Physical Sciences and Mathematics Commons^™

Cross Domain Iw Threats To Sof Maritime Missions: Implications For U.S. Sof, Gary C. Kessler, Diane M. Zorri

Publications

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable.

How The Growth Of Technology Has Forced Accounting Firms To Put An Emphasis On Cybersecurity, Holden Halbach

Accounting Undergraduate Honors Theses

The advancement of technology has brought many changes to accounting firms. Computer applications such as Microsoft Excel have made calculators and physical spreadsheets obsolete. Then with the introduction of cloud computing employees can store, access, and exchange large amounts of data instantaneously from any location. These technological innovations have increased the accuracy and efficiency of firms substantially. However, this growth in technology has shown the importance of putting an emphasis on cybersecurity throughout the accounting industry. The emphasis placed on cybersecurity throughout accounting firms is more prevalent than any other industry. This is primarily because accounting firms not only deal …

A Framework To Detect The Susceptibility Of Employees To Social Engineering Attacks, Hashim H. Alneami

Doctoral Dissertations and Master's Theses

Social engineering attacks (SE-attacks) in enterprises are hastily growing and are becoming increasingly sophisticated. Generally, SE-attacks involve the psychological manipulation of employees into revealing confidential and valuable company data to cybercriminals. The ramifications could bring devastating financial and irreparable reputation loss to the companies. Because SE-attacks involve a human element, preventing these attacks can be tricky and challenging and has become a topic of interest for many researchers and security experts. While methods exist for detecting SE-attacks, our literature review of existing methods identified many crucial factors such as the national cultural, organizational, and personality traits of employees that enable …

Cybersecurity Legislation And Ransomware Attacks In The United States, 2015-2019, Joseph Skertic

Graduate Program in International Studies Theses & Dissertations

Ransomware has rapidly emerged as a cyber threat which costs the global economy billions of dollars a year. Since 2015, ransomware criminals have increasingly targeted state and local government institutions. These institutions provide critical infrastructure – e.g., emergency services, water, and tax collection – yet they often operate using outdated technology due to limited budgets. This vulnerability makes state and local institutions prime targets for ransomware attacks. Many states have begun to realize the growing threat from ransomware and other cyber threats and have responded through legislative action. When and how is this legislation effective in preventing ransomware attacks? This …

Cyber Supply Chain Risk Management: Implications For The Sof Future Operating Environment, J. Philip Craiger, Laurie Lindamood-Craiger, Diane M. Zorri

Publications

The emerging Cyber Supply Chain Risk Management (C-SCRM) concept assists at all levels of the supply chain in managing and mitigating risks, and the authors define C-SCRM as the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology products and service supply chains. As Special Operations Forces increasingly rely on sophisticated hardware and software products, this quick, well-researched monograph provides a detailed accounting of C-SCRM associated laws, regulations, instructions, tools, and strategies meant to mitigate vulnerabilities and risks—and how we might best manage the evolving and ever-changing array of …

Cybersecurity Risk Assessment Using Graph Theoretical Anomaly Detection And Machine Learning, Goksel Kucukkaya

Engineering Management & Systems Engineering Theses & Dissertations

The cyber domain is a great business enabler providing many types of enterprises new opportunities such as scaling up services, obtaining customer insights, identifying end-user profiles, sharing data, and expanding to new communities. However, the cyber domain also comes with its own set of risks. Cybersecurity risk assessment helps enterprises explore these new opportunities and, at the same time, proportionately manage the risks by establishing cyber situational awareness and identifying potential consequences. Anomaly detection is a mechanism to enable situational awareness in the cyber domain. However, anomaly detection also requires one of the most extensive sets of data and features …

Reflections On Setting Up The Cyber Range Intrusion Detection System, William Pearson

WWU Honors College Senior Projects

A short reflection on the project to set up an Intrusion Detection System for the Cyber Range at Western Washington University Poulsbo.

Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze

Theses and Dissertations

Within the realm of High Performance Computing, the InfiniBand Architecture is among the leading interconnects used today. Capable of providing high bandwidth and low latency, InfiniBand is finding applications outside the High Performance Computing domain. One of these is critical infrastructure, encompassing almost all essential sectors as the work force becomes more connected. InfiniBand is not immune to security risks, as prior research has shown that common traffic analyzing tools cannot effectively monitor InfiniBand traffic transmitted between hosts, due to the kernel bypass nature of the IBA in conjunction with Remote Direct Memory Access operations. If Remote Direct Memory Access …

Anomaly Detection And Encrypted Programming Forensics For Automation Controllers, Robert W. Mellish

Theses and Dissertations

Securing the critical infrastructure of the United States is of utmost importance in ensuring the security of the nation. To secure this complex system a structured approach such as the NIST Cybersecurity framework is used, but systems are only as secure as the sum of their parts. Understanding the capabilities of the individual devices, developing tools to help detect misoperations, and providing forensic evidence for incidence response are all essential to mitigating risk. This thesis examines the SEL-3505 RTAC to demonstrate the importance of existing security capabilities as well as creating new processes and tools to support the NIST Framework. …

Role Of Artificial Intelligence In The Internet Of Things (Iot) Cybersecurity, Murat Kuzlu, Corinne Fair, Ozgur Guler

Engineering Technology Faculty Publications

In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these …

Lorawan Device Security And Energy Optimization, John A. Stranahan Jr.

Theses and Dissertations

Resource-constrained devices are commonly connected to a network and become "things" that make up the Internet of Things (IoT). Many industries are interested in cost-effective, reliable, and cyber secure sensor networks due to the ever-increasing connectivity and benefits of IoT devices. The full advantages of IoT devices are seen in a long-range and remote context. However, current IoT platforms show many obstacles to achieve a balance between power efficiency and cybersecurity. Battery-powered sensor nodes can reliably send data over long distances with minimal power draw by adopting Long-Range (LoRa) wireless radio frequency technology. With LoRa, these devices can stay active …

Applying High Impact Practices In An Interdisciplinary Cybersecurity Program, Brian K. Payne, Lisa Mayes, Tisha Paredes, Elizabeth Smith, Hongyi Wu, Chunsheng Xin

Journal of Cybersecurity Education, Research and Practice

The Center for Cybersecurity Education and Research at Old Dominion University has expanded its use of high impact practices in the university’s undergraduate cybersecurity degree program. Strategies developed to promote student learning included learning communities, undergraduate research, a robust internship program, service learning, and electronic portfolios. This paper reviews the literature on these practices, highlights the way that they were implemented in our cybersecurity program, and discusses some of the challenges encountered with each practice. Although the prior literature on high impact practices rarely touches on cybersecurity coursework, the robust evidence of the success of those practices provides a sound …

Fireeye: Cybersecurity In Action, Singapore Management University

Perspectives@SMU

FireEye built its success on its ‘Human + AI’ philosophy. But can a cybersecurity firm get ahead of the attackers and predict an attack…on itself?

Pause For A Cybersecurity Cause: Assessing The Influence Of A Waiting Period On User Habituation In Mitigation Of Phishing Attacks, Amy Antonucci

CCE Theses and Dissertations

Social engineering costs organizations billions of dollars a year. Social engineering exploits the weakest link of information security systems, the people who are using them. Phishing is a form of social engineering in which the perpetrator depends on the victim’s instinctual thinking towards an email designed to create a fear or excitement response. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are necessary to mitigate phishing.

Kahneman introduced the concepts of …

An Empirical Assessment Of Users' Information Security Protection Behavior Towards Social Engineering Breaches, Nisha Jatin Patel

CCE Theses and Dissertations

User behavior is one of the most significant information security risks. Information Security is all about being aware of who and what to trust and behaving accordingly. Due to technology becoming an integral part of nearly everything in people's daily lives, the organization's need for protection from security threats has continuously increased. Social engineering is the act of tricking a user into revealing information or taking action. One of the riskiest aspects of social engineering is that it depends mainly upon user errors and is not necessarily a technology shortcoming. User behavior should be one of the first apprehensions when …

Human Errors In Data Breaches: An Exploratory Configurational Analysis, Gabriel A. Cornejo

CCE Theses and Dissertations

Information Systems (IS) are critical for employee productivity and organizational success. Data breaches are on the rise—with thousands of data breaches accounting for billions of records breached and annual global cybersecurity costs projected to reach $10.5 trillion by 2025. A data breach is the unauthorized disclosure of sensitive information—and can be achieved intentionally or unintentionally. Significant causes of data breaches are hacking and human error; in some estimates, human error accounted for about a quarter of all data breaches in 2018. Furthermore, the significance of human error on data breaches is largely underrepresented, as hackers often capitalize on organizational users’ …

Cyberattacks Strategy For Nonprofit Organizations, Yawo Obimpe Kondo

Walden Dissertations and Doctoral Studies

Information system security managers (ISSM) in nonprofits face increased cyberattack cases because nonprofits often use basic technology to save on costs. Nonprofit owners and managers need solutions to secure their data from cyberattacks. Grounded in the general systems theory, the purpose of this qualitative multiple case study was to explore strategies ISSMs at nonprofit organizations employ to protect against cyberattacks. Participants included five IT managers and directors of information technology in charge of security management in nonprofit organizations in Maryland, the District of Columbia, and Virginia. Data was generated through interviews and reviews of archival documents. The data analysis technique …

User Awareness And Knowledge Of Cybersecurity And The Impact Of Training In The Commonwealth Of Dominica, Jermaine Jewel Jean-Pierre

Walden Dissertations and Doctoral Studies

The frequency of cyberattacks against governments has increased at an alarming rate and the lack of user awareness and knowledge of cybersecurity has been considered a contributing factor to the increase in cyberattacks and cyberthreats. The purpose of this quantitative experimental study was to explore the role and effectiveness of employee training focused on user awareness of cyberattacks and cybersecurity, with the intent to close the gap in understanding about the level of awareness of cybersecurity within the public sector of the Commonwealth of Dominica. The theoretical framework was Bandura’s social cognitive theory, following the idea that learning occurs in …

Security Awareness Strategies Used In The Prevention Of Cybercrimes By Cybercriminals, Pascal Pouani Tientcheu

Walden Dissertations and Doctoral Studies

Cybercrime is a growing phenomenon that impacts many lives worldwide. Businesses, organizations, and governments continue to search for ways to protect their data and intellectual property from cybercrimes. Grounded in the routine activity theory, the purpose of this general qualitative study was to explore strategies information security officers used to prevent cybercrimes. The participants included seven information security officers listed on social media who manage information security within organizations located in the northeast geographic region of the United States. Data were collected using semistructured interviews, the National Institute of Standards and Technology documentations and analyzed using thematic analysis. Four key …

Strategies For Implementing Internet Of Things Devices In Manufacturing Environments, Todd Efrain Hernandez

Walden Dissertations and Doctoral Studies

The Internet of Things (IoT) has been exploited as a threat vector for cyberattacks in manufacturing environments. Manufacturing industry leaders are concerned with cyberattacks because of the associated costs of damages and lost production for their organizations. Grounded in the general systems theory, the purpose of this multiple case study was to explore strategies electrical controls engineers use to implement secure IoT devices in manufacturing environments. The study participants were eight electrical controls engineers working in three separate manufacturing facilities located in the Midwest region of the United States. The data were collected by semistructured interviews and 15 organizational documents. …

Cybersecurity Analysis Of Load Frequency Control In Power Systems: A Survey, Sahaj Saxena, Sajal Bhatia, Rahul Gupta

School of Computer Science & Engineering Faculty Publications

Today, power systems have transformed considerably and taken a new shape of geographically distributed systems from the locally centralized systems thereby leading to a new infrastructure in the framework of networked control cyber-physical system (CPS). Among the different important operations to be performed for smooth generation, transmission, and distribution of power, maintaining the scheduled frequency, against any perturbations, is an important one. The load frequency control (LFC) operation actually governs this frequency regulation activity after the primary control. Due to CPS nature, the LFC operation is vulnerable to attacks, both from physical and cyber standpoints. The cyber-attack strategies ranges from …

Deapsecure Computational Training For Cybersecurity Students: Improvements, Mid-Stage Evaluation, And Lessons Learned, Wirawan Purwanto, Yuming He, Jewel Ossom, Qiao Zhang, Liuwan Zhu, Karina Arcaute, Masha Sosonkina, Hongyi Wu

University Administration Publications

DeapSECURE is a non-degree computational training program that provides a solid high-performance computing (HPC) and big-data foundation for cybersecurity students. DeapSECURE consists of six modules covering a broad spectrum of topics such as HPC platforms, big-data analytics, machine learning, privacy-preserving methods, and parallel programming. In the second year of this program, to improve the learning experience, we implemented a number of changes, such as grouping modules into two broad categories, "big-data" and "HPC"; creating a single cybersecurity storyline across the modules; and introducing post-workshop (optional) "hackshops." Two major goals of these changes are, firstly, to effectively engage students to maintain …

Preforming A Vulnerability Assessment On A Secured Network, Mathias Sovine

Williams Honors College, Honors Research Projects

A computer network will be built using 3 routers, 1 switch, and 4 computers. The network will be used to simulate the connections between an at home office and the internet. The network will be divided into 3 sub-networks. The routers will be secured using methods like access control lists, changing default admin passwords, and network encryption. The switch will be secured using methods like switchport security and setting access passwords. Once the network is secured, three penetration testing techniques and three exploits will be performed on the network. The results of the exploits and penetration testing techniques will be …

Language-Based Analysis Of Differential Privacy, Chukwunweike Abuah

Graduate College Dissertations and Theses

Differential privacy (Dwork, 2006; Dwork et al., 2006a) has achieved prominence over the past decade as a rigorous formal foundation upon which diverse tools and mechanisms for performing private data analysis can be built. The guarantee of differential privacy is that it protects privacy at the individual level: if the result of a differentially private query or operation on a dataset is publicly released, any individual present in that dataset can claim plausible deniability. This means that any participating individual can deny the presence of their information in the dataset based on the query result, because differentially private queries introduce …

The Effects Of Security Framing, Time Pressure, And Brand Familiarity On Risky Mobile Application Downloads, Cody Parker

Psychology Theses & Dissertations

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect …

Digital Identity: A Human-Centered Risk Awareness Study, Toufic N. Chebib

USF Tampa Graduate Theses and Dissertations

Cybersecurity threats and compromises have been at the epicenter of media attention; their risk and effect on people’s digital identity is something not to be taken lightly. Though cyber threats have affected a great number of people in all age groups, this study focuses on 55 to 75-year-olds, as this age group is close to retirement or already retired. Therefore, a notable compromise impacting their digital identity can have a major impact on their life.

To help guide this study, the following research question was formulated, “What are the risk perceptions of individuals, between the ages of 55 and 75 …

Cyber-Situational Crime Prevention And The Breadth Of Cybercrimes Among Higher Education Institutions, Sinchul Back, Jennifer Laprade

International Journal of Cybersecurity Intelligence & Cybercrime

Academic institutions house enormous amounts of critical information from social security numbers of students to proprietary research data. Thus, maintaining up to date cybersecurity practices to protect academic institutions’ information and facilities against cyber-perpetrators has become a top priority. The purpose of this study is to assess common cybersecurity measures through a situational crime prevention (SCP) theoretical framework. Using a national data set of academic institutions in the United States, this study investigates the link between common cybersecurity measures, crime prevention activities, and cybercrimes. By focusing on the conceptualization of cybersecurity measures as SCP techniques, this study also offers the …

Proposal For The Development And Addition Of A Cybersecurity Assessment Section Into Technology Involving Global Public Health, Stanley Mierzwa, Saumya Ramarao, Jung Ah Yun, Bok Gyo Jeong

International Journal of Cybersecurity Intelligence & Cybercrime

This paper discusses and proposes the inclusion of a cyber or security risk assessment section during the course of public health initiatives involving the use of information and communication computer technology. Over the last decade, many public health research efforts have included information technologies such as Mobile Health (mHealth), Electronic Health (eHealth), Telehealth, and Digital Health to assist with unmet global development health needs. This paper provides a background on the lack of documentation on cybersecurity risks or vulnerability assessments in global public health areas. This study suggests existing frameworks and policies be adopted for public health. We also propose …

Toward Mitigating, Minimizing, And Preventing Cybercrimes And Cybersecurity Risks, Claire Seungeun Lee

International Journal of Cybersecurity Intelligence & Cybercrime

Cybercrime and cybersecurity are emerging fields of research, shaped by technological developments. Scholars in these interconnected fields have studied different types of cybercrimes as well as victimization and offending. Increasingly, some of these scholars have focused on the ways in which cybercrimes can be mitigated, minimized, and even prevented. However, such strategies are often difficult to achieve in reality due to the human and technical factors surrounding cybercrimes. In this issue of the International Journal of Cybersecurity Intelligence and Cybercrime, three papers adequately address such challenges using college student samples and nationally representative samples, as well as a framework through …

Lecture - Csci 275: Linux Systems Administration And Security, Moe Hassan, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for CSCI 275: Linux Systems Administration and Security