Manajemen | Fakultas Ekonomi Universitas Maritim Raja Ali Haji joeb.81.1.15-20
Journal of Education for Business
ISSN: 0883-2323 (Print) (Online) Journal homepage: http://www.tandfonline.com/loi/vjeb20
Computer Security in the Introductory Business
Information Systems Course: An Exploratory Study
of Textbook Coverage
Kenneth J. Sousa , Laurie E. MacDonald & Kenneth T. Fougere
To cite this article: Kenneth J. Sousa , Laurie E. MacDonald & Kenneth T. Fougere (2005)
Computer Security in the Introductory Business Information Systems Course: An Exploratory
Study of Textbook Coverage, Journal of Education for Business, 81:1, 15-20, DOI: 10.3200/
JOEB.81.1.15-20
To link to this article: http://dx.doi.org/10.3200/JOEB.81.1.15-20
Published online: 07 Aug 2010.
Submit your article to this journal
Article views: 19
View related articles
Citing articles: 1 View citing articles
Full Terms & Conditions of access and use can be found at
http://www.tandfonline.com/action/journalInformation?journalCode=vjeb20
Download by: [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RA JA ALI HA JI
TANJUNGPINANG, KEPULAUAN RIAU]
Date: 12 January 2016, At: 17:49
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
Computer Security in the Introductory
Business Information Systems Course: An
Exploratory Study of Textbook Coverage
KENNETH J. SOUSA
LAURIE E. MACDONALD
KENNETH T. FOUGERE
BRYANT UNIVERSITY
SMITHFIELD, RHODE ISLAND
ABSTRACT. The authors conducted
an evaluation of Management Information Systems (MIS) textbooks and
found that computer security receives
very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research
results suggest that MIS faculty need to
provide material to supplement the
textbook to provide adequate coverage
of this important and timely issue.
T
here is no question that computer
security is a major issue. According to Leyden (2004), Microsoft’s Bill
Gates has called security the greatest
challenge ever faced by the computer
industry. The spread of the SoBig.F
virus via e-mail is one example of the
extent of the security problem. SoBig.F
spread like wildfire. America Online
reported it had blocked 23.2 million
copies of this worm, and the e-mail
security company Postini quarantined
3.5 million copies (Warner & Abreu,
2003). The British Internet security firm
MessageLabs, estimated that 1 out of
every 17 e-mails sent around the world
was infected by the SoBig.F virus.
The importance of computer security
has grown in tandem with the importance
of computer systems in all aspects of
business. The Internet has provided the
basis for the implementation of innovative business applications, such as electronic commerce, electronic data interchange, and interorganizational systems.
These major changes to the information
technology infrastructure have produced
new security challenges not found in
early information systems. Security was
focused traditionally on employees and
internal safeguards. System administrators must now be concerned with outside
threats that may come via the Internet.
Their customers and clients are also
experiencing these new challenges and
are more concerned about the possibility
of hackers gaining access to information
than with how private companies and
government agencies use this information (Wellner, 2000).
The Federal Trade Commission
reported that Internet-related consumer
fraud amounted to $200 million in 2003
and accounted for 55% of all fraud
reports (2004 National and State
Trends). The Computer Security Institute (CSI, 2003) found that 74% of corporations and government agencies
responding to a survey reported a security breach within the past 12 months. A
survey conducted by the American
Institute of Certified Public Accountants found that information security
(IS) was the number one concern
among respondents (Kepczyk, 2003).
Security threats have been on the
increase and the growth is expected to
continue (Cyber crime, 2003; Radcliff,
2002).
Security Issues Trends
Several surveys relating to industry
security issues and perceptions all conclude that this topic remains important
within organizational and information
technology priorities. More than half of
the respondents to an InfoWorld survey
expressed concern about potential
breaches in security; virus attacks illustrated the highest degree of concern at
73% (Connolly, 2001).
September/October 2005
15
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
The CSI and the InfoWorld studies
confirm that cyber-crime and security
incidents continue to be an issue in
information technology management.
External hacking is considered a serious
cause for concern by organizations
(Connolly, 2001; Harreld, 2001). A significant number of organizations have
detected a variety of security violations
originating from outside the organization. These violations can include denial
of service attacks, system penetration,
Web site vandalism, and theft of proprietary information (CSI, 2003; Connolly;
Harreld). Internet connections are the
source of an increasing number of
attacks as compared with remote dial-in
and internal systems. In 2003, 78% of
respondents reported the Internet as the
source of attack, up from 57% in 1999
(CSI, 2003). The growth in the use of
Web-based systems has led to a consistent increase in denial of service attacks,
from 27% in 2000 to 42% in 2003 (CSI;
Harreld). Of the organizations reporting
a Web-based system attack, 32% reported at least five incidents in the past year
(CSI). Most of these incidents are either
vandalism or denial of service.
Each of the surveys also reported an
increase in the number of internal security breaches, such as unauthorized use of
technology resources by employees, laptop theft, and insider abuse of network
access. The CSI 2003 survey also identified a number of potential vulnerabilities.
The two most likely sources of attack are
independent hackers and disgruntled
employees, cited by 82% and 77% of
respondents, respectively (CSI, 2003).
Security attacks committed by insiders
and employees are coincidently consistent with the abuse of network access.
Problem Statement
A recent study concluded that security issues are not sufficiently covered in
Information Systems (IS) curricula
(Anderson & Schwager, 2002). The
results of the study also concluded that
security issues are of enough importance to justify their inclusion in all IS
courses.
With this in mind, we decided to
undertake a comprehensive review of
introductory Management Information
Systems (MIS) textbooks to examine
16
Journal of Education for Business
and measure the degree of coverage of
security. The evaluation of MIS textbooks was used to assess the depth in
which a typical MIS course addresses
the issue of computer security. The textbook is typically the central organizing
component for the course with both professors and students relying on the textbook to a large extent.
METHOD
Keywords
Our objective of this research was to
determine the depth of coverage relating
to IS topics in introductory MIS textbooks. To provide a framework for this
objective, we developed a set of keywords to identify security issues. We
developed the keyword list after reviewing security textbooks (Erbschloe,
2003; Holden, 2004; Volonino & Robinson, 2004; Whitman & Mattford, 2004)
and Web sites devoted to computer
security (Develop a Computer, 2003;
Introduction, 2003; ISO, 2003). Using
keywords to study the textbooks
allowed us to include the variety of terminology used to describe these issues.
To facilitate the analysis of the textbook coverage, we needed to develop a
structure for the keyword concepts.
Therefore, we grouped the keywords
into four categories to regularize the
data. The keyword categories, as shown
in Table 1, are: (a) Security Threats, (b)
Risk Management, (c) Security Education, and (d) Security Technology. For
example, spoofing, viruses, and worms
are categorized under the common
rubric of security threats.
Textbook Analysis
We collected a sample of MIS textbooks that are commonly used in an
introductory MIS course. The textbook
selection was based on the recommendations of 11 MIS instructors (5 full professors, 4 associate professors, and 2
assistant professors) whom we asked to
provide a list of the MIS textbooks they
had used or reviewed recently. These
textbooks, as shown in Appendix A, are
representative of those textbooks found
TABLE 1. Keyword Categories
Category
Security Threats
Hacking
Denial of Service
Malicious Code
Social Engineering
Spoofing
Trojan Horse
Viruses
Worms
Risk Management
Continuity Planning
Disaster Recovery
Incident Response Team
Security Planning
Security Vulnerabilities
Data integrity
Risk Assessment
Security Education
Security Awareness
Security Procedures
Security Training
Computer Threats
Security Technology
Cryptography
Firewall
Network Security
Password Management
Virus Scanning
Definition
A person, group, or entity that poses an ongoing
danger to one or more information assets (Holden,
2004; Whitman & Mattford, 2004).
Identify security threats and act to eliminate or at
least minimize the impact on your information
assets (Erbschloe, 2003; Introduction to risk analysis, 2003; ISO, 2003).
Ensure that staff members understand the need for
security and are prepared to make security an integral part of the job (Volonino & Robinson, 2004;
Whitman & Mattford, 2004).
Technology designed to guard against threats to
information assets (Develop a computer deployment plan, 2003; Erbschloe, 2003; Holden, 2004).
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
in an introductory MIS course. The textbook list used for this research included
the most popular textbooks as of
November 2004 (M. P. Martin, personal
communication, November 23, 2004):
Laudon, Haaf, Stair/Reynolds, O’Brien,
Jessup/Valaich, Turban, McLeod, Post,
and Oz. The presentation of the list, as
provided by the publishing representative, does not indicate any ranking of
these authors. It is simply a list of the
most popular adoptions. We used each of
these books in the textbook evaluation
sample.
We based the textbook analysis
methodology on the technique employed
by MacDonald and Fougere (2003). Our
analysis team was composed of three
Computer Information Systems (CIS)
faculty, who were also the authors of this
study: (a) a full professor with 20 years
of industry experience and 22 years of
teaching CIS, (b) a full professor with 17
years of industry experience and 23
years of teaching CIS, and (c) an assistant professor with 15 years of industry
experience and 10 years of teaching CIS.
One member of the analysis team also
taught a graduate-level security course.
Data Collection and Analysis
We developed a data collection form
that included the keywords and categories as previously defined. We documented the evaluation procedure and
each member had a copy along with a
form for each of the textbooks to record
our evaluation. Each of the authors conducted an independent analysis of the
textbooks using the following steps
1. Table of Contents (TOC). Identify
each term that is included in the table of
contents. Note each keyword identified
in the TOC on the data collection form
with a “Y.”
2. Index. Identify each term that is
included in the index. As each instance
of the keyword is identified, log the
page references on the data collection
form in the respective column.
3. Quality of Coverage. Read the textbook material presented for each keyword and conduct a heuristic evaluation
of the quality of the coverage provided
for the concept. Assign an evaluation of
the quality of the coverage.
We began the analysis of the textbooks by examining the table of contents for citations of security topics.
When a textbook included significant
coverage of any issue, that issue would
have appeared as chapter or section
headings in the TOC (K. S. Bachrach,
personal communication, November 3,
2003). The next step involved reviewing
the index of each textbook. A book’s
index will direct a reader of the book to
subjects that are discussed in the book
(Columbia Encyclopedia, 2002). We
recorded page numbers noted in the
TOC and index for each textbook. Then,
we read the textbook material content
and assigned an evaluation rank using a
4-point, forced-choice Likert scale (Likert scaling, 2004). We did not read these
sections searching for specific methodologies to ensure computer security.
Rather, they were evaluating the depth
and quality of coverage that would provide students with a sound introduction
to the security issues. Significant coverage of an issue will present material and
concepts that will form the basis of class
discussion and allow the instructor and
students to build on the textbook material. Thus, an issue presented in-depth in
a textbook will not be the final word but
an important starting point for the learning process. We were looking for material that would make the importance of
the topic clear to the students and offer
a framework for building a sound security practice.
We summarized the unique page references recorded for each keyword by
keyword category, eliminating the possibility of “double counting” a citation
within the same category. We analyzed
the data to determine the mean page
count devoted to each keyword category,
whether or not a category was cited in
the index, and whether a category was
cited in the TOC. The result of this
analysis provided the foundation for the
research findings and conclusions.
RESULTS
Keyword Citations
We compiled an analysis of the TOC
for each category to show the percentage
of books with a citation. As illustrated in
Figure 1, we identified each of the security categories in at least half of the textbooks reviewed. The Security Technology category, at 70%, received the most
significant coverage in the TOC of the
textbook population. Each of the remaining categories received a lower coverage:
Security Education (50%), Risk Management (60%), and Security Threats (55%).
The TOC analysis provided a limited,
binary indication of the coverage in the
conceptual issue. To determine the
depth of coverage, we needed to complete an analysis of the frequency of
index citations as well as a quantitative
measure of citation depth. Therefore,
we analyzed the data to determine the
Security Technology
Security Education
Risk Management
Security Threats
0%
10%
20%
30%
40%
50%
60%
70%
80%
September/October 2005
17
FIGURE 1. Table of contents citations.
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
frequency of index citations. The results
of this analysis, as shown in Figure 2,
indicated that each of the categories was
cited significantly in the textbook population. The categories of Security Technology and Security Education were
each cited in 100% of the textbooks. We
found Risk Management in 95% of the
textbooks, and the Security Threat category appeared in 85% of the textbooks.
We compiled the data recorded for the
mean page counts by keyword category
in Figure 3. The category resulting in the
most significant coverage was Security
Technology (9.6 pages). The remaining
three categories illustrated a variety of
page coverage: Security Threats (7.4
pages), Security Education (6.8 pages),
and Risk Management (5.2 pages).
Figure 4 shows the results for the evaluation of the depth and quality of coverage. A score of 1 indicates minimal coverage and a score of 4 indicates
comprehensive coverage of a security
topic. Figure 4 reveals that the coverage
for all keyword groups was below 4.
Security Technology earned the highest
score (1.9) by a small margin. Risk Management was the lowest (1.4), and Security Threats (1.6) and Security Education
(1.5) were only marginally higher.
The results of the data analysis
showed limited coverage relating to the
four categories associated with information security topics. The textbook treatment did not provide sufficient depth to
provide a solid and appropriate foundation in any of the four security categories identified in this study.
DISCUSSION
Computer security has always been
an important issue, and its importance
will continue to grow as business and
society in general become more dependent on computer systems. The high
frequency of citations in the TOCs and
indexes of the textbooks that we analyzed demonstrates that security issues
receive some level of coverage in most
MIS textbooks. However, the lack of
in-depth coverage, as shown by the
small number of textbook pages devoted to security issues and the quality of
conceptual coverage, indicate that
information systems faculty must
develop ways to teach students how to
address computer security issues at all
levels of the business enterprise. The
nature of the threats relating to computer security evolves to correspond to
the changes in technology. It may ultimately be impossible for authors and
publishers to provide textbook materials that remain current with the evolving security threats.
Suggested Supplemental
Content
For classroom teaching, the results
of this research may act as a teaching
Security Technology
aid for enhancing the coverage of
security topics in the introductory
MIS course. Source material, such as
those shown in Appendix B, can be
used to augment lectures and student
projects. One example of a student
assignment that has been used successfully by us is the Briefing Paper.
For this assignment, students select an
article from the current literature and
make a presentation to the class to discuss the salient points in the article.
This is an effective way to get the students involved in reading the current
literature as it addresses computer
security issues. Student teams can be
assigned to visit local resources such
as: (a) power plants, (b) water supply
facilities, (c) communication companies, (d) transportation companies,
and (e) various business firms to study
their policies and procedures for
ensuring a secure computer environment.
The Web sites shown in Appendix B
provide a wide range of security topics.
The contents of these sites allow the
instructor to select a wide range of
assignments.
CERT Web site
There are many security topics at the
®
CERT Web site, but the one that should
be of particular interest to students, as
most own their own computers, is one
on home network security. This Web
page has information on security, technology, risks to home users, accidents
and other risks, and actions that can be
taken to protect one’s home computer
system.
Internet Security Alliance
Security Education
The Internet Security Alliance was
created to provide a forum for information sharing and thought leadership on
information security issues.
Risk Management
Disaster Recovery Site
Security Threats
75%
80%
FIGURE 2. Index citations.
18
Journal of Education for Business
85%
90%
65%
100%
The Disaster Recovery site is a feerequired site for certain archival information, but provides free access to its
journal, the Disaster Recovery Journal. The journal is dedicated to the
field of disaster recovery in business
and was the first publication of its
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
educational products, through its IIA
Research Foundation.
Security Technology
Stanford Research Institute
The Stanford Research Institute Web
site is an independent, nonprofit
research institute that conducts research
and development for business, government, foundations, and other types of
organizations. Among its many activities are issues of security. Within that
area, it conducts risk forums and computer security workshops. The information from its foundation workshops is
available at no charge.
Security Education
Risk Management
Security Threats
0
2
4
6
8
10
12
FIGURE 3. Mean page count.
The SANS Institute (SysAdmin Audit
Network Security) Web site is the largest
source of information security training in
the world. It also develops, maintains,
and makes available at no cost the largest
collection of research documents concerning various aspects of IS.
Some examples of student assignments, based on these Web sites are
Security Technology
Security Education
Risk Management
Security Threats
0.0
0.5
SANS Institute
1.0
1.5
2.0
2.5
3.0
3.5
4.0
FIGURE 4. Quality of coverage.
kind. There are currently over 60,000
subscribers.
ADDSecure Web Site
The ADDSecure.Net, Inc.’s Web site is
a network security audit site. One of
ADDSecure’s main functions is to review
the integrity of corporate networks and
servers, including Web and e-mail
servers. There is free access to its journal,
The Journal of Internet Security. Topics
covered in the journal include networks,
Internet, and database; security, risk
assessment and management; viruses,
worms, and other malicious code; and
mobile and satellite security.
Institute of Internal Auditors
The Institute of Internal Auditors
(IIA) was formed in 1941. It serves as
the global voice for the internal auditing
profession. Its Web site provides international standards for internal auditing
as well as certification, research, and
1. Visit the CERT® Coordination
Center site and prepare a report on security risks and prevention when installing
a home computer.
2. Visit the Internet Security Alliance
site and prepare a report that analyzes
and forms conclusion about a particular
forum topic on computer security.
3. Visit the Disaster Recovery site and
prepare a report on terrorists’ attacks
and their potential effects on businesses.
4. Visit the ADDSecure.Net, Inc. site
and prepare a report on e-commerce
security issues.
5. Visit the Institute of Internal Auditors site and prepare a report on internal
auditing issues in Iraq.
6. Visit the Stanford Research Institute site and prepare a report on risks to
the public when using wireless systems.
7. Visit the SANS Institute site and
prepare a report on security training.
Obviously, there are many Web sites
that can be used when giving security
assignments, but we feel those listed
are among the leaders. Other Web sites
can be used in concert with these
assignments, which are somewhat general in the above examples, but can be
September/October 2005
19
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
refined by the instructors. The assignments can also be presented in class by
students, synthesized by the instructor
before becoming part of a general class
discussion, or any variation thereof.
The point is that learning is now active,
not passive.
The fast-paced changes in technology
require similar changes to the delivery of
academic instruction in technologybased courses. The integration of technology concepts, such as those described
in this article, must be supplemented by
materials and assignments that will
expand the limited coverage in the textbooks. The gap between the coverage of
these topics and their importance can
only be improved through the integration
of these assignments. The expanded
knowledge gained will provide a positive
element to students as users of technology as well as future business employees
in corporate organizations.
REFERENCES
2004 national and state trends in fraud & identity
theft. Retrieved January 19, 2004, from http://
www.consumer.gov/sentinel/pubs/Top10Fraud
2003.pdf
Anderson, J. E., & Schwager, P. H. (2002). Security in the information systems curriculum:
Identification and status of relevant issues.
Journal of Computer Information Systems,
42(3), 16-23.
The Columbia Encyclopedia. (6th ed.). (2002).
New York: Columbia University Press.
Computer Security Institute (2003). CSI/FBI
Computer Crime and Security Survey. San
Francisco: Author.
Connolly, P. J. (2001, November 19). IT security
outlook appears gloomy. InfoWorld, 23, 48-49.
Cyber crime bleeds U.S. corporations, survey
shows; financial losses from attacks climb for
third year in a row (2003). Retrieved October
1, 2003, from http://www.gocsi.com/press/
20020407.jhtml?_requestid=1091763
Develop a computer deployment plan that
includes security issues (2003). Retrieved September 10, 2003, from http://www.cert.org/
security-improvement/practices/p065.html
Erbschloe, M. (2003). Guide to disaster recovery
(1st ed.). Boston: Course Technology.
Harreld, H. (2001, March 26). Security: An
uneasy alliance. InfoWorld, 23, 42.
Holden, G. (2004). Guide to firewalls and network
security: Intrusion detection and VPNs. Boston:
Course Technology.
Introduction to risk analysis (2003). Retrieved
September 10, 2003, from http://www.securityrisk-analysis.com/introduction.htm
ISO 177799 directory (2003). Retrieved September 10, 2003, from http://www.iso-17799.com/
Leyden, J. (2004). Security is our biggest challenge. Retrieved April 1, 2004, from http://
www.securityfocus.com/news/8375
20
Journal of Education for Business
Likert scaling (2004). Retrieved January 19, 2004,
from http://trochim.human.cornell.edu/kb/scallik.htm
MacDonald, L., & Fougere, K. (2003). Software
piracy: A study of the extent of coverage in
introductory MIS textbooks. Journal of Information Systems Education, 13, 325–330.
Radcliff, D. (2002, June 3). Security under the
gun. ComputerWorld, 23, 36.
Volonino, L., & Robinson, S. R. (2004). Principles
and practice of information security. Boston:
Prentice-Hall.
Warner, B., & Abreu, E. M. (2003). Virus that
infects E-mails expanding its reach. Retrieved
August 22, 2003, from http://www.washington
post.com/ac2/wp-dyn/A28502-2003Aug21? language=printer
Wellner, A. S. (2000). TrustUS.com. American
Demographics, 22(11), 47.
Whitman, M. E., & Mattford, H. J. (2004). Principles of information security (1st ed.). Boston:
Course Technology.
APPENDIX A
Textbook Review Listing
Applegate, L. M., McFarlan, F. W., & McKenney, J. L. (1999). Corporate Information
Systems Management (5th ed.). Boston: Irwin McGraw-Hill.
Beekman, G., & Rathswohl, E. J. (2003). Computer Confluence: Exploring Tomorrow's
Technology (5th ed.). Upper Saddle River, NJ: Prentice Hall.
Gordon, S. R., & Gordon, J. R. (2004). Information Systems: A Management Approach
(3rd ed.). Hoboken, NJ: John Wiley & Sons.
Jessup, L., & Valacich, J. (2003). Information Systems Today. Upper Saddle River, NJ:
Prentice Hall.
Laudon, K. C., & Laudon, J. P. (2004). Management Information Systems: Managing
the Digital Firm. Upper Saddle River, NJ: Pearson/Prentice Hall.
Long, L., & Long, N. (2004). Computers: Information Technology in Perspective (11th
ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
Martin, E. W., Brown, C. V., DeHayes, D. W., Hoffer, J. A., & Perkins, W. C. (2002).
Managing Information Technology (4th ed.). Upper Saddle River, NJ: Prentice Hall.
McKeown, P. (2003). Information Technology & The Networked Economy (2nd ed.).
Boston: Course Technology.
McLeod, R., Jr., & Schell, G. P. (2004). Management Information Systems (9th ed.).
Upper Saddle River, NJ: Pearson Prentice Hall.
McNurlin, B. C., & Sprague, R., Jr. (2004). Information Systems Management in Practice (6th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
O'Brien, J. A. (2002). Managing Information Systems: Managing Information Technology in the E-Business Enterprise (5th ed.). Boston: McGraw-Hill Irwin.
Oz, E. (2002). Management Information Systems (3rd ed.). Boston: Course Technology.
Parsons, J. J., & Oja, D. (2003). Computer Concepts (9th ed.). Boston: Course Technology.
Pearlson, K. E., & Saunders, C. S. (2004). Managing and Using Information Systems:
A Strategic Approach (2nd ed.). New York: John Wiley & Sons.
Pfaffenberger, B., & Daley, B. (2004). Computers in Your Future (Complete ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
Shelly, G. B., Cashman, T. J., & Vermaat, M. E. (2004). Discovering Computers 2004
A Gateway to Information. Boston: Course Technology.
Stair, R. M., & Reynolds, G. W. (2003). Principles of Information Systems (6th ed.).
Boston: Course Technology.
Turban, E., McLean, E., Wetherbe, J., Bolloju, N., & Davison, R. (2002). Information
Technology for Management: Transforming Business in the Digital Economy (3rd
ed.). New York: John Wiley & Sons.
Turban, E., Rainer, R. K., & Potter, R. E. (2003). Introduction to Information Technology (2nd ed.). Hoboken, NJ: John Wiley & Sons.
APPENDIX B
Computer Security Web Sites and URL Addresses
CERT® Coordination Center
The Internet Security Alliance
Disaster Recovery
ADDSecure.Net Inc.
The Institute of Internal Auditors
Stanford Research Institute
The SANS Institute
http://www.cert.org
http://www.isalliance.org
http://www.drj.com
http://www.addsecure.net
http://www.theiia.org
http://www. sri.com
http://www.sans.org
ISSN: 0883-2323 (Print) (Online) Journal homepage: http://www.tandfonline.com/loi/vjeb20
Computer Security in the Introductory Business
Information Systems Course: An Exploratory Study
of Textbook Coverage
Kenneth J. Sousa , Laurie E. MacDonald & Kenneth T. Fougere
To cite this article: Kenneth J. Sousa , Laurie E. MacDonald & Kenneth T. Fougere (2005)
Computer Security in the Introductory Business Information Systems Course: An Exploratory
Study of Textbook Coverage, Journal of Education for Business, 81:1, 15-20, DOI: 10.3200/
JOEB.81.1.15-20
To link to this article: http://dx.doi.org/10.3200/JOEB.81.1.15-20
Published online: 07 Aug 2010.
Submit your article to this journal
Article views: 19
View related articles
Citing articles: 1 View citing articles
Full Terms & Conditions of access and use can be found at
http://www.tandfonline.com/action/journalInformation?journalCode=vjeb20
Download by: [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RA JA ALI HA JI
TANJUNGPINANG, KEPULAUAN RIAU]
Date: 12 January 2016, At: 17:49
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
Computer Security in the Introductory
Business Information Systems Course: An
Exploratory Study of Textbook Coverage
KENNETH J. SOUSA
LAURIE E. MACDONALD
KENNETH T. FOUGERE
BRYANT UNIVERSITY
SMITHFIELD, RHODE ISLAND
ABSTRACT. The authors conducted
an evaluation of Management Information Systems (MIS) textbooks and
found that computer security receives
very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research
results suggest that MIS faculty need to
provide material to supplement the
textbook to provide adequate coverage
of this important and timely issue.
T
here is no question that computer
security is a major issue. According to Leyden (2004), Microsoft’s Bill
Gates has called security the greatest
challenge ever faced by the computer
industry. The spread of the SoBig.F
virus via e-mail is one example of the
extent of the security problem. SoBig.F
spread like wildfire. America Online
reported it had blocked 23.2 million
copies of this worm, and the e-mail
security company Postini quarantined
3.5 million copies (Warner & Abreu,
2003). The British Internet security firm
MessageLabs, estimated that 1 out of
every 17 e-mails sent around the world
was infected by the SoBig.F virus.
The importance of computer security
has grown in tandem with the importance
of computer systems in all aspects of
business. The Internet has provided the
basis for the implementation of innovative business applications, such as electronic commerce, electronic data interchange, and interorganizational systems.
These major changes to the information
technology infrastructure have produced
new security challenges not found in
early information systems. Security was
focused traditionally on employees and
internal safeguards. System administrators must now be concerned with outside
threats that may come via the Internet.
Their customers and clients are also
experiencing these new challenges and
are more concerned about the possibility
of hackers gaining access to information
than with how private companies and
government agencies use this information (Wellner, 2000).
The Federal Trade Commission
reported that Internet-related consumer
fraud amounted to $200 million in 2003
and accounted for 55% of all fraud
reports (2004 National and State
Trends). The Computer Security Institute (CSI, 2003) found that 74% of corporations and government agencies
responding to a survey reported a security breach within the past 12 months. A
survey conducted by the American
Institute of Certified Public Accountants found that information security
(IS) was the number one concern
among respondents (Kepczyk, 2003).
Security threats have been on the
increase and the growth is expected to
continue (Cyber crime, 2003; Radcliff,
2002).
Security Issues Trends
Several surveys relating to industry
security issues and perceptions all conclude that this topic remains important
within organizational and information
technology priorities. More than half of
the respondents to an InfoWorld survey
expressed concern about potential
breaches in security; virus attacks illustrated the highest degree of concern at
73% (Connolly, 2001).
September/October 2005
15
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
The CSI and the InfoWorld studies
confirm that cyber-crime and security
incidents continue to be an issue in
information technology management.
External hacking is considered a serious
cause for concern by organizations
(Connolly, 2001; Harreld, 2001). A significant number of organizations have
detected a variety of security violations
originating from outside the organization. These violations can include denial
of service attacks, system penetration,
Web site vandalism, and theft of proprietary information (CSI, 2003; Connolly;
Harreld). Internet connections are the
source of an increasing number of
attacks as compared with remote dial-in
and internal systems. In 2003, 78% of
respondents reported the Internet as the
source of attack, up from 57% in 1999
(CSI, 2003). The growth in the use of
Web-based systems has led to a consistent increase in denial of service attacks,
from 27% in 2000 to 42% in 2003 (CSI;
Harreld). Of the organizations reporting
a Web-based system attack, 32% reported at least five incidents in the past year
(CSI). Most of these incidents are either
vandalism or denial of service.
Each of the surveys also reported an
increase in the number of internal security breaches, such as unauthorized use of
technology resources by employees, laptop theft, and insider abuse of network
access. The CSI 2003 survey also identified a number of potential vulnerabilities.
The two most likely sources of attack are
independent hackers and disgruntled
employees, cited by 82% and 77% of
respondents, respectively (CSI, 2003).
Security attacks committed by insiders
and employees are coincidently consistent with the abuse of network access.
Problem Statement
A recent study concluded that security issues are not sufficiently covered in
Information Systems (IS) curricula
(Anderson & Schwager, 2002). The
results of the study also concluded that
security issues are of enough importance to justify their inclusion in all IS
courses.
With this in mind, we decided to
undertake a comprehensive review of
introductory Management Information
Systems (MIS) textbooks to examine
16
Journal of Education for Business
and measure the degree of coverage of
security. The evaluation of MIS textbooks was used to assess the depth in
which a typical MIS course addresses
the issue of computer security. The textbook is typically the central organizing
component for the course with both professors and students relying on the textbook to a large extent.
METHOD
Keywords
Our objective of this research was to
determine the depth of coverage relating
to IS topics in introductory MIS textbooks. To provide a framework for this
objective, we developed a set of keywords to identify security issues. We
developed the keyword list after reviewing security textbooks (Erbschloe,
2003; Holden, 2004; Volonino & Robinson, 2004; Whitman & Mattford, 2004)
and Web sites devoted to computer
security (Develop a Computer, 2003;
Introduction, 2003; ISO, 2003). Using
keywords to study the textbooks
allowed us to include the variety of terminology used to describe these issues.
To facilitate the analysis of the textbook coverage, we needed to develop a
structure for the keyword concepts.
Therefore, we grouped the keywords
into four categories to regularize the
data. The keyword categories, as shown
in Table 1, are: (a) Security Threats, (b)
Risk Management, (c) Security Education, and (d) Security Technology. For
example, spoofing, viruses, and worms
are categorized under the common
rubric of security threats.
Textbook Analysis
We collected a sample of MIS textbooks that are commonly used in an
introductory MIS course. The textbook
selection was based on the recommendations of 11 MIS instructors (5 full professors, 4 associate professors, and 2
assistant professors) whom we asked to
provide a list of the MIS textbooks they
had used or reviewed recently. These
textbooks, as shown in Appendix A, are
representative of those textbooks found
TABLE 1. Keyword Categories
Category
Security Threats
Hacking
Denial of Service
Malicious Code
Social Engineering
Spoofing
Trojan Horse
Viruses
Worms
Risk Management
Continuity Planning
Disaster Recovery
Incident Response Team
Security Planning
Security Vulnerabilities
Data integrity
Risk Assessment
Security Education
Security Awareness
Security Procedures
Security Training
Computer Threats
Security Technology
Cryptography
Firewall
Network Security
Password Management
Virus Scanning
Definition
A person, group, or entity that poses an ongoing
danger to one or more information assets (Holden,
2004; Whitman & Mattford, 2004).
Identify security threats and act to eliminate or at
least minimize the impact on your information
assets (Erbschloe, 2003; Introduction to risk analysis, 2003; ISO, 2003).
Ensure that staff members understand the need for
security and are prepared to make security an integral part of the job (Volonino & Robinson, 2004;
Whitman & Mattford, 2004).
Technology designed to guard against threats to
information assets (Develop a computer deployment plan, 2003; Erbschloe, 2003; Holden, 2004).
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
in an introductory MIS course. The textbook list used for this research included
the most popular textbooks as of
November 2004 (M. P. Martin, personal
communication, November 23, 2004):
Laudon, Haaf, Stair/Reynolds, O’Brien,
Jessup/Valaich, Turban, McLeod, Post,
and Oz. The presentation of the list, as
provided by the publishing representative, does not indicate any ranking of
these authors. It is simply a list of the
most popular adoptions. We used each of
these books in the textbook evaluation
sample.
We based the textbook analysis
methodology on the technique employed
by MacDonald and Fougere (2003). Our
analysis team was composed of three
Computer Information Systems (CIS)
faculty, who were also the authors of this
study: (a) a full professor with 20 years
of industry experience and 22 years of
teaching CIS, (b) a full professor with 17
years of industry experience and 23
years of teaching CIS, and (c) an assistant professor with 15 years of industry
experience and 10 years of teaching CIS.
One member of the analysis team also
taught a graduate-level security course.
Data Collection and Analysis
We developed a data collection form
that included the keywords and categories as previously defined. We documented the evaluation procedure and
each member had a copy along with a
form for each of the textbooks to record
our evaluation. Each of the authors conducted an independent analysis of the
textbooks using the following steps
1. Table of Contents (TOC). Identify
each term that is included in the table of
contents. Note each keyword identified
in the TOC on the data collection form
with a “Y.”
2. Index. Identify each term that is
included in the index. As each instance
of the keyword is identified, log the
page references on the data collection
form in the respective column.
3. Quality of Coverage. Read the textbook material presented for each keyword and conduct a heuristic evaluation
of the quality of the coverage provided
for the concept. Assign an evaluation of
the quality of the coverage.
We began the analysis of the textbooks by examining the table of contents for citations of security topics.
When a textbook included significant
coverage of any issue, that issue would
have appeared as chapter or section
headings in the TOC (K. S. Bachrach,
personal communication, November 3,
2003). The next step involved reviewing
the index of each textbook. A book’s
index will direct a reader of the book to
subjects that are discussed in the book
(Columbia Encyclopedia, 2002). We
recorded page numbers noted in the
TOC and index for each textbook. Then,
we read the textbook material content
and assigned an evaluation rank using a
4-point, forced-choice Likert scale (Likert scaling, 2004). We did not read these
sections searching for specific methodologies to ensure computer security.
Rather, they were evaluating the depth
and quality of coverage that would provide students with a sound introduction
to the security issues. Significant coverage of an issue will present material and
concepts that will form the basis of class
discussion and allow the instructor and
students to build on the textbook material. Thus, an issue presented in-depth in
a textbook will not be the final word but
an important starting point for the learning process. We were looking for material that would make the importance of
the topic clear to the students and offer
a framework for building a sound security practice.
We summarized the unique page references recorded for each keyword by
keyword category, eliminating the possibility of “double counting” a citation
within the same category. We analyzed
the data to determine the mean page
count devoted to each keyword category,
whether or not a category was cited in
the index, and whether a category was
cited in the TOC. The result of this
analysis provided the foundation for the
research findings and conclusions.
RESULTS
Keyword Citations
We compiled an analysis of the TOC
for each category to show the percentage
of books with a citation. As illustrated in
Figure 1, we identified each of the security categories in at least half of the textbooks reviewed. The Security Technology category, at 70%, received the most
significant coverage in the TOC of the
textbook population. Each of the remaining categories received a lower coverage:
Security Education (50%), Risk Management (60%), and Security Threats (55%).
The TOC analysis provided a limited,
binary indication of the coverage in the
conceptual issue. To determine the
depth of coverage, we needed to complete an analysis of the frequency of
index citations as well as a quantitative
measure of citation depth. Therefore,
we analyzed the data to determine the
Security Technology
Security Education
Risk Management
Security Threats
0%
10%
20%
30%
40%
50%
60%
70%
80%
September/October 2005
17
FIGURE 1. Table of contents citations.
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
frequency of index citations. The results
of this analysis, as shown in Figure 2,
indicated that each of the categories was
cited significantly in the textbook population. The categories of Security Technology and Security Education were
each cited in 100% of the textbooks. We
found Risk Management in 95% of the
textbooks, and the Security Threat category appeared in 85% of the textbooks.
We compiled the data recorded for the
mean page counts by keyword category
in Figure 3. The category resulting in the
most significant coverage was Security
Technology (9.6 pages). The remaining
three categories illustrated a variety of
page coverage: Security Threats (7.4
pages), Security Education (6.8 pages),
and Risk Management (5.2 pages).
Figure 4 shows the results for the evaluation of the depth and quality of coverage. A score of 1 indicates minimal coverage and a score of 4 indicates
comprehensive coverage of a security
topic. Figure 4 reveals that the coverage
for all keyword groups was below 4.
Security Technology earned the highest
score (1.9) by a small margin. Risk Management was the lowest (1.4), and Security Threats (1.6) and Security Education
(1.5) were only marginally higher.
The results of the data analysis
showed limited coverage relating to the
four categories associated with information security topics. The textbook treatment did not provide sufficient depth to
provide a solid and appropriate foundation in any of the four security categories identified in this study.
DISCUSSION
Computer security has always been
an important issue, and its importance
will continue to grow as business and
society in general become more dependent on computer systems. The high
frequency of citations in the TOCs and
indexes of the textbooks that we analyzed demonstrates that security issues
receive some level of coverage in most
MIS textbooks. However, the lack of
in-depth coverage, as shown by the
small number of textbook pages devoted to security issues and the quality of
conceptual coverage, indicate that
information systems faculty must
develop ways to teach students how to
address computer security issues at all
levels of the business enterprise. The
nature of the threats relating to computer security evolves to correspond to
the changes in technology. It may ultimately be impossible for authors and
publishers to provide textbook materials that remain current with the evolving security threats.
Suggested Supplemental
Content
For classroom teaching, the results
of this research may act as a teaching
Security Technology
aid for enhancing the coverage of
security topics in the introductory
MIS course. Source material, such as
those shown in Appendix B, can be
used to augment lectures and student
projects. One example of a student
assignment that has been used successfully by us is the Briefing Paper.
For this assignment, students select an
article from the current literature and
make a presentation to the class to discuss the salient points in the article.
This is an effective way to get the students involved in reading the current
literature as it addresses computer
security issues. Student teams can be
assigned to visit local resources such
as: (a) power plants, (b) water supply
facilities, (c) communication companies, (d) transportation companies,
and (e) various business firms to study
their policies and procedures for
ensuring a secure computer environment.
The Web sites shown in Appendix B
provide a wide range of security topics.
The contents of these sites allow the
instructor to select a wide range of
assignments.
CERT Web site
There are many security topics at the
®
CERT Web site, but the one that should
be of particular interest to students, as
most own their own computers, is one
on home network security. This Web
page has information on security, technology, risks to home users, accidents
and other risks, and actions that can be
taken to protect one’s home computer
system.
Internet Security Alliance
Security Education
The Internet Security Alliance was
created to provide a forum for information sharing and thought leadership on
information security issues.
Risk Management
Disaster Recovery Site
Security Threats
75%
80%
FIGURE 2. Index citations.
18
Journal of Education for Business
85%
90%
65%
100%
The Disaster Recovery site is a feerequired site for certain archival information, but provides free access to its
journal, the Disaster Recovery Journal. The journal is dedicated to the
field of disaster recovery in business
and was the first publication of its
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
educational products, through its IIA
Research Foundation.
Security Technology
Stanford Research Institute
The Stanford Research Institute Web
site is an independent, nonprofit
research institute that conducts research
and development for business, government, foundations, and other types of
organizations. Among its many activities are issues of security. Within that
area, it conducts risk forums and computer security workshops. The information from its foundation workshops is
available at no charge.
Security Education
Risk Management
Security Threats
0
2
4
6
8
10
12
FIGURE 3. Mean page count.
The SANS Institute (SysAdmin Audit
Network Security) Web site is the largest
source of information security training in
the world. It also develops, maintains,
and makes available at no cost the largest
collection of research documents concerning various aspects of IS.
Some examples of student assignments, based on these Web sites are
Security Technology
Security Education
Risk Management
Security Threats
0.0
0.5
SANS Institute
1.0
1.5
2.0
2.5
3.0
3.5
4.0
FIGURE 4. Quality of coverage.
kind. There are currently over 60,000
subscribers.
ADDSecure Web Site
The ADDSecure.Net, Inc.’s Web site is
a network security audit site. One of
ADDSecure’s main functions is to review
the integrity of corporate networks and
servers, including Web and e-mail
servers. There is free access to its journal,
The Journal of Internet Security. Topics
covered in the journal include networks,
Internet, and database; security, risk
assessment and management; viruses,
worms, and other malicious code; and
mobile and satellite security.
Institute of Internal Auditors
The Institute of Internal Auditors
(IIA) was formed in 1941. It serves as
the global voice for the internal auditing
profession. Its Web site provides international standards for internal auditing
as well as certification, research, and
1. Visit the CERT® Coordination
Center site and prepare a report on security risks and prevention when installing
a home computer.
2. Visit the Internet Security Alliance
site and prepare a report that analyzes
and forms conclusion about a particular
forum topic on computer security.
3. Visit the Disaster Recovery site and
prepare a report on terrorists’ attacks
and their potential effects on businesses.
4. Visit the ADDSecure.Net, Inc. site
and prepare a report on e-commerce
security issues.
5. Visit the Institute of Internal Auditors site and prepare a report on internal
auditing issues in Iraq.
6. Visit the Stanford Research Institute site and prepare a report on risks to
the public when using wireless systems.
7. Visit the SANS Institute site and
prepare a report on security training.
Obviously, there are many Web sites
that can be used when giving security
assignments, but we feel those listed
are among the leaders. Other Web sites
can be used in concert with these
assignments, which are somewhat general in the above examples, but can be
September/October 2005
19
Downloaded by [Universitas Maritim Raja Ali Haji], [UNIVERSITAS MARITIM RAJA ALI HAJI TANJUNGPINANG, KEPULAUAN RIAU] at 17:49 12 January 2016
refined by the instructors. The assignments can also be presented in class by
students, synthesized by the instructor
before becoming part of a general class
discussion, or any variation thereof.
The point is that learning is now active,
not passive.
The fast-paced changes in technology
require similar changes to the delivery of
academic instruction in technologybased courses. The integration of technology concepts, such as those described
in this article, must be supplemented by
materials and assignments that will
expand the limited coverage in the textbooks. The gap between the coverage of
these topics and their importance can
only be improved through the integration
of these assignments. The expanded
knowledge gained will provide a positive
element to students as users of technology as well as future business employees
in corporate organizations.
REFERENCES
2004 national and state trends in fraud & identity
theft. Retrieved January 19, 2004, from http://
www.consumer.gov/sentinel/pubs/Top10Fraud
2003.pdf
Anderson, J. E., & Schwager, P. H. (2002). Security in the information systems curriculum:
Identification and status of relevant issues.
Journal of Computer Information Systems,
42(3), 16-23.
The Columbia Encyclopedia. (6th ed.). (2002).
New York: Columbia University Press.
Computer Security Institute (2003). CSI/FBI
Computer Crime and Security Survey. San
Francisco: Author.
Connolly, P. J. (2001, November 19). IT security
outlook appears gloomy. InfoWorld, 23, 48-49.
Cyber crime bleeds U.S. corporations, survey
shows; financial losses from attacks climb for
third year in a row (2003). Retrieved October
1, 2003, from http://www.gocsi.com/press/
20020407.jhtml?_requestid=1091763
Develop a computer deployment plan that
includes security issues (2003). Retrieved September 10, 2003, from http://www.cert.org/
security-improvement/practices/p065.html
Erbschloe, M. (2003). Guide to disaster recovery
(1st ed.). Boston: Course Technology.
Harreld, H. (2001, March 26). Security: An
uneasy alliance. InfoWorld, 23, 42.
Holden, G. (2004). Guide to firewalls and network
security: Intrusion detection and VPNs. Boston:
Course Technology.
Introduction to risk analysis (2003). Retrieved
September 10, 2003, from http://www.securityrisk-analysis.com/introduction.htm
ISO 177799 directory (2003). Retrieved September 10, 2003, from http://www.iso-17799.com/
Leyden, J. (2004). Security is our biggest challenge. Retrieved April 1, 2004, from http://
www.securityfocus.com/news/8375
20
Journal of Education for Business
Likert scaling (2004). Retrieved January 19, 2004,
from http://trochim.human.cornell.edu/kb/scallik.htm
MacDonald, L., & Fougere, K. (2003). Software
piracy: A study of the extent of coverage in
introductory MIS textbooks. Journal of Information Systems Education, 13, 325–330.
Radcliff, D. (2002, June 3). Security under the
gun. ComputerWorld, 23, 36.
Volonino, L., & Robinson, S. R. (2004). Principles
and practice of information security. Boston:
Prentice-Hall.
Warner, B., & Abreu, E. M. (2003). Virus that
infects E-mails expanding its reach. Retrieved
August 22, 2003, from http://www.washington
post.com/ac2/wp-dyn/A28502-2003Aug21? language=printer
Wellner, A. S. (2000). TrustUS.com. American
Demographics, 22(11), 47.
Whitman, M. E., & Mattford, H. J. (2004). Principles of information security (1st ed.). Boston:
Course Technology.
APPENDIX A
Textbook Review Listing
Applegate, L. M., McFarlan, F. W., & McKenney, J. L. (1999). Corporate Information
Systems Management (5th ed.). Boston: Irwin McGraw-Hill.
Beekman, G., & Rathswohl, E. J. (2003). Computer Confluence: Exploring Tomorrow's
Technology (5th ed.). Upper Saddle River, NJ: Prentice Hall.
Gordon, S. R., & Gordon, J. R. (2004). Information Systems: A Management Approach
(3rd ed.). Hoboken, NJ: John Wiley & Sons.
Jessup, L., & Valacich, J. (2003). Information Systems Today. Upper Saddle River, NJ:
Prentice Hall.
Laudon, K. C., & Laudon, J. P. (2004). Management Information Systems: Managing
the Digital Firm. Upper Saddle River, NJ: Pearson/Prentice Hall.
Long, L., & Long, N. (2004). Computers: Information Technology in Perspective (11th
ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
Martin, E. W., Brown, C. V., DeHayes, D. W., Hoffer, J. A., & Perkins, W. C. (2002).
Managing Information Technology (4th ed.). Upper Saddle River, NJ: Prentice Hall.
McKeown, P. (2003). Information Technology & The Networked Economy (2nd ed.).
Boston: Course Technology.
McLeod, R., Jr., & Schell, G. P. (2004). Management Information Systems (9th ed.).
Upper Saddle River, NJ: Pearson Prentice Hall.
McNurlin, B. C., & Sprague, R., Jr. (2004). Information Systems Management in Practice (6th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
O'Brien, J. A. (2002). Managing Information Systems: Managing Information Technology in the E-Business Enterprise (5th ed.). Boston: McGraw-Hill Irwin.
Oz, E. (2002). Management Information Systems (3rd ed.). Boston: Course Technology.
Parsons, J. J., & Oja, D. (2003). Computer Concepts (9th ed.). Boston: Course Technology.
Pearlson, K. E., & Saunders, C. S. (2004). Managing and Using Information Systems:
A Strategic Approach (2nd ed.). New York: John Wiley & Sons.
Pfaffenberger, B., & Daley, B. (2004). Computers in Your Future (Complete ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
Shelly, G. B., Cashman, T. J., & Vermaat, M. E. (2004). Discovering Computers 2004
A Gateway to Information. Boston: Course Technology.
Stair, R. M., & Reynolds, G. W. (2003). Principles of Information Systems (6th ed.).
Boston: Course Technology.
Turban, E., McLean, E., Wetherbe, J., Bolloju, N., & Davison, R. (2002). Information
Technology for Management: Transforming Business in the Digital Economy (3rd
ed.). New York: John Wiley & Sons.
Turban, E., Rainer, R. K., & Potter, R. E. (2003). Introduction to Information Technology (2nd ed.). Hoboken, NJ: John Wiley & Sons.
APPENDIX B
Computer Security Web Sites and URL Addresses
CERT® Coordination Center
The Internet Security Alliance
Disaster Recovery
ADDSecure.Net Inc.
The Institute of Internal Auditors
Stanford Research Institute
The SANS Institute
http://www.cert.org
http://www.isalliance.org
http://www.drj.com
http://www.addsecure.net
http://www.theiia.org
http://www. sri.com
http://www.sans.org