Business Commons^™

Contingency Planning Amidst A Pandemic, Natalie C. Belford

KSU Proceedings on Cybersecurity Education, Research and Practice

Proper prior planning prevents pitifully poor performance: The purpose of this research is to address mitigation approaches - disaster recovery, contingency planning, and continuity planning - and their benefits as they relate to university operations during a worldwide pandemic predicated by the Novel Coronavirus (COVID-19). The most relevant approach pertaining to the University’s needs and its response to the Coronavirus pandemic will be determined and evaluated in detail.

Developing An Ai-Powered Chatbot To Support The Administration Of Middle And High School Cybersecurity Camps, Jonathan He, Chunsheng Xin

KSU Proceedings on Cybersecurity Education, Research and Practice

Throughout the Internet, many chatbots have been deployed by various organizations to answer questions asked by customers. In recent years, we have been running cybersecurity summer camps for youth. Due to COVID-19, our in-person camp has been changed to virtual camps. As a result, we decided to develop a chatbot to reduce the number of emails, phone calls, as well as the human burden for answering the same or similar questions again and again based on questions we received from previous camps. This paper introduces our practical experience to implement an AI-powered chatbot for middle and high school cybersecurity camps …

A Survey Of Serious Games For Cybersecurity Education And Training, Winston Anthony Hill Jr., Mesafint Fanuel, Xiaohong Yuan, Jinghua Zhang, Sajad Sajad

KSU Proceedings on Cybersecurity Education, Research and Practice

Serious games can challenge users in competitive and entertaining ways. Educators have used serious games to increase student engagement in cybersecurity education. Serious games have been developed to teach students various cybersecurity topics such as safe online behavior, threats and attacks, malware, and more. They have been used in cybersecurity training and education at different levels. Serious games have targeted different audiences such as K-12 students, undergraduate and graduate students in academic institutions, and professionals in the cybersecurity workforce. In this paper, we provide a survey of serious games used in cybersecurity education and training. We categorize these games into …

Factors That Influence Hipaa Secure Compliance In Small And Medium-Size Health Care Facilities, Wlad Pierre-Francois, Indira Guzman

KSU Proceedings on Cybersecurity Education, Research and Practice

This study extends the body of literature concerning security compliance by investigating the antecedents of HIPPA security compliance. A conceptual model, specifying a set of hypothesized relationships between management support, security awareness, security culture; security behavior, and risk of sanctions to address their effect on HIPAA security compliance is presented. This model was developed based on the review of the literature, Protection Motivation Theory, and General Deterrence Theory. Specifically, the aim of the study is to examine the mediating role of risk of sanctions on HIPAA security compliance.

Towards An Assessment Of Pause Periods On User Habituation In Mitigation Of Phishing Attacks, Amy Antonucci, Yair Levy, Martha Snyder, Laurie Dringus

KSU Proceedings on Cybersecurity Education, Research and Practice

Social engineering is the technique in which the attacker sends messages to build a relationship with the victim and convinces the victim to take some actions that lead to significant damages and losses. Industry and law enforcement reports indicate that social engineering incidents costs organizations billions of dollars. Phishing is the most pervasive social engineering attack. While email filtering and warning messages have been implemented for over three decades, organizations are constantly falling for phishing attacks. Prior research indicated that attackers use phishing emails to create an urgency and fear response in their victims causing them to use quick heuristics, …

Evaluating And Securing Text-Based Java Code Through Static Code Analysis, Jeong Yang, Young Lee, Amanda Fernandez, Joshua Sanchez

Journal of Cybersecurity Education, Research and Practice

As the cyber security landscape dynamically evolves and security professionals work to keep apace, modern-day educators face the issue of equipping a new generation for this dynamic landscape. With cyber-attacks and vulnerabilities substantially increased over the past years in frequency and severity, it is important to design and build secure software applications from the group up. Therefore, defensive secure coding techniques covering security concepts must be taught from beginning computer science programming courses to exercise building secure applications. Using static analysis, this study thoroughly analyzed Java source code in two textbooks used at a collegiate level, with the goal of …

Malaware Defensive: A Game To Train Users To Combat Malware, Tyler Moon, Tamirat Abegaz, Bryson Payne, Abi Salimi

Journal of Cybersecurity Education, Research and Practice

Several research findings indicate that basic cyber hygiene can potentially deter the majority of cyber threats. One of the ways cybersecurity professionals can prepare users to ensure proper hygiene is to help them develop their ability to spot the difference between normal and abnormal behavior in a computer system. Malware disrupts the normal behavior of a computer system. The lack of appropriate user training has been one of the main reasons behind the exposure of computer systems to threats, from social engineering to viruses, trojans, and ransomware. Basic knowledge about common behavioral characteristics of malware could help users identify potentially …

Divergent Student Views Of Cybersecurity, Susan E. Ramlo, John B. Nicholas

Journal of Cybersecurity Education, Research and Practice

Cybersecurity is a worldwide issue and concern. Prior studies indicate that many people do not use cybersecurity best practices. Although these prior studies used large-scale surveys or interviews, this study used Q methodology [Q] because Q provides greater insight than Likert-format surveys. In fact, Q was created to scientifically study subjectivity. Within a Q study, various stages as well as philosophical, epistemological, and ontological principles represent a complete methodology. At first, Q researchers collect items that represent the broad range of communications about the topic (called the concourse). Although the items can be pictures, scents, or other means of communication, …

Teaching About The Dark Web In Criminal Justice Or Related Programs At The Community College And University Levels., Scott H. Belshaw, Brooke Nodeland, Lorrin Underwood, Alexandrea Colaiuta

Journal of Cybersecurity Education, Research and Practice

Increasingly, criminal justice practitioners have been called on to help solve breaches in cyber security. However, while the demand for criminal justice participation in cyber investigations increases daily, most universities are lagging in their educational and training opportunities for students entering the criminal justice fields. This article discusses the need to incorporate courses discussing the Dark Web in criminal justice. A review of existing cyber-criminal justice programs in Texas and nationally suggests that most community colleges and 4-year universities have yet to develop courses/programs in understanding and investigating the Dark Web on the internet. The Dark Web serves as the …

An Assessment Of Practical Hands-On Lab Activities In Network Security Management, Te-Shun Chou, Nicholas Hempenius

Journal of Cybersecurity Education, Research and Practice

With the advancement in technology over the past decades, networks have become increasingly large and complex. In the meantime, cyberattacks have become highly sophisticated making them difficult to detect. These changes make securing a network more challenging than ever before. Hence, it is critical to prepare a comprehensive guide of network security management for students assist them in becoming network security professionals.

The objective of this paper is to introduce a variety of techniques related to network security management, such as Simple Network Management Protocol (SNMP), event management, security policy management, risk management, access control, and remote monitoring. With the …

Editorial

Journal of Cybersecurity Education, Research and Practice

Editorial.

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

No abstract provided.

Gdom: Granulometry For The Detection Of Obfuscated Malware, John A. Aruta, N. Paul Schembari

Journal of Cybersecurity Education, Research and Practice

We describe the results of a master's thesis in malware detection and discuss the connection to the learning goals of the project. As part of the thesis, we studied obfuscation of malware, conversion of files into images, image processing, and machine learning, a process of benefit to both the student and faculty.

Malware detection becomes significantly more difficult when the malicious specimen is obfuscated or transformed in an attempt to avoid detection. However, computer files have been shown to exhibit evidence of structure when converted into images, so with image processing filters such as granulometry, it is possible to generate …