A
STYLE OF GROWTH OF COMPUTER AND INTERNET SECURITY BREACHES IN SRI LANKA
Background
This paper represents the
views towards the Computer & internet Security Breaches . Internet Security
Breaches has Become the Trend in Modern Society .For this study I Refer the “An analysis of the Growth of Computer
and Internet Security Breaches” As the Base Article regarding the Analyze of the Computer &
internet security breaches.
This
paper surveys recent literature and in the field of Cyber crime, intending to
find out the computer & internet security breaches . In order to gather
primary data it is expected to use the Questioner.
In
this paper, researchers find that recent literature and the objectives of
analysis computer & internet security breaches, and limitation of the cyber
crime. and finally analyze the A style of growth of computer & internet
Security breaches.
Discussion
and Conclusion
This
exploratory study investigates the usefulness of the budgets, limitation of the
budgets and how to enhance the usefulness of the budgets.
Key words
Computer and Internet security
breaches, diffusion model, bad innovation, types of crimes, growth patterns of
crimes
Chapter 1 Introduction
1.1
Introduction
In
the recent past it is very common to hear Cyber crime issues and breaches
relating to the Internet Security among world. Cyber crime appears to have
become a serious problem at internet security. Internet security can be
breached by the way of hacking, Stolen
laptop/computer, Passwords compromised, Theft by insider/employee, Missing
back-up tape.
Cyber crime can be done collectively or individually. There has been much
discussion about the impact of new technologies on internet security breaches.
1.2
Background of the study
Information
security “breaches” take many forms. These
include lost or misplaced disks or backup tapes, stolen laptops and cell
phones, hacked data, improperly secured websites, data lost or stolen in
transit, information taken by rogue employees, misdirected mail, and many other
forms. California data suggest that most are accidents, rather than the result
of deliberate attacks, and many are not so much “breaches” as incidents in
which data may — or may not — have been compromised. Most of these incidents do
not involve the Internet or other digital technologies. In fact, many involve
lost or misplaced information or equipment, rather than theft.
Breaches occur in a wide variety of settings,
Including many industry
sectors, government agencies, universities, and the not-for-profit community.
It appears that only a small percentage of
breaches actually involve any harmful use of data. There are many
reasons for this, including:
- Many
incidents described as information security breaches involve no effort to
misuse data at all. Data may be lost, rather than stolen, or obtained
incidental to the theft of some other valuable commodity and discarded or
destroyed without ever being accessed (for example, a laptop that is
stolen for the value of the machine and immediately wiped clean so that it
can be used by someone else).
- Not
all attempted misuses are successful; industry efforts to detect and block
fraudulent charges and illicit access to accounts are highly successful.
The financial services industry, for example, intercepts and blocks many
fraudulent credit card charges.
- Even
the portion of those efforts to misuse personal information that are
successful usually result in no financial or physical harm to consumers.
The most recent data available indicates that 67% of victims of
identity-based frauds report suffering no economic loss and paying no
out-of-pocket expenses. The costs were usually paid by businesses,
andultimately by all consumers.pe
Information
security breaches are among the least common ways that personal information
falls into the wrong hands. In 2005,
for the half of victims of identity-based frauds who reported knowing
from where their information had been obtained, the most common source of
personal information, by a factor of two to one over any other category,
was “lost or stolen wallet, checkbook or credit card.”5 Family members
and relatives along with friends and neighbors make up half of all known
identity thieves.6 Consumers often end up unwittingly providing thieves with
access to sensitive data by failing to secure their own data, by
responding to fraud schemes, such as phishing and pharming, and by
careless use of their personal information.
Security Breaches (2005)
1.3
Objective of the study
Overall Objective
The
overall objective of the study is to evaluate the A style of growth of computer
and internet security breaches in Sri Lanka.
Specific
Aims
- To Find out the existing internet security
breaches among listed companies in Sri Lanka.
- To Find out the relationship between Internet
Security Breaches and Growth of computer among business.
Chapter 2 Literature
Review
2.1
Summary of the base article
This study uses to analyze the
growth rates of different types of computer and Internet-related crimes. The
Security Breaches is an appropriate diffusion because it is capable of modeling
two opposite behaviors: (1) acts of attacks and imitation of attacks and (2)
deterrence acts to prevent such attacks. . This study was used to analyze
various types of attacks. The results indicated that growth patterns of
computer and Internet crimes differ in growth patterns and that a relationship
exists between occurrences of such security breaches and uses of certain
security technologies. Thus, for example, financial fraud and denial of service
are growing at a faster pace. The study also found, for example, that an
increase in virus-related incidents does not necessarily increase anti-virus
software use.
2.2
Literature Regarding the Topic
Neumann [1999] states that
costs of cyber crime are difficult to measure; however, these costsare
reasonably substantial and growing rapidly. Garg et al. [2003] attempted to
quantify the financial impact of IT security breaches by using event-study
methodology. They came to the same conclusion: IT breaches are extremely
costly. Lukasik [2000] claims that cyber crime costs are essentially doubling
each year. The problem becomes even more complicated when oneconsiders that
these crimes are underreported. Ullman and Ferrera, [1998] mention that,
according to FBI estimates, only 17 percent of computer crimes are reported to
government authorities.
Previous studies that focused on computer or
information systems security issues lack empirical results on how different
these security breaches are from one another and what their growth patterns
are. Such empirical studies are important because some attacks enormously and
rapidly disrupt the Internet infrastructure for a length of time, thus
resulting in millions of dollars in losses. For example, the “Code Red Worm”
virus infected more than 250,000 systems around the globe in nine hours on July
19, 2001, and its estimated total global economic impact was as much as $2.6
billion [Householder et al., 2002].
The growth of computer and
Internet security breaches can be studied from an innovation diffusion
perspective [Rogers, 2003]. Innovation diffusion literature is usually
concerned with good innovations and thus biased towards good innovations. The
study of bad innovations such as security attacks can alert readers to the fact
that innovations are not always good and what actions need to be taken to
prevent such bad innovations. The present study uses the concept of bad
innovations by using the modified Gompertz model [Pitcher et al., 1978] which
is capable of capturing attack incidences as well as deterrent activities.
Based on past experiences, it can be inferred that not all attacks deserve the
same attention and not all attacks may show the same type of growth rate. It is
important to know how these various crime rates are growing. This question
needs to be investigated empirically. Although estimation with a sparse set of
data at an earlier stage of growth is challenging, past studies proved it to be
useful. In this paper, we focus on different types of attacks, how these
evolved, whether different types of attacks evolved similarly, and how
deterrence effects are working.
The study is preliminary in
nature for a number of reasons. Literature is almost non-existent on this
topic. Data on different types of security breaches are sparse [Power, 2002].
One of the most referenced studies of security breaches, the CSI/FBI computer
crime and security survey by Richard Power, contains only a few years of recent
data [1996-2002]. Modeling such security breaches during the early stages of
data availability is difficult but extremely critical. Analysis withsparse data
is, however, not uncommon in research literature. For example, marketing
literature reports the forecasting of sales of new products with as few as five
years of data [Mahajan and Peterson, 1985]. The dynamic behavior of hundreds of
good innovations shows similar characteristics during the early phases of
growth as observed across many types of products [Bass, 1969; Mahajan et al.,
1985; Jepson, 1976]. Previous works on forecasting from early data
with a small number of data
points include Lawton and Lawton [1979], Tigert and Farivar [1981], Kalish and
Lilien [1986], Wright, Uprichard and Lewis [1997]. Lilien et al. [1981] and
Dalal et al. [1998] updated parameter estimates for a new product by using data
on similar products or expert judgment in a Bayesian framework. Sultan et
al.[1990] used meta-analysis-based prior information with a few data points on
a new product to obtain more robust posterior estimates.
In the absence of prior
information and data on Internet attacks, we use traditional diffusionmodels.
Previous research reports that the shape of sales curves of many innovative
products during the growth phase is similar [Mahajan et al., 1985]. Sales of
new products in the earlyphases tend to grow extremely rapidly. This high
growth rate tends to decrease over time andfinally the diffusion matures and
tapers off, as newer technologies replace older ones. Previous research also
found that while exponential or logistic curves are adequate for modeling
purposes in the growth phase, they are not adequate to model many innovations
at an earlier stage. A small error at an early stage can result in a large
effect on later time period forecasts [Martino, 1972].
Modified Gompertz curves, such
as the General Sales Growth Curve [Lieb Associates, 2001], are reported which
describe the data well and yield good curve fitting and forecasting of new
innovations in the early growth phases [Jepson, 1976; Lakhani, 1979]. The
Gompertz curve could be a good fit for innovations which rapidly increase in
the beginning and then taper off slowly. The point of inflection of the growth
curve occurs at 33% of total potential diffusion. Such a model isused in the
present study of bad innovations [Pitcher et al., 1978]. In addition, the
model’s explanatory power helps to understand how these attacks are developing
and what factors are behind such attacks.
Types of breaches
Some of the important security
breaches since 2001 are the results of the following attacks [CERT/CC, 2003]:
·
Multiple
vulnerabilities in the Internet Software Consortium's Berkeley Internet Name Domain
(BIND) server,
·
Sadmind/IIS
worm (a worm that exploits a vulnerability in Solaris systems and
subsequently installs software to attack
Microsoft IIS web servers),
·
Code Red worm
(a self-propagating malicious code that exploits IIS-enabled systems),
·
SirCam worm
(a malicious code that spreads through email and potentially through unprotected
network shares), and
·
Nimda blended
threat (a combination of worm, viruses, and other codes that propagates itself
via several methods, including email, network shares, or through an infected web
3.1 Data Collection and
Methods
Source of data
Researchers
are expected to use both primary and secondary data. The primary data will be
used to bridge the research gap in the existing literature. The main source of
data is the data which collected from questionnaires. Separate questionnaire is
designed for the Analyze the style of growth. And a separate questionnaire is
designed for the analyze the computer and internet security breaches . Other
than that, many academic journals and articles will be used as sources of data.
Collection of data
A
separate questionnaire is designed for the analyze the style of growth and
analyze the computer and internet security breaches.. In the first section of
questionnaire is designed to collect demographic information such as
designation, gender, age, Industry and etc. From next part onwards it is being
asked the view point of computer crimes.
Besides
the information gathered from the questionnaires it is expected to use various documents available in the university web
sites as the secondary data source.
3.2 Population & sample
Population
of this study contained all listed companies in the sri lanka . The reason for
the selection of listed companies in sri lanka for this study is due to the
information accessibility. The study sample of 40 participants will be
generated by using stratified sampling methods.
3.3 Data Management
The
collected data will be fed to the SPSS software which is one of the best soft
ware’s to analysis data, especially in quantitative nature. All the questions
in the questionnaires are available in SPSS windows with the given answers and
will be coded accordingly. All the questionaries’ themselves available
reference numbers, therefore the easy access to the information is highly
protected. The information feeding process to SPSS is done in highly accurate
manner. One person entered data to SPSS, and another person has to recheck the
accuracy of data. Third person has confirmed the accuracy of the coding system.
Data Analysis Strategies
Secondary data, which were
collected through a comprehensive review of literature as detailed in the
literature review of this proposal, analyzed to identify gaps in the existing
body of knowledge on the issues pertinent to the research topic. The research
gaps identified were used as a basis for reaffirming the relevance of the
research problem, developing the research.
Primary data will be
collected using questionnaires and analyze quantitatively. It is expected to
analysis data by using SPSS software. For all demographic questions it is
panned to generate frequency analysis. The factor analysis is also going to be
tested. More importantly it is expected to carry out parametric and non-
parametric analysis as appropriately to identify the significance relationships
in the collected data. Other than that reliability test, t- tests, post hoc
tests, regression analysis also going to be tested.
Chapter 4 Data
Analysis
Mostly though, previous
studies lack empirical results on how different types of attacks grow or
provide reliable models of such attack growths. This understanding is
important. Some attacks enormously and rapidly disrupt the Internet
infrastructure for a length of time, thus resulting in millions of lost
dollars. For example, the infamous "Melissa" virus in 1999 infected
thousands of computers with rapid speed, causing an estimated $80 million in
damages [CCITS, 2002]. The growth process can be studied from an innovation
diffusion perspective [Rogers, 1991]. The four main elements in the diffusion
process are:
1. the innovation (good or
bad),
2. channels of communication,
3. time, and
4. the social system.
Although imitative and
deterrence acts constitute the background of any attack scenario, the rates of
imitation and deterrence may not be the same. When the rate of instigation
increases it may mean an overall increase in deterrence rate as more and more
security products will be developed. As these products come onto the market,
attackers find ways to bypass these products and refine their attacks, which in
turn leads to more refined security products. This cycle of reinforcing attack
and deterrence continues.
Secanario1: Relative increase in net instigation rate is related to relative
increase in
deterrence rate.
Thus, preventive measures are
assumed to be thoroughly outweighed by attacks. Therefore, it is expected that
the value of c, the net rate of instigation will be much higher than the value
of q, the rate of deterrence or inhibition.
Scenario
2: Values of the net rate of
instigation, c, will be much higher than values of q, the rate of inhibition
for computer and Internet-related bad innovations, i.e., digital crimes and
security breaches.
Although reported computer
crimes are of many types, not all of them are equally popular, due to economic,
political, technical and a variety of other reasons. At the beginning, hacking
was done primarily for intellectual satisfaction, to break a system. In recent
times however, financial profit considerations are one of the main reasons for
computer crimes.
4b. denial of service attacks
should lead to more use of intruder detection software,
encryption, and firewall
4c. proprietary information
theft should lead to more use of intruder detection software,
encryption, and firewalls
4d. virus attacks should lead
to more antivirus software use and encryption use.
Table shows the distribution
of the respondents who reported attacks by industry sector. The distribution did
not change much over the four year period.
.
|
Industry sector |
% |
|
Manufactring |
40 |
|
Service |
10 |
|
Banking |
20 |
|
Insurance |
10 |
|
Other |
20 |
Result
The figure captures the fit of
the power function of the relationship between q and
c. The function is: q = .089c(2.19)
(R2 = .66). An increase in net instigation rate is greater than the
corresponding relative increase in inhibition rate. This result is consistent
with results obtained from other types of crimes [Pitcher et al., 1978]. The
moderate fit and the positive value of c support Proposition 1.
Values of net instigation
rate, c, will be much higher than values of inhibition rate,
q, for computer and
Internet-related bad innovations, i.e., computer crimes and security breaches.
The R2 value from the model fits are high (.80-.99). The values of q and c are
different, for each type of
security breach, with values of c much higher than q. When c> q, overall
impact of net instigation is more than the inhibition rate and vice versa. The
results are again consistent with the results obtained from other types of
crimes
Not all computer crimes and
security breaches show similar growth rates. The pair of values of q and c, as
obtained from each run, is very different for each type of crimes, thus
confirming Proposition 3. Of these viruses, financial fraud, and theft of
proprietary information are projected to be significant and costly in the near
future. Denial of service is rising rapidly. Telecom fraud, active wiretapping,
laptop theft, and unauthorized insider access will be lower. By comparison, the
rest of the crimes are projected to be at a moderate level of intensity.
Conclusion
Of the four propositions
explored in this study, three (Propositions 1-3) were strongly confirmed while
the remaining one (Proposition 4) was partially confirmed. In summary, the
results of this study led us to conclude that
·
Relative
increase in net instigation rate is related to relative increase in inhibition
rate which implies that the increasing attack incidences will force organizations
and governments to come up with means of preventing or reducing them
·
For computer
and Internet-related attacks (bad innovations), the values of net instigation
rate is higher than values of inhibition rate, implying more efforts and resources
need to be applied toward inhibiting attacks;
·
Different
computer crimes and security breaches grow at different rates, which implies that
all these crimes should not receive the same level of attention because some
crimes are likely to spread more rapidly than others;
·
Real world
practice does not always follow the common notion that as more attac incidents
occur, more security technologies are used. This finding may imply that organizations
and governments do not necessarily spend money on security measures in proportion
to the frequency of attack incidences. Ninety percent of respondents in the 2002 survey, for example, used anti-virus
software; however, at least 10-15% of respondents
did not detect any virus, due probably to non-use or ignorance [Power, 2002]. Viruses are among those attack
incidents that caused financial losses.
This article is a first attempt to identify
the nature of growth of various computer and Internet related crimes, using a sparse set of
data. First, a model was selected for bad innovation modeling which can
represent both imitative and inhibitive behaviors in attacks. Next, the model was
used to derive and compare various types of attack statistics with a sparse set
of data
Reference
Arquilla, J. (2001) Networks and Netwars: The Future of Terror,
Crime, and Militancy, Santa Monica, CA: RAND Corporation.
Atkins, D.(199 6) Internet Security Professional Reference.
Indianapolis, IN: New Riders Pub.
Attrition (2001) http://www.attrition.org/mirror/attrition/stats.html
Last consulted 11-27-03.
Bass, F.M. (1969) "A New
Product Growth Model for Consumer Durables" Management Science, pp. 215-227.
Bandura, A. (1986) Social Foundations of Thought and Action.
Englewood Cliffs, NJ: Prentice- Hall. A CCITS/Infosech Presentation on Internet
Security,2002.
CERT/CC Web Site, http://www.cert.org
.Last consulted 12-06-03.
Convention on Cybercrime http://conventions.coe.int/Treaty/EN/cadreNews.htm
.Last consulted 12-06-03.
Computer Fraud and Abuse
Statute, (2002) http://nsi.org/Library/Compsec/cfa.txt .Last consulted
12-06-03.
CTNEWS(2002) http://www.cnetnews.com.
Last consulted 11-06-03.
Dalal, S., Ho, Y. and Sherman,
R. (1998) “Learning from Experience to Improve Early Forecasts:
A Posterior Mode Approach” In
Business and Economic for the 21st Century, Vol. II
Worcester, MA: Business and
Economics Society International,. pp. 338-353.
Denning, D.(2000) “Reflections
on Cyber weapons Controls” Computer
Security Journal, (XVI) 4.
Denning, D. (1998) Information Warfare and Security, Upper
Saddle River, NJ: PearsonEducation.
Communications of the
Association for Information Systems (Volume12, 2003)684-700 699
Ford, R. (1999) “No Surprises
in Melissa Land” Computers and Security,
(18), pp. 300-302.
Garg, A., Curtis, J. and
Halper, H. (2003) “Quantifying the Financial Impact of IT Security Breaches” Information Management & Security (11)2,
pp. 74-83.
Householder, A., Houle, K. and
Dougherty, C. (2002) “Computer Attack Trends Challenge
Internet Security, Security and
Privacy” Supplement to Computer, IEEE
Computer
Society.
Jepson, C., E. I. DuPont de Nemours & Co., Inc,Internal
Presentation, 1976.
Kalish, S. and Lilien, G.
(1986) “A Market Entry Timing Model for New Technologies”
Management
Science, 32 (2),
pp. 194-205.
Katz, M. and Shapiro, C. (1986)
“Technology Adoption in the Presence of Network Externalities” Journal of Political Economy (94), pp.
822-841.
Krebs, B. (2003). “Good' Worm
Fixes Infected Computers” http://www.washingtonpost.com/wpdyn/
articles/A9531-2003Aug18.html. Last consulted 12-06-03.
Lakhani, H. (1979)
"Empirical Implications of Mathematical Functions Used to Analyze Market
Penetration of New Products" Technological
Forecasting and Social Change (15)2, pp. 147-156.
Lawton, S. B. and Lawton, W. H.
(1979) “An Autocatalytic Model for the Diffusion of Educational Innovations” Educational Administrative Quarterly, 15 (1), pp. 19-46.
Lukasik, S. J.(2000)
“Protecting the Global Information Commons" Telecommu-nication Policy, (24)6-7, pp. 519-531.
Mahajan, V., Muller, E. and
Bass, F. M. (1990) "New Product Diffusion Models in Marketing: A Review
and Directions for Research" Journal
of Marketing, (54), pp. 1-26.
Mahajan, V. and Peterson, R.
(1987) “Models for Innovation Diffusion,” Sage University Paper series on
Quantitative Applications in the Social Sciences, (2nd Ed.), Beverly Hills:
SAGE Publications.
Martino, J. P. (1972) "The
Effect of Errors in Estimating the Upper Limit of a Growth Curve" Technological Forecasting and Social Change,
(4), pp. 77-84.
McCrohan, K. F. (2003) “Facing
the Threats to Electronic Commerce” Journal
of Business & Industrial Marketing,
18 (2) , pp. 133-145.
Neumann, P. (1999) “Information
System Adversities and Risks” presented at the Conference on International
Cooperation to Combat Cyber Crime and Terrorism, Stanford, CA: Hoover
Institution, , pp. 1-2, 3. http://www.oas.org/juridico/english/information_system_
adversities_a.htm
Parker, D.B. (1983) Fighting Computer Crime. New York:
Scribner's.
Pitcher, B., Hamblin, R. and
Miller, J. (1978) “The Diffusion of Collective Violence” American Sociological Review, (43), pp.23-35.
Power, R. (2002) “CSI/FBI
Computer Crime and Security Survey” Computer
Security Issues and Trends, (8)1, pp. 1-22.
Ratnasingam, P. (2002) “The
Important of Technology Trust in Web Services Security”
Information
Management & Computer Security, (10)5, pp. 255-260.
Richardson, R. (2003) The 2003
CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute Inc., pp. 1-20.
Rogers, E. (2003) The Diffusion of Innovation. New York: Free Press.
Smith, A. D. and Rupp, W. T.
(2002) “Issues in Cybersecurity: Understanding the Potential Risks Associated
with Hackers/Crackers” Information
Management & Computer Security, (10)4, pp. 178-183.
Sofaer, A. D. and Goodman, S.
(Eds), (2001) The Transnational Dimension
of Cyber Crime and Terrorism, Hoover National Security Forum Series,
Stanford, CA: Hoover Institution Press.SPSS
11 Syntax Reference Guide, 2003. Chicago IL: SPSS Publication Sales.
Straub, D.W. (1990) “Effective
IS Security: An Empirical Study’’ Information
Systems Research, (1)3, pp. 255-276.
Straub, D., Carlson, P. and
Jones, E. (1993) “Deterring Highly Motivated Computer Abusers: A Field
Experiment in Computer Security” Journal
of Management Systems (5)1, pp. 33-48.
Straub, D. and Welke , R.
(1998) “Coping with Systems Risk: Security Planning Models for Management
Decision-Making” MIS Quarterly,
(22)4, pp. 441-469.
Sultan, F., Farley, J., and
Lehmann, D. (1990) “A Meta-Analysis of Applications of Diffusion Models" Journal of Marketing Research, (27), pp.
70-77.
Tigert, D. and Farivar, B.
(1981) “The Bass New Product Growth Model: A Sensitivity Analysis for a High
Technology Product”. Journal of Marketing,
(45), pp. 81-90.
Ullman, R. and Ferrera, D.
(1998) “Crime on the Internet,” Boston
Bar Journal, Nov./Dec., no.6. Wright, M. Upritchard, C. and Lewis, T.
(1997) “A Validation of the Bass New Product Diffusion Model in New Zealand” Marketing Bulletin, (8), pp. 15-29.
A Style of growth of computer and internet
Security Breaches In sri lanka
This questionnaire is only foe the use of information
in the Academic Module of Artificial Neural Network Which Coming under the
Degree Programme of B.Sc Accounting (Special) Degree Part IV Of the university
of Sri Jayewardenepura.
This Questionnaire was design to find out the A style
of growth of computer and internet security breaches in sri lankan business. We
would be greatful if you could complete the questionnaire below and
provide your honest answers. The information only used for the Academic purpose and we ensure the confidentiality of
information provided by you
1.
Gender Female Male
2.
Age
20 – 30 Years
30 – 40 Years
40 -55 Years
Above 50 Years
3 Which
Sector Belong to your Company
Private
Sector Government
4 Industry
Type of Your Company
Manufacturing
Service
Banking
Insurance
Other
5 Education Level
Passed G.C.E Ordinary Level
Passed G.C.E Advance
Level
Graduate
Professional
Qualification
6 Can any Employee
Access to the internet in your company
Yes
No
7
How many employees use internet in your
company During the office Hours
0 -50 Employees
50 -75 Employees
75 – 100 Employees
Above 100
Employees
8
Level Of knowledge Regarding the Internet and Information Technologies
High Level
Middle Level
Law Level
No Knowledge
9 Purpose of the use of internet during the
office time
Business Purpose
Social Network
Educational
Purpose
Communication
Purpose
10 Which Website
Have you allow to Access by your Office PC
International Web
Site
Social Media
Online Shopping
Business
related Web site
11 To what extend
does your organization provide corporate access to the internet ?
Stand alone dial
up access only
LAN/WAN dial up
access
LAN /WAN
direct/permanent connection
Other
12 Do your Organization have a computer
security awareness programme for all employees using information Technologies.
Yes No
13 Has your organization experienced any
unauthorized use of its computer system
within the past years
Yes No
14 Does Organization have a written policy on
the security & misuse of computing facilities
Yes
No
15 Of the
Following Passed G.C.E Ordinary Level which do you fell will
increasingly impact on your organization over the next five years
Hacking and use of malicious code
Theft
Fraud
Greater Use of encryption
Other
