Network Security, Information Assurance, and Security
Awareness in Take Home Computer Devices
Phase 2: Research Methodology Design
CIST 490
Hector Rivera
University Of Mary Washington
Project Phase 2: Research Methodology Design
2. Literature Review
2.1 Introduction
The term telecommuting was first introduced by Jack Nilles during the Arab oil embargo of the 1970s in response to the realization that the world’s fossil-fuels were hardly inexhaustible and energy conservation was now a necessary forethought (Reymers, 1996). Telecommute has widely increased during the past 22 years after the United States government passed the Clean Air Act of 1990 and by 1994 the U.S. government required "thousands of businesses employing more than 100 people [to] submit detailed proposals outlining a program deemed by the employer as a way to reduce their employees’ commute time by 25 percent through carpooling, public transportation incentives, condensed workweeks, or the most practical, cost-effective and popular option, telecommuting" (Zelinsky, 1994). The logic behind this process is to allow employees to take home the company’s computer devices in order to connect to the company’s intranet using some sort of remote service like a Virtual Private Network (VPN) so they can conduct their day to day tasks.
Company’s need to understand the risks involved in this process and how to implement proper network security. When we talk about network security we are pointing out the various defense mechanisms applied to a network and its components; for example applying access control lists to the perimeter routers or configuring an user laptop with all the required security patches and updates from the vendor in order to make the device safe to be use in the network and in compliance with any local or regional policies. Network Security is not just having firewalls on the right place of the network architecture but making sure the configuration and policy rules are in compliance (identifying source IP, Destination IP, and Ports/Protocols) with the Network’s owner guidance, policies and procedures.
2.2 Model
During this research I will be using the expectation & confirmation theory model (ECT). My research will investigate whether the use of take home computing devices (telecommuting) is a safe (on a network security perspective) and productive asset to any given company (but will concentrate on my company). I will also explore the effectiveness of information assurance and network security policies on protecting a company’s infrastructure and Local Area Network (LAN) from the risks of telecommuting.
2.3 Establish a framework of relationship that you are exploring via a diagram
[pic]
FIGURE 1: FRAMEWORK OF RELATIONSHIP
2.4 GAP
I decided to use this model because of the similarity of the model to my research intent. In order to understand how information assurance is performing on telecommuting, we need to understand what are the perceive organizational benefits (of telecommuting and the protection of the network), the usefulness, what are the expectations for senior staff, management, and employees (and how to confirm those expectations), and finally how can we use information assurance on the telecommute program in order to achieve continuity of operations. What’s missing on this model? In order to fully complete my research using this model, I will also have to find out what is the users’ intent to participate on telecommuting and their willingness to follow the policies in place to keep the network and the company’s data secure.
Following this model, after gathering and analyzing the data from the questionnaire, we should have an educated conclusion on how effective information assurance is in securing the company’s network from risks associated with take home
