Technology and Innovation Commons^™

Training Decrement In Security Awareness Training, Tianjian Zhang

KSU Proceedings on Cybersecurity Education, Research and Practice

This study determines if there is a decremental effect following IT security awareness training. In most security policy compliance literature, the main focus has been on policy design. Studies that address security awareness training are seldom theory driven and even fewer are empirically based. To fill this gap, we draw from the theory of vigilance decrement as well as forgetting curves in psychology, and propose a classroom experiment showing that participants' IT security awareness decreases over a 45-day period since the training at day one. The result adds to the security policy compliance literature and suggests that some policy violations …

Investigating The Influence Of Perceived Uncertainty On Protection Motivation: An Experimental Study, Ali Vedadi

KSU Proceedings on Cybersecurity Education, Research and Practice

IS users and organizations must take necessary measures to adequately cope with security threats. Considering the importance and prevalence of these issues and challenges, IS security research has extensively investigated a variety of factors that influence IS users’ security intentions/behaviors. In this regard, protection-motivated behaviors are primarily based on individuals’ personal cognitive evaluations and vigilance. In reality, however, many users reach security hygiene decisions through various non-rational and non-protection-motivated processes. Such users may not necessarily rely on their own cognitive appraisals and information processing, but proceed to make decisions without careful cognitive assessments of security threats and coping responses. One …

Towards A Development Of A Mobile Application Security Invasiveness Index, Sam Espana

KSU Proceedings on Cybersecurity Education, Research and Practice

The economic impact of Mobile IP, the standard that allows IP sessions to be maintained even when switching between different cellular towers or networks, has been staggering in terms of both scale and acceleration (Doherty, 2016). As voice communications transition to all-digital, all-IP networks such as 4G, there will be an increase in risk due to vulnerabilities, malware, and hacks that exist for PC-based systems and applications (Harwood, 2011). According to Gostev (2006), in June, 2004, a well-known Spanish virus collector known as VirusBuster, emailed the first known mobile phone virus to Kaspersky Lab, Moscow. Targeting the Symbian OS, the …

Teaching Security Of Internet Of Things In Using Raspberrypi, Oliver Nichols, Li Yang, Xiaohong Yuan

KSU Proceedings on Cybersecurity Education, Research and Practice

The Internet of Things (IoTs) is becoming a reality in today’s society. The IoTs can find its application in multiple domains including healthcare, critical infrastructure, transportation, and home and personal use. It is important to teach students importance and techniques that are essential in protecting IoTs. We design a series of hands-on labs in a smart home setting, which can exercise attack and protection of IoTs. Our hands-on labs use a Raspberry Pi and several diverse smart things that communicate through Z-Wave technology. Using this environment, students can operate a home automation system and learn security concepts by performing these …

Is Security Research Development: Implications For Future Researchers, Kane Smith, Chris Merritt

KSU Proceedings on Cybersecurity Education, Research and Practice

Security within the context of Information Systems has long been a concern for both academics and practitioners. For this reason an extensive body of research has been built around the need for protecting vital technical systems and the information contained within them. This stream of research, termed Information Systems Security (ISS), has evolved with technology over the last several decades in numerous different ways. This evolution can create a great deal of difficulty for researchers to identify under-represented areas of ISS research as well as ensure all relevant areas of concern are addressed. The purpose of this paper is threefold: …

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall

KSU Proceedings on Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

Towards An In-Depth Understanding Of Deep Packet Inspection Using A Suite Of Industrial Control Systems Protocol Packets, Guillermo A. Francia Iii

KSU Proceedings on Cybersecurity Education, Research and Practice

Industrial control systems (ICS) are increasingly at risk and vulnerable to internal and external threats. These systems are integral part of our nation’s critical infrastructures. Consequently, a successful cyberattack on one of these could present disastrous consequences to human life and property as well. It is imperative that cybersecurity professionals gain a good understanding of these systems particularly in the area of communication protocols. Traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are made to encapsulate some of these ICS protocols which may enable malicious payload to get through the network firewall and thus, gain entry into the …

Investigating Cyberbullying In Social Media: The Case Of Twitter, Xin Tian

KSU Proceedings on Cybersecurity Education, Research and Practice

Social media has profoundly changed how we interact with one another and the world around us. Recent research indicates that more and more people are using social media sites such as Facebook and Twitter for a significant portion of their day for various reasons such as making new friends, socializing with old friends, receiving information, and entertaining themselves. However, social media has also caused some problems. One of the problems is called social media cyberbullying which has developed over time as new social media technologies have developed over time. Social media cyberbullying has received increasing attention in recent years as …

Towards A Model Of Senior Citizens’ Motivation To Pursue Cybersecurity Awareness Training: Lecture-Based Vs. Video-Cases Training, Carlene G. Blackwood-Brown

KSU Proceedings on Cybersecurity Education, Research and Practice

Cyber-attacks on Internet users, and in particular senior citizens, who have limited awareness of cybersecurity, have caused billions of dollars in losses annually. To mitigate the effects of cyber-attacks, several researchers have recommended that the cybersecurity awareness levels of Internet users be increased. Cybersecurity awareness training programs are most effective when they involve training that focus on making users more aware so that they can identify cyber-attacks as well as mitigate the effects of the cyber-attacks when they use the Internet. However, it is unclear about what motivates Internet users to pursue cybersecurity awareness training so that they can identify …

Towards A Comparison Of Training Methodologies On Employee’S Cybersecurity Countermeasures Awareness And Skills In Traditional Vs. Socio-Technical Programs, Jodi Goode

KSU Proceedings on Cybersecurity Education, Research and Practice

Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills which allow for identification of security threats along with the proper course of action. This work-in-progress study addresses the first phase of a larger project to empirically assess if there …

Code Metrics For Predicting Risk Levels Of Android Applications, Akond A. Rahman

KSU Proceedings on Cybersecurity Education, Research and Practice

Android applications pose security and privacy risks for end-users. Early prediction of risk levels that are associated with Android applications can help Android developers is releasing less risky applications to end-users. Researchers have showed how code metrics can be used as early predictors of failure prone software components. Whether or not code metrics can be used to predict risk levels of Android applications requires systematic exploration. The goal of this paper is to aid Android application developers in assessing the risk associated with developed Android applications by identifying code metrics that can be used as predictors to predict two levels …

Training Wheels: A New Approach To Teaching Mobile Device Security, Philip Menard, Jordan Shropshire

KSU Proceedings on Cybersecurity Education, Research and Practice

Despite massive investments in cyber security education, training, and awareness programs, most people retain unsafe mobile computing habits. They not only jeopardize their own data, but also risk the security of their associated organizations. It appears that conventional training programs are not ingraining sound security practices on trainees. This research questions the efficacy of legacy SETA frameworks and proposes a new cyber training tool for mobile devices. The tool is called Training Wheels. Training Wheels stands a number of cyber security training practices on their heads: instead of using punitive methods of reinforcement it provides rewards to encourage good behavior, …

Teaching Static Call Analysis To Detect Anomalous Software Behavior, Jordan Shropshire, Philip Menard

KSU Proceedings on Cybersecurity Education, Research and Practice

Malicious code detection is a critical part of any cyber security operation. Typically, the behavior of normal applications is modeled so that deviations from normal behavior can be identified. There are multiple approach to modeling good behavior but the most common approach is to observe applications’ system call activity. System calls are messages passed between user space applications and their underlying operating systems. The detection of irregular system call activity signals the presence of malicious software behavior. This method of malware-detection has been used successfully for almost two decades. Unfortunately, it can be difficult to cover this concept at the …

Prediction And Recommendations On The It Leaners' Learning Path As A Collective Intelligence Using A Data Mining Technique, Seong-Yong Hong, Juyun Cho, Yonghyun Hwang

Journal of International Technology and Information Management

With the recent advances in computer technology along with pervasive internet accesses, data analytics is getting more attention than ever before. In addition, research areas on data analysis are diverging and integrating lots of different fields such as a business and social sector. Especially, recent researches focus on the data analysis for a better intelligent decision making and prediction system. This paper analyzes data collected from current IT learners who have already studied various IT subjects to find the IT learners’ learning patterns. The most popular learning patterns are identified through an association rule data mining using an arules package …

Banking And The Third Industrial Revolution, Singapore Management University

Perspectives@SMU

Banks should leverage on the computer’s power to create value

Holistic Approach: Paradigm Shift In The Research Agenda For Digitalisation Of Healthcare In Sub-Saharan Africa, Tadeusz K. Bara-Slupski

The African Journal of Information Systems

Despite significant resources employed in the digitalisation agenda in the healthcare sector in Sub-Saharan Africa, the transformative impact of information and communication technologies has not been realised. This article makes two contributions towards developing an understanding of this failure. First, it provides a review of a rich body of academic literature and practitioner accounts regarding barriers to digitalisation and organises them using an established framework. Second, recognising the continuing struggle that digitalisation presents, it proposes a paradigmatic shift in thinking about barriers to digitalisation and suggests the existence of a more fundamental barrier related to inappropriate incentives within the international …

The Impact Of Analytics Utilization On Team Performance: Comparisons Within And Across The U.S. Professional Sports Leagues, Lee A. Freeman

Journal of International Technology and Information Management

Business analytics, defined as the use of data to make better, more relevant, evidence-based business decisions, has received a great deal of attention in practitioner circles. Organizations have adopted business analytics in an effort to improve revenue, product placement, and customer satisfaction. Professional sports teams are no different. While analytics has been used for over 30 years, the use of analytics by professional sports teams is a relatively new concept. However, it is unclear whether the teams that have adopted analytics are seeing any results. If not, then perhaps analytics is not the right solution. Analyses across the four, major …

Patent Law, Copyright Law, And The Girl Germs Effect, Ann Bartow

Law Faculty Scholarship

[Excerpt] "Inventors pursue patents and authors receive copyrights.

No special education is required for either endeavor, and nothing

precludes a person from being both an author and an inventor.

Inventors working on patentable industrial projects geared

toward commercial exploitation tend to be scientists or engineers.

Authors, with the exception of those writing computer code, tend

to be educated or trained in the creative arts, such as visual art,

performance art, music, dance, acting, creative writing, film

making, and architectural drawing. There is a well-warranted

societal supposition that most of the inventors of patentable

inventions are male. Assumptions about the genders …

A Data-Centric Analysis On Stem Majoring And Success: Attitude And Readiness, Xin James He, Myron Sheu, Jie Tao

Journal of International Technology and Information Management

This research studies attitude and readiness of STEM majoring and success with

the data from a survey with a total of 501 viable responses, with respect to STEM

(science, technology, engineering, and mathematics) related majors that are

essential and fundamental to skills relevant to big data business analytics.

Recruiting and keeping students in STEM areas have attracted a large body of

attention in pedagogical studies. An effective way of achieving such a goal is to

show them how rewarding and self-fulfilling STEM careers can be toward

perspective students. One example of the abundance of STEM careers is the rapid

growth …

An Exploration Of Mobile Device Security Artifacts At Institutions Of Higher Education, Amita Goyal Chin, Diania Mcrae, Beth H. Jones, Mark A. Harris

Journal of International Technology and Information Management

The explosive growth and rapid proliferation of smartphones and other mobile

devices that access data over communication networks has necessitated advocating

and implementing security constraints for the purpose of abetting safe computing.

Remote data access using mobile devices is particularly popular among students at

institutions of higher education. To ensure safe harbor for constituents, it is

imperative for colleges and universities to establish, disseminate, and enforce

mobile device security artifacts, where artifacts is defined as policies, procedures,

guidelines or other documented or undocumented protocols. The purpose of this

study is to explore the existence of, specific content of, and the …

Motivations For Social Network Site (Sns) Gaming: A Uses And Gratification & Flow Perspective, Brinda Sampat, Bala Krishnamoorthy

Journal of International Technology and Information Management

The penetration of the internet, smart-phones and tablets has witnessed tremendous increase in the number of people playing online games in the past few years. Social networking site (SNS) games are a subset of digital games. They are platform based, multiplayer and reveal the real identity of the player. These games are hosted on social networks such as Facebook, where in people play with many other players online. The risks associated with social network gaming are addiction, theft, fraud, loneliness, anxiety, aggression, poor academic performance, cognition distortion etc. This study aims to understand the user motivations to continue to play …

Using Building Information Modeling (Bim) And The Last Planner System (Lps) To Reduce Construction Process Delay, Zaid K. Ai Hussein

Masters Theses & Specialist Projects

The construction industry suffers from many practical problems and challenges; most being related to construction management. One of the most common recurring problems in construction projects is delay. Delay is a primary factor that can have an effect on project duration, scheduled delivery date, as well as the overhead cost of the project. This study investigated the problem of delays in construction projects. The research focused on the combination of Building Information Modeling (BIM) and Last Planner System (LPS) together to measure the execution time of construction projects. The aim of this study was to determine whether using BIM and …

Violating Of Individual Privacy: Moroccan Perceptions Of The Ban Of Voip Services, Tyler Delhees

Independent Study Project (ISP) Collection

On January 6, 2016, the Moroccan telecommunications regulatory agency, the ANRT, announced a ban onVoice Over Internet Protocol(VoIP) calling services such as Skype, WhatsApp, and Viber. The ban triggered sweeping opposition among the Moroccan public, opening discussion of digital rights, censorship, and Internet governance. Considering liberal democratic rights in the 2011 Moroccan Constitution and a history of censorship, this study analyzes the official justification of the ANRT alongside additional explanations involving business interests and the security services. The purpose of this study is to gauge the perceptions of Moroccans on the decision of the ANRT and provide a holistic explanation. …

Affect And Value In Critical Examinations Of The Production And ‘Prosumption’ Of Big Data, Daniel G. Cockayne

Geography Faculty Publications

In this paper I explore the relationship between the production and the value of Big Data. In particular I examine the concept of social media ‘prosumption’—which has predominantly been theorized from a Marxist, political economic perspective—to consider what other forms of value Big Data have, imbricated with their often speculative economic value. I take the example of social media firms in their early stages of operation to suggest that, since these firms do not necessarily generate revenue, data collected through user contributions do not always realize economic value, at least in a Marxist sense, and that, in addition to their …

Keeping It Physical: Convergence On A Physicality Requirement For Patentability Of Software-Related Inventions Under The European Patent Convention And United States Law, Kevin Afghani, Duke W. Yee

Journal of Intellectual Property Law

No abstract provided.

The Alchemy Of Creativity: An Operating System For Innovation, Collaboration And Enhanced Creativity, George Dierberger, David Zaboski, Ryan Douglas

Faculty Authored Articles

The Alchemy of Creativity utilizes tools sourced from historic ateliers of artists and creators with an eye toward its application for innovation. Refined by the artists collectively attracted to the 20th century film and animation industry, this methodology is about creativity and innovation and thus is both art and science. It has been used to develop innovative attributes in the training of creative people. This process, utilized by the animation industry, is compared with the rigorous six sigma approach to innovation used by many corporations. This methodology was codified by former Disney Animator and arts scholar, Dave Zaboski, who witnessed …

Going Cashless With Fintech, Singapore Management University

Perspectives@SMU

Regulators and policy makers are recognising the positive impact fintech makes to creating a cashless society

Fintech And Inclusion: Opportunities And Obstacles, Singapore Management University

Perspectives@SMU

Reliable technology and financial education are key

Smu Libraries: “Sensory” In Library Spaces, Nursyeha Yahaya, Salihin Mohammed Ali, Devika Sangaram

Research Collection Library

No abstract provided.

An Analysis Of References From Us Patents To Nist-Supported Technical Outputs, Anthony Breitzman Sr., Patrick Thomas

Faculty Scholarship for the College of Science & Mathematics

No abstract provided.