Physical Sciences and Mathematics Commons^™

The Effects Of Security Framing, Time Pressure, And Brand Familiarity On Risky Mobile Application Downloads, Cody Parker

Psychology Theses & Dissertations

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect …

Digital Identity: A Human-Centered Risk Awareness Study, Toufic N. Chebib

USF Tampa Graduate Theses and Dissertations

Cybersecurity threats and compromises have been at the epicenter of media attention; their risk and effect on people’s digital identity is something not to be taken lightly. Though cyber threats have affected a great number of people in all age groups, this study focuses on 55 to 75-year-olds, as this age group is close to retirement or already retired. Therefore, a notable compromise impacting their digital identity can have a major impact on their life.

To help guide this study, the following research question was formulated, “What are the risk perceptions of individuals, between the ages of 55 and 75 …

Cybersecurity Methods For Grid-Connected Power Electronics, Stephen Joe Moquin

Graduate Theses and Dissertations

The present work shows a secure-by-design process, defense-in-depth method, and security techniques for a secure distributed energy resource. The distributed energy resource is a cybersecure, solar inverter and battery energy storage system prototype, collectively called the Cybersecure Power Router. Consideration is given to the use of the Smart Green Power Node for a foundation of the present work. Metrics for controller security are investigated to evaluate firmware security techniques. The prototype's ability to mitigate, respond to, and recover from firmware integrity degradation is examined. The prototype shows many working security techniques within the context of a grid-connected, distributed energy resource. …

Data Breach Consequences And Responses: A Multi-Method Investigation Of Stakeholders, Hamid Reza Nikkhah

Graduate Theses and Dissertations

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the …

Faculty Perceptions Of Open Educational Resources In Cyber Curriculum: A Pilot Study, Alan Stines

Masters Theses & Doctoral Dissertations

The cyber landscape is growing and evolving at a fast pace. Public and private industries need qualified applicants to protect and defend information systems that drive the digital economy. Currently, there are not enough candidates in the pipeline to fill this need in the workforce. The digital economy is still growing, thus presenting an even greater need for skilled workers in the future. The lack of a strong workforce in cybersecurity presents many challenges to safeguarding U.S. national security and citizens across the world. The William and Flora Hewlett Foundation defines Open Educational Resources (OER) as teaching, learning, and research …

A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey

Honors Program Contracts

Adversaries launch cyberattacks or cyber-exploits with contrasting intentions and desired outcomes. A cyberattack is a malicious attempt by a state, third party, or individual to disrupt a computer’s network; whereas, a cyber-exploit is an action that uncovers and steals “confidential” information from a computer’s data. 1 Within this research paper, the main adversary of such cyberattacks and/or exploits will be the nation-state. The victims of these cyberattacks will range from multinational corporations, such as Sony, to nuclear programs in Iran. This essay will focus on four motivations behind such cyberattacks: (1) private sector hacking (the theft of intellectual property) (2) …

Account Recovery Methods For Two-Factor Authentication (2fa): An Exploratory Study, Lauren Nicole Tiller

Psychology Theses & Dissertations

System administrators have started to adopt two-factor authentication (2FA) to increase user account resistance to cyber-attacks. Systems with 2FA require users to verify their identity using a password and a second-factor authentication device to gain account access. This research found that 60% of users only enroll one second-factor device to their account. If a user’s second factor becomes unavailable, systems are using different procedures to ensure its authorized owner recovers the account. Account recovery is essentially a bypass of the system’s main security protocols and needs to be handled as an alternative authentication process (Loveless, 2018). The current research aimed …

An Empirical Assessment Of The Effectiveness Of Deception For Cyber Defense, Kimberly J. Ferguson-Walter

Doctoral Dissertations

The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques. The Tularosa Study, was designed and conducted to understand how defensive deception, both cyber and psychological, affects cyber attackers Ferguson-Walter et al. [2019c]. More specifically, for this empirical study, cyber deception refers to a decoy system and psychological deception refers to false information of the presence of defensive deception techniques on the network. Over 130 red teamers participated in a network penetration test over two days in which we controlled both the presence of and explicit mention of …

Interoperable Ads-B Confidentiality, Brandon C. Burfeind

Theses and Dissertations

The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit

Theses and Dissertations

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …

Development And Evaluation Of A Security Agent For Internet Of Things, Youngjun Park

Theses and Dissertations

The proposed security agent, Internet of Things Active Management Unit (IoTAMU), provides confidentiality of IoT networks via the following capabilities: (1) authentication, (2) firewall, (3) encryption, and (4) spoofing. To test the spoofer's effect, an Identical Device Model Classifier (IDMC) is developed, which measures the similarities of the observed network signatures of each pair of devices, and recognize identical model devices. The IDMC performs well in baseline network settings without the spoofer, achieving 100% precision, recall, and specificity at high threshold (SS>0.9). When the spoofer is enabled, none of the identical pairs are identified at high threshold, and up …

Sns Use, Risk, And Executive Behavior, Andrew Green

CCE Theses and Dissertations

Andrew Green April 2020 Personal social networking sites (SNS) are popular outlets for people to share information about themselves, their family and friends, and their personal and professional lives. On the surface, the information shared may seem to be innocuous or nonthreatening. However, prior studies have shown that cybercriminals can take information shared via personal SNS and use it to conduct attacks against organizations. Organization executives are of particular interest to cybercriminals because they have access to sensitive data, and they also have the ability to command actions from their subordinates. The purpose of this study was to explore what …

An Empirical Assessment Of Audio/Visual/Haptic Alerts And Warnings To Mitigate Risk Of Phishing Susceptibility In Emails On Mobile Devices, Molly Marie Cooper

CCE Theses and Dissertations

Phishing emails present a threat to both personal and organizational data. Phishing is a cyber-attack using social engineering. About 94% of cybersecurity incidents are due to phishing and/or social engineering. A significant volume of prior literature documented that users are continuing to click on phishing links in emails, even after phishing awareness training. It appears there is a strong need for creative ways to alert and warn users to signs of phishing in emails.

The main goal of the experiments in this study was to measure participants’ time for recognizing signs of phishing in emails, thus, reducing susceptibility to phishing …

Cybersecurity Risk-Responsibility Taxonomy: The Role Of Cybersecurity Social Responsibility In Small Enterprises On Risk Of Data Breach, Keiona Davis

CCE Theses and Dissertations

With much effort being placed on the physical, procedural, and technological solutions for Information Systems (IS) cybersecurity, research studies tend to focus their efforts on large organizations while overlooking very smaller organizations (below 50 employees). This study addressed the failure to prevent data breaches in Very Small Enterprises (VSEs). VSEs contribute significantly to the economy, however, are more prone to cyber-attacks due to the limited risk mitigations on their systems and low cybersecurity skills of their employees. VSEs utilize Point-of-Sale (POS) systems that are exposed to cyberspace, however, they are often not equipped to prevent complex cybersecurity issues that can …

The Social Media Machines: An Investigation Of The Effect Of Trust Moderated By Disinformation On Users’ Decision-Making Process, Zulma Valedon Westney

CCE Theses and Dissertations

Social media networking sites (SMNS) have become a popular communications medium where users share information, knowledge, and persuasion. In less than two decades, social media's (SM) dominance as a communication medium can't be disputed, for good or evil. Combined with the newly found immediacy and pervasiveness, these SM applications' persuasive power are useful weapons for organizations, angry customers, employees, actors, and activists bent on attacking or hacking other individuals, institutions, or systems. Consequently, SM has become the preferred default mechanism of news sources; however, users are unsure if the information gathered is true or false. According to the literature, SMNS …

Protecting The Protector: Mapping The Key Terrain That Supports The Continuous Monitoring Mission Of A Cloud Cybersecurity Service Provider, Chris Bush

CCE Theses and Dissertations

Key terrain is a concept that is relevant to warfare, military strategy, and tactics. A good general maps out terrain to identify key areas to protect in support of a mission (i.e., a bridge allowing for mobility of supplies and reinforcements). Effective ways to map terrain in Cyberspace (KT-C) has been an area of interest for researchers in Cybersecurity ever since the Department of Defense designated Cyberspace as a warfighting domain. The mapping of KT-C for a mission is accomplished by putting forth efforts to understand and document a mission's dependence on Cyberspace and cyber assets. A cloud Cybersecurity Service …

Strategies Used To Mitigate Social Engineering Attacks, Lindiwe T. Hove

Walden Dissertations and Doctoral Studies

Cybercriminal activity performed widely through social engineering attacks is estimated to be one of the substantial challenges the world will face over the next 20 years. Cybercriminal activity is important to chief information security officers (CISOs) because these attacks represent the largest transfer of economic wealth in history and pose risks to the incentives for organizational innovation and investment and eventually become more profitable than the global trade of all major illegal drugs combined. Grounded in the balanced control theory, the purpose of this multiple case study was to explore strategies CISOs use to mitigate social engineering attacks within their …

Cybersecurity Using Risk Management Strategies Of U.S. Government Health Organizations, Ian Cornelius Wilkinson

Walden Dissertations and Doctoral Studies

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to …

It Security Managers' Strategies For Mitigating Data Breaches In Texas School Districts, Mercy Ikhuoria Nwankwo

Walden Dissertations and Doctoral Studies

School districts are increasingly becoming a prime target for cybercriminals. As a result, information technology (IT) security managers in Texas school districts are concerned about hackers gaining access to network resources that could lead to data breaches on their network. Grounded in the technology threat avoidance theory, the purpose of this qualitative multiple case study was to explore strategies IT security managers use to mitigate data breaches in school district networks in Texas. The participants comprised 6 IT security managers in 3 Texas school districts whose roles involved managing and implementing data security strategies. Data collection involved conducting semistructured interviews …

Exploring Strategies For Enforcing Cybersecurity Policies, Bayo Olushola Omoyiola

Walden Dissertations and Doctoral Studies

Some cybersecurity leaders have not enforced cybersecurity policies in their organizations. The lack of employee cybersecurity policy compliance is a significant threat in organizations because it leads to security risks and breaches. Grounded in the theory of planned behavior, the purpose of this qualitative case study was to explore the strategies cybersecurity leaders utilize to enforce cybersecurity policies. The participants were cybersecurity leaders from 3 large organizations in southwest and northcentral Nigeria responsible for enforcing cybersecurity policies. The data collection included semi-structured interviews of participating cybersecurity leaders (n = 12) and analysis of cybersecurity policy documents (n = 20). Thematic …

Obstacles With Data Security: Strategies From Carolina Universities, Yamiah R. Compton

Walden Dissertations and Doctoral Studies

Some university data custodians lack information security strategies to prevent data security breaches. Reducing duplicitous use of personally identifiable information (PII) obtained maliciously from colleges and universities should be important to university data custodians, IT leadership of all levels, state legislators, and individuals that have an interest in moving into the cybersecurity space in higher education. Grounded in general systems theory, the purpose of this multiple qualitative case study was to examine information security strategies that university data custodians use to protect PII collected from staff, students, and other stakeholders. The participants consisted of 15 college and university data custodians …

Gaming Lan Setup With Local And Remote Access And Downloads, Ethelyn Tran

Williams Honors College, Honors Research Projects

The Gaming LAN Setup project aims to design and implement a basic functioning, hardened network that could be utilized locally and remotely to allow users access to respective servers for the option to host a session or join. Users will have the ability to securely log into the internal network to download files via a web interface. The network allows the designated user to take a management position in order to perform basic penetration testing and discover vulnerabilities through various scans to maintain the network