Computer Science & Electrical

Computer Science & Electrical

AN ASSESSMENT ON THE IMPACT OF ETHICAL HACKING TRAINING TOWARDS PERCEPTIONS AMONG INFORMATION TECHNOLOGY STUDENTS’

Pages: 17  ,  Volume: 8  ,  Issue: 1 , July   2018
Received: 23 Jul 2018  ,  Published: 23 July 2018
Views: 52  ,  Download: 42

Authors

# Author Name
1 John Kioko

Abstract

Many of the students undertaking IT programs in our universities possess the fundamental skills to carry out hacking in their future professional careers in the organizations in which they will be employed through the knowledge they have acquired as part of their training. Learning about networking, programming, coupled with hardware knowledge and exposure to various operating systems such as Unix, Linux, and Windows equips the average IT student with the skills and knowledge to infiltrate and manipulate systems, in essence making them hackers in the making. Accordingly, a black-hat hacker is a hacker who either ignores or intentionally defies legal or regulatory statutes with presumably little interest in ethical frameworks (Pike, 2013). Conversely, a white-hat hacker is defined as a hacker who is committed to full compliance with legal and regulatory statutes as well as published ethical frameworks that apply to the task at hand (Pike, 2013). One of the greatest challenges posed to business through recruitment of IT professionals is the risk of cybersecurity breaches to organizational systems as a result of the knowledge they possess. Many business organizations, as a result, have fallen victim to cyber-attacks. It was thus the focus of this research to explore why by training IT students in our University’s, we are producing an increasing number of future hackers within Africa Nazarene University. The purpose of this study was to explore if ANU is a breeding ground for hackers of the future. The study explored if perceptions held of ethical hacking serve as deterrents to hacking through training achieved as IT students at ANU through the objectives of evaluating how the GoK codes of conduct and RoK ICT policy affect IT students, how ethical practices training has impacted IT students, when have the IT student’s encountered ANU institutional policies, and what is the consequent level of awareness of ethical hacking. At its core was the theory that today’s IT students are tomorrow’s hackers with the target population being IT students undertaking undergraduate BCS, BBIT programs and graduate MIT studies at ANU. A sample size of 105 respondents, which was drawn using purposive sampling technique was used that targeted students who are part of the IT programs under study. Quantitative data was obtained from the respondents as collected using questionnaires and analyzed using SPSS through descriptive analysis that yielded correlations between the objectives under study as well as frequencies and percentages of the results of data. The results were presented in form of correlation tables, bar graphs, pie charts and a written report that detailed analysis of findings as well as evaluated the insights of the data analyzed. The study found that 61.9% respondents taking IT programs at ANU have no knowledge of the GoK code of conduct with 61.7% among the BBIT group indicating that they have not undergone hacking training. 95.8% indicated that coupled with having undergone hacking training they practice prudent online internet conduct through their ANU user accounts as well as 90.5% of the total respondents across all programs indicating that hacking sensitization would be an important part of their training. The study was able to conclude that ANU IT student’s curricula should be guided by the government master plan on the role out and implementation of ICT within Kenya, legal document added to exposure to the field, testing of skills, collaborations on projects as well as sharing of knowledge in line with sensitization on the latest trends should form part and parcel of the core training. Recommendations from the study include the establishment of an IT training policy, hacking and ethics training, and creation of hacking awareness programs on white hat and black hat hacking. The study sought to develop awareness among Africa Nazarene University IT students on ethical hacking and is intended to benefit ANU in particular as it will enable the institution to determine if the IT training programs have any shortfalls that may exist.

Keywords

  • Hacking; Black Hat Hacker; White Hat Hacker; GoK Laws; RoK ICT policy; Ethical Hacking Training; ANU Institutional Policies; Awareness;
  • References

    Abdulrahman, M. S. (2015). Ethical Hackers. IT e-Magazine

    Africa Nazarene University, (2016). Information Resource Use and Security Policy

    Aggarwal, P., Arora, P., Neha & Poonam. (2014). Review on Cyber Crime and Security. IJREAS, Vol. 02, Issue 01

    Ajayi, (2016). The impact of cybercrimes on global trade and commerce

    AlHogail, A. & Mirza, A. (2014). Information Security Culture: A Definition and A Literature Review

    Alnatheer, M.A. (2014). A Conceptual Model to Understand Information Security Culture. International Journal of Social Science and Humanity, Vol. 4, No. 2

    Amunga, H.A. (2013). Introducing information ethics in the curriculum at Kenyatta university: views from lecturers and post graduate students. Innovation Journal of appropriate librarianship and innovation work in Southern Africa. No. 46, 12-43.

    Briscoe, G. & Mulligan, C. (2014). Digital Innovation: The Hackathon Phenomenon

    Brown, C. (2015). White or Black Hat? An Economic Analysis of Computer Hacking

    Burns, N. and Grove, S.K. (2003). Understanding nursing research.

    Calco, M. & Veeck, A. (2015). ‘The Markathon: Adapting the Hackathon Model for an

    Introductory Marketing Class Project’ Marketing Education Review 25(1) pp.33-38.

     

    Carlin, A., Manson, D., & Zhu, J. (2008). Developing the cyber defenders of tomorrow with regional Collegiate Cyber Defense Competitions (CCDC). Proceedings of the 25th Information Systems Education Conference, ISECON 2008, November 6, 2008 –November 9, 2008, 25.

    Cobb, S. (2016). Mind This Gap: Criminal Hacking And The Global Cybersecurity Skills Shortage, A Critical Analysis

    Cohen, G. (2014). Best practices for network security management

    Coleman, E . G. (2013). Coding Freedom: The  Ethics and Aesthetics of  Hacking. 41 William Street, Princeton, New Jersey 08540 : Princeton University Press.

    Conklin, A. (2005). The use of a collegiate cyber defense competition in information security education. Proceedings of the 2005 Information Security Curriculum Development  Conference, InfoSecCD ’05, September 23, 2005 – September 24, 2005 (pp. 16–18).

    Cox, E. (2013). Ahmed Al-Khabaz expelled from Dawson College after finding security flaw. National Post.

    Curbelo, A. M. & Cruz, A. (2013). Faculty Attitudes Toward Teaching Ethical Hacking to Computer and Information Systems Undergraduates Students. Eleventh LACCEI Latin American and Caribbean Conference for Engineering and Technology (LACCEI’2013)”Innovation in Engineering, Technology and Education for Competitiveness and Prosperity” Cancun, Mexico.

    Maiga, I.M. (2015). Cyber Security: The subplot to Africa’s connectivity boom. Africaonline Business, p. 1.

    Drumwright, M. & Prentice, R. (2015). Behavioral Ethics and Teaching Ethical Decision Making. Decision Sciences Journal of Innovative Education Volume 13 Number 3

    Eloff, J. H. P. (2015). An Information Security Governance Framework.

    Eyong, K. (2014). “Recommendations for information security awareness training for college students ”, Information Management and Computing Security , vol. 22( 1 ) : 115-126

    Falk, C. (2014). Gray hat hacking: Morally black and white. CERIAS Tech Report, 2004-20. Lafayette, IN: Center for Education and Research in Information Assurance and Security, Purdue University.

    Garfinkel S. (2008). Database Nation. Cambridge, MA: O’Reilly & Associates.

    Green, S & Salkiand (2003). Using SPSS for Windows and Macintosh: Analysis and understanding data. 3rd ed. NJ: Prentice Hall.

    Hall, B. R. (2014). A synthesized definition of computer ethics. SIGCAS Comput. Soc., 44(3):21–35.

    Hogg, M. A., & Terry, D. J. (2000). Social Identity and Self-Categorization Processes in Organizational Contexts. Academy of Management Review, 25(1), 121–140.

    Cherono, S. (2015). It is a hackers’ paradise out there as Kenyans bare their all online. Daily Nation, p. 1.

    Jackson, E.S. (2015). Technology And Ethics. Journal of Information Technology Vol. 1 Art. 7, pp. 30-37

    Ochieng’, L. (2015). Kenya lost Sh15bn through cybercrime last year, the report says. Daily Nation, p. 2.

    Kitheka, P.M. (2013). Information Security Management Systems In Public Universities In Kenya: A Gap Analysis Between Common Practices And Industry Best Practices

    Kothari, C. R. (2004). Research Methodology: Methods and Techniques, (2nd ed.) New Age International Publishers: New Delhi.

    Kortjan, N., & von Solms, R. (2013). “Cyber Security Education in Developing Countries: A South African Perspective,” Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 119, pp. 289-297

    Levy, S. (1994). Hackers: Heros of the Computer Revolution. New York: Penguin.

    Malan, B. & Bester, C. (2014). Curriculum to teach Information Ethics at universities in

    Africa

    McGregor, J. (2014). The top five most brutal cyber-attacks of 2014 so far.

    Miles, M.B. & Huberman A.M. (1994). Qualitative Data Analysis. California 91320: SAGE Publications.

    Mtsweni, J. & Abdullah, H. (2015). Stimulating and maintaining students’ interest in Computer Science using the hackathon model. The Independent Journal of Teaching and  Learning - Volume 10.

    Mugenda, M. O. & Mugenda, A. (2008). Research Methods: Qualitative and Quantitative Approaches, African Centre for Technology Studies, Nairobi, Kenya.

    Muthama, M.N. (2013). Regulation On Access To Internet: Problems And Solutions. Journal of Theoretical and Applied Information Technology.

    Ongong’a, J. J. & Akaranga, S. I. (2013). Work Ethics For Lecturers: An Example Of Nairobi And Kenyatta Universities. International Journal of Arts and Commerce ISSN 1929-7106

    Palmer, C.C. (2001). Ethical Hacking. IBM Systems Journal, Vol. 4:, No. 3

    Parahoo, K. (1997). Nursing research: Principles, process and issues. London: MacMillan Press.

    Pashel, B. A. (2007). Teaching students to hack: ethical implications in teaching students to hack at the university level. Proceedings of the 2006 Information Security Curriculum Development Conference, InfoSecCD ’06, September 22, 2006 – September 23, 2006, 197–200.

    Perez, E. (2015). FBI: Hacker Chris Roberts claimed to hack into flights CNN (May 18).

    Pike, R.E. (2013). “The “Ethics” of Teaching Ethical Hacking,”. Journal of International   Technology and Information Management: Vol. 22: Iss. 4, Article 4.

    Pike, R.E. & Curl, S.S. (2013). The “Ethics” of teaching Ethical Hacking. California State Polytechnic University, Pomona, education Special Interest group of the AITP.

    Polit, D.F. & Beck, C.T. (2003). Key Concepts and Terms in Qualitative and Quantitative Research. Nursing research: principles and research.

    Pons, E. (2015). Social learning Theory and Ethical Hacking : Students Perspective on a Hacking Curriculum. Proceedings of the Information Systems education Conference Orlando, Florida.

    Prasad, S. T. (2014). Ethical hacking and types of hackers. International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) 11, no. 2:24-27.

    Radziwill, N., Romano, J., Shorter, D., & Benton, M. (2015). The Ethics of Hacking: Should It Be Taught?

    Reid, R. & Niekerk, J.V. (2013). Snakes and ladders for digital natives: information security education for the youth. Institute of ICT Advancement, Nelson Mandela Metropolitan University, Port Elizabeth, South Africa

    Republic of Kenya - Computer and Cybercrimes Act, 2016., PART II OFFENCES on Unauthorised access.

    Republic of South Africa, Cybercrime and Cybersecurity Bill (2015), Section 75 Chapter 2 –   OFFENCES.

    Richet, J.L. (2013). From Young Hackers to Crackers

    Sterling, B. (1993). The Hacker Crackdown. New York: Bantam.

    Suhasini, C. (2014). Ethical Hacking and its Vulnerabilities. International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE).

    Solms, S.V., & Solms, R.V. (2014). Towards Cyber Safety Education in Primary Schools in Africa. Proceedings of the Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA)

    The Republic of Kenya - National Information and Communication Technology (ICT) Policy of 20Th June 2016, Part 15.

    The South African National Integrated ICT Policy - White Paper of 28th September 2016, states on part 10 : A Digital Society, Pillar II : DIGITAL ACCESS.

    Touray, A., Salminen, A. & Mursu, A. (2013). ICT barriers and critical success factors in developing countries. The Electronic Journal on Information Systems in Developing Countries, 56(7), 1-17.

    Trabelsi, Z., & Ibrahim, W. (2013). Teaching Ethical Hacking in Information Security

    Curriculum: A Case Study. IEEE Global Engineering Education Conference (EDUCON)

    Veiga, A. D. (2015). The Influence of Information Security Policies on Information Security Culture: Illustrated through a Case Study. Proceedings of the Ninth International  Symposium on Human Aspects of Information Security & Assurance

    Voiskounsky, A. E., & Smyslova, O. V. (2003). Flow-Based model of computer hackers’

     motivation. CyberPsychology & Behavior, 6(2), 171–180.

    Wark, M. (2006). Hackers. Theory, Culture & Society, 23(2/3), 320–322.

    White, G. B., Williams, D., & Harrison, K. (2010). The CyberPatriot national high school cyber defense competition. IEEE Security and Privacy, 8(5), 59–61.

    Wiggins, A., Gurzick, D., Goggins, S. & Butler, B. (2014). ‘Quality Hackathon’ Proceedings  of the 18th International Conference on Supporting Group Work - GROUP ’14 pp.321-323.

    Xu, Zhengchuan, Qing H., & Chenghong Z. (2013). Why computer talents become computer hackers. Communications of the ACM 56, no. 4:64-74.

    Young, R., Zhang, L., & Prybutok, V. R. (2007). Hacking into the minds of hackers. Information Systems Management, 24(4), 281–287.