Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 13 of 13
Full-Text Articles in Entire DC Network
Integrate Text Mining Into Computer And Information Security Education, Hongmei Chi, Ezhil Kalaimannan, Dominique Hubbard
Integrate Text Mining Into Computer And Information Security Education, Hongmei Chi, Ezhil Kalaimannan, Dominique Hubbard
KSU Proceedings on Cybersecurity Education, Research and Practice
Insider threats has become a significant challenge to organization, due to the employees varying levels of access to the internal network. This will intern bypass the external security measures that have been put in place to protect the organization’s resources. Computer-mediated communication (CMC) is a form of communication over virtual spaces where users cannot see each other. CMC includes email and communication over social networks, amongst others. This paper focuses on the design and implementation of exercise modules, which can be integrated into cybersecurity courses. The main objectives of the paper include how to teach and integrate the CMC learning …
Smart City Security, Shawn Ralko, Sathish Kumar
Smart City Security, Shawn Ralko, Sathish Kumar
KSU Proceedings on Cybersecurity Education, Research and Practice
With rapid growth of technology involved and the implementation of the smart city concept, it is becoming vital to identify and implement security controls for their secure operation. Smart city security is essential for a city to incorporate the technologies into smart city cyber infrastructure and to improve the conditions of life for its citizens. In this paper, we have discussed the growth of smart city concept, their security issues. We also discuss the security solutions that needs to be implemented to keep the smart city cyber infrastructure secure. We have also pointed out the recommendations on the open issues …
Combining The Extended Risk Analysis Model And The Attack Response Model To Introduce Risk Analysis, Randall Reid
Combining The Extended Risk Analysis Model And The Attack Response Model To Introduce Risk Analysis, Randall Reid
KSU Proceedings on Cybersecurity Education, Research and Practice
This paper uses the Extended Risk Analysis Model to introduce risk analysis in a classroom setting. The four responses to an attack, avoidance, transference, mitigation, and acceptance are overlaid on the Extended Risk Analysis Model to aid in the visualization of their relationship. It then expands and updates the cyber insurance portion of the Extended Risk Analysis Model.
Health It Security: An Examination Of Modern Challenges In Maintaining Hipaa And Hitech Compliance, Andrew S. Miller, Bryson R. Payne
Health It Security: An Examination Of Modern Challenges In Maintaining Hipaa And Hitech Compliance, Andrew S. Miller, Bryson R. Payne
KSU Proceedings on Cybersecurity Education, Research and Practice
This work describes an undergraduate honors research project into some of the challenges modern healthcare providers face in maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) and HITECH (Health Information Technology for Economic and Clinical Health) Act. An overview of the pertinent sections of both the HIPAA and HITECH Acts regarding health information security is provided, along with a discussion of traditionally weak points in information security, including: people susceptible to social engineering, software that is not or cannot be regularly updated, and targeted attacks (including advanced persistent threats, or APTs). Further, the paper examines potential violations …
Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia
Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia
KSU Proceedings on Cybersecurity Education, Research and Practice
The GenCyber program is jointly sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF) to help faculty and cybersecurity experts provide summer cybersecurity camp experiences for K-12 students and teachers. The main objective of the program is to attract, educate, and motivate a new generation of young men and women to help address the nationwide shortage of trained cybersecurity professionals. The curriculum is flexible and centers on ten cybersecurity first principles. Currently, GenCyber provides cyber camp options for three types of audiences: students, teachers, and a combination of both teachers and students. In 2016, over 120 …
Brain Betrayal: A Neuropsychological Categorization Of Insider Attacks, Rachel L. Whitman
Brain Betrayal: A Neuropsychological Categorization Of Insider Attacks, Rachel L. Whitman
KSU Proceedings on Cybersecurity Education, Research and Practice
Thanks to an abundance of highly publicized data breaches, Information Security (InfoSec) is taking a larger place in organizational priorities. Despite the increased attention, the threat posed to employers by their own employees remains a frightening prospect studied mostly in a technical light. This paper presents a categorization of insider deviant behavior and misbehavior based off of the neuropsychological foundations of three main types of insiders posing a threat to an organization: accidental attackers; neurologically “hot” malcontents, and neurologically “cold” opportunists.
Teaching Security Of Internet Of Things In Using Raspberrypi, Oliver Nichols, Li Yang, Xiaohong Yuan
Teaching Security Of Internet Of Things In Using Raspberrypi, Oliver Nichols, Li Yang, Xiaohong Yuan
KSU Proceedings on Cybersecurity Education, Research and Practice
The Internet of Things (IoTs) is becoming a reality in today’s society. The IoTs can find its application in multiple domains including healthcare, critical infrastructure, transportation, and home and personal use. It is important to teach students importance and techniques that are essential in protecting IoTs. We design a series of hands-on labs in a smart home setting, which can exercise attack and protection of IoTs. Our hands-on labs use a Raspberry Pi and several diverse smart things that communicate through Z-Wave technology. Using this environment, students can operate a home automation system and learn security concepts by performing these …
Towards An In-Depth Understanding Of Deep Packet Inspection Using A Suite Of Industrial Control Systems Protocol Packets, Guillermo A. Francia Iii
Towards An In-Depth Understanding Of Deep Packet Inspection Using A Suite Of Industrial Control Systems Protocol Packets, Guillermo A. Francia Iii
KSU Proceedings on Cybersecurity Education, Research and Practice
Industrial control systems (ICS) are increasingly at risk and vulnerable to internal and external threats. These systems are integral part of our nation’s critical infrastructures. Consequently, a successful cyberattack on one of these could present disastrous consequences to human life and property as well. It is imperative that cybersecurity professionals gain a good understanding of these systems particularly in the area of communication protocols. Traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are made to encapsulate some of these ICS protocols which may enable malicious payload to get through the network firewall and thus, gain entry into the …
Investigating Cyberbullying In Social Media: The Case Of Twitter, Xin Tian
Investigating Cyberbullying In Social Media: The Case Of Twitter, Xin Tian
KSU Proceedings on Cybersecurity Education, Research and Practice
Social media has profoundly changed how we interact with one another and the world around us. Recent research indicates that more and more people are using social media sites such as Facebook and Twitter for a significant portion of their day for various reasons such as making new friends, socializing with old friends, receiving information, and entertaining themselves. However, social media has also caused some problems. One of the problems is called social media cyberbullying which has developed over time as new social media technologies have developed over time. Social media cyberbullying has received increasing attention in recent years as …
Towards A Model Of Senior Citizens’ Motivation To Pursue Cybersecurity Awareness Training: Lecture-Based Vs. Video-Cases Training, Carlene G. Blackwood-Brown
Towards A Model Of Senior Citizens’ Motivation To Pursue Cybersecurity Awareness Training: Lecture-Based Vs. Video-Cases Training, Carlene G. Blackwood-Brown
KSU Proceedings on Cybersecurity Education, Research and Practice
Cyber-attacks on Internet users, and in particular senior citizens, who have limited awareness of cybersecurity, have caused billions of dollars in losses annually. To mitigate the effects of cyber-attacks, several researchers have recommended that the cybersecurity awareness levels of Internet users be increased. Cybersecurity awareness training programs are most effective when they involve training that focus on making users more aware so that they can identify cyber-attacks as well as mitigate the effects of the cyber-attacks when they use the Internet. However, it is unclear about what motivates Internet users to pursue cybersecurity awareness training so that they can identify …
Towards A Comparison Of Training Methodologies On Employee’S Cybersecurity Countermeasures Awareness And Skills In Traditional Vs. Socio-Technical Programs, Jodi Goode
KSU Proceedings on Cybersecurity Education, Research and Practice
Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills which allow for identification of security threats along with the proper course of action. This work-in-progress study addresses the first phase of a larger project to empirically assess if there …
Training Wheels: A New Approach To Teaching Mobile Device Security, Philip Menard, Jordan Shropshire
Training Wheels: A New Approach To Teaching Mobile Device Security, Philip Menard, Jordan Shropshire
KSU Proceedings on Cybersecurity Education, Research and Practice
Despite massive investments in cyber security education, training, and awareness programs, most people retain unsafe mobile computing habits. They not only jeopardize their own data, but also risk the security of their associated organizations. It appears that conventional training programs are not ingraining sound security practices on trainees. This research questions the efficacy of legacy SETA frameworks and proposes a new cyber training tool for mobile devices. The tool is called Training Wheels. Training Wheels stands a number of cyber security training practices on their heads: instead of using punitive methods of reinforcement it provides rewards to encourage good behavior, …
Teaching Static Call Analysis To Detect Anomalous Software Behavior, Jordan Shropshire, Philip Menard
Teaching Static Call Analysis To Detect Anomalous Software Behavior, Jordan Shropshire, Philip Menard
KSU Proceedings on Cybersecurity Education, Research and Practice
Malicious code detection is a critical part of any cyber security operation. Typically, the behavior of normal applications is modeled so that deviations from normal behavior can be identified. There are multiple approach to modeling good behavior but the most common approach is to observe applications’ system call activity. System calls are messages passed between user space applications and their underlying operating systems. The detection of irregular system call activity signals the presence of malicious software behavior. This method of malware-detection has been used successfully for almost two decades. Unfortunately, it can be difficult to cover this concept at the …