A Case Study in Denton High School
Today, information systems play an important role in facilitating exchange of information across the globe. They facilitate not only processing, storage, and sharing of information, but also social interactions and business processes. Despite these benefits, the interconnectedness of information systems results in increased security threats to both public and private information. Consequently, much of the research in information systems concentrates on identifying ways and technologies to ensure information security and privacy (Aytes and Connolly, 2004). In addition to security policies and technologies, research emphasizes the need of information security awareness. This awareness refers to efforts, such as training, taken to make users capable of behaving responsibly in application of information systems (Hansche, 2001). It enhances the ability of users to understand insecure practices and ways to protect their information against cybersecurity attacks, such as identity theft, malicious software, and phishing. The current study will investigate influence of information security awareness on behaviors of high school students in use of social networks.
Previous studies on information security awareness have tried to investigate the relationship between different types of behaviors and security awareness. In their study, Aytes and Connolly (2004) found making university students aware of information security enhanced their safe computing practices. Despite knowledge on information security, majority of students engage in unsafe computing behaviors and only a few of them use information systems safely (Aytes & Connolly, 2004; Stanton, Stam, Mastrangelo, & Jolton, 2005). The most common unsafe behaviors include downloading e-mail attachments from unknown or suspicious senders, unchanging passwords regularly, failing to scan attachments before downloading, and exchanging passwords with friends and relatives (Hansche, 2001; Stanton et al., 2005). Safe computing practices include regular password changes, not saving passwords in information systems, not exchanging passwords with relatives or friends, and not posting detailed personal details on social networks (Stanton et al., 2005; Hansche, 2001; Ng, Kankanhalli, & Xu, 2009).
The studies recommend further research to establish whether awareness of information security has positive influence on attitudes of users in other computing environments (Aytes & Connolly, 2004; Stanton et al., 2005; Ng et al., 2009. The current research will aim to fill this gap by using qualitative techniques to investigate how views on information security as well as awareness of information security policies and issues influence behavior of high school students in social networks.
Description of Research Site
The study will be carried out in Denton High School, located in Denton City, Texas. The school has a population of more than 1,500 students in grades nine to twelve. It enrolls students from different ethnic backgrounds, with Whites making up the largest proportion (47 percent), followed by Hispanics (32 percent), Blacks (17 percent), Asian Americans (3 percent) and Native Americans (1 percent). Majority of the students come from disadvantaged families, with over 40 percent coming from low socioeconomic families. Despite students’ diversity, majority of teachers in the school are Whites.
Data Gathering Method
The study will rely on interviews to collect data on computing behaviors and security awareness. The interview will be personal, in which the interviewer will interact with participants face-to-face. It will also be a standardized, open-ended form of interaction, in which the interviewer will ask relevant similar, open-ended questions to the participants (Kvale, 1996). The questions will seek information on the level of security awareness of participants, how they have gained the awareness, and reasons for using information systems. The interviewer will also seek data on measures the participants to ensure security their information on social networks. In particular, the research will attempt to establish how often the participants change their passwords on social networks, type and amount of personal information they share with others on the networks, whether they share their passwords with friends and/or relatives, and whether they click to access hyperlinked sites on social networks.
Selection criteria of participants for the study will involve various factors including grade, ethnicity, and usage of social networks. First, the researcher will select students who use social networking sites (Facebook, Twitter, LinkedIn, or any other network) from all grades. From this sample, two participants from each ethnic background and each of the four grades will be selected for the study. In this way, it will be possible to address confounding factors including age, computer skills, and culture that may otherwise result in unwanted influences on attitudes of the participants towards security awareness (Kvale, 1996).
Ensuring Objectivity and Validity
To ensure validity and objectivity, the interviewer will ask relevant questions to the study. The researcher will also rely on standardized, open-ended queries to give freedom to the participants in their responses. During the interviews, the interviewer will listen and record responses of participants against every question. During data analysis, the researcher will limit interpretations to the responses of the participants. The researcher will also present research analysis and findings together with interview transcripts. In this way, it will be possible to separate researcher’s opinions and views from research data and findings (Kvale, 1996). Therefore, this will ensure that the study is objective and valid.
The major ethical issue related to the study will be the age of participants. They will be below the legal age of eighteen years because the research will recruit high school students. Their participation may affect credibility of the study (Kvale, 1996). To avoid this, the researcher will organize a meeting with parents, students, and staff to explain the purpose of the study. Parents of the participants will be required to sign an informed consent form. During the meeting, the researcher will address other relevant ethical issues, such as privacy and confidentiality of information provided by the participants.
Aytes, K., & Connolly, T. (2004). Computer security and risky computing practices: A rational choice perspective. Journal of Organizational and End User Computing, 16 (3), 22-40.
Hansche, S. (2001). Designing a security awareness program: Part 1. Information Systems Security, 9 (6), 1-9.
Kvale, S. (1996). Interviews: An introduction to qualitative research interviewing. (4th ed.). London: SAGE.
Ng, B., Kankanhalli, A., & Xu, Y. (2009). Studying users’ computer security behavior: A health belief perspective. Decision Support Systems, 46 (4), 815-825.
Stanton, J.M, Stam, K.R., Mastrangelo, & Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24 (2), 124-133.