youth cyber offending & victimization: implications for future security policy and practices...
TRANSCRIPT
Youth Cyber Offending & Victimization: Implications for
Future Security Policy and Practices
Presented by Sam McQuade, PhD, Center for Multidisciplinary Studies
Dave Pecora, Information and Technology ServicesApril 4, 2007
1
Overview• Part 1 – RIT Research and Findings
• Part 2 – RIT Response for Preventing Campus Cybercrime
• Part 3 – Higher Education Leadership and Community Outreach
2
2004-2006 RIT Studies Asked College Students About:
A.Present computer use and while growing upB.Knowledge and use of computer security techniquesC.Computer crime victimization experiencesD.RIT computer security program services E.Relationships, expectations and ethicsF. Attitudes towards specific kinds of computer use and
abuseG.Computer/IT offending behaviorH.Likelihood of being caught and punishedI. Reasons for offendingJ. University computer policy and programsK.Demographics
4
April 2004 RIT College Student Findings
• 873 randomly sampled college students:
• 17% of respondents were harassed
• 8% were threatened
• 6% were cyber stalked
• 6% were victims of identity theft.
• One-in-four students reported being victimized multiple times
• One-in-three claimed they knew the perpetrator prior to the crime.
11
And they weren’t just victims . . .
– Pirating of music, movies and software was rampant. A substantial amount of academic dishonesty enabled by computers and other electronic devices was also reported with wide ranging student attitudes regarding these activities.
12
Key Findings From All Four SurveysStudents’ online and offline
behaviors and interactions are intertwined.
Inconsistent moral clarity involving use of computers and IT devices for certain behaviors.
Students are both offenders and victims of computer abuse and crime
13
Major Conclusion
Lacking Cyber EthicsEducation and Infosec Training
Cybercrime Victimization
Cyber OffendingBehaviors
Today’s under-educated and trained students are tomorrow’s naive employees, insider offenders and external attackers.
14
TechnologyAnti-Virus software (Students, Faculty, and Staff)
Host Intrusion Protection (HIPS) for RIT owned desktop computers
Network Scanning for Vulnerabilities and Compromises
Spam Filtering (to name but a few)
… Technical solutions are important, but they only go so far…
17
Education
Digital Self-Defense classes run by ISO
- 90 minute course designed to educate on cyber threats, how to protect themselves
- Integrated into First Year Enrichment (FYE) program.
ITS Technology Seminars
Additional programs in partnership with Student Affairs
18
Education / Enforcement
Security Standards process led by the ISO
- Standards developed in partnership between ISO, ITS, colleges, and others within the university.
- Security standards are an extension of university policy
- But are also valuable for educational purposes
19
Enforcement
ITS works closely with Campus Safety and Student Conduct to investigate cyber threats such as running malicious code, copyright infringement, and cyber harassment or stalking.
Each area plays a significant but different role:
- Campus Safety leads any investigations
- ITS and ISO provide technical support and policy interpretation support
- Student Conduct oversees the judicial process20
Partnership
Partnership between ITS-ISO-Student Affairs/ Student Conduct-Campus Safety - already discussed
Partnership with academic research:
- Evaluation of music service (CTRAX)
- Higher Education Leadership and Community Outreach Initiative
21
Music Service - Timeline
September, 2004: RIT offers CTRAX legal music service to students
March, 2005: ITS partners with Dr. McQuade to evaluate effectiveness of service, student attitudes on illegal file sharing
22
Research FindingsKey Findings:
Issues with CTRAX web interface, program rollout
Gained a better understanding of the student perception of service within the context of RIT student culture
Little change in student attitudes towards illegal sharing => even amongst CTRAX users
23
Do Ctrax Users Still Use P2P?
0 1
Q22: Have you ever downloaded music using the Ctrax music service?
0
5
10
15
20
25
30
Co
un
t
Q16: How often do you use
peer-to-peer file sharing
applications to share music?
Never
Less than once per month
Once per month
Once per week
2-3 times per week
Once per day
More than once per day
Count
Non-Ctrax Users Ctrax Users
24
Introducing the Rochester Regional Cyber Safety Introducing the Rochester Regional Cyber Safety and Ethics Initiativeand Ethics Initiative
26
Organizing to Address Cyber Dangers
• Employers, school officials, teachers and parents are becoming more aware and concerned– Warnings of NCMEC and emerging research – Instances of student cyber abuse/harm– Concern and desire for action
27
Initiative Mission• Provide business/parent training plus K-12 and higher
education in cyber safety, security and ethics• Driven by need to:
– Research the problem to confirm K-12 dangers plus level of worker, parent and teacher competencies
– Implement appropriate instructional interventions– Evaluate implementation impacts on schools and
organizations, along with learning, knowledge retention and behavioral changes
• Enhance community awareness• Invite regional participation and expertise
– Demonstrate success– Build lasting partnerships
28
Challenges• Maintain commitments while managing involvement –
bridge business and education interests and needs• Learn while doing
– Cyber incidences are happening now but we do not understand how best to implement prevention strategies
– Likely to choose from available instructional materials • Manage perceptions and comparisons
– Help businesses reduce liability and increase productivity– Incidences/prevalence of offending/victimization– Student learning, knowledge retention, behavioral changes
• Inform impending legislation– Virginia already has K-12 Internet safety law– Other states likely to follow – educators/research can inform
this process
29
The Ultimate Goal
• Create, pilot test, implement and evaluate research-driven Internet safety, information security and cyber ethics training for students, parents, educators and the adult workforce regionally.
30
Part 3 Comments and Part 3 Comments and DiscussionDiscussion
Samuel C. McQuade Professional Studies Graduate Program CoordinatorCenter for Multidisciplinary StudiesRochester Institute of Technology (RIT)31 Lomb Memorial Drive, Bldg 1, Suite 2210Rochester, New York 14623-5603Phone (585) [email protected] / [email protected]
Dave Pecora Associate Director, Customer Support ServicesInformation and Technology ServicesRochester Institute of Technology (RIT)103 Lomb Memorial Drive, Bldg 7B, Suite 1040Rochester, New York 14623-5608Phone (585) [email protected] / [email protected]
31