You are here: Home Contents V13 N1 V13N1_CandalVicente.html
Personal tools

Evaluation of Vulnerabilities in Computer Systems Users



Full text

Journal of Information Systems Security
Volume 13, Number 1 (2017)
Pages 3555
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Isabel Candal-Vicente — Universidad del Este, Puerto Rico
Segundo Castro-Gonzáles — Universidad del Este, Puerto Rico
Janely García-Cortés — Xapiens International, Puerto Rico
Information Institute Publishing, Washington DC, USA




Information security is a complex subject for all kinds of entities, including home users, small businesses or multinational companies. The purposes of this study is to categorize levels of user knowledge about the risk of internet connectivity, categorize protection strategies that are used to control the risk of information security, and analyze the relationships between the different levels of knowledge that concern connection risk versus protection strategies for computer security. A questionnaire was administered to a sample of 229 individuals. The 5-point Likert scale was used to measure the opinion of the participants with regard to the statements made in the questionnaire. The following alternatives were considered: strongly agree, somewhat agree, somewhat disagree, disagree and do not know. This empirical research confirms: 1) the level of importance in knowledge of the cyber risks lies in five categories that explain the 60.6 % variance, 2) the level of importance in security strategies were found in six categories that explain the 63.47% variability, and 3) there is a strong correlation in the order of 86.6 % between the knowledge of cyber risks and protection strategies. For future works it is important to take in consideration that the performed research was generated first through a factorial analysis in order to determine which components are grouped with similar statistical characteristics.





Malicious Software, Information Security, Computer Security, Access Controls, Security Risk




Alvarado, L. (2011). `Diseño de un Plan de Gestión de Seguridad de la Información', Decanato de Ciencias Y Tecnologías, Universidad Centroccidental Lisandro Alvarado. Barquisimeto, Thesis.

Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010). "Information security policy compliance: an empirical. Study of rationality-based beliefs and information security awareness", MIS Quarterly, 34(3), 523-548.

Calder, A., and Watkins, S.G. (2010). Information Security Risk Management for ISO27001 / ISO27002, IT Governance Publishing, Cambridgeshire.

Capafons, A., Morales, C., Espejo, B., and Cabañas, S. (2006), "Análisis factoria exploratorio y propiedades psicométricas de la escala de valencia de actitudes y creencias hacia la hipnosis, versión terapeuta," Psicothema, 18(4), 810­815.

CERT, Coordination Center Home Network Security. (2013). `Home Network Security', Engineering Institute Carnegie Mellon,, 2001.

File, T. and Ryan, C. (2014). Computer and Internet use in the United States: 2013. American Community Survey Reports.

Garcia, M. L. (2006). Vulnerability Assessment of Physical Protection Systems, Elsevier Butterworth-Heinemann, Burlington, MA.

Hair, J.F., Black, W.C., Babin, B.J. and Anderson, R.E. (2015). Multivariate Data Analysis seventh Edition, Pearson Education, Inc.

Hintzbergen, J., Hintzbergen, K., Smulders, A. and Baars, H. (2015). Foundations of Information Security Based on ISO27001 and ISO27002 (third edition), Van Haren Publishing, Zaltbommel.

ISO/IEC 27001. (2005). - Information Technology ­ Security Techniques - Information Security Management Systems ­ Requirements, ISO, Geneva.

ISO/IEC 17799. (2005). Information Technology ­ Code of Practice for Information Security Management, ISO, Geneva.

Jajodia, S., Noel, S., Kalapa, P., Albanese, M., and Williams, J. (2011). `Cauldron Mission-centric cyber situational awareness with defense in depth'. In Proceedings - IEEE Military Communications Conference, MILCOM, 7-10 November 2011. Baltimore, MD.

Maiwald, E., and Sieglein, W. (2002). Security Planning and Disaster Recovery, McGraw-Hill Osborne Media, New York.

Mieres, J. (2009). `Ataques informáticos. Debilidades se seguridad comúnmente explotadas',, 7 April 2013.

Moscoso, M., Lengacher, C., and Knapp, M. (2012). "Estructura factorial del inventario multicultural de la depresión, estado-rasgo: Rol de las emociones positivas en la depresión". Persona 15, Enero-Diciembre (1): 115­136.

National Institute of Standards and Technology. (2011). Computer Security Division. Computer Security Division Annual Report.

McConnell J.M. (1994). `National Training Standard for Information Systems Security (INFOSEC) Professionals'. National Security Agency/Central Security Service Fort George G Meade Md; 1994 Jun 20.

Nunnally, J.C. (1991). Teoría Psicométrica. Trillas, Mexico.

Pérez, J. (2004). "Qué es el análisis multivariante," Psicología Experimental, 1­105.

Pérez, C. (2011). Técnicas de Análisis Multivariante de Datos: Aplicaciones con SPSS, Pearson Prentice Hall, S.A, Madrid.

Pérez, E., Medrano, L.A. (2010). "Análisis factorial exploratorio: Bases conceptuales y metodológicas," Revista Argentina Ciencias del comportamiento, 2(1).

Puerto Rico. (2010). Recuperado de

Timbs, N. (2014). `Physical security assessment of a regional university computer network'. Computer and Information Science Department, East Tennessee State University. Tennessee, Thesis.

Torres-Berrios, L. (2012). `Amenazas a la seguridad de la información computadorizada en las universidades en Puerto Rico desde la perspectiva de los profesionales del área de sistemas de información'. Department of Business Administration. Management of Information Systems, Universidad del Turabo, Gurabo, Thesis.

US CERT. (2009). `Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies', 44.

U.S. Department of Homeland Security. (2013). Ten Ways to Improve the Security of a New Computer, Penny Hill Press Inc.

Whitman, M. E. and Mattord, H.J. (2014). Management of Information Security Fourth Edition, Cengage Learning.