Dissertation Project Report On

AWARENESS OF VARIOUS INFORMATION SECURITY THREATS & SOLUTIONS

BY ALOK AWASTHI A0101910162 MBA CLASS OF 2012

Under the Supervision of Mr. Gaurav Chandhiok DEPARTMENT OF INFORMATION & TECHNOLOGY In Partial Fulfilment of Requirements for the degree of Master of Business Administration At AMITY BUSINESS SCHOOL AMITY UNIVERSITY UTTAR PRADESH SECTOR, 125 NOIDA- 201303, UTTAR PRADESH, INDIA 2012
1

DECLARATION Title of Project Report AWARENESS OF VARIOUS INFORMATION SECURITY THREATS & SOLUTIONS

I declare (a) That the work presented for assessment in this Dissertation Report is my own, that it has not previously been presented for another assessment and that my debts (for words, data, arguments and ideas) have been appropriately acknowledged

(b) That the work conforms to the guidelines for presentation and style set out in the relevant documentation.

Date: .

Alok Awasthi A0101910162 MBA Class of 2012

CERTIFICATE

I Mr Gaurav Chandhiok hereby certify that Alok Awasthi student of Masters of Business Administration at Amity Business School, Amity University Uttar Pradesh has completed the Project Report on, AWARENESS OF VARIOUS INFORMATION SECURITY THREATS & SOLUTIONS under my guidance.

DATE

Mr GAURAV CHANDHIOK DEPARTMENT OF INFORMATION & TECHNOLOGY, ABS

TABLE OF CONTENTS Page no. Chapter 1 Introduction Key Concepts............................................. General Perception about IS................................. Rationale of the Study..................................... Objective. Chapter 2 Literature Review.................................................... Chapter 3 Research Methodology..... Research Objective.............................................. Research design... Sampling Techniques.... Sample size................ Data collection . Research Instruments............./............................... Pretesting of questionnaire.......................................... Chapter4 Data Analysis & Interpretation Frequency Analysais & Cross Tabs Chapter5 Conclusion &Recommendations.......

5 6 10 11 11 12 15 16 17 17 17 18 19 19 20 29 42

III Appendix : Questionnaire..

44

CHAPTER 1: INTRODUCTION

1.1 INTRODUCTION TO THE PROJECT Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about like passwords, email accounts, bank account information etc fall into the other hands which can be dangerous in both personal and financial terms. Protecting confidential information is a crucial requirement, and in many cases also an ethical and legal requirement.\ For over twenty years, information security has held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security. There is continuous debate about extending this classic trio. Other principles such as Accountability have sometimes been proposed for addition it has been pointed out that issues such as Non-Repudiation do not fit well within the three core concepts, and as regulation of computer systems has increased , Legality is becoming a key consideration for practical security installations.

1.1.1 Key Concepts In 1992 and revised in 2002 the OECD's Guidelines for the Security of Information Systems and Networks proposed the nine generally accepted principles: Awareness, Responsibility, Response, Ethics, Democracy, Risk Assessment, Security Design and Implementation, Security Management, and Reassessment. Building upon those, in 2004 the NIST's Engineering Principles for Information Technology Security proposed 33 principles. From each of these derived guidelines and practices. In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. The elements are confidentiality, possession, integrity, authenticity, availability, and utility. The merits of the Parkerian hexad are a subject of debate amongst security professionals. Confidentiality Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds.

Integrity In information security, integrity means that data cannot be modified undetectably. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of Consistency as understood in the classic ACID model of transaction processing. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality. Availability For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks. Authenticity In computing, e-Business, and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim they are. Non-repudiation In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Electronic commerce uses technology such as digital signatures and public key encryption to establish authenticity and non-repudiation.

1.1.2 Top Ten Information Security Threats 1. Malware Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security's list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits. 2. Malicious insiders Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat. 3. Exploited vulnerabilities Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications. 4. Careless employees Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization's risk to careless insiders.

5. Mobile devices Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach. 6. Social networking Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker's dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise. 7. Social engineering Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it's legitimate or not. 8. Zero-day exploits Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud computing security threats Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access "in the cloud" services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue. 10. Cyber espionage Cyberespionage is a threat that's being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyber espionage has major implications for the government, it is a rising threat that must be closely monitored.

1.1.3 General Perception about Information Security Information security is a great concern to computer and Internet users, who are suffering from a variety of threats to information security. Every day there are millions of accidents caused by virus, hackers, spam, spyware, zombie networks and many other threats to information security. Those incidents are having serious effects on the economy and society, by bringing about infringements of human rights, financial damage to corporations, and the failure of the entire information system. Moreover, those threats to information security can influence IT users behaviour and cognition. Information security involves both technology and people, and it is becoming increasingly evident that the human factor is the Achilles heel of information security. Numerous sophisticated security methods have been developed, but the situation of information security is getting worse and worse. No matter how well designed, security methods rely on individuals to implement and use them. These methods may not accomplish their intended objectives if they are not used properly. Moreover, Many people hesitate or refuse to adopt IT appliances because of \worrying about the security problems , and that whether people willing to adopt an IT appliance depends not only on its real security level, but also on its perceived security. The number of people who have experienced identity fraud due to data breaches pales in comparison to the number
10

of people who fear it. Perception is a main part of human intelligence and a key component to understand human behaviour. It is the mechanism with which a person evaluates inputs from the external environment, which, in turn, determines his/her behavioural response. IT users respond to different kinds of threats according to their perceptions of information security. Overestimates of risk can stifle peoples will to adopt IT applications, while underestimate of risk can wrongly encourage people to take insecure behaviours.

1.2

Rationale of Study

The study is undertaken to find out the Awareness of various information security threats & solutions and to find out the possible factors which affect the overall security of the computer whether it is connected with the network or not. The possible precautions against threats like antivirus, firewall safety and other means to protect the computer will be studied in this research. The overall security of the data is very important in todays scenario as it is most crucial issue to protect or even retrieve the data after the cyber attacks or virus attacks. The study focuses on the types of preferences about variety of solutions offered to protect from IT disaster. There are various solutions available to protect the online & stored data by cyber attacks, viruses, theft.

1.3 Objective The main objective of the study is o threats. o To find out user satisfaction level towards various products of the companies To Find out awareness about computer security & various information security

providing information security solutions.

11

CHAPTER 2: REVIEW OF LITERATURE

Investigations into the stock price impact of cyber-attacks show that identified target firms suffer losses of 1%-5% in the days after an attack. For the average New York Stock Exchange corporation, price drops of these magnitudes translate into shareholder losses of between $50 million and $200 million. Several computer security consulting firms produce estimates of total worldwide losses attributable to virus and worm attacks and to hostile digital acts in general. The 2003 loss estimates by these firms range from $13 billion (worms and viruses only) to $226 billion (for all forms of overt attacks). The reliability of these estimates is often challenged; the underlying methodology is basically anecdotal. Estimates of the macroeconomic costs of cyber-attacks are speculative. [1]

According to the Study ( April 2004 by Government & Finance division USA ) an HPsponsored Ponemon Institute survey, cyber attacks have a significant financial impact on businesses and government organizations, despite widespread awareness. The study indicates that the median cost of cyber crime is now $5.9 million per year, a 56 percent increase from the median cost in last years study. In addition, more than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks. During a four-week period, organizations surveyed experienced an average of 72 successful attacks per week, an increase of nearly 45 percent from last year. The average time to resolve a cyber attack is 18 days, with an average cost of nearly $416,000. This is an increase of approximately 70 percent from the estimated cost of $250,000 during a 14-day resolution period in last years study. In addition, another study from Coleman Parkes, commissioned by Hewlett & Packard, surveyed senior business and technology executives in Asia Pacific on their perspectives on risk, security threats and current priorities. When asked what type of risk management is most critical to enterprises, the study revealed that financial risk was most critical to enterprises. The study also indicated that while executives are aware of potential security threats, they lack confidence in their organisations risk management practices. Specifically, only 27 percent of business and technology leaders indicated that their organizations were very well defended against security threats. [2]

12

Estonian Cyber attack was one of the most significant coordinated cyber-attacks against a sovereign state of the world. Taking into account the size of Estonian Infrastructure these attacks are well planned. Although the attack was defeated without any long-term

consequences, there were some immediate effects that affected all Estonian people, such as unavailability of online banking or difficulties in communications. In a country where 98% of bank transactions are made online and where majority of citizens fill tax forms online, the researchers are sure that you can realize the impact that such prolonged incidents could have. The impact of the attack was also amplified by the psychological effect and intimidation that it had on the general populace. [3] The Second Annual Cost of Cyber Crime Study the executives of different software companies in USA in 1999 surveyed, expressed the following views. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. The complexity of risk is increased. Security breaches within organization have increased during last year. Internal security breach. External security breach. Organisation suffered due to unwanted disclosure due to security breach. Business interruption due to cyber attacks Identity & privilege abuse. Unsound transactions due to cyber attacks. Compliance management issues. Security will be major priority for next years. Security budget will increase in next budget cycles. 70% 40% 46% 39% 22% 20% 18% 14% 31% 70% 50%
[4]

13

In a recent IBM/Guardium survey, more than 800 respondents in France, Germany, the United Kingdom and the United States shared their views on the safety of their Personally Identifiable Information (PII) and credit card data. Despite a few variations from country to country, the sentiment of the respondents was largely the same: consumers are quite concerned about the security of their personal and financial data, and they perceive that governments, banks and retailers remain ill-equipped to protect it. In fact, in a telling commentary on 21stcentury perceptions, US consumers believe that they are more likely to have their identity stolen than to have their cars stolen! Of all the consumers surveyed, 80 per cent said they were either concerned or very concerned about the security of their credit card information. The respondents had learnt from experience: 16 per cent of them have actually been victims of fraud before, while in the US those who had been hit by fraud had been hit hard. For more than 55 per cent of US victims, over one thousand dollars were involved and for an unfortunate three per cent, over ten thousand dollars. [5]

In the survey study, 602 respondents were asked to evaluate one of 21 common threats to information security with regard to its rank related to each of the 20 threat-related features. An exploratory factor analysis was then conducted, and a six-factor structure was derived, which includes factors of Knowledge, Impact, Severity, Controllability, Possibility and Awareness. Using this factor structure, the characteristics of the five most dangerous threats (hackers, worms, viruses, Trojan horses and backdoor programs) and the five least dangerous threats (spam, piratical software, operation accidents, users' online behaviour being recorded and deviation in quality of service) were discussed and compared. The relationships between the factors and the perceived overall danger of threats were found and then tested by multiple regression analyses. Significant effects were also found in people's perception of information security related to computer experience and types of loss. [6] So we can see that a lot of comprehensive work has been done on the field of Information Security Threats and Solutions yet the awareness of these threats and solutions is to be determined.

14

CHAPTER 3: RESEARCH AND METHODOLOGY 3.1 Research Design A Research design is concerned with turning a research question into a testing project. The best design depends on the research questions. Every design has its positive and negative sides. The research design has been considered a "blueprint" for research, dealing with at least four problems: what questions to study, what data are relevant, what data to collect, and how to analyze the results As we have seen that the main three determinants of Information Security are confidentiality, integrity and availability. So, entities like satisfaction level, security parameters and the functionality of the information Security solutions i.e. Antivirus will be the important issue. The issues like brand value of Antivirus Company and other trust parameters based on past reputation of the Company will be important. We will be going for the descriptive research design as we have to gather information from a large sample to understand the existing scenario.

3.2 Methodology 3.2.1 Population Population is used to refer to a set of potential measurements or values, including not only cases actually observed but those that are potentially observable. A statistical population is a set of entities concerning which statistical inferences are to be drawn, often based on a random sample taken from the population. In this case each and every person who uses internet and are aware of the Information Security Threats and solutions of any age group are the one who can become a potential source of information. No matter if one have Internet Connection or not, if one have the knowledge of the above mentioned domain then he/she is a potential source of information in this research to understand perception of population.

15

3.2.2 The Sample A sample is a subset of a population. Typically, the population is very large, making a census or a complete enumeration of all the values in the population impractical or impossible. The sample represents a subset of manageable size. Samples are collected and statistics are calculated from the samples so that one can make inferences or extrapolations from the sample to the population. This process of collecting information from a sample is referred to as sampling. In this research our sample will be a subset of the above defined population. We will be conducting non-probability sampling. We will undergo convenience sampling and also judgmental sampling. At times we will also use snowball sampling. This will be a very good technique in the electronic surveys. 3.2.3 Sample Size The size of the sample is a very important parameter. Sample size refers to the number of elements to be included in the study. Determining the sample size is complex and involves several quantitative and qualitative considerations. But as we will be conducting nonprobability sampling technique, thing will not be that difficult. The sample size for this survey will be around 100 samples. 3.2.4 Sample plan A sampling plan is a detailed outline of which measurements will be taken at what times, on which material, in what manner, and by whom. Sampling plans should be designed in such a way that the resulting data will contain a representative sample of the parameters of interest and allow for all questions, as stated in the goals, to be answered. The sample plan is important is important as the sample we choose must represent the entire population. The sample should be defined in terms of element, sampling units, extent, and time. Researchers rarely survey the entire population for two reasons: the cost is too high, and the population is dynamic in that the individuals making up the population may change over time. The three main advantages of sampling are that the cost is lower, data collection is faster, and since the data set is smaller it is possible to ensure homogeneity and to improve the accuracy and quality of the data.

16

In this case we will be distributing the sample size over the age and demographics parameters. We will be making use of electronic Medias for remote surveys.

3.2.5 Data Collection The surveys were conducted with the help of the research instrument i.e. the questionnaire. The data was collected during the field work during the face to face interviews and online i.e. survey via web hosts to get data from the remote areas. The data collected from field work will be around 40% of the sample size and the rest will be the data collected from the web. We may make use of interviewing a respondent during the fieldwork. We will also use emails and other web hosts to get the questionnaire filled by the respondent. The data collection methods which will be used are: Personal investigation methods: The researcher or the data collector has conducted the survey and collecting data. This method we have to collect more accurate data and original data. This method is useful for small data collection only not big collection of data projects. Data collection through telephones: The data researches collect the information or data through the telephones and mobiles. It is accurate and very quick process for data collecting. Electronic Method: The questionnaire will be uploaded on a web host and then the links will be sent to the respondent and thereby the response of the respondent will be recorded. Interviewing session may also be conducted by making use of the various groupware like skype or MS NetMeeting depending on the respondents feasibility.

17

3.3 Data Analysis The data analysis is the most important part to be performed once the data is collected from the field. The data collected from the survey will be feed in the SPSS software where the data will be analyzed by making use of various statistical tools and techniques like the t-test, mean and variance analysis. Depending on the quality of the questionnaire and the data available proper tools and techniques will be used. We can also perform the crosstabs and analysis of the scaling questions by making use of various tools and techniques available. As we are about to test the perception of the population a perceptual map will be a very good tool to analyze the data. The tools can be: 1. Descriptive Analysis: Descriptive statistics quantitatively describe the main features of a collection of data. Descriptive statistics are distinguished from inferential statistics (or inductive statistics), in that descriptive statistics aim to summarize a data set, rather than use the data to learn about the population that the data are thought to represent. This generally means that descriptive statistics, unlike inferential statistics, are not developed on the basis of probability theory. Even when a data analysis draws its main conclusions using inferential statistics, descriptive statistics are generally also presented. For example in a paper reporting on a study involving human subjects, there typically appears a table giving the overall sample size, sample sizes in important subgroups (e.g., for each treatment or exposure group), and demographic or clinical characteristics such as the average age, the proportion of subjects of each sex, and the proportion of subjects with related comorbidities. Depending on the quality of data we can go for inferential analysis.

18

2. Inferential Analysis: Inferential analysis is the process of drawing conclusions from data that are subject to random variation, for example, observational errors or sampling variation. More substantially, the terms statistical inference, statistical induction and inferential statistics are used to describe systems of procedures that can be used to draw conclusions from datasets arising from systems affected by random variation. Initial requirements of such a system of procedures for inference and induction are that the system should produce reasonable answers when applied to well-defined situations and that it should be general enough to be applied across a range of situations. If need arises for further analysis, then depending on the data we can go for association analysis. 3. Association Analysis: In statistics, an association is any relationship between two measured quantities that renders them statistically dependent. The term "association" refers broadly to any such relationship, whereas the narrower term "correlation" refers to a linear relationship between two quantities. There are many statistical measures of association that can be used to infer the presence or absence of an association in a sample of data. Further we can go for predictive analysis depending on the data collected 4. Predictive analysis: It is a tool which helps us analyze how a single dependent variable is affected by the values of one or more independent variables for example, how an athlete's performance is affected by such factors as age, height, and weight. We can apportion shares in the performance measure to each of these three factors, based on a set of performance data, and then use the results to predict the performance of a new, untested athlete.

19

CHAPTER 4: ANALYSIS

4.1 Review of Methodology Below mentioned is the methodology followed during the research study Preparation of questionnaire covering all relevant aspects of Information security threats and solutions and related issues. Approval of questionnaire by Faculty guide. Conducting Pilot survey and editing questionnaire. Field visit to collect primary data as per the research requirement. Compilation of questionnaire. Removal of incomplete questionnaires. Coding of questionnaire for SPSS19.Assigning the variables in SPSS starting from X1. Entering the respondents answers in the data view of SPSS. Checking the reliability of data by finding CronBachs Alpha. The value must be above 0.50 to make data reliable for inference to be drawn. Factor analysis was done to understand the effect of independent variables on dependent variable.. Cross tabulation of variables to draw pattern from the data Hypotheses formation Drawing inference.

20

4.2 The Survey The survey was conducted for 199 respondents and their view point was recorded through the questionnaire. The distribution if the survey is as follows: Based on Age: The details are as follows:

Based on Profession The details are as follows:

21

There 89 interviews conducted in the field and rest of the survey was conducted online. There are 162 respondents.

4.3 Analysis 4.3.1 Reliability Analysis The result of reliability analysis from the SPSS is as follows:

Case Processing Summary N Cases Valid Excluded Total

a

% 162 0 162 100.0 .0 100.0

a. Listwise deletion based on all variables in the procedure.

Reliability Statistics Cronbach's Alpha .611 N of Items 28

As we can see that the value of Cronbach's Alpha is 0.611 so the data is reliable as data is considered to be a reliable data if the value is more than .50

22

4.3.2 Factor Analysis

Factor analysis is a method of data reduction.

It does this by seeking underlying

unobservable (latent) variables that are reflected in the observed variables (manifest variables). Factor analysis is used to find latent variables or factors among observed variables. In other words, if your data contains many variables, you can use factor analysis to reduce the number of variables. Factor analysis groups variables with similar characteristics together. With factor analysis you can produce a small number of factors from a large number of variables which is capable of explaining the observed variance in the larger number of variables. The reduced factors can also be used for further analysis. It is has enabled to reduce the number of variables into few dimensions 11 called factors which enables to summarize data. There are three stages in factor analysis: First, a correlation matrix is generated for all the variables. A correlation matrix is a rectangular array of the correlation coefficients of the variables with each other. Second, factors are extracted from the correlation matrix based on the correlation coefficients of the variables. Third, the factors are rotated in order to maximize the relationship between the variables and some of the factors. Before going for the factor analysis we have to perform certain pre analysis like the KaiserMeyer-Olkin Measure of Sampling Adequacy. This measure varies between 0 and 1, and values closer to 1 are better. A value of .5 is a suggested minimum.

KMO and Bartlett's Test Kaiser-Meyer-Olkin Measure of Sampling Adequacy. Bartlett's Test of Sphericity Approx. Chi-Square Df Sig. .656 590.170 278 .000

As in this case we can see that the value is over .6 so, we can perform the factor analysis in the survey.

23

Communalities

The amount of variance in each variable that is accounted for values below 0.40 would be dropped from the analysis. But here all the factors having value greater than 0.40, so no factor would be dropped from the analysis. Communalities show how much of the variance in the variables has been accounted for by the extracted factors.
Communalities Initial Which Operating System you use for your Computer ? Do you Update your Antivirus of regular time intervals ? What Type of Antivirus do you use in your computer ? Have you ever had a loss of data in past ? If YES, Have you Retrieved your data with the help of Backup Files ? How often you update your backup ? Which factor you most like about your current Antivirus ? Are you Planning to switch your Antivirus software ? If YES, Which Brand you prefer ? Rate the following Antiviruses McAfee OAS Rate the following Antiviruses Kaspersky Rate the following Antiviruses NORTON Rate the following Antiviruses Quick Heal Rate the following Antiviruses AVG 1.000 .792 1.000 .687 1.000 .732 1.000 .754 1.000 .593 1.000 .673 1.000 .714 1.000 .680 1.000 .825 1.000 .580 1.000 .558 1.000 .687 1.000 .720 1.000 Extraction .666

24

Rate the following Antiviruses Avast The Frequency of Changing the passwords is What do you do to protect your privacy while being online ? How often you Scan your computer and other external memory devices(Pen Drives, Memory Chips etc) ? Antivirus Products could be a beneficial investment in long Run to Protect your Data. Usage of Strong Passwords reduces the possibility of theft of personal information. Lack of Availability/ Unease of access is the major Reason for low popularity of Licensed Antivirus Products. Antivirus Products are overpriced. In your opinion the Probability of viruses/Threats attacks while you are Online is ? Would more advertisement boost the sales of Antivirus Products? Would any of the following changes encourage you to use a good Antivirus for your computer ? AGE Profession Which Antivirus Application you use for your computer ?

1.000

.776

1.000

.684

1.000

.750

1.000

.677

1.000

.735

1.000

.772

1.000

.698

1.000

.727

1.000

.651

1.000

.811

1.000

.771

1.000 1.000 1.000

.742 .776 .749

Extraction Method: Principal Component Analysis.

25

Total Variance Explained

It is the percentage of variance explained by significant factors in a research study. It is found that factors like How often you update your backup, Which factor you most like about your current Antivirus, Which Brand you prefer, The Frequency of Changing the passwords, What do you do to protect your privacy while being online etc 71.363 of the variance.
Total Variance Explained Extraction Sums of Squared Initial Eigenvalues Loadings % of Cumulati Component 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Total 3.258 2.576 2.253 2.036 1.862 1.688 1.503 1.396 1.257 1.143 1.010 .900 .886 .809 .785 .635 .599 .529 .457 .434 .373 .342 .303 .268 .231 .180 .166 .123 % of Variance 11.636 9.199 8.048 7.271 6.651 6.028 5.369 4.984 4.489 4.081 3.605 3.214 3.164 2.890 2.802 2.268 2.140 1.890 1.631 1.549 1.332 1.222 1.084 .956 .824 .642 .591 .438 ve % 11.636 20.835 28.883 36.154 42.805 48.833 54.203 59.187 63.676 67.757 71.363 74.577 77.741 80.631 83.433 85.702 87.842 89.732 91.362 92.911 94.242 95.465 96.549 97.504 98.329 98.970 99.562 100.000 Total 3.258 2.576 2.253 2.036 1.862 1.688 1.503 1.396 1.257 1.143 1.010 Varianc e 11.636 9.199 8.048 7.271 6.651 6.028 5.369 4.984 4.489 4.081 3.605 Cumulative % 11.636 20.835 28.883 36.154 42.805 48.833 54.203 59.187 63.676 67.757 71.363 Total 2.147 2.096 2.025 1.875 1.869 1.855 1.847 1.810 1.697 1.505 1.255 % of Variance 7.668 7.485 7.233 6.698 6.675 6.626 6.596 6.466 6.061 5.373 4.481 Cumulative % 7.668 15.153 22.386 29.084 35.759 42.385 48.981 55.447 61.508 66.881 71.363 Rotation Sums of Squared Loadings

26

Total Variance Explained Extraction Sums of Squared Initial Eigenvalues Loadings % of Cumulati Component 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Total 3.258 2.576 2.253 2.036 1.862 1.688 1.503 1.396 1.257 1.143 1.010 .900 .886 .809 .785 .635 .599 .529 .457 .434 .373 .342 .303 .268 .231 .180 .166 .123 % of Variance 11.636 9.199 8.048 7.271 6.651 6.028 5.369 4.984 4.489 4.081 3.605 3.214 3.164 2.890 2.802 2.268 2.140 1.890 1.631 1.549 1.332 1.222 1.084 .956 .824 .642 .591 .438 ve % 11.636 20.835 28.883 36.154 42.805 48.833 54.203 59.187 63.676 67.757 71.363 74.577 77.741 80.631 83.433 85.702 87.842 89.732 91.362 92.911 94.242 95.465 96.549 97.504 98.329 98.970 99.562 100.000 Total 3.258 2.576 2.253 2.036 1.862 1.688 1.503 1.396 1.257 1.143 1.010 Varianc e 11.636 9.199 8.048 7.271 6.651 6.028 5.369 4.984 4.489 4.081 3.605 Cumulative % 11.636 20.835 28.883 36.154 42.805 48.833 54.203 59.187 63.676 67.757 71.363 Total 2.147 2.096 2.025 1.875 1.869 1.855 1.847 1.810 1.697 1.505 1.255 % of Variance 7.668 7.485 7.233 6.698 6.675 6.626 6.596 6.466 6.061 5.373 4.481 Cumulative % 7.668 15.153 22.386 29.084 35.759 42.385 48.981 55.447 61.508 66.881 71.363 Rotation Sums of Squared Loadings

In this case we can see that only the first 11 components are significant

27

Rotated Component (Factor) Matrix

The idea of rotation is to reduce the number factors on which the variables under investigation have high loadings. Rotation does not actually change anything but makes the interpretation of the analysis easier. The table below shows the loadings of the forty-nine variables on the ten factors extracted. The higher the absolute value of the loading, the more the factor contributes to the variable. The colored cells in the table represent loadings that are more than 0.4, this makes reading the table easier. Looking at the table below, we can see that How Many Bank Account do you have, is substantially loaded on Factor (Component) 11 while Do You use internet is substantially loaded on Factor 4. Like that all the other variables are loaded on some or the other components.

Rotated Component Matrix

Component 1 Which Operating System you use for your Computer ? Do you Update your Antivirus of regular time intervals ? What Type of Antivirus do you use in your computer ? Have you ever had a loss of data in past ? If YES, Have you Retrieved your data with the help of Backup Files ? How often you update your backup ? - .001 .120 Which factor you most like about your current Antivirus ? Are you Planning to switch your Antivirus software ? If YES, Which Brand you prefer ? - .055 - .029 .199 - .392 .501 .041 .426 - .151 .052 .254 - .729 .199 - .041 .161 .302 - .015 .032 2 3 4 5 6 - .057 .128 7 8 - .004 .115 9 10 - .202 .059 11 .003 - .101 .088 - .127

.124 .016 .201 .730

- .235 .197 .059

.022 .085 - .300 .149 - .151 .271 -

.417 .428 .051 .126 - .126 .492 - .027 .122 - .023

.015 .071

.353 .022 .078 .237 .141 .254 .517 .162

.004 .116 - .309 .371 .008 .106 -

.074 .394

.025 .153 .116 .249 .174 .125 .013 .716 .122 .001 .087

.159 .625 .185 .068 .093 - .030 .071

.416 .038 .125 - .051 .686 .142 .226

.120 .128 - .226 .158 .183

28

Rate the following Antiviruses McAfee OAS Rate the following Antiviruses Kaspersky Rate the following Antiviruses NORTON

- .023 .102 -

- .037 .036 -

- .206 .145 - .784

- .023 .052 .708 .027 - .121 .025 - .177 .099 - .818 .125

.103 .051 .123

.104 .008 .181 .136 .133 - .012 .034 - .025 .053

.139 .086 Rate the following Antiviruses Quick Heal Rate the following Antiviruses AVG

.008 .024 - .105 .235

.142 .046 .762 .034 .054 .076

- .027 .059 .050

.032 .102 .777 .104 .330 .117

.011 .149 .065 .131 .015 Rate the following Antiviruses Avast - .039 .709 .082 The Frequency of Changing the passwords is What do you do to protect your privacy while being online ? How often you Scan your computer and other external memory devices(Pen Drives, Memory Chips etc) ? Antivirus Products could be a beneficial investment in long Run to Protect your Data. Usage of Strong Passwords reduces the possibility of theft of personal information. Lack of Availability/ Unease of access is the major Reason for low popularity of Licensed Antivirus Products. Antivirus Products are overpriced. .034 .205 .034 .307 .077 .553 .051 - .232 .112 .446 In your opinion the Probability of viruses/Threats attacks while you are Online is ? Would more advertisement boost the sales of Antivirus Products? Would any of the following changes encourage you to use a good Antivirus for your computer ? AGE .773 .091 - .096 .124 .109 .005 Profession .851 - .097 .006 .004 - .030 .055 .277 - .000 .246 .279 - .075 .053 .003 .044 .073 .042 - .040 .267 .416 .087 - .050 .235 - .854 .258 - .251 .022 .064 - .644 .247 .028 - .133 .046 .095 - .132 .058 - .406 .014 .181 - .295 .151 .170 .170 - .059 .358 .125 .430 - .808 .010 .271 .007 .042 .012 - .127 .034 .069 .030 .768 .058 - .097 .218 - .130 .103 .220 .042 .138 - .162 .241 - .831 .165 - .001 .071 .077 -

.131 .199 .333 - .004 .200 .048 .705

.066 .068 .149 .034 - .119 .012

.152 .080 - .036

.009 .070 - .261 .212

.243 .234 .138 .270 .010 .195 .166 .222 .493

.027 .204 .075

.127 .141 .004

.131 .068

.044 .025 - .003 .595 .156 .056

.095 .095 - .136 .015

.091 .026

.097 .055 .028

29

Which Antivirus Application you use for your computer ?

- .002 .499 .480 .417 .133

.129 .080 .159 .040 .152 .074

Extraction Method: Principal Component Analysis. Rotation Method: Varimax with Kaiser Normalization. a. Rotation converged in 14 iterations.

As evident from the tables, it is found that the ten factors extracted together account for a large percentage of total variance. Based on Eigenvalues, 11 principal components are extracted. Looking at Rotated factor Matrix table we see entry and exit loads; Which Operating System you use for your Computer Do you Update your Antivirus of regular time intervals If YES, Have you Retrieved your data with the help of Backup Files Are you Planning to switch your Antivirus software Rate the following Antiviruses Rate the following Antiviruses Avast, Rate the following Antiviruses AVG, The Frequency of Changing the passwords is What do you do to protect your privacy while being online Antivirus Products could be a beneficial investment in long Run to Protect your Data. Usage of Strong Passwords reduces the possibility of theft of personal information. In your opinion the Probability of viruses/Threats attacks while you are Online is Profession Would more advertisement boost the sales of Antivirus Products have loadings of .730, .729, .517, .625, .784, .777, .709, .705, .831, .768, .808, .644, .854, .773, .851 on component 1. This suggests that component 1 is a combination of these variables. Therefore this factor can be interpreted as Domain Parameters. The component explains 33.368% of the variations. In the same way we can see the inferences from the above table.

30

4.3.3 Frequency Analysis and Crosstabs

The frequency analysis helps to understand the perception while crosstab helps us to relate one factor to the other factors. There are many crosstabs that can be made out of the survey. Some of the most important crosstabs are as follows.

Q.1 Which Operating System you use for your Computer ? a. Windows b. Linux c. Dos d. IOS e. Others

In question number 1 we can see the following result.

31

Q. 2 Which Antivirus Application you use for your computer ? a. McAfee OAS g. Others In question number 2 We can see the following result. b. Kaspersky c. Norton d. Avast e. Quick Heal f. AVG

Q. 3 Do you Update your Antivirus of regular time intervals ? a. YES b. NO

32

Do you Update your Antivirus of regular time intervals ? Cumulative Frequency Valid Yes No Total 137 25 162 Percent 84.6 15.4 100.0 Valid Percent 84.6 15.4 100.0 Percent 84.6 100.0

So we Can see that majority of the sample population update their Antivirus of Regular Time Intervals.

Cross Tab Between question 5 & question 6 we can see the following result.

Have you ever had a loss of data in past ? * If YES, Have you Retrieved your data with the help of Backup Files ? Crosstabulation Count If YES, Have you Retrieved your data with the help of Backup Files ? 0 Have you ever had a loss of data in past ? Total Yes No 0 19 19 Yes 52 5 57 No 34 52 86 Total 86 76 162

33

So we can see that almost 54% of the people have lost their data in past and only 32% among them are actually retrieved their data with the help of back up file.

Q. 7 How often you update your backup ? a. Weekly b. Monthly c. Within 6 Months d. Yearly e. Never

In question number 7 we can see the Result.

How often you update your backup ? Cumulative Frequency Valid Weekly Monthly With in 6 Months Yearly Never Total 30 57 40 15 20 162 Percent 18.5 35.2 24.7 9.3 12.3 100.0 Valid Percent 18.5 35.2 24.7 9.3 12.3 100.0 Percent 18.5 53.7 78.4 87.7 100.0

So we can observed that almost 54% of respondents update their back up within or within a month. So this is very crucial issue because even if you retrieved your data after losses but you cant retrieved the updated data.

34

Q. 8 Which factor you most like about your current Antivirus ? a. Competitive Price b. Strong Protection c. Regular Updation d. User Friendly e. Not Satisfied with my Antivirus

In question number 8 we can see the following result.

Which factor you most like about your current Antivirus ? Cumulative Frequency Valid Competitive Price Strong Protection Regular Updation User Friendly Not Satisfied with my Antivirus Total 162 100.0 100.0 14 75 32 28 13 Percent 8.6 46.3 19.8 17.3 8.0 Valid Percent 8.6 46.3 19.8 17.3 8.0 Percent 8.6 54.9 74.7 92.0 100.0

So We can observed that almost 46% of the respondents want that their antivirus protection is strong. This feature is the most in consumers perception.
35

Cross Tab between question number 9 & question number 10 we can see the following result.

So we can see that Almost 52% of the respondents dont want to change their current antivirus and 48% of the respondents want to change their current antivirus. Majority of the respondents whom want to change their current antivirus want to prefer NORTAN.

36

Q. 10 If YES, Which Brand you prefer ? a. McAfee OAS g. Others b. Kaspersky c. Norton d. Avast e. Quick Heal f. AVG

In question number 10 we can see the following result. The result will follow a sequence of brands and their preferences.

Rate the following Antiviruses McAfee OAS Cumulative Frequency Valid 0 Protection Regular Updating User Friendly Trust Competitive Price Total 4 50 53 25 22 8 162 Percent 2.5 30.9 32.7 15.4 13.6 4.9 100.0 Valid Percent 2.5 30.9 32.7 15.4 13.6 4.9 100.0 Percent 2.5 33.3 66.0 81.5 95.1 100.0

37

Rate the following Antiviruses Kaspersky Cumulative Frequency Valid 0 Protection Regular Updating User Friendly Trust Competitve Price Total 9 48 47 37 15 6 162 Percent 5.6 29.6 29.0 22.8 9.3 3.7 100.0 Valid Percent 5.6 29.6 29.0 22.8 9.3 3.7 100.0 Percent 5.6 35.2 64.2 87.0 96.3 100.0

Rate the following Antiviruses NORTON Cumulative Frequency Valid 0 Protection Regular Updating User Friendly Trust Competitive Price Total Missing Total System 3 47 24 56 16 12 158 4 162 Percent 1.9 29.0 14.8 34.6 9.9 7.4 97.5 2.5 100.0 Valid Percent 1.9 29.7 15.2 35.4 10.1 7.6 100.0 Percent 1.9 31.6 46.8 82.3 92.4 100.0

Rate the following Antiviruses Quick Heal Cumulative Frequency Valid 0 Protection Regular Updating User Friendly Trust Competitve Price Total Missing Total System 4 16 35 42 27 36 160 2 162 Percent 2.5 9.9 21.6 25.9 16.7 22.2 98.8 1.2 100.0 Valid Percent 2.5 10.0 21.9 26.3 16.9 22.5 100.0 Percent 2.5 12.5 34.4 60.6 77.5 100.0

38

Rate the following Antiviruses AVG Cumulative Frequency Valid 0 Protection Regular Updating User Friendly Trust Competitve Price Total Missing Total System 2 22 29 37 28 42 160 2 162 Percent 1.2 13.6 17.9 22.8 17.3 25.9 98.8 1.2 100.0 Valid Percent 1.3 13.8 18.1 23.1 17.5 26.3 100.0 Percent 1.3 15.0 33.1 56.3 73.8 100.0

Rate the following Antiviruses Avast Cumulative Frequency Valid 0 Protection Regular Updating User Friendly Trust Competitive Price Total 4 17 45 60 24 12 162 Percent 2.5 10.5 27.8 37.0 14.8 7.4 100.0 Valid Percent 2.5 10.5 27.8 37.0 14.8 7.4 100.0 Percent 2.5 13.0 40.7 77.8 92.6 100.0

So we can see from above table that McAfee is preferred due to Protection & regular Updating, Kaspersky is preferred due to user friendly, Protection & regular updating, NORTON is very user friendly, Quick Heal is preferred due to competitive price & user friendliness and Avast is preferred due to regular updating & user friendliness.

39

Q 12 The Frequency of Changing the passwords is a. Less than 15 days Dont Change In question number 12 we can see the following result.
The Frequency of Changing the passwords is Cumulative Frequency Valid Less Than 15 days Within 1 Month Within 6 Months Within 1 Year Don't Change Total 14 43 45 26 34 162 Percent 8.6 26.5 27.8 16.0 21.0 100.0 Valid Percent 8.6 26.5 27.8 16.0 21.0 100.0 Percent 8.6 35.2 63.0 79.0 100.0

b. Within 1 Month

c. Within 6 Months

d. Within 1 Year

e.

40

In question number 13 we can see the following result.

What do you do to protect your privacy while being online ? Cumulative Frequency Valid Use Https Use Secure Web Browsing Use Invisible browsing mode Use Internet Security Software Nothing Specific Total 32 162 19.8 100.0 19.8 100.0 100.0 46 36 29 19 Percent 28.4 22.2 17.9 11.7 Valid Percent 28.4 22.2 17.9 11.7 Percent 28.4 50.6 68.5 80.2

41

So we can see that majority of the respondents believes that usage of Https and secure web browsing help them from any unwanted threats.

In question number 15 we can see the following results.

Antivirus Products could be a beneficial investment in long Run to Protect your Data. Cumulative Frequency Valid Strongly Agree Agree Neutral Disagree Strongly Disagree Total 75 55 13 6 13 162 Percent 46.3 34.0 8.0 3.7 8.0 100.0 Valid Percent 46.3 34.0 8.0 3.7 8.0 100.0 Percent 46.3 80.2 88.3 92.0 100.0

Lack of Availability/ Unease of access is the major Reason for low popularity of Licensed Antivirus Products. Cumulative Frequency Valid Strongly Agree Agree Neutral Disagree Strongly Disagree Total 29 59 49 17 8 162 Percent 17.9 36.4 30.2 10.5 4.9 100.0 Valid Percent 17.9 36.4 30.2 10.5 4.9 100.0 Percent 17.9 54.3 84.6 95.1 100.0

42

Antivirus Products are overpriced. Cumulative Frequency Valid Strongly Agree Agree Neutral Disagree Strongly Disagree Total 34 48 31 26 23 162 Percent 21.0 29.6 19.1 16.0 14.2 100.0 Valid Percent 21.0 29.6 19.1 16.0 14.2 100.0 Percent 21.0 50.6 69.8 85.8 100.0

As we can see that majority of the respondents believe that Antivirus Products could be a beneficial investment in long Run to Protect your Data, 61% of the respondents think that

43

Usage of Strong Passwords reduces the possibility of theft of personal information, 51% of the respondents think that Lack of Availability/ Unease of access is the major Reason for low popularity of Licensed Antivirus Products and 52%of the respondents think that antivirus products are not over priced.

In question number 16 we can see the following results.

In your opinion the Probability of viruses/Threats attacks while you are Online is ? Cumulative Frequency Valid Very High High Normal Low Very Low Total 24 72 43 15 8 162 Percent 14.8 44.4 26.5 9.3 4.9 100.0 Valid Percent 14.8 44.4 26.5 9.3 4.9 100.0 Percent 14.8 59.3 85.8 95.1 100.0

So we observed that almost 84% of the respondents think that the probability of virus/ threats attacks while being online is normal or above normal.

In question 18 we can see the following results.

44

Would more advertisement boost the sales of Antivirus Products? Cumulative Frequency Valid Yes No Neutral Total 101 60 1 162 Percent 62.3 37.0 .6 100.0 Valid Percent 62.3 37.0 .6 100.0 Percent 62.3 99.4 100.0

In this question almost 60% of the respondents believe that the advertisement boost the sales of antivirus products. This also relates that antivirus companies do less advertisements. In question number 19 we can see the following results.

Would any of the following changes encourage you to use a good Antivirus for your computer ? Cumulative Frequency Valid Price Availability Trial Offers Total 69 50 43 162 Percent 42.6 30.9 26.5 100.0 Valid Percent 42.6 30.9 26.5 100.0 Percent 42.6 73.5 100.0

Cross tab between question number 19 and age we can see the following results.

45

Would any of the following changes encourage you to use a good Antivirus for your computer ? * AGE Crosstabulation Count AGE 16-20 Would any of the following changes encourage you to use a good Antivirus for your computer ? Total 4 120 25 5 8 162 Price Availability Trial Offers 2 0 2 20-25 61 37 22 25-35 0 10 15 35-45 3 0 2 Above 45 3 3 2 Total 69 50 43

So we can see from the above diagram that price comes first availability second and trial offers are in the third position. So as we can see that majority of India total population is young and they focused mainly on price but the antivirus companies focus on trial offers.

46

CHAPTER 5: CONCLUSIONS AND RECOMMENDATIONS

5.1 Summary of Findings The Major findings areas follows. After the research we came to know that even today security is one of the most important problems prevailing in the perceptions even today. As we can see that the major number of people even today feels security concern as a major reason and they always fear of loss of data. Well as far as the Antivirus brand is concern McAfee is preferred due to Protection & regular Updating, Kaspersky is preferred due to user friendly, Protection & regular updating, NORTON is very user friendly, Quick Heal is preferred due to competitive price & user friendliness and Avast is preferred due to regular updating & user friendliness. As we found majority of the respondents believes that usage of Https and secure web browsing help them from any unwanted threats. Only 12.9 % of respondents believe that usage of internet security software protect from any unwanted threats. we found that majority of the respondents believe that Antivirus Products could be a beneficial investment in long Run to Protect your Data, 61% of the respondents think that Usage of Strong Passwords reduces the possibility of theft of personal information, 51% of the respondents think that Lack of Availability/ Unease of access is the major Reason for low popularity of Licensed Antivirus Products and 52%of the respondents think that antivirus products are not over priced. we also found that price comes first availability second and trial offers are in the third position. So as we can see that majority of India total population is young and they focused mainly on price but the antivirus companies focus on trial offers.

47

We also found that almost 60% of the respondents believe that the advertisement boost the sales of antivirus products. This also relates that antivirus companies do less advertisements.

5.2 Recommendations The recommendations are as follows We came to know that Antivirus Companies are focusing on trial version to promote the sell but users want less price products, they focus highly on price and availability of the brand. So companies should penetrate their brand in various local markets as well and provided in less price. We also observed that Antivirus companies only focus on internet advertising but they dont focus on other means of advertising so they should focus on that. Respondents are aware of information security threats but they use various means to protect from it. So companies should focus on products emphasis on overall security. As we observed that there is no campaign for information security threats and solutions. So companies also promote these type of campaigns.

5.3 Limitations There were certain limitations involved with the research conducted. The limitations are listed as follows: 1. As the research was related to the information security threats & solutions, most of the people thought that we are going to take some personal data and so they didnt gave complete information. 2. Interview was only conducted in the NCR region. 3. As few of the questionnaires were not filled completely, we have to discard the questionnaire bring down the sample size to 112. 4. Lack of interest and enthusiastic responses may have allowed biases in this report. Test of sampling error could not be done due to the absence of data regarding the total population size. Correctness of this report is restricted and limited by the degree of authenticity of data collected and sincerity and honesty of respondents.

48

REFERENCES 1. Blyth A., and Kovacich G., Information Assurance (security in the information environment),2nd edition, 2006. Springer-Verlag Ltd, London. 2. Brian Cashell, William D. Jackson, Mark Jickling, and Baird Webel ( April 1 2004). The economic impact of cyber attacks Government and Finance Division USA. 3. Fortson L. Towards the Development of a Defensive Cyber Damage and Mission Impact Methodology , AFIT Masters Thesis, March 2007 4. Howard, J., Longstaff, T. (Dec. 1999) . A Common Language For Computer Security Incidents, Sandia National Laboratories, Sandia Report. 5. Baghdadi, Zaid- Al. Rizvi, S.A.M. & Sadia Rizvi, Halima (2009). 9 ways to protect your computer from threats, international Conference on Recent Developments in Computing & its Applications. 6. Jaehun Joo, Mie-jung Kim, Ismatilla Normatov, and Lyunhwa Kim (2011). Determinants of Information Security Affecting Adoption of Web-based Integrated Information Systems, World Academy of Science, Engineering and Technology.

49

APPENDIX-I Questionnaire QUESTIONNAIRE On Information Security Threats & Solutions

Q.1 Which Operating System you use for your Computer ? a. Windows b. Linux c. Dos d. IOS e. Others

Q. 2 Which Antivirus Application you use for your computer ? a. McAfee OAS g. Others b. Kaspersky c. Norton d. Avast e. Quick Heal f. AVG

Q. 3 Do you Update your Antivirus of regular time intervals ? a. YES b. NO

Q. 4 What Type of Antivirus do you use in your computer ? a. Free Downloaded Antivirus b. Licensed Antivirus

Q. 5 Have you ever had a loss of data in past ? a. YES b. NO

50

Q. 6 If YES, Have you Retrieved your data with the help of Backup Files ? a. YES b. NO

Q. 7 How often you update your backup ? a. Weekly b. Monthly c. Within 6 Months d. Yearly e. Never

Q. 8 Which factor you most like about your current Antivirus ? a. Competitive Price b. Strong Protection c. Regular Updation d. User Friendly e. Not Satisfied with my Antivirus

Q. 9 Are you Planning to switch your Antivirus software ? a. YES b. NO

Q. 10 If YES, Which Brand you prefer ? a. McAfee OAS g. Others b. Kaspersky c. Norton d. Avast e. Quick Heal f. AVG

51

Q. 11 Rate the following Antiviruses Protection Regular Updating McAfee OAS Kaspersky Norton Avast Qucik Heal AVG User Friendly Trust Competitive Price

Q 12 The Frequency of Changing the passwords is a. Less than 15 days Dont Change b. Within 1 Month c. Within 6 Months d. Within 1 Year e.

Q. 13 What do you do to protect your privacy while being online ? a. Use Https b. Use Secure Web Browsing c. Use Invisible browsing mode d. Use Internet Security Software e. Nothing Specific

52

Q. 14 How often you Scan your computer and other external memory devices(Pen Drives, Memory Chips etc) ? a. Weekly b. Monthly c. Within 6 Months d. Yearly e. Never

Q. 15 Rate the Following Strongly Agree Antivirus Products could be a Agree Neutral Disagree Strongly Disagree

beneficial investment in long Run to Protect your Data. Usage of Strong Passwords reduces the possibility of theft of personal information Lack of Availability/ Unease of access is the major Reason for low popularity of Licensed Antivirus Products Antivirus Products are overpriced

Q. 16 In your opinion the Probability of viruses/Threats attacks while you are Online is ? a.Very High Low b. High c. Normal d. Low e. Very

53

Q. 17 What are top the three things that you do most often while online at home? (please Mark only 3).

a. Visit

official

websites

of

your

b. Use Social Networking Sites

company/College c. Email People e. Download Music & Programs g. Others Please Specify-d. Play Online Games f. Visit at the sites that interest you

Q. 18 Would more advertisement boost the sales of Antivirus Products ? a. Yes b. No c. Neutral

Q. 19 Would any of the following changes encourage you to use a good Antivirus for your computer ? a. Price b. Availability c. Trial offers

Your Name : Gender : Age : 45 Email ID : Profession : a. Student Phone Number:

54

a. 16-20

b. 20-25

c. 25-35

d. 35-45

e.

Above

b. Salaried

c. Business

d. Others

Thank You

55