Business Commons^™

Ransomware - A Strategic Threat To Organizations, James Frost, Alan R. Hamlin

Mountain Plains Journal of Business and Technology

Ransomware is a strategic threat to government, business, and academic organizations. It has both short term and long term consequences, requiring strategic planning to create defenses, assess options, and create policies.

The purpose of the study is to answer three questions: What is the strategic risk of cyberattack to organizations? What are the current attitudes and practices of executives who are vulnerable to such threats? What are specific options that organizations should consider to prevent and deal with possible incidents in the future? The article is thus comprised of the following components: A) a history of the development and complexity …

Cyber Security For Everyone: An Introductory Course For Non-Technical Majors, Marc J. Dupuis

Journal of Cybersecurity Education, Research and Practice

In this paper, we describe the need for and development of an introductory cyber security course. The course was designed for non-technical majors with the goal of increasing cyber security hygiene for an important segment of the population—college undergraduates. While the need for degree programs that focus on educating and training individuals for occupations in the ever-growing cyber security field is critically important, the need for improved cyber security hygiene from the average everyday person is of equal importance. This paper discusses the approach used, curriculum developed, results from two runs of the course, and frames the overall structure of …

Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia

Journal of Cybersecurity Education, Research and Practice

The GenCyber program is jointly sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF) to help faculty and cybersecurity experts provide summer cybersecurity camp experiences for K-12 students and teachers. The main objective of the program is to attract, educate, and motivate a new generation of young men and women to help address the nationwide shortage of trained cybersecurity professionals. The curriculum is flexible and centers on ten cybersecurity first principles. Currently, GenCyber provides cyber camp options for three types of audiences: students, teachers, and a combination of both teachers and students. In 2016, over 120 …

Management And Organizational Influences On The Compliance Behavior Of Employees To Reduce Non-Malicious It Misuse Intention, Randy G. Colvin

Doctor of Business Administration Dissertations

The widespread use of information technology and information systems (IT) throughout corporations, too often includes employees who choose not to follow the stated policies and procedures in performing their job tasks. In many cases, this encompasses employees who mean no harm, but choose not to comply with IT policies and procedures. The present study frames such compliance behavior as non-malicious IT misuse. Non-malicious IT misuse by an employee occurs when the employee improvises, takes short cuts, or works around IT procedures and guidelines in order to perform their assigned tasks. As expressed, they do not intend to cause internal control …

Mobile Devices: The Case For Cyber Security Hardened Systems, Maurice Dawson, Jorja Wright, Marwan Omar

Maurice Dawson

Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have pre-installed security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunity for malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, …

A Brief Review Of New Threats And Countermeasures In Digital Crime And Cyber Terrorism, Maurice Dawson

Maurice Dawson

Cyber security is becoming the cornerstone of national security policies in many countries around the world as it is an interest to many stakeholders, including utilities, regulators, energy markets, government entities, and even those that wish to exploit the cyber infrastructure. Cyber warfare is quickly becoming the method of warfare and the tool of military strategists. Additionally, it is has become a tool for governments to aid or exploit for their own personal benefits. For cyber terrorists there has been an overwhelmingly abundance of new tools and technologies available that have allowed criminal acts to occur virtually anywhere in the …

Understanding The Methods Behind Cyber Terrorism, Maurice E. Dawson Jr., Marwan Omar, Jonathan Abramson

Maurice Dawson

Cyber security has become a matter of national, international, economic, and societal importance that affects multiple nations (Walker, 2012). Since the 1990s users have exploited vulnerabilities to gain access to networks for malicious purposes. In recent years the number of attacks on U.S. networks has continued to grow at an exponential rate. This includes malicious embedded code, exploitation of backdoors, and more. These attacks can be initiated from anywhere in the world from behind a computer with a masked Internet Protocol (IP) address. This type of warfare, cyber warfare, changes the landscape of war itself (Beidleman, 2009). This type of …

The Future Of National And International Security On The Internet, Maurice Dawson, Marwan Omar, Jonathan Abramson, Dustin Bessette

Maurice Dawson

Hyperconnectivity is a growing trend that is driving cyber security experts to develop new security architectures for multiple platforms such as mobile devices, laptops, and even wearable displays. The futures of national and international security rely on complex countermeasures to ensure that a proper security posture is maintained during this state of hyperconnectivity. To protect these systems from exploitation of vulnerabilities it is essential to understand current and future threats to include the laws that drive their need to be secured. Examined within this chapter are the potential security-related threats with the use of social media, mobile devices, virtual worlds, …

Research In Progress-Defending Android Smartphones From Malware Attacks, Marwan Omar, Maurice E. Dawson Jr.

Maurice Dawson

Smart phones are becoming enriched with confidential information due to their powerful computational capabilities and attractive communications features. The Android smart phone is one of the most widely used platforms by businesses and users alike. This is partially because Android smart phones use the free, open-source Linux as the underlying operating system, which allows development of applications by any software developer. This research study aims to explore security risks associated with the use of Android smart phones and the sensitive information they contain, the researcher devised a survey questionnaire to investigate and further understand security threats targeting Android smart phones. …

Dod Cyber Technology Policies To Secure Automated Information Systems, Maurice E. Dawson Jr., Miguel Crespo, Stephen Brewster

Maurice Dawson

Availability, integrity, and confidentiality (AIC) is a key theme everywhere as cyber security has become more than an emerging topic. The Department of Defense (DoD) has implemented multiple processes such as the Department of Defense information assurance certification and accreditation process (DIACAP), common criteria (CC), and created proven baselines to include information assurance (IA) controls to protect information system (IS) resources. The aim of this research study shall provide insight to the applicable processes, IA controls, and standards to include providing a method for selecting necessary government models and for system development.

Common Criteria Meets Realpolitik Trust, Alliances, And Potential Betrayal, Jan Kallberg

Jan Kallberg

Common Criteria for Information Technology Security Evaluation has the ambition to be a global standard for IT-security certification. The issued certifications are mutually recognized between the signatories of the Common Criteria Recognition Arrangement. The key element in any form of mutual relationships is trust. A question raised in this paper is how far trust can be maintained in Common Criteria when additional signatories enter with conflicting geopolitical interests to earlier signatories. Other issues raised are control over production, the lack of permanent organization in the Common Criteria, which leads to concerns of being able to oversee the actual compliance. As …