Sample Thesis Chapter 4 on Security Issues of Computer
Chapter 4: Results and Findings
Table 2, 3, 4 and 5 shows the demographic or background of the respondents. Table 2 shows that the majority of the respondents work for a computer system which has 31 – 55 computers (39.7%), followed by 16 – 34 (29.4%), 56 – above (19.1%) and 1 – 15 (11.8%).
|
Table SEQ Table \* ARABIC 2 No. of Computers |
|||||
|
|
Frequency |
Percent |
Valid Percent |
Cumulative Percent |
|
|
Valid |
1 - 15 |
8 |
11.8 |
11.8 |
11.8 |
|
16 - 30 |
20 |
29.4 |
29.4 |
41.2 |
|
|
31 - 55 |
27 |
39.7 |
39.7 |
80.9 |
|
|
56 - above |
13 |
19.1 |
19.1 |
100.0 |
|
|
Total |
68 |
100.0 |
100.0 |
|
|
Table 3 and 4 show that 100% of the respondents are connected and using the Internet and the computer system is connected through network. This shows that the issue about the networking online and offline is an important factor in the overall computer system of organization. Both network and the Internet offer great opportunities and advantages for the world – it enables many organizations, businesses and firms to take advantage of connecting and relating all of its computers and systems, at the same time, these technologies also help in order to handle and take advantage of globalization, by enabling offices from different parts of the globe to be connected, at the same time, help to transact with customers, suppliers and other important stakeholders in spite of the physical distance. However, it is important to take note that network and the Internet also open up new problems and threats in terms of computer system security. This is because of the fact that it opens several holes for security which enable external or unauthorized people or users to enter the system, retrieve information or inject codes that might affect the overall operations of the computer systems.
Table SEQ Table \* ARABIC 3 Connected to the Internet
|
|
|||||
|
|
Frequency |
Percent |
Valid Percent |
Cumulative Percent |
|
|
Valid |
Yes |
68 |
100.0 |
100.0 |
100.0 |
|
|
No |
0 |
0 |
0 |
100.0 |
|
|
Total |
68 |
100.0 |
100.0 |
|
Table SEQ Table \* ARABIC 4 Connected to Network
|
|
|||||
|
|
Frequency |
Percent |
Valid Percent |
Cumulative Percent |
|
|
Valid |
yes |
68 |
100.0 |
100.0 |
100.0 |
|
|
No |
0 |
0 |
0 |
100.0 |
|
|
Total |
68 |
100.0 |
100.0 |
|
Table 5 shows the common uses and applications of computer system inside the organization. The result shows that computer systems are most used for connecting with the customer relationship or marketing (27.2%); followed by decision-making process (26.0%); then by management of all business transactions and procedures (24.4%); and internal communication and information sharing (56%).
The result showed that connecting with the customers or the marketing procedure is the most important application of computer system inside the organization. It is important to take note that the integration of telecommunications and computer technologies enables marketers to access a growing array of valuable and important information sources that are connected to industry forecasts, business trends as well as customer buying behavior (Pride and Ferrell, 2008). All of the transactions made by the customers are all processed and stored in the computer system, thus, it is much easier to retrieve and access needed information in order to know their behavior, which will help in order to implement strategies that will meet their demands and maintain their satisfaction and loyalty. In connection, it can be seen the computer system is very helpful in the decision-making process. In the current environment, information is considered as the most important resource, for it helps in order to come up with the strategies to be implemented in order to maintain competitive advantage. In connection to marketing, those data and information can be retrieved and access by the marketers or the managers in order to forecast the demands for a given season, which will be used in the inventory aspect of the organization. With this, stocks of in-demand products will be maintained to the highest level, while those that are not in-demand will be maintained at the lowest, therefore, over- or/and under-stocking will be prevented. Above all, computer system is very important in internal communication or communication between the employees, the units of the business and other important functions. Communication is always considered as a vital factor in any organization, for it enables company to ensure that all of the actions being done by individual unit are based on the objectives, goals and strategies declared by the upper management, and all of the efforts are running based on what have been planned.
Table SEQ Table \* ARABIC 5 Uses of Computer System
|
|
||||
|
|
Responses |
Percent of Cases |
||
|
N |
Percent |
|||
|
Use of Computer Systema |
Internal Communication and Information Sharing |
56 |
22.4% |
82.4% |
|
Connection with the Customer (Marketing) |
68 |
27.2% |
100.0% |
|
|
Manage all business transactions and procedures (finance, accounting, management, etc.) |
61 |
24.4% |
89.7% |
|
|
For decision-making process |
65 |
26.0% |
95.6% |
|
|
Total |
250 |
100.0% |
367.6% |
|
|
a. Dichotomy group tabulated at value 1.
|
||||
4.2.1 Computer System Security Issues
The result shows that 10 of computer security issues were considered by the respondents as very important.
Table SEQ Table \* ARABIC 6 Very Important Computer System Security Issues
|
Computer System Security Issues |
N |
Minimum |
Maximum |
Mean |
Std. Deviation |
Interpretation |
|
Incorrect or inappropriate usage of computer resources |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Unauthorized access and use of files |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Malicious codes (viruses, malware, etc.) |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Man-Made or Natural Calamity |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Computer facility issues |
68 |
4.00 |
5.00 |
4.8824 |
.32459 |
Very Important |
|
Duties and responsibilities and the level or degree of their access to the computer system |
68 |
4.00 |
5.00 |
4.7794 |
.41773 |
Very Important |
|
Employee espionage and sabotage |
68 |
4.00 |
5.00 |
4.5735 |
.49824 |
Very Important |
|
Eavesdrop |
68 |
4.00 |
5.00 |
4.5441 |
.50175 |
Very Important |
|
Unauthorized entrance to the computer facilities |
68 |
4.00 |
5.00 |
4.5441 |
.50175 |
Very Important |
|
Errors due to human intervention |
68 |
4.00 |
5.00 |
4.5147 |
.50350 |
Very Important |
Table 6 shows the most important computer system security issues, which include: incorrect or inappropriate usage of computer resources; duties and responsibilities and the level or degree of their access to the computer system; employee espionage and sabotage; errors in human intervention; unauthorized access and use of files, malicious codes (viruses, malware, etc.); computer facility issues; eavesdropping; and unauthorized entrance to the computer facilities (mean = 5.00). All of the respondents believe that all of these factors are very important. This can be showed in the result of the standard deviation showed in table 6. The standard deviation is considered as the most commonly used and most vital measure of variability. Standard deviation applies the mean of distribution as a reference point and measures variability by considering the distance between each score and the mean. Therefore, it determines if the scores are generally near or far from the mean. It shows the average distance from the mean (Gravetter and Wallnau, 2008). This result shows that the most important computer security issues are mixture of physical, hardware, software, network and personnel. However, it can be observe that most of the issues focus on the influence of human or the personnel towards computer security. This shows that the human resource management is an important factor to be considered in the process of managing the entire organizational policy, together with the security management efforts and strategies to be implemented by the organization.
It can be observed that all of the most important factors or issues about computer system are directly or indirectly connected to personnel security issues. This is because of the fact that in one way or another these issues can be settled, prevented or answered by implementing a tight personnel security processes and management. In terms of the duties and responsibilities and the level or degree of their access to the computer system is on the hand of the human resource management aspect of the organization. These issues must be cleared upon the hiring process, employees must be properly informed about the level of their responsibilities and roles, and thus they must be enlightened about their responsibilities and the level of their access to the computer system. At the same time, it is also important for the organization to ensure that all of the activities of the employees are all properly monitored and audit, in order to know who are not following the rules. This can help in order to protect the data and information stored in the system, at the same time, ensures that the system is secured enough to handle bugs and security alerts. The issue of employee espionage and sabotage will follow. It is important to assess and check the background of the employees, from its past relationship with other employers or organizations, in order to ensure that they don’t have past records which involve mischiefs, at the same time, ensure that the employee are not connected to any entities who can be considered by the organization as competitors or enemies who are willing to do desperate actions in order to gather confidential information about the procedures and operations of the organization. Again, it is also connected to other important technologies to ensure technologies, such as identifications, cameras, etc. This issue is the same with the unauthorized access and use of files, eavesdropping and unauthorized entrance to the computer facilities. On the other hand, the issue of errors in human intervention is mainly connected in ensuring that each and every employee are well-informed and knowledgeable about the proper way of using the computer system. Thus, continuous training and mentoring is very important. In addition, it is also important to ensure that the system itself is designed to be friendly to the end-users, which will help in order for them to easily familiarize themselves with the use of the system. In addition, there must be some error-detection or error-prevention programs in order to ensure that no further error can be done which will destroy the computer system. In terms of computer facility issues, it is important to ensure that employees are properly informed and aware about the dos and don’ts when they are inside the computer rooms or when they are using computer system, in order to ensure physical security, particularly in terms of those environmental factors. In addition, it is important to ensure that all of the employees are all aware of the contingency plan of the organization, in order for them to be guided accordingly about the things to be done in case of emergencies.
Therefore, the result strongly showed that in order to have an effective management and strategies to be implemented by the organization, it is important to focus on all of these factors, which will help in order to ensure that each and every entry point of possible attack to the computer system will be handled properly.
Table
SEQ Table \* ARABIC 7 Important Computer System Security Issues
|
Computer System Security Issues |
N |
Minimum |
Maximum |
Mean |
Std. Deviation |
Interpretation |
|
Changing of hardware setup |
68 |
4.00 |
5.00 |
4.3088 |
.46544 |
Important |
|
Delivering data towards the correct recipient at the right time |
68 |
4.00 |
5.00 |
4.2941 |
.45903 |
Important |
|
Theft |
68 |
4.00 |
5.00 |
4.2500 |
.43623 |
Important |
|
Theft and substitution of important computer hardware and gadgets |
68 |
4.00 |
5.00 |
4.1765 |
.38405 |
Important |
|
Cable-wiring/Wireless Signal |
68 |
3.00 |
5.00 |
4.0882 |
.51064 |
Important |
Table 7 shows the “important” computer system security issues, which include: changing of hardware setup (mean = 4.31); delivering data towards the correct recipient at the right time (mean = 4.29); theft (mean = 4.25); theft and substitution of important computer hardware and gadgets (mean = 4.18); and cable-wiring or wireless signals (mean = 4.09).
The result of the study support the literature review which show that the respondents strongly believe that the issue of computer system security is not just about the issue about physical, hardware, software, personnel and network alone, but the computer system security issue is compose of these factors or aspects, which cannot be separated. In order to ensure that the system will be fully secured, it is important to focus on the said aspects of components of the computer system. Thus, all of these factors must be considered as similarly, if not equally, vital and important. With this, it shows that it is important for the respondents to focus not just on a particular aspect or area of the system, but must focus on all of these areas for these areas are interconnected and they can affect each other, which consequently influence the overall security level of the system. The result matched that of Kelly and Cegielski (2009), wherein the authors tackled that the threats and risks in the computer system focus on both unintentional and intentional. Those unintentional include those related to the intervention of the end-users, environmental hazards and unexpected failures of the computer system. On the other hand, those intentional threats or risks include those activities of the end-users or even external users which focus on stealing confidential and important data and information, destroying or deleting data or information or even destroying the entire operation of the system itself.
4.2.1 Computer System Security Strategies
Almost all of the computer system security strategies were considered by the respondents as very important factors which affect the effectiveness of security management inside the organization in terms of computer system.
able SEQ Table \* ARABIC 8 Very Important Computer System Security Strategies
|
Most Important Computer Security Strategies |
N |
Minimum |
Maximum |
Mean |
Std. Deviation |
Interpretation |
|
Clear Organizational Policy about Security Management |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Mentoring and Training |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Background check of the candidates |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Audit Trail |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Cryptography |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Password Protection |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Installation of Firewall |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Anti-Theft and Anti-Unauthorized Users |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Accidents and Disaster Prevention Plans and Strategies |
68 |
5.00 |
5.00 |
5.0000 |
.00000 |
Very Important |
|
Installation of Anti-Virus |
68 |
4.00 |
5.00 |
4.6618 |
.47663 |
Very Important |
Table 8 shows the most important computer system security strategies, which include: clear organizational policy about security management; mentoring and training; background check of the candidates; audit trail; cryptography; password protection; installation of firewall; anti-theft and anti-unauthorized users; accidents and disaster prevention plans and strategies; and installation of anti-virus (mean = 5.00).
It can be observed that most of the most important procedures mainly focus on the application of preventive software system or other important technologies in order to ensure that any threats and risks to the security of the entire system will be prevented, thus the destruction or threats that it might offer will also be blocked. As have mentioned by Rescorla (2003) it is vital to focus on the different software or application which can help in order to maintain the security, particularly those related with the software risks, which include update and maintenance of anti-virus software. This result is connected or does match the result regarding the most important issues of computer system security. First, most of the procedures and strategies to be implemented mainly focus on ensuring that the system is safe from any intruder or external entities that are not authorized to access the computer system, particularly those information and data that are considered as confidential and very important to the overall performance of the company. Installation and maintainance of firewall is important in order to impose access control policy on network traffic as it pass via access points (Hunt, 2002). Furthermore, the issue about the environmental or physical security aspect are also very important, which mainly focus on the maintenance aspect, or the process of ensuring that there will be available actions or procedures to be done in case of some inevitable events to happen. In addition, actions also focus on the process of ensuring that the human resource or the personnel are all free from any past records about mischief in the computer system. With this, it can be explained that most of the actions implemented by the respondents mainly focus on restricting and preventing any possible attacks.
The result shows that the software security issues, together with the personnel are considered as the most important aspects in computer security. This pertains on the process of protecting the software structure of the system, by focusing on the operating system and other applications or software that are installed in the system, which include the network. In addition, the personnel security strategies mainly focus on ensuring that the employees or staffs of the organization are well chosen or the organization is well informed regarding the past performances and records of each and every individual employee, in order to ensure that he or she was not part of any competitor, and do not have past records of any mischief (Shim and Qureshi, 2000). In addition, it also focus on the process of ensuring that all of the actions done by the employees are based on the policies and standards of the organization, which mainly focus on ensuring that they are properly informed and well-equipped with the knowledge that are needed in order to prevent errors in handling the computer system.
Table SEQ Table \* ARABIC 9 Important Computer System Security Strategies
|
Most Important Computer Security Strategies |
N |
Minimum |
Maximum |
Mean |
Std. Deviation |
Interpretation |
|
Selecting and hiring process |
68 |
4.00 |
5.00 |
4.3971 |
.49293 |
Important |
|
User's Manual |
68 |
4.00 |
5.00 |
4.3676 |
.48575 |
Important |
Table 9 shows the “important” computer system security strategies. These are the least factors considered by the respondents are: selecting and hiring process (mean = 4.40) and user’s manual (mean = 4.37). These factors are considered as important part of personnel security issues. The selecting and hiring process focus on ensuring that employees are free from any past records, at the same time, ensure that they are properly informed about the overall policy of the organization. On the other hand, the user’s manual focus on the guidance that is available to be retrieved and can be referenced by the employees.
As have expected, the result match the result about the most important computer security system issues, as well as the result of the literatures and past studies reviewed in the first part of the paper. The result showed that because the respondents believe that all of the aspects of elements of computer security system are considered as important in order to maintain security level of the computer system, the respondents also believe that all of the security efforts and strategies in all the areas of computer security system, including physical, hardware, software, personnel and network are very important in order to ensure and sustain the security of the entire system.
The respondents were asked regarding the significance of application and maintenance of computer system in the overall operation of their respective company. All of the respondents who were interviewed agreed that their computer system is considered as one of the most important, if not the most important aspect of the organization, because it serves as a backbone or guidelines which support and connects other important procedures and processes inside the organization.
According to one of the respondents:
“The advancement of technology, particularly computer system has taken its deep root in every field in the contemporary world. Therefore, it is somewhat impossible for anyone to imagine a world without these high technologies. Without using the computer and the Internet in order to share and retrieve information about anything – anytime.”
Another of the respondents added that”
“It will be a worst nightmare for any company to imagine operating without the help and support of high-end computer systems. For it plays a vital role in each and every function, aspect and area of the business or the organization in direct and indirect manner.”
Thus, these responses show that application of computer system is considered as a must for an organization in order to maintain competitive advantage and sustain position in the market in the modern era. This is because of the fact that computer system enables companies to gain advantages and benefits.
According to one of the respondents:
“Computer system enables to sustain the dependency and the needs for updated and correct information, which can be readily accessed and retrieved in order to focus on sound and effective decision-making. For instance, terms of marketing, computer system enables the managers to access information about the movements in sales, the changing preferences of the consumers, etc., which can help in order to focus on and establish new strategies to be implemented in order to maintain the interest, satisfaction and loyalty of the customers. This is the same as the process of managing internal customers or the employees. Computer system helps in order to sustain internal communication which is important in order to ensure that the voices of the employees are being listened to, and they are being informed of any changes and development about the actions and strategies which are implemented by the company.”
This result matched the result of the literature review which shows the significance of computer system security in the overall performance of the organization. The result shows that in the current environment and time, wherein people, companies and organizations are becoming more and more dependent towards the importance of information in order to maintain and ensure the effectiveness and efficiency of their performance, ensuring that the system which hold and process all of the important data of the organization or company is very important. Thus, according to Post and Kievit (1991) as the days go by in the computer era, more important areas and function of organizations and its users are expected to experience more complicated security provisions, therefore, different software and application, together with the different strategies to be implemented in order to prevent the impact of computer system security risks.
4.2.1 Common Computer System Threats and Issues Faced by the Organization
The respondents were asked to estate the most common computer system threats and issues that they are facing. They were asked to include those problems in 5 categories: physical, hardware, software, networking and personnel.
The result shows that these important categories of computer security and threats are interconnected, thus, it is important to focus on all of these factors in order to ensure highly secured and efficient computer system.
Physical and hardware security issues are almost the same. This pertains on the physical aspect or parts of the computer system. These include the facilities and the spare parts or hardware which makes up the entire computer system.
For physical security, the facility itself or the computer center, wherein the heart of the system is located or stored, which include those hardware and gadgets that are used in order to maintain the server, or the main computer which process and connects other important nodes of the computer system (Shim, Qureshi and Siegel, 2000). .
According to one of the respondents:
“The issue of physical security is considered as the fundamental issue to be considered in the overall computer security, for it handles the physical feature or aspects of the system, which include the entire storage process and facilities that are used. Thus, it is considered as the first line of defense for a computer system – which focus on protecting it physically, which includes the plant, the equipment, together with the personnel. It is important to take note that physical security is connected in protecting the data, including its integrity, accuracy and privacy”
Other respondent added that:
“Physical and hardware security is dependent on the environment. It is important to take note that computer facilities are vulnerable and liable to different damages due to different environmental factors, which include heat, water, humidity, dust, dirt and other foreign particles and of course power failure. All of these factors can directly or indirectly influence the condition of each and every gadget, hardware or computer parts inside the computer room, which will affect its performance, then eventually affect its software.”
“An effective physical security can help in order to prevent security failure. This is because computer equipment is at higher risk if it can be easily accessed by the public or if it is located in a high crime area. It is important to add that, there are times that those people who are authorized can steal hardware or equipment. Therefore, stealing or theft or unnecessary change to the hardware, equipment and facilities are the most vital physical and hardware security issue.”
For security issues, all of the respondents agreed that the presence of viruses, malwares and other malicious codes are considered as the most important security issues (Hunt, 2002; Rescorla, 2003).
According to one of the respondents:
“In the current time, the issue of virus, malware and other malicious codes are entirely different from the past. This is because there are some codes which can cause great and dangerous effect towards the computer system, which include destroying the operating system, etc. These software or files are no longer limited to annoying messages and activities. Other issues include those related to unauthorized access to the computer system.”
With this, issues related to networking, wherein the issues of physical, hardware and software are connected. The environment can affect the wirings and cables, at the same time, there are some malicious code that can affect the network, at the same time, there are some users who might try to access restricted files and codes.
Above all, the most important issue to be considered is the personnel or the employees. According to one respondent:
“The action of the users of the computer system can greatly influence the success of the overall computer security actions and strategies.
The result of the study support the reviewed literatures of the study wherein the issue of computer system security have changed in the past decades due to the different external or macro-environmental factors, particularly the enhancement and improvement of technology. In the past, because of bulky and stand-alone system, computer system security mainly focuses on the issue of physical and hardware. This includes those related to natural or man-made calamities or events. However, in the current world due to the improvement of networking – including those wired and wireless, particularly the application of the Internet, intranet and extranet, the risks related to computer system have elevated and become more complicated. From just focusing on the aspect of physical, hardware and personnel of computer system, in the current world, businesses and organizations must also focus on other important opening of the security features of the computer system, particularly those related with the network, for it can offer great damage towards the system. In addition, it is important to continually focus on the issue of personnel by ensuring that proper screening were done to ensure the characters and backgrounds of the employees to be hired, at the same time, ensure that a continuous and proper monitoring and appraisals are being done in order to ensure that the employees are following the rules and standards of the organization in using the computer system (Nielsen, 2000; Brostoff and Sasse, 2003)
4.2.1 Common Computer System Threats and Issues Faced by the Organization
The respondents stated that the most important strategies to be implemented in order to prevent computer security issues focused on proper and updated implementation of efficient security management, with the support of organizational policy.
According to one of the respondents:
“it can help in order to eliminate and reduce computer vulnerability to destruction, modification or disclosure.”
The result of the interview showed that the most of the organizations are implementing the following strategies and policies:
· Anti-theft devices
· Audit-Trail for both hardware and software
· Tracking (e.g. CCTV cameras)
· Authorization and access control systems
· Facility Alarm (Fire, Water, etc.)
· Monitoring and maintenance of room temperature (heat, humidity, dust, etc.)
· Installation and update of anti-virus, firewall, anti-malware, etc.
· Network access security
· Internet and Intranet security
· Training and education of the employees
As have showed in the literatures reviewed, in the current world, due to the improvement of technology, changes in the different social aspects, economic and political changes, computer system is also facing changing risks and threats. These threats and risks are mixtures of all the important aspects or parts of the computer system technology (Shim and Qureshi, 2000)
When you go for face to face interview its better to maintain two copies with you.
Posted by: Telecom CV | August 07, 2012 at 05:26 PM