Management Information Systems Commons^™

Making Good Decisions: An Attribution Model Of Decision Quality In Decision Tasks, Bethany Niese

PhD in Business Administration Dissertations

Decision-makers endeavor to obtain the decision quality which puts them in a position to reach their goals. In order to control or influence decision quality, the processes by which individuals form their beliefs must be understood. In addition, many decision makers rely on decision support technologies to help find patterns in data and make sense of the input, so these technologies must be considered in parallel with the processes.

There have been numerous studies conducted to illuminate the factors which affect decision quality, however, many of these studies focused on objective measures and factors. This approach ignores individual perception, belief, …

Effectiveness Of Tools In Identifying Rogue Access Points On A Wireless Network, Ryan Vansickle, Tamirat Abegaz, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

Wireless access points have greatly improved users' ability to connect to the Internet. However, they often lack the security mechanisms needed to protect users. Malicious actors could create a rogue access point (RAP), using a device such as the WiFi Pineapple Nano, that could trick users into connecting to an illegitimate access point (AP). To make them look legitimate, adversaries tend to setup RAPs to include a captive portal. This is very effective, since most public networks use captive portals as a means to provide genuine access. The objective of this study is to examine the effectiveness of RAP identification …

Automatic Security Bug Detection With Findsecuritybugs Plugin, Hossain Shahriar, Kmarul Riad, Arabin Talukder, Hao Zhang, Zhuolin Li

KSU Proceedings on Cybersecurity Education, Research and Practice

The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android StThe security threats to mobile application are growing explosively. Mobile app …

Automated Reverse Engineering Of Automotive Can Bus Controls, Charles Barron Kirby, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

This research provides a means of automating the process to reverse engineer an automobile’s CAN Bus to quickly recover CAN IDs and message values to control the various systems in a modern automobile. This approach involved the development of a Python script that uses several open-source tools to interact with the CAN Bus, and it takes advantage of several vulnerabilities associated with the CAN protocol. These vulnerabilities allow the script to conduct replay attacks against the CAN Bus and affect various systems in an automobile without the operator’s knowledge or interaction.

These replay attacks can be accomplished by capturing recorded …

A World Of Cyber Attacks (A Survey), Mubarak Banisakher, Marwan Omar

KSU Proceedings on Cybersecurity Education, Research and Practice

The massive global network that connects billions of humans and millions of devices and allow them to communicate with each other is known as the internet. Over the last couple of decades, the internet has grown expeditiously and became easier to use and became a great educational tool. Now it can used as a weapon that can steal someone’s identity, expose someone’s financial information, or can destroy your networking devices. Even in the last decade, there have been more cyber attacks and threats destroying major companies by breaching the databases that have millions of personal information that can be sold …

An Exploratory Analysis Of Mobile Security Tools, Hossain Shahriar, Md Arabin Talukder, Md Saiful Islam

KSU Proceedings on Cybersecurity Education, Research and Practice

The growing market of the mobile application is overtaking the web application. Mobile application development environment is open source, which attracts new inexperienced developers to gain hands on experience with applicationn development. However, the security of data and vulnerable coding practice is an issue. Among all mobile Operating systems such as, iOS (by Apple), Android (by Google) and Blackberry (RIM), Android dominates the market. The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via the inadvertent or side channel, unsecured sensitive data storage, data transition and many others. Most of these …

Iot: Challenges In Information Security Training, Lech J. Janczewski, Gerard Ward

KSU Proceedings on Cybersecurity Education, Research and Practice

Both consumers and businesses are rapidly adopting IoT premised on convenience and control. Industry and academic literature talk about billions of embedded IoT devices being implemented with use-cases ranging from smart speakers in the home, to autonomous trucks, and trains operating in remote industrial sites. Historically information systems supporting these disparate use-cases have been categorised as Information Technology (IT) or Operational Technology (OT), but IoT represents a fusion between these traditionally distinct information security models.

This paper presents a review of IEEE and Elsevier peer reviewed papers that identifies the direction in IoT education and training around information security. It …

Internet Core Functions: Security Today And Future State, Jeffrey Jones

KSU Proceedings on Cybersecurity Education, Research and Practice

Never in the history of the world has so much trust been given to something that so few understand. Jeff reviews three core functions of the Internet along with recent and upcoming changes that will impact security and the world.

Preparing For Tomorrow By Looking At Yesterday, Peter Dooley

KSU Proceedings on Cybersecurity Education, Research and Practice

Why do we learn? Why do we study history? Why do we research the work of others? The answer is that there is value today in what was already learned and experienced, successes and failures. Mr. Dooley, a 25-year security professional and 20-year hospitality executive, will share his experiences and how our history in security will help us in thinking about our future.

Investigating Usage Of Social Media Platforms In South Africa, Adheesh Budree, Kaja Fietkiewicz, Elmar Lins

The African Journal of Information Systems

This study investigated the differences in usage of different social media platforms within the South African context, broken down by user characteristics, specifically gender and age, in addition to investigating the correlation between usage of differing social media platforms. This was carried out to determine which social media needs do the different population groups aim to fulfill when using different social media platforms. Based on the results, the study confirmed the existence of preferences between types of social media platforms and groups of social media platforms in South Africa, based on frequency of use by age group and gender. Social …

On The Yellow Brick Road, A Path To Enterprise Architecture Maturity, Avsharn Bachoo

The African Journal of Information Systems

This study concentrated on the relationship between the Enterprise Architecture (EA) maturity of an organization and the business value associated with it in the South African financial services environment. It was developed within the critical realism philosophy, which states that mechanisms generate events by accentuating the underlying EA mechanisms that lead to business value, as well as provide insights into the opportunities and challenges organizations experienced as they progressed to higher levels of maturity. Constructed using the resource-based view of the firm as the underlying theoretical framework, this research examined EA as an intangible resource and maturity as a source …

The Influence Of Socioeconomic Factors To The Use Of Mobile Phones In The Agricultural Sector Of Tanzania, Edison Wazoel Lubua Dr, Michael E. Kyobe Prof.

The African Journal of Information Systems

This study determined the influence of socioeconomic factors to the adoption of mobile phones in the farming community of Tanzania. Currently, a series of well-established models (such as the TAM, UTAUT and the Social Capital Model) provide inadequate consideration toward socioeconomic factors, by ignoring them, or putting them under the same cluster, regardless of their differences in impacting the technology use. Methodologically, a survey strategy was adopted, with a sample of 116 respondents. The study involved farmers along the Pangani River Basin, found in Kilimanjaro and Tanga Regions of Tanzania. Data was analyzed using advanced quantitative methods such as the …

Mobile Technology Usage For Street Traders’ Market Search In Dodoma—Urban Tanzania: An Exploratory Study, Joel Rumanyika, Matti Tedre, Apiola Mikko, Nasibu Rajabu Mramba

The African Journal of Information Systems

Increased access to mobile technologies has significantly contributed to almost all types of work, including informal work. Mobile phones are one such technology that has been exponentially adopted and used by street traders. However, there is limited information about how street traders use mobile phones to search for new markets. This study investigated street traders’ mobile usage for new market search in Dodoma, Tanzania. Qualitative data were collected using in-depth interviews with 29 street traders, followed by a focus group discussion with eight street traders. Thematic analysis was used to analyze the data. The results show that using mobile phones …

Technology Media, Service Innovation And The Shaping Of Executive Cognition, Gamel O. Wiredu, Kofi A. Boateng, John K. Effah

African Conference on Information Systems and Technology

The upsurge of information and communication technology innovations around the world has induced the establishment of many technology enterprises, mostly small-medium, that focus on service innovation. Due to the materiality of technology to this enterprise genre, its executive is significantly shaped by technology media, but explanations of technological shaping are low. This paper seeks to address this gap through a study informed by critical realism and media ecology. It argues that executive cognition is shaped because ICT media and service innovation imperatives combine to generate executive internalizations; and it is shaped by service innovation driven internalizations of technology media functions. …

The Role Of Institutional Pressures In The Adoption Of E-Procurement In Public Institutions In Developing Countries: The Case Of Lesotho, Salah Kabanda, Nteboheleng Pitso, Meke Kapepo

The African Journal of Information Systems

Benefits of E-Procurement are now well documented as experienced by both public and private organizations. Yet, in developing countries, and more so in Africa, few organizations have reported benefits of E-Procurement. Whilst institutional pressures are instrumental in shaping organization’s actions and outcomes with regard to technology adoption, few studies have examined their role in E-Procurement adoption in African public sector organizations. This study situated in Lesotho, seeks to examine the rational for E-procurement adoption in the public sector and identifies institutional pressures that affect successful adoption. Following an interpritivist approach, this study identifies (1) perceived benefits of efficiency and transparency …

Adoption Of Cloud Computing By Firms In Kenya: The Role Of Institutional Pressures, John Otieno Oredo, James Njihia, Xn Iraki

The African Journal of Information Systems

While there is substantial literature on the adoption of IT innovations based on utility computing, there is a dearth of studies on cloud computing adoption by business organizations. Given that cloud computing adoption has been steadily increasing in Kenya, this study aim to investigate the determinants of cloud computing adoption from an institutional perspective. The relationship between institutional pressures and cloud computing adoption was evaluated and tested using structural equation modelling (PLS SEM). A firm level cross sectional survey was conducted on a sample of 93 firms in the financial, manufacturing, and ICT sectors. The results indicate that coercive and …

Development Of Research Administration And Management System For Higher Education Institutions In Developing Countries: Case Study Of Durban University Of Technology, Misheck Nyirenda, Oludayo Olufolorunsho Olugbara, Sibusiso Moyo

The African Journal of Information Systems

Research information management has become an essential activity for higher education institutions (HEIs) worldwide as a mechanism to aggregate, curate, utilize and improve the transparency of information about research. It has led to the evolution of proprietary software systems for administering and managing research information in HEIs. However, the literature reveals that most proprietary software systems are usually inflexible, costly to maintain and do not adequately satisfy the dynamic requirements of HEIs in developing countries. Consequently, the demand for current information systems is to incorporate a high degree of formalism into software development processes to produce correct, flexible, usable and …

A Naturalistic Methodology For Assessing Susceptibility To Social Engineering Through Phishing, Paula Musuva, Christopher Chepken, Katherine Getao

The African Journal of Information Systems

Phishing continues to be a prevalent social engineering attack. Attacks are relatively easy to setup and can target many people at low cost. This study presents a naturalistic field experiment that can be staged by organisations to determine their exposure. This exercise provides results with high ecological validity and can give organisations the information they need to craft countermeasures to social engineering risks. The study was conducted at a university campus in Kenya where 241 valid system users, also known as “insiders,” are targeted in a staged phishing experiment. The results show that 31.12% of the insiders are susceptible to …

Modeling Green Ebusiness Adoption Among Small And Medium Tourism Enterprises In Tanzania, Juma James Masele

The African Journal of Information Systems

This study was set to model Green eBusiness adoption among SMTEs in Tanzania, right from sourcing, operations, and to end-of-life-management. The study employed the use of Structural Equation Modeling (SEM) to analyze quantitative data collected from 240 respondents selected from 80 SMTEs in Dar es Salaam, Kilimanjaro, Arusha, and Zanzibar, who were in operations for at least three years. Although there were twelve hypotheses formulated, only seven hypotheses (with constructs Self-Efficacy, Effort Expectancy, Facilitating Conditions, Coercive Pressures, Intention to Use both to commitment and to Green eBusiness, and Commitment towards Green eBusiness adoption) were revealed significant. Others (with constructs Performance …

From The Editors, Michael E. Whitman, Herbert J. Mattord, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

No abstract provided.

Adopting The Cybersecurity Curriculum Guidelines To Develop A Secondary And Primary Academic Discipline In Cybersecurity Postsecondary Education, Wasim A. Alhamdani

Journal of Cybersecurity Education, Research and Practice

A suggested curriculum for secondary and primarily academic discipline in Cybersecurity Postsecondary Education is presented. This curriculum is developed based on the Association for Computing Machinery guidelines and the National Centers of Academic Excellence Cyber Operations program.

Cybersecurity Education: The Need For A Top-Driven, Multidisciplinary, School-Wide Approach, Lucy Tsado

Journal of Cybersecurity Education, Research and Practice

The human resource skills gap in cybersecurity has created an opportunity for educational institutions interested in cybersecurity education. The current number of schools designated by the Department of Homeland Security (DHS) and National Security Agency (NSA) as Centers of Academic Excellence (CAE) to train cybersecurity experts are not sufficient to meet the shortfall in the industry. The DHS has clearly mapped out knowledge areas for cybersecurity education for both technical and non-technical disciplines; it is therefore possible for institutions not yet designated CAEs to generate cybersecurity experts, with the long-term goal of attaining the CAE designation. The purpose of this …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

Understanding Sub-Saharan African Learners Informal Learning Using Mobile Devices: A Case Of Tanzania, Laban Bagui, Samwel Dick Mwapwele

The African Journal of Information Systems

In this era of pervasive computing and the Internet, learners everywhere connect and reconnect to knowledge away from classrooms, via mobile devices and their Mobile Instant Messaging platforms (MIMs). Still, many sub-Saharan African educators continue to confine these platforms to recreational activities. There is lack therefore of knowledge about how learners from sub-Saharan Africa perform such informal and experiential learning. This paper presents a case study of Tanzanian learners learning in informal settings using their mobile devices and MIMs. It deploys the rhizomatic learning theory with the aim of understanding how such learning occurs. Findings suggest that learners use mobile …

Information Searching And Satisficing Process For It Decision Making Process Of Smes, Mohammed A. Enagi, Jean-Paul Van Belle

The African Journal of Information Systems

Information Technology (IT) can provide Small and Medium Enterprises (SMEs) with competitive advantage, effective management, and improved business performance. Decision making is an integral process of achieving a successful IT investment. SME owner-managers are usually the key IT decision makers despite the fact that they often do not possess sufficient IT skills. This study examines how SME managers search and prioritise information that guides their IT decisions. This study adopted a qualitative research method and conducted interviews with eleven SME owner-managers in Nigeria and South Africa to understand the process of IT investment based on the information available to the …

Performance Analysis Of Debit Card Services On Deposit-Taking Saccos’ Financial Performance: A Case Of Kenya, David Muchangi Mugo Dr, Stephen Muathe Dr, Stephen Titus Waithaka Dr

The African Journal of Information Systems

The Co-operative Bank of Kenya has partnered with Deposit-Taking Savings and Credit Cooperative Societies (SACCOs) in Kenya to allow their members access to Co-operative Bank automated teller machines (ATMs) via Saccolink debit cards. However, the adoption and utilization of debit cards has opened financial institutions to fraud associated with the use of debit cards for transactions on automated teller machines and point-of-sale terminals. Given this limitation, this study sought to investigate the effect of Saccolink debit card services on the financial performance of Deposit-Taking SACCOs in Kenya. Through a combination of agency, information systems success models, and task-technology fit theories …

From The Editors, Herbert J. Mattord, Michael E. Whitman

Journal of Cybersecurity Education, Research and Practice

A message from the editors.

Investigating The Impact Of Publicly Announced Information Security Breaches On Corporate Risk Factor Disclosure Tendencies, Sandra J. Cereola, Joanna Dynowska

Journal of Cybersecurity Education, Research and Practice

As the reported number of data breaches increase and senators push for more disclosure regulation, the SEC staff issued a guidance in 2011 on disclosure obligations relating to cybersecurity risks and incidents. More recently, on February 26, 2018 the SEC Commission issued interpretive guidance to help assist public companies prepare disclosures regarding cybersecurity risks and incidents. As reported incidents of cybersecurity breaches occur, investors are concerned about the risks associated with these incidents and the impact they may have on financial performance. Although the SEC staff guidance warns public companies to make timely disclosure, recognizing the threat that cybercrime poses …

Sit Back, Relax, And Tell Me All Your Secrets, Sarah Kirk, Daniel Foreman, Cody Lee, Shannon W. Beasley

Journal of Cybersecurity Education, Research and Practice

The goal of this research is to describe an active learning opportunity that was conducted as a community service offering through our Center for Cybersecurity Education and Applied Research (CCEAR). As a secondary goal, the participants sought to gain real world experience by applying techniques and concepts studied in security classes. A local insurance company tasked the CCEAR with assembling a team of students to conduct penetration testing (including social engineering exploits) against company personnel. The endeavor allowed the insurance company to obtain information that would assess the effectiveness of employee training with regard to preventing the divulgence of sensitive …

The Need For Green Companies In Nigeria: A Study Of Electronic Invoicing, Sunday Adewale Olaleye, Ismaila Temitayo Sanusi

The African Journal of Information Systems

Manual invoicing is a major business document that the supplier uses to request payments from a purchaser for services rendered. It contains the contact information of the seller, the list of goods or the services provided and the payment instructions. Attention is being shifted from manual invoicing these days because of some factors like increased man-hours, risks of human error and risks of high carbon footprint. The study applied Unified Theory of Acceptance and Use of Technology (UTAUT) to investigate the need for green Companies in Nigeria. Empirical data were collected from Nigerian companies to measure intention-behavior for electronic invoicing …