Physical Sciences and Mathematics Commons^™

Perceptions And Knowledge Of Information Security Policy Compliance In Organizational Personnel, Jesus M. Mosqueda

Walden Dissertations and Doctoral Studies

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Perceptions And Knowledge Of Information Security Policy Compliance In Organizational Personnel, Jesus M. Mosqueda

Walden Dissertations and Doctoral Studies

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for …

A Study Of The Effect Of Types Of Organizational Culture On Information Security Procedural Countermeasures, Sheri James

CCE Theses and Dissertations

This study examined the impact of specific organizational cultures on information security procedural countermeasures (ISPC). With increasing security incidents and data breaches, organizations acknowledge that people are their greatest asset as well as a vulnerability. Previous research into information security procedural controls has centered on behavioral, cognitive, and social theories; some literature incorporates general notions of organization culture yet there is still an absence in socio-organizational studies dedicated to elucidating how information security policy (ISP) compliance can be augmented by implementing comprehensive security education, training, and awareness (SETA) programs focusing on education, training, and awareness initiatives.

A theoretical model was …

A Different Way To Penetrate Nba Defenses, Trey Trucksis

Williams Honors College, Honors Research Projects

This project proposal will document the design, configuration, and penetration testing of a network consisting of three routers (labeled as Lakers, Celtics, Cavaliers), one switch (labeled as NBA), and three end devices (labeled as Kali, Windows 10, and Ubuntu) each connected to one of three routers present on the network. Each router will be attached to a different subnet on the network. The network will be secured using encrypted passwords on the router interfaces, OSPF MD5 authentication between the routers, port security on the switch, as well as Access Control Lists to to control the privileges of each subnetwork accordingly. …

Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization …

Information Systems Security Countermeasures: An Assessment Of Older Workers In Indonesian Small And Medium-Sized Businesses, Hari Samudra Roosman

CCE Theses and Dissertations

Information Systems (IS) misuse can result in cyberattacks such as denial-of-service, phishing, malware, and business email compromise. The study of factors that contribute to the misuse of IS resources is well-documented and empirical research has supported the value of approaches that can be used to deter IS misuse among employees; however, age and cultural nuances exist. Research focusing on older workers and how they can help to deter IS misuse among employees and support cybersecurity countermeasures within developing countries is in its nascent stages. The goal of this study was two-fold. The first goal was to assess what older workers …

An Empirical Examination Of The Impact Of Organizational Injustice And Negative Affect On Attitude And Non-Compliance With Information Security Policy, Celestine Kemah

CCE Theses and Dissertations

Employees’ non-compliance with Information Security (IS) policies is an important socio-organizational issue that represents a serious threat to the effective management of information security programs in organizations. Prior studies have demonstrated that information security policy (ISP) violation in the workplace is a common significant problem in organizations. Some of these studies have earmarked the importance of this problem by drawing upon cognitive processes to explain compliance with information security policies, while others have focused solely on factors related to non-compliance behavior, one of which is affect. Despite the findings from these studies, there is a dearth of extant literature that …

Strategies For Implementing Internet Of Things Devices In Manufacturing Environments, Todd Efrain Hernandez

Walden Dissertations and Doctoral Studies

The Internet of Things (IoT) has been exploited as a threat vector for cyberattacks in manufacturing environments. Manufacturing industry leaders are concerned with cyberattacks because of the associated costs of damages and lost production for their organizations. Grounded in the general systems theory, the purpose of this multiple case study was to explore strategies electrical controls engineers use to implement secure IoT devices in manufacturing environments. The study participants were eight electrical controls engineers working in three separate manufacturing facilities located in the Midwest region of the United States. The data were collected by semistructured interviews and 15 organizational documents. …

An Empirical Examination Of The Computer Security Behaviors Of Telecommuters Working With Confidential Data Through Leveraging The Factors From Fear Appeals Model (Fam), Titus Dohnfon Fofung

CCE Theses and Dissertations

Computer users’ security compliance behaviors can be better understood by devising an experimental study to examine how fear appeals might impact users’ security behavior. Telecommuter security behavior has become very relevant in information systems (IS) research with the growing number of individuals working from home. The increasing dependence on telecommuting to enhance the viability and convenience has created an urgency with the advent of the COVID-19 pandemic to examine the behavior of users working at home across a corporate network. The home networks are usually not as secure as those in corporate settings. There is seldom a firewall setting and …

Examination Of Corporate Investments In Privacy: An Event Study, Joseph Michael Squillace

CCE Theses and Dissertations

The primary objective of any corporate entity is generating as much wealth as possible. Investing financially in technology domains has historically been a successful strategy for generating increased corporate and shareholder wealth. However, investments in Information Technology (IT), Information Systems (IS) and Information Security (InfoSec) to specifically generate increased wealth must be implemented carefully.

Shareholders reacting to corporate investments perceive financial value from individual investments. The investment’s perceived value is then reflected in the corporation’s updated stock market value. IS, IT, and InfoSec investments perceived to possess positive financial value, indicating strong potential for increased wealth, are rewarded by shareholders …

An Empirical Assessment Of Users' Information Security Protection Behavior Towards Social Engineering Breaches, Nisha Jatin Patel

CCE Theses and Dissertations

User behavior is one of the most significant information security risks. Information Security is all about being aware of who and what to trust and behaving accordingly. Due to technology becoming an integral part of nearly everything in people's daily lives, the organization's need for protection from security threats has continuously increased. Social engineering is the act of tricking a user into revealing information or taking action. One of the riskiest aspects of social engineering is that it depends mainly upon user errors and is not necessarily a technology shortcoming. User behavior should be one of the first apprehensions when …

Establishing Blockchain-Related Security Controls, Maitha Ali Mohammed Hamad Al Ketbi

Theses

Blockchain technology is a secure and relatively new technology of distributed digital ledgers which is based on interlinked blocks of transactions. There is a rapid growth in the adoption of the blockchain technology in different solutions and applications and within different industries throughout the world, such as but not limited to, finance, supply chain, digital identity, energy, healthcare, real estate and government. Blockchain technology has great benefits such as decentralization, transparency, immutability and automation. Like any other emerging technology, the blockchain technology has also several risks and threats associated with its expected benefits which in turns could have a negative …

Compound Effects Of Clock And Voltage Based Power Side-Channel Countermeasures, Jacqueline Lagasse

Masters Theses

The power side-channel attack, which allows an attacker to derive secret information from power traces, continues to be a major vulnerability in many critical systems. Numerous countermeasures have been proposed since its discovery as a serious vulnerability, including both hardware and software implementations. Each countermeasure has its own drawback, with some of the highly effective countermeasures incurring large overhead in area and power. In addition, many countermeasures are quite invasive to the design process, requiring modification of the design and therefore additional validation and testing to ensure its accuracy. Less invasive countermeasures that do not require directly modifying the system …

The Influence Of Cognitive Factors And Personality Traits On Mobile Device User's Information Security Behavior, Nils Lau

CCE Theses and Dissertations

As individuals have become more dependent on mobile devices to communicate, to seek information, and to conduct business, their susceptibility to various threats to information security has also increased. Research has consistently shown that a user’s intention is a significant antecedent of information security behavior. Although research on user’s intention has expanded in the last few years, not enough is known about how cognitive factors and personality traits impact the adoption and use of mobile device security technologies.

The purpose of this research was to empirically investigate the influence of cognitive factors and personality traits on mobile device user’s intention …

Sns Use, Risk, And Executive Behavior, Andrew Green

CCE Theses and Dissertations

Andrew Green April 2020 Personal social networking sites (SNS) are popular outlets for people to share information about themselves, their family and friends, and their personal and professional lives. On the surface, the information shared may seem to be innocuous or nonthreatening. However, prior studies have shown that cybercriminals can take information shared via personal SNS and use it to conduct attacks against organizations. Organization executives are of particular interest to cybercriminals because they have access to sensitive data, and they also have the ability to command actions from their subordinates. The purpose of this study was to explore what …

Exploring Strategies For Implementing Information Security Training And Employee Compliance Practices, Alan Robert Dawson

Walden Dissertations and Doctoral Studies

Humans are the weakest link in any information security (IS) environment. Research has shown that humans account for more than half of all security incidents in organizations. The purpose of this qualitative case study was to explore the strategies IS managers use to provide training and awareness programs that improve compliance with organizational security policies and reduce the number of security incidents. The population for this study was IS security managers from 2 organizations in Western New York. Information theory and institutional isomorphism were the conceptual frameworks for this study. Data collection was performed using face-to-face interviews with IS managers …

User Information Security Behavior In Professional Virtual Communities: A Technology Threat Avoidance Approach, Vivienne Forrester

CCE Theses and Dissertations

The popularization of professional virtual communities (PVCs) as a platform for people to share experiences and knowledge has produced a paradox of convenience versus security. The desire to communicate results in disclosure where users experience ongoing professional and social interaction. Excessive disclosure and unsecured user security behavior in PVCs increase users’ vulnerability to technology threats. Nefarious entities frequently use PVCs such as LinkedIn to launch digital attacks. Hence, users are faced with a gamut of technology threats that may cause harm to professional and personal lives. Few studies, however, have examined users’ information security behavior and their motivation to engage …

Feature Set Selection For Improved Classification Of Static Analysis Alerts, Kathleen Goeschel

CCE Theses and Dissertations

With the extreme growth in third party cloud applications, increased exposure of applications to the internet, and the impact of successful breaches, improving the security of software being produced is imperative. Static analysis tools can alert to quality and security vulnerabilities of an application; however, they present developers and analysts with a high rate of false positives and unactionable alerts. This problem may lead to the loss of confidence in the scanning tools, possibly resulting in the tools not being used. The discontinued use of these tools may increase the likelihood of insecure software being released into production. Insecure software …

An Examination Of User Detection Of Business Email Compromise Amongst Corporate Professionals, Shahar Sean Aviv

CCE Theses and Dissertations

With the evolution in technology and increase in utilization of the public Internet, Internet-based mobile applications, and social media, security risks for organizations have greatly increased. While corporations leverage social media as an effective tool for customer advertisements, the abundance of information available via public channels along with the growth in Internet connections to corporate networks including mobile applications, have made cyberattacks attractive for cybercriminals. Cybercrime against organizations is a daily threat and targeting companies of all sizes. Cyberattacks are continually evolving and becoming more complex that make it difficult to protect against with traditional security methods. Cybercriminals utilize email …

Public Servants' Perceptions Of The Cybersecurity Posture Of The Local Government In Puerto Rico, Julio C. Rodriguez

Walden Dissertations and Doctoral Studies

The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination …

A Resource View Of Information Security Incident Response, Mark-David J. Mclaughlin

2018

This dissertation investigates managerial and strategic aspects of InfoSec incident preparation and response. This dissertation is presented in four chapters:

Chapter 1: an introduction

Chapter 2: a systematic literature review

Chapter 3: two field-based case studies of InfoSec incident response processes

Chapter 4: a repertory grid study identifying characteristics of effective individual incident responders.

Together these chapters demonstrate that the lenses of the Resource Based View, Theory of Complementary Resources, and Accounting Control Theory, can be combined to classify and analyze the resources organizations use during incident response. I find that incident response is maturing as a discipline and organizations …

Exploring Sme Vulnerabilities To Cyber-Criminal Activities Through Employee Behavior And Internet Access, Jerry Allen Twisdale

Walden Dissertations and Doctoral Studies

Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies …

Computational Environment For Modeling And Analysing Network Traffic Behaviour Using The Divide And Recombine Framework, Ashrith Barthur

Open Access Dissertations

There are two essential goals of this research. The first goal is to design and construct a computational environment that is used for studying large and complex datasets in the cybersecurity domain. The second goal is to analyse the Spamhaus blacklist query dataset which includes uncovering the properties of blacklisted hosts and understanding the nature of blacklisted hosts over time.

The analytical environment enables deep analysis of very large and complex datasets by exploiting the divide and recombine framework. The capability to analyse data in depth enables one to go beyond just summary statistics in research. This deep analysis is …

Packet Filter Performance Monitor (Anti-Ddos Algorithm For Hybrid Topologies), Ibrahim M. Waziri

Open Access Dissertations

DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website.

With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security …

Monitoring Dbms Activity To Detect Insider Threat Using Query Selectivity, Prajwal B. Hegde

Open Access Theses

The objective of the research presented in this thesis is to evaluate the importance of query selectivity for monitoring DBMS activity and detect insider threat. We propose query selectivity as an additional component to an existing anomaly detection system (ADS). We first look at the advantages of working with this particular ADS. This is followed by a discussion about some existing limitations in the anomaly detection system (ADS) and how it affects its overall performance. We look at what query selectivity is and how it can help improve upon the existing limitations of the ADS. The system is then implemented …

Evaluating The Gasday Security Policy Through Penetration Testing And Application Of The Nist Cybersecurity Framework, Andrew Nicholas Kirkham

Master's Theses (2009 -)

This thesis explores cybersecurity from the perspective of the Marquette University GasDay lab. We analyze three different areas of cybersecurity in three independent chapters. Our goal is to improve the cybersecurity capabilities of GasDay, Marquette University, and the natural gas industry. We present network penetration testing as a process of attempting to gain access to resources of GasDay without prior knowledge of any valid credentials. We discuss our method of identifying potential targets using industry standard reconnaissance methods. We outline the process of attempting to gain access to these targets using automated tools and manual exploit creation. We propose several …

Leveraging Client Processing For Location Privacy In Mobile Local Search, Wisam Mohamed Eltarjaman

Electronic Theses and Dissertations

Usage of mobile services is growing rapidly. Most Internet-based services targeted for PC based browsers now have mobile counterparts. These mobile counterparts often are enhanced when they use user's location as one of the inputs. Even some PC-based services such as point of interest Search, Mapping, Airline tickets, and software download mirrors now use user's location in order to enhance their services. Location-based services are exactly these, that take the user's location as an input and enhance the experience based on that. With increased use of these services comes the increased risk to location privacy. The location is considered an …

Development Of A Cybersecurity Skills Index: A Scenarios-Based, Hands-On Measure Of Non-It Professionals' Cybersecurity Skills, Melissa Carlton

CCE Theses and Dissertations

Completing activities online are a part of everyday life, both professionally and personally. But, conducting daily operations, interacting, and sharing information on the Internet does not come without its risks as well as a potential for harm. Substantial financial and information losses for individuals, organizations, and governments are reported regularly due to vulnerabilities as well as breaches caused by insiders. Although advances in Information Technology (IT) have been significant over the past several decades when it comes to protection of corporate information systems (IS), human errors and social engineering appear to prevail in circumventing such IT protections. While most employees …