Management Information Systems Commons^™

Emotional Analysis Of Learning Cybersecurity With Games Using Iot, Maria Valero, Md Jobair Hossain, Shahriar Sobhan

KSU Proceedings on Cybersecurity Education, Research and Practice

The constant rise of cyber-attacks poses an increasing demand for more qualified people with cybersecurity knowledge. Games have emerged as a well-fitted technology to engage users in learning processes. In this paper, we analyze the emotional parameters of people while learning cybersecurity through computer games. The data are gathered using a non-invasive Brain-Computer Interface (BCI) to study the signals directly from the users’ brains. We analyze six performance metrics (engagement, focus, excitement, stress, relaxation, and interest) of 12 users while playing computer games to measure the effectiveness of the games to attract the attention of the participants. Results show participants …

Resilience Vs. Prevention. Which Is The Better Cybersecurity Practice?, Frank Katz

KSU Proceedings on Cybersecurity Education, Research and Practice

Students in multiple cohorts of our 3000 level Fundamentals of Information Systems Security course were given a discussion question where they had to either agree or disagree with the premise that given all the constant threats to our systems, we should dedicate more of our efforts to quickly repairing the damage of an attack rather than dedicate more of our time and energies to preventing such attacks. They were required to give their reasoning and provide sources to back up their analysis of his comment.

This paper will describe and explain the concept of cyber resiliency. It will then evaluate …

Warshipping: Hacking The Mailroom, Jackson Szwast, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

Everyone knows what package shipping is, but not everyone knows what warshipping is. Corporate mailrooms are rarely considered as part of the cybersecurity attack surface of most organizations, but they offer physical access to millions of uninspected packages daily. UPS shipped 5.5 billion items last year, with their daily average being 21.9 million items and operating through 1,800 locations in 2020. FedEx shipped 6.5 million packages daily and operates 2,150 locations. The United States Postal Service delivered 143 billion pieces of mail in 2019. Increasingly the world’s consumers are relying on e-commerce, and during the recent COVID-19 pandemic, package deliveries …

Towards Assessing Password Workarounds And Perceived Risk To Data Breaches For Organizational Cybersecurity Risk Management Taxonomy, Michael J. Rooney, Yair Levy, Wei Li, Ajoy Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their …

Analyzing Robotics Software Vulnerabilities, Hossain Shahriar, Md Jobair Hossain Faruk, Shahriar Sobhan, Mohammad Nazim

KSU Proceedings on Cybersecurity Education, Research and Practice

Robots are widely used in our day-to-day life in various domains. For example, eldercare robots, such as CareO-Bots [1]are used to perform household tasks and provide mobility assistance [2]. Amazon uses manufacturing robots to accomplish manufacturing labor activities, such as welding and assembling equipment [2]. According to the International Data Corporation, spending on robotics is expected to reach USD 241.4 billion by the end of 2023 [4].

However, malicious users can exploit security vulnerabilities in hardware and software components of robotics systems to conduct security attacks and cause malfunction, i.e., deviate robots from their expected behaviors. Security attacks on robots …

A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo

KSU Proceedings on Cybersecurity Education, Research and Practice

The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …

Secure Coding In Five Steps, Mini Zeng, Feng Zhu

Journal of Cybersecurity Education, Research and Practice

Software vulnerabilities have become a severe cybersecurity issue. There are numerous resources of industry best practices available, but it is still challenging to effectively teach secure coding practices. The resources are not designed for classroom usage because the amount of information is overwhelming for students. There are efforts in academia to introduce secure coding components into computer science curriculum, but a big gap between industry best practices and workforce skills still exists. Unlike many existing efforts, we focus on both the big picture of secure coding and hands-on projects. To achieve these two goals, we present five learning steps that …

Observations, Evaluations, And Recommendations For Deterlab From An Educational Perspective, Ahmed Ibrahim, Vitaly Ford

Journal of Cybersecurity Education, Research and Practice

DETERLab is a cluster environment that provides a set of virtual machines that can be used by researchers and teachers to run cybersecurity experiments and competitions, and where it is possible to deploy different network configurations to research attack and defense mechanisms in the cyber world. While we were working to develop a pathway for producing more usable and effective cybersecurity educational resources by investigating and examining several projects, we examined DETERLab as a prospective platform to use in the classroom. Throughout our experimentation, we faced challenges that we decided to document in order to help other educators use the …

An Exploratory Study Of Mode Efficacy In Cybersecurity Training, Michael D. Workman

Journal of Cybersecurity Education, Research and Practice

Cybersecurity capabilities in organizations and governmental agencies continue to lag behind the threats. Given the current environment, these entities have placed renewed emphasis on cybersecurity education. However, education appears to lack its full potential in most settings. Few empirical studies have systematically tested the efficacy of various training methods and modes, and those that have been conducted have yielded inconsistent findings. Recent literature on the use of gamified simulations have suggested that they may improve cybersecurity behaviors. Similarly, live activities such as hackathons and capture the flag events have been surmised to augment learning and capabilities. We conducted an exploratory …

Challenges And Success Factors Of Scaled Agile Adoption – A South African Perspective, Lucas Khoza, Carl Marnewick

The African Journal of Information Systems

Agile methods and Agile scaling frameworks have become a solution for software-developing organizations striving to improve the success of software projects. Agile methods were developed for small projects, but due to their benefits, even large software-developing organizations have adopted them to scale their software projects. This quantitative study was undertaken to deepen the researchers’ understanding of the critical success factors and challenges of Scaled Agile from the South African perspective. A simple random sampling method was used. Data was collected with the use of an online structured questionnaire and the response rate was 70%. The results reveal that customer satisfaction …

Gophish: Implementing A Real-World Phishing Exercise To Teach Social Engineering, Andy Luse, Jim Burkman

Journal of Cybersecurity Education, Research and Practice

Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner, students learned the legal, technical, behavioral, analysis, and reporting aspects of social engineering. The outcome provided both usable data for a real-world corporation as well as valuable educational experience for the students.

Applying High Impact Practices In An Interdisciplinary Cybersecurity Program, Brian K. Payne, Lisa Mayes, Tisha Paredes, Elizabeth Smith, Hongyi Wu, Chunsheng Xin

Journal of Cybersecurity Education, Research and Practice

The Center for Cybersecurity Education and Research at Old Dominion University has expanded its use of high impact practices in the university’s undergraduate cybersecurity degree program. Strategies developed to promote student learning included learning communities, undergraduate research, a robust internship program, service learning, and electronic portfolios. This paper reviews the literature on these practices, highlights the way that they were implemented in our cybersecurity program, and discusses some of the challenges encountered with each practice. Although the prior literature on high impact practices rarely touches on cybersecurity coursework, the robust evidence of the success of those practices provides a sound …

An Assessment Of Internet Use And Cyber-Risk Prevalence Among Students In Selected Nigerian Secondary Schools, Adeola O. Opesade Dr, Abiodun O. Adetona Mr

Journal of Cybersecurity Education, Research and Practice

The use of the Internet has become highly pervasive among adolescents. While these people derive numerous benefits from their use of this technology, they are also faced with a challenge of being exposed to many cyber risks. Nigeria is a developing country with a teeming population of adolescents who are regular users of the Internet, but with inadequate research on adolescent Internet safety. There is therefore, a need to conduct studies on child online risks in Nigeria, to help evaluate the enormity of child online abuses. The present study investigated Internet use and cyber-risk prevalence among four hundred secondary school …

From The Editors, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

A commentary from the editors, with an overview of the articles contained in this issue of the Journal.

A Serious Game For Social Engineering Awareness Creation, Fabian Muhly, Philipp Leo, Stefano Caneppele

Journal of Cybersecurity Education, Research and Practice

Social engineering is a method used by offenders to deceive their targets utilizing rationales of human psychology. Offenders aim to exploit information and use them for intelligence purposes or financial gains. Generating resilience against these malicious methods is still challenging. Literature shows that serious gaming learning approaches are used more frequently to instill lasting retention effects. Serious games are interactive, experiential learning approaches that impart knowledge about rationales and concepts in a way that fosters retention. In three samples and totally 97 participants the study at hand evaluated a social engineering serious game for participants’ involvement and instruction compliance during …