Students’ Perceived Ethical Severity of e-Learning Security Attacks By: Yair Levy, Ph.D. Nova Southeastern University Graduate School of Computer and Information Sciences and Michelle M. Ramim, Ph.D. Nova Southeastern University Huizenga School of Business and Entrepreneurship

Theoretical background Methodology and sample Results Conclusions Outline Introduction Objective Theoretical background Methodology and sample Results Conclusions

Introduction Growing use e-learning beyond higher education Career technical education Medical education Corporate and military training K–12 education 96% of 2-year and 4-year public higher education institutions provide some form of e-learning courses (U.S. Department of education, 2009) Challenge- provide a secured and accountable e-learning environment Valid authentication of users is a perpetual challenge amongst organizations

Introduction (Cont.) Strategic efforts to reduce cyber-security treats (Obama calls for cyber czar, 2009) A surge in incidents of unethical behavior reported in the U.S. news media (Cyberspace threats and Vulnerabilities, US Cert-gov) Cyber-security incidents have climbed sharply, particularly after 9/11/2001 NIMDA warm, Code Red Only small percentage of such sophisticated attacks are reported to the public

Majority hackers were found to be below the age of 30 (Harris, 2004) Introduction (Cont.) A need for a strategy to increase awareness and reduce cyber-security treats (EDUCAUSE) Majority hackers were found to be below the age of 30 (Harris, 2004) Nowadays, students are more technology savvy and may explore unethical actions under stress, including cyber attacks

Objectives Investigate users’ perceptions about unethical behaviors, specifically e-learning security attacks Some evidence from literature indicating that gender, age, and academic rank may have implications on ethical severity (Cronan et al., 2006; Ramim, 2007) the U.S. Federal Trade Commission (2008) has reported that financial loss resulting from such crimes has been mounting and exceeding $1.2 billion annually. Business organizations and government agencies have been motivated to identify and adopt advanced identification technologies (James et al., 2006; Wang et al., 2008).

Theoretical Background Ethical behavior is gender dependent (Cronan et al., 2006; Dorantes, Hewitt, & Goles, 2006; Kreie & Cronan, 1998) Males appear to be less ethically driven Females appear to be more ethically driven Age and academic rank were also found to show differences related to perceptions about ethical behaviors (Kreie & Cronan, 1998) Very little research has been done about such differences in the context of e-learning cyber-security attacks

Create awareness about e-learning security Focus Investigate students’ perceptions about the severity level of key e-learning security attacks Create awareness about e-learning security If students perceive the severity of key e-learning security attacks (eLSAs) to be low, then they might be more likely to engage or seek help in engaging on their behalf in such unethical behavior

Methodology and Sample Five key security attacks were investigated: Attack to the server Intercepting e-mails (reading, altering, blocking, and/or deleting e-mails sent to someone else) Unauthorized file sharing Unauthorized access Spoofing attack (impersonating as someone else to falsify data)

Methodology and Sample (Cont.) Table 1: The five e-learning security attacks The scale: 1 2 3 4 5 Ethical Somewhat unethical Slightly unethical Unethical Very unethical Student is: <-- Less ethical More ethical -->

Methodology and Sample (Cont.) 1,100 students attending online courses, both at the undergraduate and graduate level during Fall 2006 to Fall 2009 519 responses, represents about 47% response rate

Methodology and Sample (Cont.) Table 2. Descriptive Statistics of Study Participants (N=519)

Four Research Questions RQ1: How severe do students perceive e-learning security attacks? RQ2: Are there significant differences between males and females on their perceived ethical severity of e-learning security attacks? RQ3: Are there significant differences between undergraduate and graduate students on their perceived ethical severity of e-learning security attacks? RQ4: Are there significant differences between students’ age groups on their perceived ethical severity of e-learning security attacks?

Results Majority of the students appears to self-report their perceptions as ethically driven across all five e-learning security attacks The overall percentage of students reported, either ‘4’ (unethical) and ‘5’ (very unethical) when asked to rate their ethical severity about the five e-learning security attacks, was very high (90% on average) with: Highest: (eLSA2) Intercepting e-mails @ 95% Lowest: (eLSA3) Unauthorized file sharing @ 85%

Results (Cont.) Majority of the students appear to understand the ethical severity of these e-learning security attacks A small percentage (3.3% on average), reported either ‘1’ (ethical) and ‘2’ (somewhat ethical) when asked to rate their ethical severity about the five e-learning security attacks Highest: (eLSA3) Unauthorized file sharing @ ~6% Lowest: (eLSA2) Intercepting e-mails @ ~2%

Results (Cont.) Significant (p<0.005) gender differences exist only for eLSA3 Unauthorized file sharing Overall across all five items (eLSA1- eLSA5), the results indicated that in regards to perceived ethical severity of e-learning security attacks males find these attacks less severe than females

Results (Cont.) Significant (p<0.001) age level differences exist only for eLSA1 (Initiating a cyber-attack on the e-learning server) Overall across all five items (eLSA1- eLSA5), the results indicated that graduate students appear to report these e-learning security attacks slightly higher (more severe) than undergraduate students

Results (Cont.) Significant age level differences for all items with eLSA1, eLSA3, eLSA5 (p<0.001), eLSA2 (p<0.01), and eLSA5 (p=0.01) Overall across all five items (eLSA1- eLSA5), the results indicated in regards to perceived ethical severity of e-learning security attacks, there is an increase trend where the older the student is, the more severe s/he ranks the attacks

A sample of 519 students attending e-learning courses in the U.S. Conclusions A sample of 519 students attending e-learning courses in the U.S. Majority (~90%) of the students appear to self-report their perceptions as ethically driven across all the five e-learning security attacks It appears that the majority of the students do understand the ethical severity of these e-learning security attacks

In general, males find security attacks less severe than females Conclusions (Cont.) Small percentage (3.3%) of the students reported specific security attacks to be ethical file sharing scored the highest (~6%) In general, males find security attacks less severe than females It appears that males are more risk takers Females tend to be risk averse than males Undergraduate students appear to perceive attacks only slightly less severe than graduate students

Conclusions (Cont.) The older the student is, the more severe s/he ranks the attacks – i.e. more ethical Young male students, appear to find the e-learning security attacks significantly less ethically severe or not severe at all Younger students entering technical educational programs also learn how to conduct some of these exact security attacks – need for additional research!

Thank you! Questions/comments? Thank you all for attending!

Contact Information - Michelle Michelle M. Ramim, Ph.D. Part-time Professor Nova Southeastern University Huizenga School of Business and Entrepreneurship The DeSantis Building 3301 College Avenue Ft. Lauderdale, FL 33314 E-mail: ramim@nova.edu Site: http://www.nova.edu/~ramim/

Contact Information - Yair Yair Levy, Ph.D. Associate Professor Nova Southeastern University Graduate School of Computer and Information Sciences The DeSantis Building - Room 4058 3301 College Avenue Fort Lauderdale, FL 33314 Tel.: 954-262-2006        Fax: 954-262-3915 E-mail: levyy@nova.edu Site: http://scis.nova.edu/~levyy/