irus, Troj ans

are different in that they do not spread on th eir own. Like v iruses, they do contain mali c ious code, but unlike v iruses, th ey cannot rep li ca te th emse lves (Crum e, 2000). T rojans esse ntia ll y spread fro m computer to co mputer unde1· the gui se o f something ham1less, usuall y as an e-mail attachment . For exampl e, the ILOVEYOU Trojan arri ved to unsuspec ting users as an e-mai l attachment. Once th e use r ope ned the seemingly harml ess attachment. th e T r·oja n wo ul d mail it se l f to anyone in th e user 's address book, consum ing resources, and ultim ately deny ing se rv ice to th e use r· (Ma iwa ld, 2003) .

Spyw are 1·e fers to a vari ety of programs th ai , once loa ded on a user 's co mputer. surreptiti ously co llec t perso nal informati on and monit or web pages accessed by the use 1· (Carvey, 200 5) . These spyware programs can enter into a computer several wa ys, for example, as attachments to freeware or shareware (K ucera et al. , 2005). Whil e spyware does not necessa r il y pose the same threats as viruses and T rojans, it can st ill have negati ve consequences for th e user . For instance , spywa 1·e programs have the potenti al to co ll ec t not onl y relati vely innocuous personal inform ati on, such as name, gender, and ma1·ital statu s (Kucera et al., 2005), but also potent ial ly harmf ul inf orm ati on, such as soc ial securit y and bank acco unt num bers (Wark entin et ;1i., 2005). Furtherm ore, certai n spyw a1-c progra ms ca n inun date the user w ith un wanted information in th e form of pop-up adverti sements, redi rec t th e use r to spywa rc-aflili atecl websites. ~rn d eve n pl ant v iruses and Trojans on the use r·'s co mputer (Wa r·kent in et al. . 200 5) .

Most

import ant ly, the ernu ge nce o f sucl1 spy wa 1 -e programs raises seriou s co nce rn s about indi v idual pri vacy. Indee d. resea rch sugges ts th at indi v idua ls are conce rn ed about thei1· online pri vacy ( Ku ce ra et al .. 200 5: D inev and ll art . 2004 :

Shee han , 2002: LoiH, 2000) . lr 1 additi on. conce r·ns about indi

v idual privacy il r·c such th il t public po licy makc rs are

ab;1ndonin g th eir la i ss e z-f~1 ire approach to pr iv<Jcy protecti on. recogni z ing th at th e pri vill e sector· has fai led in it s effo rt s to

se l f-r egulat e (K uce ra et al .. 2005).

Overconfidence

Overconfidence in one' s ab i lit y is a phenomenon th at ca n be fou nd in a broad range of literature. In fac t, research suggests that ove rconfid ence is a strong hum an tendency. For example, Ar h. es et al. ( 1986) suggest a link between overconfidence and dec ision aiel reli ance, fi nd ing that indi v idua ls tend to ignore th e resu lts of a decision aid (e .g., checkli st or dec ision support system) in f3vor o f th eir own _judgment , eve n w hen th eir own judgment proved to be

inaccurat e. Overconfidence is also fo un d in business settin gs , such as

ca pital mark ets. Spcc ifi call), in ves tors tend to be overconfident in th eir ab iliti es. ll'hich ul timat ely creme in cffi c ierll mar·ke ts ( Ko & I l uang. 2007: Chen ct al. , 2007) . Mo reover, resear ch

suggests th at even cntr·c pr encur s ex hib it overconfidence. w hi ch may attribute to th e high fai lur e rate among new business

owner·s (Ko el li nger et al ., 2007) .

Journ al o r Bus iness and Leadership : Researc h, Pracli ce, and Teachin g 200 7, Vol. J. No. I , 211- 215

Overconfidence is also preva lent in academic settings. Prior research (C layson, 2005: Kennedy et al. , 2002) finds that students tend to be overconfi dent 111 their abi liti es overes timat ing th eir perform ance on exam s. M oreover, a~ K ru ger and Dunni ng ( 1999) suggest, i f stud ents don ' t rea li ze their lac k of know ledge, then teachers are faced with a quandary since th ey tend to on ly focus on teach ing their particu lar subj ect (Kennedy et al. , 2002). In other words fac u lt y may om it cove rage of necessary ski ll s or co nt en ~ ar·eas whi ch support stud ent lea rnin g of a particular sub jec t.

In th e present stud y, we look at stud ents' overconfidence in th eir kn ow ledge of va ri ous malware, inc luding vi ruses, T rojans, and spyv;a re. Since many business students wil l play an im portant ro le in maintaining th e integrity and reli abilit y of company data ( Ha ll , 2004) , they are expected to have adequate know ledge o f such computer security threats before they enter th e workpl ace. Thus, it is im portant to understand whether or not stud ents are overconfident in their knowledge o f such threats. I f students are overconfident, facu lty face the add itional chall enges o f helping stud ents recogni ze th eir lack of know ledge in th at area. Accordin gly, we test th e fo llow ing propositi on:

Business stud ents w i ll be overconfid ent 111 their know ledge o f Lumput e1· security threa ts, spec ifi call y,

vi1 ·use s, Troj ans. and spyware.

Meth odo logy

Students in multi p le sec ti ons o f a juni or-l eve l A ccounting In formati on Sys tems (A IS) course comp leted a survey and a tes t over ma lware. Six ty-four business stud ent s from a small , public Unive rsit y in th e Mid-South parti c ipated in the stud y, w hi ch wo s cond ucted in two parts. First, stud ents completed a surv ey th at asked th em to sc l f-r epon th eir kn o w ledge of va ri ous co mputer th 1·e ats (e .g. , v iruses, spyware, etc.). Stu dents also indi cated w heth er or not they had taken a course th at acld 1·essecl co mputer securit y threa ts. O nce they co mpleted th e first survey, stud ents took a test to assess th eir actu al know ledge o f va ri ous computer threats. The test consisted of several multiple-cho ice questi ons related to v iruses, Troj ans, and spyware. In thi s se t o f questi ons, stu dents were asked to recogni ze th e character isti cs and effects of troj ans, spy ware and viruses. T he purpose was to determine if they could correct ly d istin guish between these three types o f malware. T he results of bo th instrum ents were comp iled and are di scussed in the

nex t SCCti On.

2 12

Result s

T ab le I presents descri pti ve stati sti cs for pa rti c ipants' se l f­r·e port ecl 1--now ledge of co mput er threa ts. A lth ough onl y II % of th e somple indi ca ted th ey had taken an A IS c lass , 88% indi ca tccl th ey k new w hat v iruses we re and how th ey worked. Furt her·, 80% ind ica ted th ey knew w hat spyware wa s, and 42% s::r id th ey were farnili cll· with T ro jans.

2

Journal of Business & Leadership: Research, Practice, and Teaching (2005-2012), Vol. 3 [2007], No. 1, Art. 26

https://scholars.fhsu.edu/jbl/vol3/iss1/26

SchmidL Tanner. and 1-!ayL::-i .I L)urn al 1..1 1' 13 usiness and Lcack rship · Resea rch. Pra ctice. and T~ac h i n g

2007. Vo l 3. No. I . 2 11 -2 15

Table I

Survey It em Answcn· d " Yes''

Have yo u taken an AIS class bc lbn; or a class th at describes in de tail co mput er ma l war~? II % A re you a trad iti onal stu dent ? Do you know what a computer v i rus is and what it does? 88% Do you know what a computer Trojan is and what it does? 42% Do yo u know what a computer spywa rc is and what it does? 80%

To test th e propos ition th at students were ove rconfident with respect to th eir know ledge of computer threats (i.e., viruses, Trojans, and spyware), it was fir st necessary to deve lop a "pass ing" score for th e second pan of the study. For example, students answered several questi ons th at assessed th eir knowledge of vari ous computer threats, including viruses. For each type of threat, three different ques ti ons were included to test the student 's kn ow ledge. To ac hi eve a pass ing score on an

indi vidual type of threat, a student had to co rrec tl y answer at least two of the three (67%) questi ons.

We ca lcul ated t-tes ts to determi ne if stu dent s' perfom1a nce scores for viruses, Trojans, and spywa re d iffered signifi cantl y fro m th e pass ing sco re. Spec ifi ca ll y, to test th e overconfidence hypoth es is, onl y th ose students who se lf-report ed they knew about viruses, Trojans, and spy\va re were used. Tabl e 2 below summari zes these res ul ts.

Ta ble 2

T ype o·l·

Mal11<lre Nu mb

er oi" Slllcle nt s ! Mc; lll scu rc on I N um ber n r students "1lh ~nPwkd !:!c [ \c ~ l q u t= s ti l1 1lS wi th out knowledge

tvkan score O il

tL: St quest ions

I ---l~~ ~--+--1.._)• 101 I

5 I ~~% I ---' ---'-'-"---'----

l .l IO'Y.,

It is apparent th at neither set or stud ent s petform ed panicularl y we ll 0 11 th e tes t qu es ti ons 1·egard in g co mputer threats. Of 64 parti cipa nt s, 56 (88%) indicated th ey knew abo ut viruses. The average score on those test questions fo r th ose 56 students was 28%, whi ch is s ignifi cantl y lower th an a pass ing score of 67% (t = -11 .468, p < 0.00 I). Thi s result suggests th at students were overconfident with respect to th eir knowledge of viruses . Further, a t-test was computed to determine if th e scores of those students who indi cated th ey knew about viruses differed from th ose students who indi cated th ey did not know about viruses. The average score for th ose student s who indicated they did not kn ow abo ut viru ses was 13%, whi ch does not differ signifi cantl y from the average score of th ose students who indi ca ted th ey knew about viruses (28%; t =

1.673 , p = 0 .099) . Namely, students who in d icated th ey knew about viruses did not sco re signifi ca ntl y bett er th an th ose students wh o indi ca ted th ey did not know abo ut viruses, lending additi onal support to th e overconfid ence propositi on.

Of 64 parti cipants, 27 (42%) self- repo rt ed kn ow ledge of Trojans. The average sco t-e rot· th ose 27 student s was Y%, whi ch is signi ficantl y lower th an th e pil ss in g sco te o f 67% (t =

-20.254, p < 0.00 1 ). Simil ar to the <1bo ve result s for vi nt ses, til <: res ults sugges t th at stu detll s wet·e ;1lso ove t-co nlid c nt 11 ith respect to th e ir kn ow ledge of Tro jans. Fu nher, a t-test was computed to detem1in e if th e sco res of th ose stu dent s who indicated they kn ew abo ut T ro jans di ffet"<::d from th ose stu dents who indicated th ey did not kn ow abo ut Tro jans. The ave t·age sco re for th ose student s who ind icated th ey di d not kn ow abo ut Troj ans was 6%, whi ch does not d iffe r s ignili cantl y fi·om th e average score of th ose student s who in d ica ted th ey knew abou t Troj ans (9%; t = 0 .66 1, p = 0.5 1 I). Namely, student s who indicated th ey kn ew abo ut T rojans di d not sco re s i gnil~ca ntl y

better th an th ose student s who indica ted they di d not know

, , ~

_ , .)

abo ut Trojans, lendin g Jddi ti ona l support to the ove rco nfid ence propos it io n.

Of 64 pa rti cipants, 5 1 (80%) se lf- reported they kn ew about spywa re. The average score for th ose 5 1 students was 14%, whi ch is s ignifi ca ntl y lower than the pass ing score o f 67% (t = - 19.495 , p < 0.00 1). Simil ar to th e above results fo r both viruses and Trojans, th e res ul ts sugges t th at students we re also overconfid ent wi th respect to their know ledge of spyware. Further, a t-test was computed to determi ne if the sco res of th ose stu de nt s who indicated th ey knew abo ut spywa re differed from th ose student s who ind icated th ey did not know abou t spyware. The average sco re for th ose stu dents who indicated th ey d id not know abo ut spywa re was 10%, whi ch does not differ s ignifi cantl y fro m the average score of those stud ents who ind icated they knew abou t spyware ( 14% ; t = 0.679, p = 0.499) . Na mely, students who ind icated they kn ew abo ut spywar d id not score s ignifi ca ntl y better th an th ose student s who indicat ed th ey d id not know about spywa re, lend ing addi tional support to th e overconfidence propos ition.

Disc uss io n a nd Im pli ca tio ns

;\ s th e ab01 e t·esult s sugges t, studems tend to be overco nfiden t with res pect to th eir k11011 ledge of severa l comp uter threats, namely, vit ·use s, Tmj ans, and spywMe . In fact

, their perfo rmance on a test designed to assess the it ·

know led

ge of such threa ts does not differ s ignifi ca ntl y fmm th ose students who indi ca ted th ey d id not kn ow abou t th ese common types of co mputer securit y threats. These res ul ts are consistent wit h prio r research th at fi nds th at ind ividua ls tend to be overconfident in m;:my contex ts. Add iti onal ly, the res ults are consistent wi th resea rch suggesting th at many students be li eve th e ir comp ut er know ledge is adequate (Westo n and

3

Schmidt et al.: Computer Security Threats: Student Confidence In Their Knowledge

Published by FHSU Scholars Repository, 2007

\dlllmlt . l annn . and I I" )'"

13arl-- er, 2002 ), w hen th e opposit e may be true.

Fu rther, in an euuca t ional ~e llin g, students' overconfidence Ill th e1r CO mpu ter f-n o wJed ge eX :JCerb ateS th e prob lem Of fac u lt ) fa lse l) ass um ing thm ~ t ude nt s have adequate computer 1-- now ledge (Me~ s in eo and DcO II as, 200 5). Spec ifi ca ll y , if a fac u lt y m emb er ass um es in co rrect ly that stu dents have ::111

,1d equat e unu crst:111di ng o r comput er securit y threa ts, th e ~tud c nt s and or their institut iOns 111ay be vu lncr::tb le to cos tl ) 'iccurit ) hre:~c h e~ . In add it1 0 11. tudcnt l ea mi 11g wi l l not be 111 ,1:-. im iLed 1f thc'e threab :1 11d po ss ible conse quences arc not di sc u s~cd in the c l,~ ,, , ·oom

I f th is lad o r knowled ge persists Ulll il such t illl C that

stud ents :~ ree mp l oyed , further consequences 111 <1) be re; d ltcd in

th e hu sine'' 11o r ld . l ,argc r comp,1nies I) pica ll ) h:w c the 1csourees to cng:1gc e\ perts to help s:lll":g uaru th eir comp ut er

syste111 s. II 01 1ever , small er bus1n esses tcnd tn rely on th e

1--now

ledge

of ex ist in g and ne1 1 emplo)ees. I f these emp loyees

do not have th e requisit e l--n 011 lcuge of such sec ur i ty t lm.: ats,

then their employers 1113 ) face Signif icant losses fro m uama gcd

compu ter sys tem s Gi1 en thdt such overconliue nce C\ ists in po tent ia l new hir es, small buS IIl C~'>eS wo uld 111--el) bcne lit from

computer SCCLII"It ) sc r ices o iTcrcu in th eir co n1111uniti cs . !"h is

i'>sue ma y pru v idc a 11 oppo 1·tunit ) for computer sec ur i ty

pro!Css io nals to 1ncrease their r:1nge of sen icc' and clie nh .

Limitat io ns a utl F u t ure Hr.<.carch

Rcsca l·ch Ill (lle i COillidc nce ( r,:ru ge l· anu Dulllllll g, 199'))

sugges ts th at JWn r perf lm11 :lll CC C<lll he Ole1 ·co1n c by impnll 11 1g th

e '> f- ill le ve l or p<lrt ic ipdlli S. In futur e !Cse,li"Ch , th iS

propositio n can he tested by co nduu ing we- and po'> t-t esh or the 1-- now ledge o l computn <.,ec unty I'<.,U e'i. In addlll<lll. 1t mi ght

he i1l tc rcs ti1 1g to c:-..J m1n e stJI Lkn t ovcr conlid c11Le 111 otllc 1

bu'i in ess di <;c ipl1 11 es . DoL'S tl1 c dc.l! leC ol" ()I L' ILO illidenu: 1< 11) ac

ro'>S '> Ubj cc t 111. \ll er. fu 1 l'\<J1 1111k'' I he ,111'->~IL"I to ti ll\ lJI IL''>tl un

C\Hild h;11 c llllpOr! .llll 1111pi1 L:1 t 1un ' ln1 til l· LO ill L'Ill dlld

peda gogy U'iC d II !I hill Olll " p!UL!,I";J ill"> Furth erm ore, be c:Ju sc <>I t il e potent 1;!1 tllr c,\l'i t(l small

business CO illJllll el S) <., le n\ <;, II e pl <ln tO C\ tCilll till'> l"e'>C drCil lu

J eterm inc i f lil l'i OVLTCO !tlid ei\Ce C<IITiC S int o l lle ll 'urf- pl<! Ce. h1 1

e:--a mp

l

e, do hu si nc'>s ow ners or m:1nagcrs UllLic l stand co mnwn

compu ter scc ur it ) th reats. or do the) rei) on other' tn protec t th e ir ~ ) ~ t e m <,' 1 111 addition , one linlililtl on o r th e present stud ) i<;

th

at

we exa m ined stu dent kn 01 1 ledge 11 it h res pect to on I) a fC11

potc 1H

ia l thr

ea ts to co m puter sec ur i ty. ' I here :tre oth er thre::tt s

wh1 ch cou ld be e\.a min cd as w ell. l :o r exa n1plc, do 'i tud cnt s and

busincs'i people umlcr stand the threa ts th:1t pln shing o r w:J r

d r1 1 in l! att ad'> c: tn po,c'1 l ·urt hc1mur e, do the) !--now how to pro t ec~ thc 11 Ul lnpu ters or S)S tems from <; uch att<~ cl-- 'i' 1

C

un Cil t ly, th e1c· 1s IW one pi ece <11" so ft war e th <tt e<J n de te ct al l LO

mpuiCI" m.tii i<J i e. 'I herc l me , d;1t :1 <J nd S)S tCill \ec uril ) II ill

C( ln tl nue to he .1 conce rn tu 111d iv id ual ' < 111d hu 'l nl·<,<.,cs. t\1-c 11c

<., ti

l

l' ou r <; tud l· llt ' a1 e adcqu:~t e l ; p1 ·eparcu to dc: d wi th th e'><:

challen ge,·'

I{ EFE

I{

ENCES

1\rkc">, II , l )aii 'C'i, IC , & Chr istCilSe ll , C 1 <)~6 . Filc tul'i in llu e n C IIl ~

th e U\L' o f <I d cC ISiO il rule i ll :1 prnbab il isti c t :J ~ J.-

Joum a l or llu ; incs;, J nd Lead ershi p: Research. Pr acJi ce. and Teachin g

2007. Vo 1. 3, No t , 2 1l - 15

O r gau iza ti onal Behavior and Processes, 37 : 93- 11 0.

Human Dec ision

arvey, II. 20 05. 'Wind ows forensics ,Jild in c ident r ecove ry. Boston, MA : Ad d ison- Wes ley.

Chen, G. , Kirn , K ., No fs inger, J., & Rui , 0 . 2007 . Tradi ng perf o rm ance, di sposition effect, overcon fi dcnce represent ative ness b ias, and ex per ience o f emerg ing mark c; in vestor .Jo urn al o f Beha v io r a l Decision Mal<ing, 20: 425-"1.5 1

" l :~y s o n ,

1) . 2

00 5. Pe r l'o nn :~n ce overconfidence: M ctacogniti ve c nl":c t) o r misp li! ce d student ex pectati ons? J ourn al of Mark<:tin~ Ed ucation, 27 : 122- 129.

Crum e, J. 2000 . Insid e iut ernet security . L o ndon: Add ison­Wesley.

D incv, T. , & ll art, P. 2004 . Int ernet pr ivacy concern s and th eir

antecedents- mea sur ement va lid it y and a regression mode l. Behav io u r & Inform ation Tec hn o log y, 23: 4 13-422 .

E ise nber g, M ., & J o h n ~o n , 1) . 2002. L earnin g and teac hing

inf

o

rm atio n t r c hn o l o~y - co mput er sldll s in context. LR IC Document 1\ cproduct ion Serv ice No. ED4653 77.

l l all , J. 200-1 . Acco u nti ng infor mati ou sys tems. M ason, 0 11 : 'll w lnson South -Wc<,tc rn .

K ennedy, 1· .. La11l\l11 , L , & Plum lee , E. 2002 . IJii ss l'u l

ignor :1ncc : ·1 he problc nJ of unrccog ni t.cd incompe tence an d acad.:nliC perf orn 1an cc . .Journ al of Ma rl<<:tin g Edu ca t ion, 2· 1 24) -_.52

l( ru!.',e l , .1 .• & l ) unni11 g, I ) 19'!9 ll nsk i ll lcd and lll lall'a l·c of it: ll o11 dil.li cu ltiCS in recogn1t.ing one 's ow n inco mpetence

lead to 111lbt cd se ii ~ ,J ~'>e'>S I Il C nb . . Jourual o f Per so nalit y

an d Socia ll''>yc ho lug y, 77 · 112 1- 1134.

2 14

K o, K., & l l u :~ n g, ;_ _ 2007. Arr ogance can be a vin ue : 01

c1 co11 lide ncc, 111 fo rm:~ t io n acq 11 is i t io n. and market

c l"li c icnc) . J ournal o f F in aucial Eco nomi cs, 8-1 : 529 -560.

K oc l lin ~c r , 1' ., 1\ l i iJili tl , M ., & Schade, C. 200 7. I th ink I can, I

think

I

ca 11: Ove rconlid.: ncc and cntr epr cncur i::t l beh av ior.

Jo

u

rna l o f Ecunumi c Psyc ho logy, 28 : 502-527 .

Ku

cera. K

., l' laisent, M . l k rn :~ r·d , P., & M aguir aga, L . 200 5. /\

n empiri ca l in ve~ ti ga tio n of th e prevalence o f spywn rc

in i11tern et sha1· ew a1·e and frec ll"are distri butions .

.Journal of En tcrpr isr Infor ma tio n M a nage ment , 18:

697- 7011.

Lohr, S. :zooo . Survey ShOl l<., rcw trust pr om ises on onl ine

pri ,ac) T he Nc'' Y cH·k Tim es, A pri l 17: C4 .

Mai11a ld, 1:. 2003. N<:tworl< Se cu rit y : A Beginner 's G uid e.

New Yo rl-- : Mc( ) rilw -ll i l l

S hip le: . (i 200 1. 1\ la\intum sec urit y . l ndi ;1n:q 1o lis, I : S:nns

4

Journal of Business & Leadership: Research, Practice, and Teaching (2005-2012), Vol. 3 [2007], No. 1, Art. 26

https://scholars.fhsu.edu/jbl/vol3/iss1/26

Schmi d t. Ta nn er. and I hl ) cs

Publishing.

Mess ineo , M., & DeO II os, I. 2005 . Are \\ e assuming too much') College Teachin g, 53: 50-55 .

Shee han, K. 2002 . Toward a typology of intern et use rs and online pri vac y concern s. Th e Inf orm ati on Society, 18: 2 1-32 .

Joumal nf !1 U .) IIlr..: ~:::, cmd Lca t.kr::, h lp Rcs t: :lr ch. P r:ICtl CI..: . ~md rc~H.: hin g

200' \ '(>1 1. ~ '' I . 2 11-2 1-i

Warkentin , M., Luo, X., & Temp leton, G. 2005 . A framework !'

or sp~wa t ·c a>sessme nt. Co mmuni cati ons of th e ACI\1,

<-1 8: 79-8 -1 .

Weston. T ., & Bark er. L. 2002. A profi le o!' student co mputer use, u·aining, and pi'Oflciency. J ourn a l o f Co mp utin g in Higher Edu cation, 14: 87- 11 2.

George Schmidt is an assoc iate professo r of accou nt ing at the Un ive rsit y of Arkansas - Fort Smi th. li e rece i\ed hi s Ph .D. from the Uni ve rs it y of North Texas. His research in terest focuses on fin ancial and inform atio n systems areas.

Margaret Tanner is an assoc iate professo r of accoun ti ng at th e Uni ve rs it y o f Ark ansas - Fort Smit h. She rece ived her Ph .D. in Accounting from th e Uni ve rsity of No rth Texas. Her resea rch interests in clude pedagogica l issues, fin ~lll c ial reporting. :~nd

curriculum deve lopment and assessment.

Thomas Ha yes is a tt ass istant prof'e sso1· of acco unti ng at the Univers it y o f ArJ..:~ n s as - Fort Smi th . He rece ived hi s Ph .D. from the Uni versit y o f No rth Texas. Hi s resea rch inte!·csts includ e audi ti ng and inform ati on S\'Stcms at·eas .

2 15 5

Schmidt et al.: Computer Security Threats: Student Confidence In Their Knowledge

Published by FHSU Scholars Repository, 2007