International Journal of Digital Literacy and Digital Competence

Volume 10 • Issue 4 • October-December 2019

Data Security:
The Misuse of Technology and Points of
Vulnerability in Everyday Information Systems
Otobong Inieke, Independent Researcher - Graduate of Middlesex University Mauritius Campus, Nigeria
https://orcid.org/0000-0001-9906-4028

ABSTRACT
Data security in the information age is a critical facet in the integrity and reliability
of the various information systems making up value structures of businesses,
organizations etc. Aside from professionals directly involved with securing data within
these systems, the importance of data security is not readily apparent to the everyday
user of devices in the information systems. The purpose of this literature review is
to highlight challenges related to data security and business information systems
in conjunction with digital literacy. An extensive literature review was conducted
with the aim of identifying and describing scenarios of technology misuse as well as
vulnerabilities in vital business information systems. A gap in awareness continues to
plague those who leverage information systems for its myriad uses because everyday
users will in most cases dismiss data security advice as alarmist or jargon-laden. This
falls in line with a 2018 cyber security survey from Statista which showed that 22%
of data security tasks was preventing malware while 17% of tasks were dedicated to
preventing social engineering and phishing attacks. This literature review will describe
possible data insecurity solutions as well as potential areas of further research. The
paper will point out the importance of digital literacy as well as recommendations
for its improvement in society and also ongoing research in that regard. The essence
of this literature review is to identify certain everyday information systems such as
decision support systems and transaction processing systems; while pointing out
vulnerabilities and threat nature i.e. technical or non-technical and also demonstrating
the importance of digital literacy and lack thereof.

Keywords
Cloud Computing, Digital Literacy, Information Systems, Malware, Online Privacy

DOI: 10.4018/IJDLDC.2019100102

Copyright © 2019, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.


25
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

INTRODUCTION
The transfer, reception and effective utility of data constitutes large aspects of today’s
business environment, and an important part of effective data usage of the security
of said data. Data security being a broad term by itself is a reference to the passive
or active measures for protecting data; proprietary or otherwise from unauthorized
access throughout its period of usefulness (Comodo, 2019). Organizations and
businesses looking to operate seamlessly and remain competitive are well aware of the
importance of securing critical assets such as data which has led to more investments
in data security and information technology (Comodo, 2019). While organizations
prioritize brand/intellectual property protection and customer details etc., the main
elements around data security threat detection and response are the people involved,
the processes facilitating the usage of data and the technology utilized in context
(MicroFocus, n.d.).
When considering the threats to data security, it should be highlighted that the
growth of the data/cyber-security industry has not stalled the proliferation of methods,
techniques and tools used to undermine the security and/or integrity of data. With
approximately 68% of funds irretrievably lost to cyber-attacks and the increasing
difficulty in detecting malicious threats, the cost of poorly implemented data security
measures is undeniable (Dascalescu, 2018). Furthermore, threats to information
systems could be of a technical or non-technical nature which further diversifies the
vectors through which malicious actions are launched against said systems. Threats
of a technical nature could include exploits of software vulnerabilities, malware and
various forms of phishing etc. while those of a non-technical nature can include social
engineering and careless or malicious insiders (Dascalescu, 2018). The following
section will simply cover threats of a technical and non-technical nature;

TECHNICAL THREATS
According to (Techopedia, n.d.), a threat can be considered as anything or a potential
that can cause harm to computer systems, networks or peripheral devices. These
can range from malware and viruses to Trojans and outright hacker attacks using
sophisticated tools. Threats that are designed as malicious software by skilled
individuals with extensive cyber-security knowledge can be considered as ‘technical
threats.’ The following sub-headings are examples of technical threats;
Malware
Firstly, the word ‘malware’ is a shortened form of ‘malicious software’, it is an
encompassing term for hostile, dangerous or intrusive computer programs and code
and includes spyware, viruses, Trojans etc. (Sanchez, 2010). A study carried out by
PandaLabs showed that throughout 2015, roughly 84 million new malwares were both
identified and stopped with an average of 230,000 new malware created daily in that
same period (PandaSecurity, 2016). The study also showed that of the 304 million
total malware identified, 27.63% of that total was created in 2015. Such profound

26
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

information naturally translated to difficulty for targets of malware attacks such as

large companies and organizations who had to deal with data theft and compromise
as well as disruption of information systems.
With further insight into the disruptive nature of technical threats, one has to
consider the 2017 ‘WannaCry’ malware which exploited computers that lacked
updated security patches by encrypting all files within the infected computer and
denying any access to the owner (Zaharia, 2017). According to the BBC, high profile
victims of the WannaCry malware included roughly 40 organizations affiliated to the
National Health Service in England and Scotland affecting appointments and normal
activities. It also reported that about 75,000 cases in 99 countries around the world
were observed by Avast - the cyber-security firm (BBC News, 2017). It should be
noted that Microsoft as well as independent cyber-security researchers were able to
release updates and tools respectively that help affected users to safely decrypt content
in infected computers (Zaharia, 2017).
Spyware
Spyware just like malware possesses a fluid definition depending on context. Generally,
spyware is considered software that causes a computer to surreptitiously send or
release private data to an unauthorized individual or party ultimately without the
knowledge of its legitimate user (Thompson, 2005). In many cases, computer users
unknowingly download spyware onto their systems often by innocently browsing to
suspicious websites that have machine code which automatically infects their systems
in a process referred to as drive-by download (Thompson, 2005).
Although, passively described as an annoyance that can be dealt with using simple
security practices, spyware has the potential to be extremely damaging and poses a
real danger to structure and integrity of information systems with security and privacy
in context. According to (Thompson, 2005) spyware if successfully installed on a
system can proceed to;

• Transmit personal information saved on the computer which could in turn be used
for spam messaging, or possible identity theft.
• Create access for a remoter intruder using the Remote Access Trojan (RAT) for
file modification, etc.
• Search for vulnerabilities or log keyboard strokes for confidential details such as
passwords.

Successful spyware exploits are also a huge cost to overall productivity, efficiency
and performance of computer systems. Computers can have their critical processes
interrupted by spyware, they can also have abnormal boot-times or power consumption
with a negative impact to normal operations. The menace of spyware in the various
spheres of information systems, can be tackled through planning, education of
consumers as well as application of appropriate legislation (Thompson, 2005).

27
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

NON-TECHNICAL THREATS
These threats will not necessarily have an electronic or computer-based origin but can
be as a result of theft, sabotage or illegal tampering. Natural disasters or ‘Acts of God’
such as lightning strikes, fires and extreme weather events can cause direct damage
to infrastructure housing vital information systems and assets (Society Insurance,
2018). Disgruntled and malicious company insiders can also undermine data security
by stealing, modifying or corrupting vital information. Less technical individuals can
be manipulated psychologically by criminals to either provide sensitive information
(passwords, financial details) or perform inappropriate actions on information systems,
this is basically referred to as social engineering (Dascalescu, 2018).
As a spotlight to the seriousness of social engineering, Dark Reading – a cyber-
security news website – reported in 2015 on how a cyber-crime ring, operating out
of eastern Europe was able to steal about $1bn from 100 unique banks in almost 30
countries over a period of 2 years using spear phishing emails aimed at bank employees
(Nayyar, 2015). Furthermore, it has been shown that 59% of employees steal sensitive
corporate data when they quit or are fired (Dascalescu, 2018). This simply brings
consumer education back in focus because concerned individuals can be trained on
how to protect shared documents and systems and also resist social engineering tactics
which builds discerning professionals who are less likely to be victims of phishing
attacks and malicious software from unknown sources.

INFORMATION SYSTEMS – AN OVERVIEW

Information systems from a technological standpoint, refers to the various technologies
such as software, smart devices, databases, computers etc. that transfer, translate,
store, and manipulate information and also carry out specific tasks for entities in a
variety of business and social contexts (Boell & Kecamanovic, 2015). Information
systems along with the concerned technologies are not exempt from security threats
and this is evident in widely known and published research on issues of computer
abuse (Baskerville, 1993). Despite the fact that most system designers and engineers
do not aim to build information systems with insecurities, research into the analysis
of such possibilities are usually remote which in turn leaves data and information
integrity vulnerable to abuse (Baskerville, 1993).
In the nascent days of information and communication technology (ICT),
information systems were designed as one-off products to solve a particular problem
in each case. This evolved to building systems with capabilities to solve a spectrum of
similar issues. Furthermore, in a bid to classify the types and overall functionalities of
information systems, the pyramid model has been extensively relied on for this purpose
(Kimble, n.d.). The pyramid model simply classifies the types of/ and relationships
between information systems in an organization as most organizations are hierarchical.
For the purpose of this paper, the focus will be on; executive information systems,
management information systems and transaction processing systems.

28
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Executive Information Systems (EIS)

In an organization are considered to be of strategic level i.e. related to senior managerial
officials and executives, also, in reference to the earlier mentioned pyramid model,
the EIS is located at the top of the pyramid (Kimble, n.d.). EIS helps strategic-level
officials to analyze and identify long term trends, plan appropriately based on such
information, and understand environments within which the business operates. It
should be noted that EIS in today’s business environments are not strictly limited to
the ‘higher-ups’, because customized solutions can be designed to cater to the needs of
people in the company by allowing conditioned access to company data with improved
efficiency as the goal (Computer Business Research, n.d.).
Management Information Systems (MIS)
MIS is generally built to cater to mid-level managers who need valid data required for
the day-to-day operations of an organization particularly in the short-medium term.
Management Information Systems are structured and assist concerned individuals
in making detailed comparisons or summaries of organizational activities (Kimble,
n.d.). Data used in MIS is derived from general staff activities of a lower strategic
level such as daily database entries from regularly scheduled tasks or routine activities
within the organization (Cress, 2010). For greater context, examples of management
information systems include; inventory control systems, sales management systems,
personnel management systems, etc. (Kimble, n.d.).
Transaction Processing Systems (TPS)
TPS in essence are systems that coordinate, check and control the purchase as well as
sale of goods and services within a business network. The TPS is an operational-level
information system that in many cases handles the bulk of service and operational
data e.g. daily transactional records of a shipping company which can include but
is not limited to; the shipping manifesto, detailed product specification, financial
details of concerned parties (sender, recipient, middleman, etc.) (Fitzpatrick, 2018).
Systems as complex as TPS which potentially handle millions of transactions daily,
weekly or monthly are vulnerable to data security breaches possibly leading to system-
wide compromise. Additionally, over-investment in TPS can reduce an organizations
operational flexibility if there is too much consolidation and/or reliance on specific
TPS (Fitzpatrick, 2018). This happens when TPS based activities cannot be easily
adapted to new directives from the strategic (executive) level of the organization.

THREATS
The security of information systems still ranks highly among the pressing issues
and or threats that face professionals dealing with these systems. The threats range
through vulnerabilities as described above; natural disasters, disgruntled insiders,
malicious hackers etc. Executives utilizing information systems express valid concern
about potential security threats, particularly computer viruses, a study conducted by

29
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

the Management Information Systems Research Center in University of Minnesota

showed that there is some dissonance between the usage of these modern systems
and the security risks inherent to said systems (Loch, et al., 1992). Risk analysis in
conjunction with security evaluation methods have given researchers the extra ability
to analyze organizational structures in order to develop more secure information
systems (Backhouse & Dhillon, 1996). Threats covered within the scope of this review
article will include cloud computing, wireless network vulnerabilities and the human
element (theft, abuse etc.).
Cloud
Cloud computing is easily defined as virtual computing resources (servers, networked
computers) that provide users with access to data services and applications through
an on-demand web interface (Kim-Kwang, 2010). Scalable online computing and
increased work volume are advantages enjoyed by organizations that adopt cloud
computing solutions. Also, businesses can meet fluctuating service demands with
available pay-as-you-go options. As stated above, these modern systems, though with
practical advantages also carry risks. Malware targeting Virtual Machines, Botnets,
loss of internet connectivity are examples of risks borne by cloud computing adoption
that could disrupt efficient business flow. Furthermore, malicious cloud service
providers do take advantage of poor cyber security regulations and provide cloud and
hosting services to clients with limited information which makes them vulnerable to
criminal interest groups. Moreover, loss of internet connectivity in many cases would
equal loss of access to business-critical data, which if left unattended can have run-off
effects of negatively affecting business processes outside computing environments
(Hutchings, 2012).
Wireless Network Vulnerabilities
Small and medium size businesses in many sectors and particularly in the hospitality
industry, provide free connection to their wireless networks in a bid to attract more
customers. In many instances, these connections are either left open or unsecure with
bad encryption leaving them open to threats such as session highjacks and man-in-
the-middle attacks, where a victim’s communications over a compromised network
are intercepted by attackers posing as legitimate entities on the network (Hutchings,
2012). Conversely, vulnerable wireless networks as described above could allow for
further abuse, such as denial-of-service attacks, identity theft with the possibility of
having the service providers held responsible. It should be noted that information
saved over open/poorly protected networks are also vulnerable, as demonstrated in a
2007 attack resulting in 45 million transaction accounts being compromised in a TJ
Maxx -an American retail store (Lawton, 2010).

30
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Human Elements
In this context of data security, an added threat to the integrity of information systems
is the abuse of privilege by individuals with elevated access to sensitive aspects of
business activities (Kim-Kwang, 2011). A compromised employee may be motivated
to alter or steal information for reasons such as monetary gain, competitive advantage
or sabotage. Additionally, in a bid to carry out disruptive activities, malicious insiders
with technical knowledge can proceed to subvert security measures and further exploit
vulnerabilities in networked information systems. Furthermore, theft of the actual
devices used to transfer or save information (thumb drives, computers) has been a
leading concern. According to a study conducted by Symantec, 37% of all data breaches
that could lead to identity theft in 2009 were as a result of theft or loss of computing
devices and mediums e.g. thumb drives, hard drives (Symantec, 2010).

DATA MISUSE
Following the increased dependence of businesses on information systems and related
devices, an unwanted side effect of this fact is the risk of misuse of data and IT systems.
It was shown in a study by the Computer Security Institute that, according to their
computer crime and security survey, employee abuse of work-related information
technology (IT) resources constituted the most frequent and expensive type of data
misuse (Richardson, 2008). Furthermore, negative impacts as a result of data misuse
by employees can include; overall loss of productivity, potential legal costs, loss of
public trust and a tainted image. It should also be noted that the predisposed need
for social approval as well as beliefs, moral or otherwise, are major determinants in
behavior regarding technology misuse (D’Arcy & Devaraj, 2012).
Typically, data/information system misuse can be overseen by laws and policies
governing the ethical use of IT systems, however, the potential for misuse increases
(Team ObserveIT, 2018). According to an ObserveIT report, differentiating between
a malicious insider from an unwitting one is crucial, and although organizations may
have data loss prevention solutions, one can only determine what was transferred or
lost and not the context of the insider’s actions (Team ObserveIT, 2018). A high-profile
case of data misuse occurred in 2014 involving Uber –the online transport service
company- where fewer than 10 employees had abused an internal company application
feature called “God View”, which tracks customers and drivers in real-time without
their express consent (Smith, 2016).
In 2015, DarkReading, a cyber-security news website reported that an employee
of Morgan Stanley had inappropriately obtained 10% of client details (about 350,000
people) in an investment database and proceeded to publicly post 900 of said details
on PasteBin which is a content hosting service that allows users to store text online
for a period of time (Chickowski, 2015).
With sufficient research documenting the misuse of data and IT resources,
individuals involved may not always have malicious intent. For example, an employee
with insufficient web security knowledge may browse the internet to a website with

31
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

malicious code or unwittingly click on a malware phishing link, triggering a series of

events that could end up costing the organization valuable resources. Furthermore,
a person may use a personal computer to take work home during the weekend in
spite of company policies stated against usage of personal devices for work purposes
(Computer Economics, 2009).
A report published by (Computer Economics, 2009) showed that illicitly copying
files to storage devices was considered a major threat and source of information leaks
from companies, however one third of participants in the research admitted to making
no attempt in the deterrence of such activity. The same report also demonstrated that
90% of organizations have policies forbidding downloads of unauthorized software
while 17% reported violations of policy through use of unauthorized remote access
programs (Computer Economics, 2009).

DIGITAL LITERACY IN THE CONTEXT OF DATA SECURITY

Digital literacy plays an important role in the optimal performance of a business that
depends on information systems. With focus on the previous issues covered, it must
be stated that a lack of digital literacy within/among staff of a business can have
negative effects of overall operations. Digital literacy essentially refers to skills and
tactics acquired with the aim of functioning effectively in our present digital age (Odu
& Omosigho, 2017). Furthermore, digital literacy serves as a tool that empowers
individuals with 21st century skills to create, communicate and collaborate as well as
protect one’s privacy.
As businesses and individuals are concerned, one needs to be digitally literate
in order to fully participate and maintain a global competitive stance in this modern
era (Shopova, 2014). With majority of information being increasingly made available
online, people and in turn businesses lacking in digital literacy are in many cases
unable to access databases or the internet in general. This can lower engagement with
critical information systems in a particular context while also spurring aversion to
digital literacy, all of which creates a wider information gap between individuals and
business entities (Shopova, 2014).

PROBLEMS IMPACTING DIGITAL LITERACY

VIS-À-VIS DATA SECURITY
Digital literacy and data security are vital for preventing loss of digital assets and
also assures safety during regular online activities. According to (Dodel & Mesch,
2018) who used a 2014 survey of internet users in Israel to investigate indicators of
internet-safety behavior, the duo found that age, gender, education and quality of
internet access were connected to the user’s level of digital security skills. However,
social and digital inequalities are exacerbated when applying measures that prevent
cyber threats, thereby putting those lacking digital literacy at further risk of online
threats (Dodel & Mesch, 2018).

32
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Table 1, from the (Dodel & Mesch, 2018) study further demonstrates disparities
between Israeli internet users showing antivirus usage behavior as it shows that roughly
15% of respondents regularly scan files before opening them as opposed to 45% who
never scan files before opening them. It can also be observed that about 60% of the
respondents do not install or update antivirus on mobile devices compared to the
15.5% who do so consistently. Considering the mentioned statistics, businesses and
institutions can become vulnerable to cyberthreats if there is insufficient training of
digital literacy, a wide information gap or an unwillingness to practice online safety
techniques;
A 2012 European Union Cyber-Security study showed that 12% of internet users
experienced online fraud and 8% suffered identity theft (European Commission, 2012).
Moreover, in correlation with age factors and digital inequalities as mentioned above,
the study showed that 11% of respondents over the age of 55 were unlikely to have
seen anything about cybercrime on the internet while 80% of respondents between
ages 25-39 had heard or read about cybercrime 12 months before the survey i.e. 2012
(European Commission, 2012).
Researchers from the Russian State Social University carried out a survey that
demonstrated a willingness to join the digital economy -the economy applied via digital
telecommunications- although respondents lacked competence in digital education/
literacy (Khitskov, et al., 2017). The study pointed out 4 main challenges respondents
faced with joining the digital economy and they are as follows;

• Just 63.9% of respondents indicated digital literacy of human-systems relations

i.e. participation and understanding of digital media, digital government and the
digital economy.
• 83.6% of respondents did not understand or recognize the necessity of reorienting
the training in technical and technological studies. Alexey Kozyrev (Former
Russian Deputy Minister of Communications) suggested in an interview that by
2024, Russia will need 10-fold more IT-specialists compared to 2017. Only 16.4%
of respondents said the same thing (Khitskov et al., 2017).

Table 1. Summary of antivirus use behaviour (Dodel & Mesch, 2018)

Install/Update antivirus Install/Update antivirus Scanning files before

on PC on mobile devices opening
Not at all 25.7% (443) 59.5% (948) 45.0% (776)
2 6.5% (112) 7.5% (119) 5.7% (98)
3 10.9% (187) 7.3% (117) 6.7% (116)
4 10.7% (184) 6.3% (100) 4.5% (78)
Frequently 37.1% (639) 15.5% (247) 14.9% (257)
Auto Updates 9.1% (157) 3.9% (62) 23.1% (399)
Total (Valid Cases) 100% (1722) 100% (1593) 100% (1724)

33
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

• The research team observed that respondents were not in full control of activities
within the digital environment such as; providing and acquiring goods and services
through existing payment technologies, lacking skills for online research and
documentation etc.
• 29% had a partial awareness of digital reputation, 40% partly understood digital
ethics and 41% had an awareness of digital culture.

RECOMMENDATIONS FOR THE IMPROVEMENT

OF DIGITAL LITERACY
The advances in technology and digital communication have created opportunities
for improving digital literacy in society. Ubiquity of these digital technologies has
also given users the ability to conduct business and research without leaving their
homes as long as their devices are connected to the internet (Odu & Omosigho,
2017). According to research by Odu and Omosigho in Nigeria, libraries can conduct
seminars and regular workshops with the aim of raising awareness on the importance
of digital literacy. The libraries and workshops also play a role in bridging the digital
gap through provision of free internet access as well as training and assistance to
surrounding communities (Morgan, 2014).
(Shopova, 2014) further suggests that efforts to improve digital literacy should
begin in primary and secondary schools, with the aim of teaching the cognitive and
operational attitudes vital for the optimal use of information technology. Additionally,
short and long-term programs can be incorporated into business and academic practices
which may contribute to acquisition of knowledge and skills as well to encourage use
of digital resources (Shopova, 2014). Free resources can also be dedicated to digital
literacy training and can be conducted through; one-on-one support where a staff
helps another with learning or improving a digital skill or through scheduled classes
with a certified trainer or via online self-paced learning using resources like Lynda.
com and LearninExpressHub.com (Morgan, 2014).
In keeping with recommendations and research to digital literacy improvement,
the European Commission designed a Digital Competence Framework for Citizens
(DigiComp 2.0) with the purpose of monitoring, assessing and encouraging digital
literacy while taking into consideration different levels of development (UNESCO,
2018). The Digital Literacy Global Framework report (UNESCO, 2018) shows that
knowledge and skills are necessary for competence in digital literacy and attitudes are
just as important for an individual to maintain motivation and optimal performance.
Table 2 showws a framework of the DigiComp2.0.

CONCLUSION
Finally, the importance of data security is apparent and extensive research has been
conducted proving this fact. The persisting challenge lies in the inherent vulnerabilities
of information systems and computing devices, and in this vein, further training and

34
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Table 2. DigiComp 2.0 framework, competence areas and competences (UNESCO, 2018)

Competence Area Competences

1. Information and data literacy 1.1 Searching and filtering data, information and digital content.
1.2 Evaluating data, information and digital content.
1.3 Managing data, information and digital content.
2. Communication and 2.1 Interacting through digital technologies.
collaboration 2.2 Sharing through digital technologies.
2.3 Collaborating through digital technologies.
2.4 Netiquette.
2.5 Managing digital identity.
2.6 Engaging in citizenship through digital technologies.
3. Digital content creation 3.1 Developing digital content.
3.2 Integrating and re-elaborating digital content.
3.3 Copyright and licences.
3.4 Programming.
4. Safety 4.1 Protecting devices.
4.2 Protecting personal data and privacy.
4.3 Protecting health and well-being.
4.4 Protecting the environment.
5. Problem solving 5.1 Solving technical problems.
5.2 Identifying digital competence gaps.
5.3 Creatively using digital technologies.
5.4 Identifying needs and technological responses.

sensitization of employees have shown positive results. The existing gap between
adoption of modern information systems and security implications of said systems is
in the least being addressed by ground breaker cyber security research and solutions.
Various organizations and institutions are also at the helm of addressing digital literacy
issues around the world with measured progress. Through the course of this review,
data security, digital literacy and various threats to information systems have been
addressed, and in lieu of further research, building a culture of security and awareness
within institutions and organizations can serve to further mitigate unwanted IT-related
risks.

35
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

REFERENCES

Backhouse, J., & Dhillon, G. (1996). Structures of responsibility and security of

information systems. European Journal of Information Systems, 5(1), 2–9. doi:10.1057/
ejis.1996.7
Baskerville, R. (1993). Information Systems Security Design Methods: Implication
for Information Systems Development. ACM Computing Surveys, 25(4), 375–414.
doi:10.1145/162124.162127
BBC News. (2017). Massive ransomware infection hits computers in 99 countries.
Retrieved from https://heimdalsecurity.com/blog/security-alert-wannacry-computers-
vulnerable/
Boell, S. K., & Cecez-Kecmanovic, D. (2015, January). What is an information system?
In Proceedings of the 2015 48th Hawaii International Conference on System Sciences
(pp. 4959-4968). IEEE.
Chickowski, E. (2015). Morgan Stanley Insider Case Offers New Year Reminders.
Dark Reading. Retrieved from https://www.darkreading.com/attacks-breaches/morgan-
stanley-insider-case-offers-new-year-insider-reminders/d/d-id/1318501
Comodo. (2019). What is Data Security? Retrieved from https://enterprise.comodo.
com/blog/what-is-data-security/
Computer Business Research. (n.d.). Executive Information System. Retrieved
from http://www.computerbusinessresearch.com/Home/decision-making/executive-
information-system
Computer Economics. (2009). Security Threats in Employee Misuse of IT Resources.
Retrieved from https://www.computereconomics.com/article.cfm?id=1436
Cress, K. (2010). Types of Information Systems. Mindmeister. Retrieved from https://
www.mindmeister.com/37310006/5-types-of-information-systems?fullscreen=1
D’Arcy, J., & Devaraj, S. (2012). Employee misuse of information technology resources:
Testing a contemporary deterrence model. Decision Sciences, 43(6), 1091–1124.
Dascalescu, A. (2018). 10 Alarming Cyber Security Facts that Threaten Your Data.
Retrieved from https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-
that-may-affect-your-online-safety/
Dodel, M., & Mesch, G. (2018). Inequality in Digital Skills and the Adoption of Online
Safety. Information Communication and Society, (January), 2-16.
European Commission. (2012). Special EuroBarometer 390 - Cyber Security. European
Union.
Fitzpatrick, M. (2018). The Advantage & Disadvantage of Transaction Processing
Systems. Bizfluent. Retrieved from https://bizfluent.com/info-8708023-advantage-
disadvantage-transaction-processing-systems.html

36
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Hutchings, A. (2012). Computer security threats faced by small businesses in Australia.

Trends and Issues in Crime and Criminal Justice, 433.
Khitskov, E. A., Veretekhina, S. V., Medvedeva, A. V., Mnatsakanyan, O. L., Shmakova,
E. G., & Kotenev, A. (2017). Digital transformation of society: Problems entering
in the digital economy. Eurasian Journal of Analytical Chemistry, 12(5b), 855–873.
Kimble, C. (n.d.). Euromed Marseille School of Management, World Med MBA
Program - Information Systems and Strategy Course. Retrieved from http://www.
chris-kimble.com/Courses/World_Med_MBA/Types-of-Information-System.html
Kim-Kwang, R. C. (2010). Cloud Computing: Challenges and future directions. Trends
and Issues in Crime and Criminal Justice.
Kim-Kwang, R. C. (2011). Cyber threat landscape faced by financial and insurance
industry. Trends and Issues in Crime and Criminal Justice.
Lawton, G. (2010). Fighting Intrusions into Wireless Networks. Computer, (43): 12–15.
Loch, K. D., Carr, H. H., & Warkentin, M. E. (1992). Threats to Information Systems:
Today’s Reality, Yesterday’s Understanding. Management Information Systems
Quarterly, 16(2), 173–186.
MicroFocus. (n.d.) What is Data Security? Retrieved from https://www.microfocus.
com/en-us/what-is/data-security
Morgan, K. (2014). EveryoneOn: The Importance of Digital Literacy Skills. Web
Junction. Retrieved from https://www.webjunction.org/news/webjunction/everyoneon-
importance-digital-literacy-skills.html
Nayyar, S. (2015). Why Security Awareness Alone Won’t Stop Hackers. Dark Reading.
Retrieved from https://www.darkreading.com/operations/why-security-awareness-
alone-wont-stop-hackers-/a/d-id/1319258?
Odu, A. O. & Omosigho, N. A. (2017). Digital Literacy and The Implications of
Nigerian Digital Library. International Journal of Library and Information Science
Studies, 3(2), 13-19.
PandaSecurity. (2016). 27% of all recorded malware appeared in 2015. Retrieved from
https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-
appeared-in-2015/
Richardson, R. (2008). Computer Security, Issues & Trends. CSI/FBI computer crime
and security survey.
Sanchez, M. (2010). The 10 most common security threats explained. Cisco. Retrieved
from https://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-
explained
Shopova, T. (2014). Digital Literacy of Students and Its Improvement at the University.
Journal on Efficiency and Responsibility in Education and Science, 7(2), 26-32.

37
International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Smith, C. (2016). Uber allegedly spied on celebrities like Beyonce for years. NY Post.
Retrieved from https://nypost.com/2016/12/13/uber-allegedly-spied-on-celebrities-
like-beyonce-for-years/
Society Insurance. (2018). Common Data Threats and Vulnerabilities. Retrieved from
https://blog.societyinsurance.com/common-data-threats-and-vulnerabilities/
Symantec. (2010). Symantec Global Internet Security Threat Report: Trends for 2009.
Team ObserveIT. (2018). 5 Examples of Data & Information Misuse. Retrieved from
https://www.observeit.com/blog/importance-data-misuse-prevention-and-detection/
Techopedia. (n.d.). What is a Threat in Computing - Definition from Techopedia.
Retrieved from https://www.techopedia.com/definition/25263/threat
Thompson, R. (2005). Why spyware poses multiple threats to security. Communications
of the ACM, 48(8), 41–43. doi:10.1145/1076211.1076237
UNESCO. (2018). A Global Framework of Reference on Digital Literacy Skills for
Indicator 4.4.2. Montreal: UNESCO Institute for Statistics.
Zaharia, A. (2017). Security Alert: WannaCry leaves Exploited Computers Vulnerable
to Round Two. Heimdal Security. Retrieved from https://heimdalsecurity.com/blog/
security-alert-wannacry-computers-vulnerable/

38
 International Journal of Digital Literacy and Digital Competence
Volume 10 • Issue 4 • October-December 2019

Otobong Inieke is an independent researcher and web developer. He graduated

from Middlesex University with a BSc (hons) in Information Technology and
Business Information Systems. He also attended the Aptech Computer Institute
and was awarded an Advanced Diploma in Software Engineering. He currently
manages a portfolio website at https://devinieke.com.ng where he posts articles
focused on internet privacy and security as well as web design. Otobong Inieke
also has a valid ORCID where independent research will be posted and tracked.
When not occupied with work, he prefers to read information technology news
and articles from popular sources. Finally, he recently joined the Internet
Society; Nigerian Chapter in Abuja and plans to contribute research and effort
to the organization’s activities on a local level.

39