Databases and Information Systems Commons^™

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Cybersecurity Safeguards: What Cybersecurity Safeguards Could Have Prevented The Intelligence/Data Breach By A Member Of The Air National Guard, Christopher Curtis Royal

Cyber Operations and Resilience Program Graduate Projects

Jack Teixeira, a 21-year-old IT specialist Air National Guard found himself on the wrong side of the US law after sharing what is considered classified and extremely sensitive information about USA's operations and role in Ukraine and Russia war. Like other previous cases of leakage of classified intelligence, the case of Teixeira raises concerns about the weaknesses and vulnerability of federal agencies' IT systems and security protocols governing accessibility to classified documents. Internal leakages of such classified documents hurt national security and can harm the country, especially when such secretive intelligence finds its way into the hands of enemies. Unauthorized …

An Analysis And Examination Of Consensus Attacks In Blockchain Networks, Thomas R. Clark

Senior Honors Projects, 2020-current

This paper examines consensus attacks as they relate to blockchain networks. Consensus attacks are a significant threat to the security and integrity of blockchain networks, and understanding these attacks is crucial for developers and stakeholders. The primary contribution of the paper is to present blockchain and consensus attacks in a clear and accessible manner, with the aim of making these complex concepts easily understandable for a general audience. Using literature review, the paper identifies various methods to prevent consensus attacks, including multi-chain networks, proof-of-work consensus algorithms, and network auditing and monitoring. An analysis revealed that these methods for preventing consensus …

An Analysis Of Successful Sqlia For Future Evolutionary Prediction, Andrew Pechin

Senior Honors Theses

Web applications are a fundamental component of the internet, many interact with backend databases. Securing web applications and their databases from hackers should be a top priority for cybersecurity researchers. Structured Query Language (SQL) injection attacks (SQLIA) constitute a significant threat to web applications. They can hijack the backend databases to steal personally identifiable information (PII), initiate scams, or launch more sophisticated cyberattacks. SQLIA has evolved since its conception in the early 2000s and will continue to do so in the coming years. This paper analyzes past literature and successful SQLIA from specific time periods to identify themes and methods …

Generational Information Security Awareness And The Role Of Big Five Personality Traits, Gloria Mccue

Walden Dissertations and Doctoral Studies

AbstractTechnological change drives organizations to safeguard information systems. However, such safeguards are dependent upon people to follow security rules. This study examined generational cohorts and personality traits and their impact on information security awareness. Participants in this study were 137 volunteers who completed an anonymous survey online. Two tools were utilized to collect data from the participants: the Human Aspects of Information Security Questionnaire and the Big Five Inventory, which captured behaviors and personality traits, respectively. The three main generational cohorts represented in the study, Baby Boomers, Generation X, and Generation Y, were in today’s workforce. The results of the …

Perceptions And Knowledge Of Information Security Policy Compliance In Organizational Personnel, Jesus M. Mosqueda

Walden Dissertations and Doctoral Studies

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Perceptions And Knowledge Of Information Security Policy Compliance In Organizational Personnel, Jesus M. Mosqueda

Walden Dissertations and Doctoral Studies

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for …

Strategies For The Reduction Of Cybersecurity Breaches In Hospitals, Donovan M. A. Pottinger

Walden Dissertations and Doctoral Studies

AbstractRecent cyberattacks in hospitals show the urgency of the need to enhance secure information technology (IT) infrastructure. Hospitals are statistically more at cyber risk than all the multiple industries against ransomware, malware, hacking and internal threats. Guided by routine activity theory, the purpose of this exploratory multiple case study was to explore strategies utilized by hospitals' IT security managers to reduce cybersecurity breaches associated with sensitive data. The participants were nine IT security managers from hospitals in the eastern United States. Data were collected via semistructured interviews and supporting documentation from the consenting participants and hospitals' websites. Through thematic analysis, …

Strategies For Cybercrime Prevention In Information Technology Businesses, Sophfronia G. Tucker

Walden Dissertations and Doctoral Studies

Cybercrime continues to be a devastating phenomenon, impacting individuals and businesses across the globe. Information technology (IT) businesses need solutions to defend and secure their data and networks from cyberattacks. Grounded in general systems theory and transformational leadership theory, the purpose of this qualitative multiple case study was to explore strategies IT business leaders use to protect their systems from a cyberattack. The participants included six IT business leaders with experience in cybersecurity or system security in the Midlands region of South Carolina. Data were collected using semistructured interviews and reviews of government standards documents; data were analyzed using thematic …

Strategies Business Leaders Use To Mitigate Online Credit Card Fraud, Clarissa Rosario-Tavarez

Walden Dissertations and Doctoral Studies

Online credit card fraud targeting banks, customers, and businesses costs millions of U.S. dollars annually. Online business leaders face challenges securing and regulating the online payment processing environment. Grounded in the situational crime prevention theory, the purpose of this qualitative multiple case study was to explore strategies online business leaders use to mitigate the loss of revenue caused by online credit card fraud. The participants comprised five online business leaders of an organization in the Southwest of the United States, who implemented strategies that successfully mitigated revenue losses due to online credit card fraud. The data were collected from semistructured …

Impact Of Internal Control, Cybersecurity Risk, And Competitive Advantage On Retail Cybersecurity Budget, Samuel William Pfanstiel

Walden Dissertations and Doctoral Studies

Retail organizations are driven to improve security posture for many reasons, including meeting financial regulation requirements, mitigating threats of data breach, and differentiating themselves within markets affected by customer perception. The problem was that little was known about how these drivers of internal control, cybersecurity risk, and competitive advantage impact retail cybersecurity budgets within the retail sector. The purpose of this quantitative nonexperimental correlational study was to describe the relationship between cybersecurity budget and drivers of internal control, cybersecurity risk, and competitive advantage among U.S.-based retail merchant organizations. Real options theory provided a foundation for explaining this decision-making process. Data …

Employees Breaking Bad With Technology: An Exploratory Analysis Of Human Factors That Drive Cyberspace Insider Threats, Marcus L. Green

USF Tampa Graduate Theses and Dissertations

As implementation of computer systems has continued to grow in business contexts, employee-driven cyberspace infractions have also grown in number. Employee cyberspace behaviors have continued to have detrimental effects on company computer systems. Actions that violate company cybersecurity policies can be either malicious or unmalicious. Solutions, by and large, have been electronic and centered on hardware and software. Those proposing solutions have begun to shift their focus to human risk vulnerabilities.

This study was novel in that its focus was identification of individual, cultural, and technological risk factors that drive cyberspace insider threat activities. Identifying factors that reduce insider threat …

Design And Development Of Techniques To Ensure Integrity In Fog Computing Based Databases, Abdulwahab Fahad S. Alazeb

Graduate Theses and Dissertations

The advancement of information technology in coming years will bring significant changes to the way sensitive data is processed. But the volume of generated data is rapidly growing worldwide. Technologies such as cloud computing, fog computing, and the Internet of things (IoT) will offer business service providers and consumers opportunities to obtain effective and efficient services as well as enhance their experiences and services; increased availability and higher-quality services via real-time data processing augment the potential for technology to add value to everyday experiences. This improves human life quality and easiness. As promising as these technological innovations, they are prone …

A Framework To Detect The Susceptibility Of Employees To Social Engineering Attacks, Hashim H. Alneami

Doctoral Dissertations and Master's Theses

Social engineering attacks (SE-attacks) in enterprises are hastily growing and are becoming increasingly sophisticated. Generally, SE-attacks involve the psychological manipulation of employees into revealing confidential and valuable company data to cybercriminals. The ramifications could bring devastating financial and irreparable reputation loss to the companies. Because SE-attacks involve a human element, preventing these attacks can be tricky and challenging and has become a topic of interest for many researchers and security experts. While methods exist for detecting SE-attacks, our literature review of existing methods identified many crucial factors such as the national cultural, organizational, and personality traits of employees that enable …

Network-Based Detection And Prevention System Against Dns-Based Attacks, Yasir Faraj Mohammed

Graduate Theses and Dissertations

Individuals and organizations rely on the Internet as an essential environment for personal or business transactions. However, individuals and organizations have been primary targets for attacks that steal sensitive data. Adversaries can use different approaches to hide their activities inside the compromised network and communicate covertly between the malicious servers and the victims. The domain name system (DNS) protocol is one of these approaches that adversaries use to transfer stolen data outside the organization's network using various forms of DNS tunneling attacks. The main reason for targeting the DNS protocol is because DNS is available in almost every network, ignored, …

Pause For A Cybersecurity Cause: Assessing The Influence Of A Waiting Period On User Habituation In Mitigation Of Phishing Attacks, Amy Antonucci

CCE Theses and Dissertations

Social engineering costs organizations billions of dollars a year. Social engineering exploits the weakest link of information security systems, the people who are using them. Phishing is a form of social engineering in which the perpetrator depends on the victim’s instinctual thinking towards an email designed to create a fear or excitement response. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are necessary to mitigate phishing.

Kahneman introduced the concepts of …

Strategies For Implementing Internet Of Things Devices In Manufacturing Environments, Todd Efrain Hernandez

Walden Dissertations and Doctoral Studies

The Internet of Things (IoT) has been exploited as a threat vector for cyberattacks in manufacturing environments. Manufacturing industry leaders are concerned with cyberattacks because of the associated costs of damages and lost production for their organizations. Grounded in the general systems theory, the purpose of this multiple case study was to explore strategies electrical controls engineers use to implement secure IoT devices in manufacturing environments. The study participants were eight electrical controls engineers working in three separate manufacturing facilities located in the Midwest region of the United States. The data were collected by semistructured interviews and 15 organizational documents. …

User Awareness And Knowledge Of Cybersecurity And The Impact Of Training In The Commonwealth Of Dominica, Jermaine Jewel Jean-Pierre

Walden Dissertations and Doctoral Studies

The frequency of cyberattacks against governments has increased at an alarming rate and the lack of user awareness and knowledge of cybersecurity has been considered a contributing factor to the increase in cyberattacks and cyberthreats. The purpose of this quantitative experimental study was to explore the role and effectiveness of employee training focused on user awareness of cyberattacks and cybersecurity, with the intent to close the gap in understanding about the level of awareness of cybersecurity within the public sector of the Commonwealth of Dominica. The theoretical framework was Bandura’s social cognitive theory, following the idea that learning occurs in …

Cyberattacks Strategy For Nonprofit Organizations, Yawo Obimpe Kondo

Walden Dissertations and Doctoral Studies

Information system security managers (ISSM) in nonprofits face increased cyberattack cases because nonprofits often use basic technology to save on costs. Nonprofit owners and managers need solutions to secure their data from cyberattacks. Grounded in the general systems theory, the purpose of this qualitative multiple case study was to explore strategies ISSMs at nonprofit organizations employ to protect against cyberattacks. Participants included five IT managers and directors of information technology in charge of security management in nonprofit organizations in Maryland, the District of Columbia, and Virginia. Data was generated through interviews and reviews of archival documents. The data analysis technique …

Digital Identity: A Human-Centered Risk Awareness Study, Toufic N. Chebib

USF Tampa Graduate Theses and Dissertations

Cybersecurity threats and compromises have been at the epicenter of media attention; their risk and effect on people’s digital identity is something not to be taken lightly. Though cyber threats have affected a great number of people in all age groups, this study focuses on 55 to 75-year-olds, as this age group is close to retirement or already retired. Therefore, a notable compromise impacting their digital identity can have a major impact on their life.

To help guide this study, the following research question was formulated, “What are the risk perceptions of individuals, between the ages of 55 and 75 …

Data Breach Consequences And Responses: A Multi-Method Investigation Of Stakeholders, Hamid Reza Nikkhah

Graduate Theses and Dissertations

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the …

Strategies Used To Mitigate Social Engineering Attacks, Lindiwe T. Hove

Walden Dissertations and Doctoral Studies

Cybercriminal activity performed widely through social engineering attacks is estimated to be one of the substantial challenges the world will face over the next 20 years. Cybercriminal activity is important to chief information security officers (CISOs) because these attacks represent the largest transfer of economic wealth in history and pose risks to the incentives for organizational innovation and investment and eventually become more profitable than the global trade of all major illegal drugs combined. Grounded in the balanced control theory, the purpose of this multiple case study was to explore strategies CISOs use to mitigate social engineering attacks within their …

Cybersecurity Using Risk Management Strategies Of U.S. Government Health Organizations, Ian Cornelius Wilkinson

Walden Dissertations and Doctoral Studies

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to …

It Security Managers' Strategies For Mitigating Data Breaches In Texas School Districts, Mercy Ikhuoria Nwankwo

Walden Dissertations and Doctoral Studies

School districts are increasingly becoming a prime target for cybercriminals. As a result, information technology (IT) security managers in Texas school districts are concerned about hackers gaining access to network resources that could lead to data breaches on their network. Grounded in the technology threat avoidance theory, the purpose of this qualitative multiple case study was to explore strategies IT security managers use to mitigate data breaches in school district networks in Texas. The participants comprised 6 IT security managers in 3 Texas school districts whose roles involved managing and implementing data security strategies. Data collection involved conducting semistructured interviews …

Exploring Strategies For Enforcing Cybersecurity Policies, Bayo Olushola Omoyiola

Walden Dissertations and Doctoral Studies

Some cybersecurity leaders have not enforced cybersecurity policies in their organizations. The lack of employee cybersecurity policy compliance is a significant threat in organizations because it leads to security risks and breaches. Grounded in the theory of planned behavior, the purpose of this qualitative case study was to explore the strategies cybersecurity leaders utilize to enforce cybersecurity policies. The participants were cybersecurity leaders from 3 large organizations in southwest and northcentral Nigeria responsible for enforcing cybersecurity policies. The data collection included semi-structured interviews of participating cybersecurity leaders (n = 12) and analysis of cybersecurity policy documents (n = 20). Thematic …

Obstacles With Data Security: Strategies From Carolina Universities, Yamiah R. Compton

Walden Dissertations and Doctoral Studies

Some university data custodians lack information security strategies to prevent data security breaches. Reducing duplicitous use of personally identifiable information (PII) obtained maliciously from colleges and universities should be important to university data custodians, IT leadership of all levels, state legislators, and individuals that have an interest in moving into the cybersecurity space in higher education. Grounded in general systems theory, the purpose of this multiple qualitative case study was to examine information security strategies that university data custodians use to protect PII collected from staff, students, and other stakeholders. The participants consisted of 15 college and university data custodians …

Detecting Cyberattacks In Industrial Control Systems Using Online Learning Algorithms, Guangxia Li, Yulong Shen, Peilin Zhao, Xiao Lu, Jia Liu, Yangyang Liu, Steven C. H. Hoi

Research Collection School Of Computing and Information Systems

Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace-the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …