Incorporating Global Information Security and Assurance in I.S. Education.

1. INTRODUCTION: NEED FOR INFORMATION SECURITY AND ASSURANCE "America must also face the rapidly growing threat from cyber attacks. Now, we know hackers steal people's identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. " (Obama, 2013). Information assurance is an American priority and a global issue. (Information security and assurance includes of data confidentiality, integrity, and availability along with accountability and confidence all is well with the processes.) For example: The United Arab Emirates recognized the need for computer security awareness in higher education (Rezuli and Marks, 2008). South Africa considers education as a critical for information security (Futcher et. al., 2010). Romania, Qatar and the United Kingdom see a need for education on phishing (Al-Hamar, et. al., 2011; Lungu and Tabusca, 2010). These global security issues are people issues (Rezui and Marks, 2008). And people are the weakest link in security (Kirkpatrick, 2006; Mitnick, 2002). Hence, information security awareness, training, and education of people need to be provided by educational institutions around the globe (Piazza, 2006). 1.1 The value of security and assurance education While many believe education will lower security breaches and incidents, minimize risks and result in a safer environment (Brown, 1990; Greenberg, 1986; Kirkpatrick, 2006; Kieke, 2006), others have observed that education changes behavior towards preventive or avoidance of misuse (Albrechtsen and Hovden, 2010; D'Arcy et al, 2009; Kruger et. al., 2010). For example, in the 1980's, education and training increased fraud prevention (Brown, 1990). Another example of user weakness is ransomware. Ransomware encrypts user files and then the criminal demands payment to unencrypt the data (Luo and Liao, 2007). Most ransomware infections came from a user's lack of attention to unknown e-mail attachment, or careless browsing and download from a malware embedded Web page (Luo and Liao, 2007). Education is the best countermeasure for these and many other security issues. Given the substantial number of security incidents in organizations, there is a need for more education in the area of computer security. Leach (2003) suggests that the internal threat to computer security is more pressing than external threats and is the "result of poor user security behavior." Goodwin (2005) indicates that IT training is targeted to the CIO, whereas it should be targeted to the "bottom of the pyramid." Today, most business organizations have installed the latest security hardware and software; however this means nothing if users don't practice cyber safety. Organizations can conduct security awareness training to address policy, procedures, and tools (Peltier, 2005; Rotvoid and Landry, 2007; Ku et. al., 2009). Users must constantly be reminded to be aware of security issues (Peltier, 2005) in order for them to remain proactive and aware of the issues and to minimize the risks (Kirkpatrick, 2006). To get users to "think security" is to create a culture of security (Haber, 2009). To this end, Kabay (2005) made suggestions for enhancing security education and developing a social culture of information security through education. For most employees, security is not their primary focus. Not all employees can be expected to be security experts nor should they be required to be, but they can be taught to notice suspicious activities, and to alert security professionals when a security-related issue arises (Haber, 2009). There is a need for everyone to learn information security. 1.2 Education problem Since 1984, user security education, awareness, and training have been important (Dodge, et al. …