Business Commons^™

Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia

Journal of Cybersecurity Education, Research and Practice

The GenCyber program is jointly sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF) to help faculty and cybersecurity experts provide summer cybersecurity camp experiences for K-12 students and teachers. The main objective of the program is to attract, educate, and motivate a new generation of young men and women to help address the nationwide shortage of trained cybersecurity professionals. The curriculum is flexible and centers on ten cybersecurity first principles. Currently, GenCyber provides cyber camp options for three types of audiences: students, teachers, and a combination of both teachers and students. In 2016, over 120 …

From The Editors, Herbert J. Mattord, Michael E. Whitman, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

Welcome to the second issue of the Journal of Cybersecurity Education, Research and Practice (JCERP).

Towards An In-Depth Understanding Of Deep Packet Inspection Using A Suite Of Industrial Control Systems Protocol Packets, Guillermo A. Francia Iii, Xavier P. Francia, Anthony M. Pruitt

Journal of Cybersecurity Education, Research and Practice

Industrial control systems (ICS) are increasingly at risk and vulnerable to internal and external threats. These systems are integral part of our nation’s critical infrastructures. Consequently, a successful cyberattack on one of these could present disastrous consequences to human life and property as well. It is imperative that cybersecurity professionals gain a good understanding of these systems particularly in the area of communication protocols. Traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are made to encapsulate some of these ICS protocols which may enable malicious payload to get through the network firewall and thus, gain entry into the …

Threats To Information Protection - Industry And Academic Perspectives: An Annotated Bibliography, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. A summary of threat classification models used in academic research is provided along with a summary of recent industry threat assessment reports. Finally, the results from a recent study, 2015 SEC/CISE Threats to Information Protection Report Including a Current Snapshot of the State of the Industry, are given.

Can They Use It? Studying The Usability Of The Canvas Learning Management System At Bowling Green State University, James Faisant

Honors Projects

Students’ use of the Canvas learning management system (LMS) as implemented by Bowling Green State University (BGSU) is a substantial part of their learning experience. A well designed and easy to use LMS not only allows students to be more efficient, it allows students to engage effectively with their coursework. Students’ ability to effectively use the LMS is examined to understand whether the system is usable, and if not, what changes should be made. Research included two distinct elements. First, students were asked to complete nine tasks identified as common tasks within Canvas, while being timed. Additionally, students responded to …

A Mixed Methods Study: Evaluating The Relationship Of Project Manager Competencies And It Project Management Methodologies, Keith A. Mcdermott

Open Access Theses

Determining skillsets that are particularly important to the development of an effective project manager can be useful for a variety of applications. These applications range from the hiring of a new project manager for an organization to continued training for current employees. Past research has called upon current project managers to rate what skillsets they see as important to the cultivation of an optimal or effective project manager. Additional research has expanded this idea to determine how skillsets vary between project managers and functional managers (El-Sabaa, 2001). While this research is certainly important, skillset grouping can be further explored. This …

The Transition Experiences Of International Graduate Students In Clark University School Of Professional Studies, Xuesong Huang, Mingyang Lian, Dang Trung, Jay Sheth, Yuwei Yang, Irina Klimenko

School of Professional Studies

In the last decade, the School of Professional Studies at Clark University has witnessed a sharp increase in international students. More and more international students in the millennial generation have entered the School of Professional Studies pursuing one of the two-year graduate programs: Master of Science in Professional Studies, Master of Science in Public Administration, and Master of Science in Information Technology. In the past, working adult student dominant the program. These students already had a career outside the classrooms before them came to study. The millennial international students have generated new adjustment problems. Some of the transition issues of …

Careermapper: An Automated Resume Evaluation Tool, Vivian Lai, Kyong Jin Shim, Richard J. Oentaryo, Philips K. Prasetyo, Casey Vu, Ee-Peng Lim, David Lo

Research Collection School Of Computing and Information Systems

The advent of the Web brought about major changes in the way people search for jobs and companies look for suitable candidates. As more employers and recruitment firms turn to the Web for job candidate search, an increasing number of people turn to the Web for uploading and creating their online resumes. Resumes are often the first source of information about candidates and also the first item of evaluation in candidate selection. Thus, it is imperative that resumes are complete, free of errors and well-organized. We present an automated resume evaluation tool called 'CareerMapper'. Our tool is designed to conduct …

Designing And Evaluating Business Process Models: An Experimental Approach, Yuecheng Martin Yu, Alexander Pelaez, Karl R. Lang

Research Collection School Of Computing and Information Systems

This paper presents an experimental approach to compare the performance of alternative business process designs. We use an example case of an electronic group buying setting to demonstrate how our approach can be applied in practice. More specifically, we chose a standard business process, the sales process as implemented on a group buying platform, to illustrate how a business process may be redesigned in order to better meet the needs of customers. For that purpose, we introduce a social technology feature to support cooperation among buyers in the sales process and then analyze the performance impact of the proposed business …

Aspect-Based Helpfulness Prediction For Online Product Reviews, Yinfei Yang, Cen Chen, Forrest Sheng Bao

Research Collection School Of Computing and Information Systems

Product reviews greatly influence purchase decisions in online shopping. A common burden of online shopping is that consumers have to search for the right answers through massive reviews, especially on popular products. Hence, estimating and predicting the helpfulness of reviews become important tasks to directly improve shopping experience. In this paper, we propose a new approach to helpfulness prediction by leveraging aspect analysis of reviews. Our hypothesis is that a helpful review will cover many aspects of a product at different emphasis levels. The first step to tackle this problem is to extract proper aspects. Because related products share common …

Threats To Information Protection - Industry And Academic Perspectives: An Annotated Bibliography, Michael E. Whitman, Herbert J. Mattord

KSU Proceedings on Cybersecurity Education, Research and Practice

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. The article includes a summary of threat classification models used in academic research is provided along with a summary of recent industry threat assessment reports. Finally, the article shares results from a recent study, 2015 SEC/CISE Threats to Information Protection Report Including a Current Snapshot of the State of the Industry, are given.

Utilizing The Technology Acceptance Model To Assess The Employee Adoption Of Information Systems Security Measures, Cynthia M. Jones, Richard V. Mccarthy, Leila Halawi, Bahaudin Mujtaba

Leila A. Halawi

In this study, the factors that affect employee acceptance of information systems security measures were examined by extending the Technology Acceptance Model. Partial least squares structural equation modeling was applied to examine these factors. 174 valid responses from employees from companies in various industry segments in the United States and Canada were analyzed. The results of the statistical analysis indicate that subjective norm moderated by management support showed the strongest effect on intention to use information systems security measures.

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Leila A. Halawi

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

Integrate Text Mining Into Computer And Information Security Education, Hongmei Chi, Ezhil Kalaimannan, Dominique Hubbard

KSU Proceedings on Cybersecurity Education, Research and Practice

Insider threats has become a significant challenge to organization, due to the employees varying levels of access to the internal network. This will intern bypass the external security measures that have been put in place to protect the organization’s resources. Computer-mediated communication (CMC) is a form of communication over virtual spaces where users cannot see each other. CMC includes email and communication over social networks, amongst others. This paper focuses on the design and implementation of exercise modules, which can be integrated into cybersecurity courses. The main objectives of the paper include how to teach and integrate the CMC learning …

Cover Text Steganography: N-Gram And Entropy-Based Approach, Sara M. Rico-Larmer

KSU Proceedings on Cybersecurity Education, Research and Practice

Steganography is an ancient technique for hiding a secret message within ordinary looking messages or objects (e.g., images), also known as cover messages. Among various techniques, hiding text data in plain text file is a challenging task due to lack of redundant information. This paper proposes two new approaches to embed a secret message in a cover text document. The two approaches are n-gram and entropy metric-based generation of stego text. We provide examples of encoding secret messages in a cover text document followed by an initial evaluation of how well stego texts look close to the plain …

Hands-On Labs Demonstrating Html5 Security Concerns, Mounika Vanamala

KSU Proceedings on Cybersecurity Education, Research and Practice

The research is focused on the new features added in HTML5 standard that have strong implications towards the overall information security of a system that uses this implementation.A Hands-on Lab is developed to demonstrate how Web Storage and the Geo-location API of HTML5 can affect the privacy of the user.

“Not All Friends Are Equal”: Friendship Classification For Defending Against Social Engineering Attacks, Munene W. Kanampiu, Mohd Anwar

KSU Proceedings on Cybersecurity Education, Research and Practice

Social engineering is a serious security threat to Online Social Networks (OSNs). Identity theft, impersonation, phishing, and deception are some of the social engineering-based attacks that exploit vulnerabilities of interpersonal relationships of online users. As a result, relationships in OSNs need to be thoroughly examined. In this vein, we propose a relationship categorization model to evaluate relationship strength based on graph-theoretic properties and social network analysis (SNA) methods. For example, in Facebook, users may be categorized into close-neighbors, distant-neighbors, celebrities (influential by admiration), authority (influential by power), and loners. Close-neighbors category will help identify a set of trustworthy actors while …

Smart City Security, Shawn Ralko, Sathish Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

With rapid growth of technology involved and the implementation of the smart city concept, it is becoming vital to identify and implement security controls for their secure operation. Smart city security is essential for a city to incorporate the technologies into smart city cyber infrastructure and to improve the conditions of life for its citizens. In this paper, we have discussed the growth of smart city concept, their security issues. We also discuss the security solutions that needs to be implemented to keep the smart city cyber infrastructure secure. We have also pointed out the recommendations on the open issues …

The Role Of State Privacy Regulations In Mitigating Internet Users’ Privacy Concerns: A Multilevel Perspective, Tawfiq Alashoor

KSU Proceedings on Cybersecurity Education, Research and Practice

In the U.S., there is no comprehensive national law regulating the collection and use of personal information. As a response to the high level of privacy concerns among U.S. citizens and the currently limited regulations, states have enacted their own privacy laws over and above the principles of Fair Information Practices (FIP). In this exploratory study, we draw upon the privacy literature and the Restricted Access/Limited Control (RALC) theory of privacy to study the privacy concerns phenomenon with a multilevel theoretical lens. We introduce and test three novel propositions pertaining to the impact of state level privacy regulations on privacy …

Combining The Extended Risk Analysis Model And The Attack Response Model To Introduce Risk Analysis, Randall Reid

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper uses the Extended Risk Analysis Model to introduce risk analysis in a classroom setting. The four responses to an attack, avoidance, transference, mitigation, and acceptance are overlaid on the Extended Risk Analysis Model to aid in the visualization of their relationship. It then expands and updates the cyber insurance portion of the Extended Risk Analysis Model.

Health It Security: An Examination Of Modern Challenges In Maintaining Hipaa And Hitech Compliance, Andrew S. Miller, Bryson R. Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

This work describes an undergraduate honors research project into some of the challenges modern healthcare providers face in maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) and HITECH (Health Information Technology for Economic and Clinical Health) Act. An overview of the pertinent sections of both the HIPAA and HITECH Acts regarding health information security is provided, along with a discussion of traditionally weak points in information security, including: people susceptible to social engineering, software that is not or cannot be regularly updated, and targeted attacks (including advanced persistent threats, or APTs). Further, the paper examines potential violations …

Investigating Information Security Policy Characteristics: Do Quality, Enforcement And Compliance Reduce Organizational Fraud?, Dennis T. Brown

KSU Proceedings on Cybersecurity Education, Research and Practice

Occupational fraud, the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets, is a growing concern for all organizations. While the typical organization loses at least 5% of annual revenues to fraud, current methods of detection and prevention are not fully adequate to reduce increasing occurrences. Although information systems are making life easier, they are increasingly being used to perpetrate fraudulent activities, and internal employee security threat is responsible for more information compromise than external threats.

The purpose of this research is to examine how information security policy quality and …

Individuals' Concern About Information Privacy In Ar Mobile Games, Dapeng Liu

KSU Proceedings on Cybersecurity Education, Research and Practice

Augmented Reality (AR) proves to be an attractive technology in mobile games. While AR techniques energize mobile games, the privacy issue is raised to be discussed. Employing social media analytics (SMA) techniques, this research makes efforts to examines Twitter postings of “PokemonGo” case and explores individuals’ attitudes toward privacy in AR games. In this research, we examine what are the privacy concerns of individuals in AR games and what are the individuals’ sentiments toward privacy. In the interesting case of PokemonGo, this paper suggests that individuals’ concerns about privacy are emphasized on six dimensions - collection, improper access, unauthorized secondary …

Semi-Supervised Deep Neural Network For Network Intrusion Detection, Mutahir Nadeem, Ochaun Marshall, Sarbjit Singh, Xing Fang, Xiaohong Yuan

KSU Proceedings on Cybersecurity Education, Research and Practice

Network security is of vital importance for corporations and institutions. In order to protect valuable computer systems, network data needs to be analyzed so that possible network intrusions can be detected. Supervised machine learning methods achieve high accuracy at classifying network data as normal or malicious, but they require the availability of fully labeled data. The recently developed ladder network, which combines neural networks with unsupervised learning, shows promise in achieving a high accuracy while only requiring a small number of labeled examples. We applied the ladder network to classifying network data using the Third International Knowledge Discovery and Data …

Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia

KSU Proceedings on Cybersecurity Education, Research and Practice

The GenCyber program is jointly sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF) to help faculty and cybersecurity experts provide summer cybersecurity camp experiences for K-12 students and teachers. The main objective of the program is to attract, educate, and motivate a new generation of young men and women to help address the nationwide shortage of trained cybersecurity professionals. The curriculum is flexible and centers on ten cybersecurity first principles. Currently, GenCyber provides cyber camp options for three types of audiences: students, teachers, and a combination of both teachers and students. In 2016, over 120 …

User Privacy Suffers At The Hands Of Access Controls, Chad N. Hoye

KSU Proceedings on Cybersecurity Education, Research and Practice

With advancements in personal hand held devices, smaller more mobile computers, tablets, and the world’s population connected with social media the threat to the user’s privacy has been diminished. I will look at how access control policies have opened the proverbial door to user’s privacy being attacked and threatened. You will see examples of how users have to divulge personal information to get better service and even be monitored while at work to prevent intrusions in to the company.

Brain Betrayal: A Neuropsychological Categorization Of Insider Attacks, Rachel L. Whitman

KSU Proceedings on Cybersecurity Education, Research and Practice

Thanks to an abundance of highly publicized data breaches, Information Security (InfoSec) is taking a larger place in organizational priorities. Despite the increased attention, the threat posed to employers by their own employees remains a frightening prospect studied mostly in a technical light. This paper presents a categorization of insider deviant behavior and misbehavior based off of the neuropsychological foundations of three main types of insiders posing a threat to an organization: accidental attackers; neurologically “hot” malcontents, and neurologically “cold” opportunists.

Training Decrement In Security Awareness Training, Tianjian Zhang

KSU Proceedings on Cybersecurity Education, Research and Practice

This study determines if there is a decremental effect following IT security awareness training. In most security policy compliance literature, the main focus has been on policy design. Studies that address security awareness training are seldom theory driven and even fewer are empirically based. To fill this gap, we draw from the theory of vigilance decrement as well as forgetting curves in psychology, and propose a classroom experiment showing that participants' IT security awareness decreases over a 45-day period since the training at day one. The result adds to the security policy compliance literature and suggests that some policy violations …

Investigating The Influence Of Perceived Uncertainty On Protection Motivation: An Experimental Study, Ali Vedadi

KSU Proceedings on Cybersecurity Education, Research and Practice

IS users and organizations must take necessary measures to adequately cope with security threats. Considering the importance and prevalence of these issues and challenges, IS security research has extensively investigated a variety of factors that influence IS users’ security intentions/behaviors. In this regard, protection-motivated behaviors are primarily based on individuals’ personal cognitive evaluations and vigilance. In reality, however, many users reach security hygiene decisions through various non-rational and non-protection-motivated processes. Such users may not necessarily rely on their own cognitive appraisals and information processing, but proceed to make decisions without careful cognitive assessments of security threats and coping responses. One …

Towards A Development Of A Mobile Application Security Invasiveness Index, Sam Espana

KSU Proceedings on Cybersecurity Education, Research and Practice

The economic impact of Mobile IP, the standard that allows IP sessions to be maintained even when switching between different cellular towers or networks, has been staggering in terms of both scale and acceleration (Doherty, 2016). As voice communications transition to all-digital, all-IP networks such as 4G, there will be an increase in risk due to vulnerabilities, malware, and hacks that exist for PC-based systems and applications (Harwood, 2011). According to Gostev (2006), in June, 2004, a well-known Spanish virus collector known as VirusBuster, emailed the first known mobile phone virus to Kaspersky Lab, Moscow. Targeting the Symbian OS, the …