Refereed article in conference proceedings (A4)

A Taxonomy of Perceived Information Security and Privacy Threats among IT Security Students

List of Authors: Ali Farooq, Syed Rameez Ullah Kakakhel, Seppo Virtanen, Jouni Isoaho

Conference name: International Conference for Internet Technology and Secured Transactions

Place: London

Publication year: 2015

Book title *: The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015)

Number of pages: 7

ISBN: 978-1-908320-52-0

ISSN: 2164-7046



The purpose of this study is to explore students’ perceived information security and privacy (IS&P) threats and to classify them in a way that helps in analyzing the problem, creating awareness measures and further improving students’ IS&P education. Using a qualitative research approach, a group of forty two Master’s degree IT students identified seventy five IS&P threats related to them. The identified threats were classified into fourteen categories. Further, using the affinity diagraming technique, the categories were grouped into four domains - Personnel, Devices, Intranet and Internet. In this way, we present a taxonomy of students’ perceived IS&P threats as well as a model that highlights the domains where students consider themselves prone to IS&P threats. The proposed taxonomy and the domain model can be used as a benchmark for designing information security awareness assessment instruments and preparing information security awareness programs. The taxonomy can also be used for highlighting areas where students lack information security related knowledge.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Last updated on 2021-24-06 at 11:07