Lack of information security awareness amongst children Dr MZ Ramorola 24 November 2010 Introduction Information security – the protection of information and information systems against unauthorised access of information (Luzwick, 2000; Bar, 2008). Information security management standards are among the most widely used methods of security management. These standards focus on ensuring that certain information security processes or activities exist. they are unconcerned about and fail to give advice on how these security processes can be accomplished in practice. It is however, not important that something is done, but what really matters here is how well it is done. We all know that users, including children should follow information security procedures. The real problem here is how we actually ensure children do in fact follow these security procedures. Users are not well informed about security issues, they are often told as little as possible because security department see them as “inherently insecure” (Adams & Sasse, 1999). One of the best practice of information security is to promote awareness to all individuals who have access to the information systems. Furthermore, children should be educated and trained in various aspects of information security to help inform how systems are run and how to develop and apply information security controls. they should be provided with guidance to help them understand the meaning of information security; the importance of complying with the information security policy; and their personal responsibilities for information security. Children (digital kids, N-gene, 21st century generation, YouTube) Today’s children has grown up in a new digital landscape. For most of them, there’s never been a time in their lives when computers, digital video, cell phones, video games, the Internet and all the other digital wonders that increasingly define their world haven't surrounded them. Constant exposure to digital media has changed the way they process, interact and use information (Jukes, 2008). Risks children encounter online The majority of children have access to the Internet and related communication technologies such as cell phones, facebook, mixit, twitter, etc. While the internet is fundamentally a great place for children, there are some areas of cyberspace that are not appropriate. It is important to inform children about the types of risks that they may encounter on the Internet. These can include a heterogeneous set of intended and unintended experiences which increase the likelihood of harm to the internet user: content risks, contact risks and conduct risks (Jukes, 2008). Risks can be accepted, mitigated or transferred, but they should never be ignored. Information theft The right of individuals and organizations to deny or restrict the collection and use of information about them (Shelly et al, 2008). Children may unknowingly or deliberately share personal information without realising they may be subject to identify theft, or that they are leaving behind content that might not reflect well on them in future. There are many ways children can lose their privacy on the Internet, e.g. disclosing the address, telephone numbers, or even names to a stranger. If children are in Facebook, they think that it is a closed room, so they exchange information. Children need to be aware that it is not private. They should not give their personal information such as IDs, family member information to strangers. This can be dangerous as financial information (Gerson, 2010). To protect their information on the Net they may implement the user ID or encryption codes (Shelly et al, 2008). False information from advertisers, informal web sites, newsgroups and chat areas The most dangerous places on the Internet are chat rooms, newsgroups and e-mail programs where kids can disclose information about themselves. Kids need to understand that not everything they see on the Net is true, just as with print, TV and other media, it is important to consider the source and think for themselves (Magid, 1999:1). Not all of the information on the web is placed there by reliable sources (Shelly et al, 2008). Fundraising and marketing Sometimes companies and organisations collect information about children for use in marketing, fundraising, and other activities. Children should be instructed not to give out personal information to web sites of companies and organisations, even if they have heard of them or have good feelings about them. They have to check first with their parents before revealing their information. Pornography Child pornography consists of photographs, videotapes, magazines, books, and films that depict children in sex acts, all of which are illegal. These include some child nudity, simulated sex involving children and material that is computer-doctored to look like child porn (National Coalition for the Protection of Children and Families, 1999). Child pornography is frequently exchanged via the Internet, and sexual predators can use the site to try to reach out to children for sexual purposes. To avoid this, teachers and parents must make a priority to supervise children on the Internet. Filtering programs can also be employed to keep children out of the inappropriate site. Software theft Software theft takes many forms – from a child physically stealing a CD to intentional piracy of software (the unauthorised and illegal duplication of copyrighted software). Software piracy is by far the most common form of software theft. A lot of material posted on the Internet is copyrighted, which means that it might be illegal to reprint or post the material without permission. Software theft cont. Kids need to understand that they do not have the right to re-post or distribute copyrighted graphics, music, videos, and text from web sites without permission. This includes giving copies of the material to friends. What children should be aware of When you purchase a software, you actually do not own the software, instead you have purchased the right to use the software as outlined in the software license. A software license is an agreement that provides specific conditions for use of the software, which users must accept before using the software. The most common type of license agreement included with software packages purchased by individual users is a single user license agreement (EULA). EULA - Conditions Users may install the software on only one computer. Some licenses allow the user to install on one desktop and one notebook computers. Users may not install the software on a network, such as a school computer lab network. Users may make one copy for backup purposes. Users may not give copies to friends and colleagues. Unless otherwise specified by a software license, users do not have the right to loan, rent, or in any way distribute software purchased. Doing so is not only a violation of copyright law, but also a federal crime (Shelly et al, 2008). Software piracy and software market It increases the chance of viruses Reduces users ability to receive technical support Significantly drives up the price of software for all users. File sharing risks Just like you shouldn’t open email attachments from people you don’t trust, you should be wary about downloaded files from them as well. Using file-sharing networks creates a risk that viruses or other malignant code (spyware) could be spread to your computer over the network. Viruses may damage your computer or interfere with your files, spyware may track your online activities and send that information to third parties. Children should be informed about the installation and updating of reliable antivirus software. Conclusion Information security awareness, our children’s future! Thank You