From The Editors, Carole L. Hollingsworth, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Welcome to the Fall 2018 issue of the Journal of Cybersecurity Education, Research, and Practice (JCERP). On behalf of the editorial team, we thank you for taking the time to read this issue and strongly encourage you to submit an article for consideration in an upcoming edition.

An Examination Of Cybersecurity Knowledge Transfer: Teaching, Research, And Website Security At U.S. Colleges And Universities, Aditya Gupta, James R. Wolf

Journal of Cybersecurity Education, Research and Practice

This work seeks to answer the question: Does faculty cybersecurity knowledge gained from teaching and research transfer to other IT units in the university? Specifically, do colleges and universities that excel in cybersecurity teaching and research have more secure websites? This work explores a unique setting where the knowledge of the source and recipient are both directly related and observable without outside intervention. Our study employed data from 591 U.S. colleges and universities, the National Centers of Academic Excellence (CAE) program, accepted paper data from the ACM Conference on Computer and Communications Security (CCS) and the IEEE Symposium on Security …

Crude Oil Prices Forecasting: Time Series Vs. Svr Models, Xin James He

Journal of International Technology and Information Management

This research explores the weekly crude oil price data from U.S. Energy Information Administration over the time period 2009 - 2017 to test the forecasting accuracy by comparing time series models such as simple exponential smoothing (SES), moving average (MA), and autoregressive integrated moving average (ARIMA) against machine learning support vector regression (SVR) models. The main purpose of this research is to determine which model provides the best forecasting results for crude oil prices in light of the importance of crude oil price forecasting and its implications to the economy. While SVR is often considered the best forecasting model in …

The Relationship Between Organizational Resources And Green It/S Adoption: A Rbv Approach, Lutfus Sayeed, Alberto Onetti

Journal of International Technology and Information Management

ABSTRACT

The objective of the present study was to empirically explore the impact of the implementation of Green IT/S measures on organizational resources in the US and European firms. The study examined the influence of reconfiguration of resources within a firm while adopting various Green IT/S practices and technologies. Green IT/S implementation requires resource commitment from organizations (Bose and Luo, 2011). What are these resources and how do they affect the extent of Green IT/S measures adopted by businesses? Resource Based View (RBV) of the firm was used as the theoretical framework of the study. The relationship between the adoption …

Using Sas™ Software To Enhance Pedagogy For Text Mining And Sentiment Analysis Using Social Media (Twitter™) Data, Ramesh Subramanian, Danielle Cote

Journal of International Technology and Information Management

This pedagogical paper describes how a graduate course in Text Mining was developed and taught in a fully online format at Quinnipiac University. The software used was SAS™ Enterprise Miner. This paper discusses the design, software used and the methodology followed in the course. A critical component of the course required the students to delve deep into social media data by completing a detailed project on analyzing sentiment analysis using large files of social media data. A sample report of this project, which was a key deliverable for the course, is described at length in this paper.

Table Of Contents Jitim Vol 27 Issue 3, 2018

Journal of International Technology and Information Management

Table of Contents

Mapping Knowledge Units Using A Learning Management System (Lms) Course Framework, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to examine the outcomes of using a Learning Management System (LMS) course as a framework for mapping the Centers of Academic Excellence in Cyber Defense (CAE-CD) 2019 Knowledge Units (KU) to college courses. The experience shared herein will be useful to faculty who are interested in performing the mapping and applying for CAE-CDE designation.

Hijacking Wireless Communications Using Wifi Pineapple Nano As A Rogue Access Point, Shawn J. Witemyre, Tamirat T. Abegaz, Bryson R. Payne, Ash Mady

KSU Proceedings on Cybersecurity Education, Research and Practice

Wireless access points are an effective solution for building scalable, flexible, mobile networks. The problem with these access points is often the lack of security. Users regularly connect to wireless access points without thinking about whether they are genuine or malicious. Moreover, users are not aware of the types of attacks that can come from “rogue” access points set up by attackers and what information can be captured by them. Attackers use this advantage to gain access to users’ confidential information. The objective of this study is to examine the effectiveness of the WiFi Pineapple NANO used as a rogue …

Towards A Development Of Predictive Models For Healthcare Hipaa Security Rule Violation Fines, Jim Furstenberg, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

The Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule (SR) mandate provides a national standard for the protection of electronic protected health information (ePHI). The SR’s standards provide healthcare covered entities (CEs’) flexibility in how to meet the standards because the SR regulators realized that all health care organizations are not the same. However, the SR requires CEs’ to implement reasonable and appropriate safeguards, as well as security controls that protect the confidentiality, integrity, and availability (CIA) of their ePHI data. However, compliance with the HIPAA SR mandates are confusing, complicated, and can be costly to CEs’. Flexibility in …

Using Project Management Knowledge And Practice To Address Digital Forensic Investigation Challenges, Steven S. Presley, Jeffrey P. Landry, Michael Black

KSU Proceedings on Cybersecurity Education, Research and Practice

The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results …

Cybersecurity Education Employing Experiential Learning, Travis Lowe, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to discuss a curriculum design that employs Kolb’s Experiential Learning Theory stages and Kolb’s Learning Styles in four consecutive class sessions. The challenge each class is to present students with perplexing and often frustrating network problems that someday might be encountered on the job. By using Kolb’s theory, students address those problems from the perspective of each learning style, while passing through each phase of the learning cycle. As a result, students gain stronger cognitive thinking skills and hands-on troubleshooting skills in preparation for work as network administrators or cybersecurity analysts.

Capturing The Existential Cyber Security Threats From The Sub-Saharan Africa Zone Through Literature Database, Samuel B. Olatunbosun, Nathanial J. Edwards, Cytyra D. Martineau

KSU Proceedings on Cybersecurity Education, Research and Practice

Abstract - The Internet brought about the phenomenon known as Cyber-space which is boundless in nature. It is one of the fastest-growing areas of technical infrastructure development over the past decade. Its growth has afforded everyone the opportunity to carry out one or more transactions for personal benefits. The African continent; often branded as ‘backward’ by the Western press has been able to make substantial inroads into the works of Information and Computer Technology (ICT). This rapid transition by Africans into ICT power has thus opened up the opportunities for Cybercriminal perpetrators to seek and target victims worldwide including America …

Laboratory Exercises To Accompany Industrial Control And Embedded Systems Security Curriculum Modules, Gretchen Richards

KSU Proceedings on Cybersecurity Education, Research and Practice

The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this …

A Blockchain-Based Security-Oriented Framework For Cloud Federation, Ramandeep Kaur Sandhu, Kweku Muata A. Osei-Bryson

KSU Proceedings on Cybersecurity Education, Research and Practice

Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality …

Information Privacy Concerns In The Age Of Internet Of Things, Madhav Sharma, David Biros

KSU Proceedings on Cybersecurity Education, Research and Practice

Internet of things (IoT) offer new opportunities for advancement in many domains including healthcare, home automation, manufacturing and transportation. In recent years, the number of IoT devices have exponentially risen and this meteoric rise is poised to continue according to the industry. Advances in the IoT integrated with ambient intelligence are intended to make our lives easier. Yet for all these advancements, IoT also has a dark side. Privacy and security were already priorities when personal computers, devices and work stations were the only point of vulnerability to personal information, however, with the ubiquitous nature of smart technologies has increased …

Car Hacking: Can It Be That Simple?, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

The Internet of Things (IoT) has expanded the reach of technology at work, at home, and even on the road. As Internet-connected and self-driving cars become more commonplace on our highways, the cybersecurity of these “data centers on wheels” is of greater concern than ever. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety. This article describes the integration of a module on car hacking into a semester-long ethical hacking cybersecurity course, including full …

Towards An Empirical Assessment Of Cybersecurity Readiness And Resilience In Small Businesses, Darrell Eilts, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

Many small businesses struggle to improve their cybersecurity posture despite the risk to their business. Small businesses lacking adequate protection from cyber threats, or a business continuity strategy to recover from disruptions, have a very high risk of loss due to a cyberattack. These cyberattacks, either deliberate or unintentional, can become costly when a small business is not prepared. This developmental research is focused on the relationship between two constructs that are associated with readiness and resilience of small businesses based on their cybersecurity planning, implementation, as well as response activities. A Cybersecurity Preparedness-Risk Taxonomy (CyPRisT) is proposed using the …

Digital Identity, Philip Andreae

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Managing 3rd Party Cybersecurity Risk Is A Matter Of National Security, Keith Deininger

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Six Things I Wish New Employees Knew, Brian Albertson

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Networks Still Matter, Tim O'Neill

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Beyond The Classroom - What Students Need To Know, Will Alexander

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

A New Framework For Securing, Extracting And Analyzing Big Forensic Data, Hitesh Sachdev, Hayden Wimmer, Lei Chen, Carl Rebman

Journal of Digital Forensics, Security and Law

Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research. Advances in big data, technology, and increased capabilities of smartphones has contributed to the demand for modern techniques of examination. Smartphones are ubiquitous, transformative, and have become a goldmine for forensics research. Given the right tools and research methods investigating agencies can help crack almost any illegal activity using smartphones. This paper focuses on conducting forensic analysis in exposing a terrorist or criminal network and introduces a new Big Forensic Data Framework model where different technologies of Hadoop and EnCase software are …

Understanding The Kenya Open Data Initiative Trajectory Based On Callon’S Moments Of Translation, Paul Wando Mungai Dr, Jean-Paul Van Belle Prof.

The African Journal of Information Systems

This study seeks to understand the existing interactions between actors of the Kenya Open Data Initiative (KODI), and how the actors’ interests are aligning to achieve openness and transparency of government operations. This study is based on the Callon’s moments of translation framework, which helps in describing the interaction between initiators of a network and other involved actors with the aim of aligning their diverse interests in order to achieve a common goal. KODI comprised of a diverse group of stakeholders from government, private sector, inter-governmental organisation, and civil society. KODI has faced various challenges since its inception in 2011, …

Reflective Practice Series: Selected Instructional Models Using Synchronous Video Conferencing Software, Martin W. Sivula

MBA Faculty Conference Papers & Journal Articles

With the vast array of resources available to instructors, one would think that instruction and teaching would yield success for all learners. Now, well into the 21^st century has much changed in the classroom? Certainly, movable desks and chairs, advanced audio and visual equipment, and a plethora of all types of technologies which might be able to enhance training and education. Over the last several decades research on individualized instruction, cognitive science, educational psychology, and multimedia instruction (to name a few) have permeated the literature on instruction. With all the research and the vast array of studies on improving …

Information Seeking Behavior Of Research Scholars At Muet Library & Online Information Center, Jamshoro: A Study, Liaquat Ali Rahoo Mr, Muhammad Ali Khan Nagar, Maryam Kalhoro, Qurat-Ul-Ain Abro, Shadab Kalhoro

Library Philosophy and Practice (e-journal)

The aim of this paper was to study the behavior of the information seeking by the researcher scholars of the at Mehran University of Engineering & Technology, Jamshoro, Sindh Pakistan. The overall purpose of the research study was to find out the awareness and information requirements by the researcher for the research purposes which were provided by the Higher education commission digital library. The data was collected from 230 researchers with the help of questionnaire through the Google online form. Data was analyzed in SPSS software. Research findings were majority of researchers were use electronics resources, text books and reference …

Problems And Promises Of Using Lms Learner Analytics For Assessment, Valerie Beech, Eric A. Kowalik

Eric A. Kowalik

From The Editors, Michael E. Whitman, Herbert J. Mattord, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

Welcome to the Spring 2018 issue of the Journal of Cybersecurity Education, Research, and Practice (JCERP). On behalf of the editorial team, we thank you for taking the time to read this issue and strongly encourage you to submit an article for consideration in an upcoming edition.

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, …

"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Security Awareness Campaign, Rachael L. Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky J. Jenkins

Journal of Cybersecurity Education, Research and Practice

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.