Information Security Commons^™

Cross Domain Iw Threats To Sof Maritime Missions: Implications For U.S. Sof, Gary C. Kessler, Diane M. Zorri

Publications

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable.

Cyber Supply Chain Risk Management: Implications For The Sof Future Operating Environment, J. Philip Craiger, Laurie Lindamood-Craiger, Diane M. Zorri

Publications

The emerging Cyber Supply Chain Risk Management (C-SCRM) concept assists at all levels of the supply chain in managing and mitigating risks, and the authors define C-SCRM as the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology products and service supply chains. As Special Operations Forces increasingly rely on sophisticated hardware and software products, this quick, well-researched monograph provides a detailed accounting of C-SCRM associated laws, regulations, instructions, tools, and strategies meant to mitigate vulnerabilities and risks—and how we might best manage the evolving and ever-changing array of …

Cyber Insurance Effects On Cyber Hygiene: Does The Homeostatic Effect Apply?, Wendi M. Kappers, Aaron Glassman, Michael S. Wills

Publications

A theoretical framework and research strategy is proposed to gain insight into perceptions and decisions as to how SMBs make decisions regarding cybersecurity hygiene measures, which could lead to betterinformed decisions regarding insurance as part of an ISA program, as well as have a bearing on policy structures and pricing for such insurance. This is because the definition of “cybersecurity hygiene habits”(CHH) as a task appears to vary within the industry and makes the practice hard to measure and evaluate. Research suggests that there may be a poorly understood connection between CHHs undertaken by organizations and their perceptions and/or adoption …

From Degree To Chief Information Security Officer (Ciso): A Framework For Consideration, Wendi M. Kappers, Martha Nanette Harrell,

Publications

Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master’s level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner’s world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears …

Design Of Personnel Big Data Management System Based On Blockchain, Houbing Song, Jian Chen, Zhihan Lv

Publications

With the continuous development of information technology, enterprises, universities and governments are constantly stepping up the construction of electronic personnel information management system. The information of hundreds of thousands or even millions of people’s information are collected and stored into the system. So much information provides the cornerstone for the development of big data, if such data is tampered with or leaked, it will cause irreparable serious damage. However, in recent years, electronic archives have exposed a series of problems such as information leakage, information tampering, and information loss, which has made the reform of personnel information management more and …

Cybersecurity In The Maritime Domain, Gary C. Kessler

Publications

In 2017 and 2018, the maritime industry saw a record number of attempted—and many successful—frauds via email, phishing, or other means. Demonstrated and actual attacks on vessel networks, communication systems, and navigation systems have become practically routine. Port and shipping line networks are increasingly vulnerable to what appears to be increasingly targeted attacks against maritime systems.

An Overview Of Cryptography (Updated Version 24 January 2019), Gary C. Kessler

Publications

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting health care information. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered here only describe the first of many steps necessary for better security in any number of situations.

Software Safety And Security Risk Mitigation In Cyber-Physical Systems, Miklos Biro, Atif Mashkoor, Johannes Sametinger, Remzi Seker

Publications

Cyber-physical systems (CPSs) offer many opportunities but pose many challenges--especially regarding functional safety, cybersecurity, and their interplay, as well as the systems' impact on society. Consequently, new methods and techniques are needed for CPS development and assurance. This article [and issue] aims to address some of these challenges.

Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna

Student Works

This study is an attempt to show a basic mathematical usage of the concepts behind digital signatures and to provide a simple approach and understanding to cracking basic digital signatures. The approach takes on simple C programming of the ElGamal digital signature to identify some limits that can be encountered and provide considerations for making more complex code. Additionally, there is a literature review of the ElGamal digital signature and the brute force attack.

The research component of this project provides a list of possible ways to crack the basic implementations and classifies the different approaches that could be taken …

Analyzing Cyber Threats Affecting The Financial Industry, Anna Skelton

Student Works

As critical infrastructure, financial institutions must execute the highest level of cybersecurity as the threat of a crippling cyberattack continues to develop. Malicious actors, including disenfranchised employees, state sponsored actors, and traditional hackers, all have motivations to target the financial industry, and do so frequently. However, the threat changes slightly between resource rich large institutions and their smaller, community bank counterparts. The complex and multifaceted threat must be fully understood in order to properly address and analyze solution options to preserve the security of these institutions and the economy that they contribute to.

Trustworthiness Requirements For Manufacturing Cyber-Physical Systems, Radu F. Babiceanu, Remzi Seker

Publications

Distributed manufacturing operations include cyber-physical systems vulnerable to cyber-attacks. Long time not considered a priority, cybersecurity jumped to the forefront of manufacturing concerns due to the need to network together legacy, newer equipment, and entire operation centers. This paper proposes trustworthiness solutions for integrated manufacturing physical-cyber worlds, where trustworthiness is defined to complement system dependability requirements with cybersecurity requirements, such that the resulting manufacturing cyber-physical system delivers services that can justifiably be trusted. Acknowledging the inevitability of cyber-attacks, the paper models the cybersecurity component using the resilient systems framework, where system resilience is viewed as preservation of a required state …

Using Journals To Assess Non-Stem Student Learning In Stem Courses: A Case Study In Cybersecurity Education, Gary Kessler, Glenn S. Dardick, Douglas L. Holton

Publications

Embry-Riddle Aeronautical University offers a minor course of study in cybersecurity as an option in our undergraduate Homeland Security program. Since the students are, by and large, social scientists, the focus of the program is to build hyper-awareness of how cybersecurity integrates within their professional aspirations rather than to provide cybersecurity career-level proficiency. Assessing student learning of the technical aspects cannot be performed using traditional tests, as they would not properly measure what the students are learning in a practical sense. Instead, we employ journals and self-reflection to ask the students to express and demonstrate their learning. Although somewhat harder …

Aviation And Cybersecurity: Opportunities For Applied Research, Jon Haass, Radhakrishna Sampigethaya, Vincent Capezzuto

Publications

Aviation connects the global community and is moving more people and payloads faster than ever. The next decade will experience an increase in manned and unmanned aircraft and systems with new features and unprecedented applications. Cybertechnologies—including software, computer networks, and information technology—are critical and fundamental to these advances in meeting the needs of the aviation ecosystem of aircraft, pilots, personnel, passengers, stakeholders, and society. This article discusses current and evolving threats as well as opportunities for applied research to improve the global cybersecurity stance in the aviation and connected transportation industry of tomorrow.

An Overview Of Cryptography (Updated Version, 3 March 2016), Gary C. Kessler

Publications

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations.

A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998.

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Publications

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

An Overview Of Steganography For The Computer Forensics Examiner (Updated Version, February 2015), Gary C. Kessler

Publications

"Steganography is the art of covered or hidden writing. The purpose of steganography is covert communication-to hide the existence of a message from a third party. This paper is intended as a high-level technical introduction to steganography for those unfamiliar with the field. It is directed at forensic computer examiners who need a practical understanding of steganography without delving into the mathematics, although references are provided to some of the ongoing research for the person who needs or wants additional detail. Although this paper provides a historical context for steganography, the emphasis is on digital applications, focusing on hiding information …

Cyberspace: A Venue For Terrorism, David Bieda, Leila Halawi

Publications

This paper discusses how cyberspace has become a venue for terrorists groups for recruiting and proliferating propaganda and terrorism. Moreover, this study explores how the low cost Internet infrastructure and social media sites (such as Facebook, Twitter, and YouTube) have contributed to their networking and operations due to the convenience, in terms of availability, accessibility, message redundancy, ease of use, and the inability to censor content. Concepts such as cyber-weapons, cyber-attacks, cyber-war, and cyber-terrorism are presented and explored to assess how terrorist groups are exploiting cyberspace.

Aircraft Access To System-Wide Information Management Infrastructure, Mohammad Moallemi, Remzi Seker, Mohamed Mahmoud, Jayson Clifford, John Pesce, Carlos Castro, Massood Towhidnejad, Jonathan Standley, Robert Klein

Publications

Within the Federal Aviation Administration’s (FAA) NextGen project, System Wide Information Management (SWIM) program is the essential core in facilitating the collaborative access to the aviation information by various stakeholders. The Aircraft Access to SWIM (AAtS) initiative is an effort to connect the SWIM network to the aircraft to exchange the situational information between the aircraft and the National Airspace System (NAS). This paper summarizes the highlevel design and implementation of the AAtS infrastructure; namely the communication medium design, data management system, pilot peripheral, as well as the security of the data being exchanged and the performance of the entire …

Measuring Security: A Challenge For The Generation, Janusz Zalewski, Steven Drager, William Mckeever, Andrew J. Kornecki

Department of Electrical Engineering and Computer Science - Daytona Beach

This paper presents an approach to measuring computer security understood as a system property, in the category of similar properties, such as safety, reliability, dependability, resilience, etc. First, a historical discussion of measurements is presented, beginning with views of Hermann von Helmholtz in his 19th century work “Zählen und Messen”. Then, contemporary approaches related to the principles of measuring software properties are discussed, with emphasis on statistical, physical and software models. A distinction between metrics and measures is made to clarify the concepts. A brief overview of inadequacies of methods and techniques to evaluate computer security is presented, followed by …

Educating The Next Generation Of Cyberforensic Professionals, Mark Pollitt, Philip Craiger

Publications

This paper provides a historical overview of the development of cyberforensics as a scientific discipline, along with a description of the current state of training, educational programs, certification and accreditation. The paper traces the origins of cyberforensics, the acceptance of cyberforensics as a forensic science and its recognition as a component of information security. It also discusses the development of professional certification and standardized bodies of knowledge that have had a substantial impact on the discipline. Finally, it discusses the accreditation of cyberforensic educational programs, its linkage with the bodies of knowledge and its effect on cyberforensic educational programs.

Identifying Trace Evidence From Target-Specific Data Wiping Application Software, Gregory H. Carlton, Gary C. Kessler

Security Studies & International Affairs - Daytona Beach

"One area of particular concern for computer forensics examiners involves situations in which someone utilized software applications to destroy evidence. There are products available in the marketplace that are relatively inexpensive and advertised as being able to destroy targeted portions of data stored within a computer system. This study was undertaken to analyze a subset of these tools in order to identify trace evidence, if any, left behind on disk media after executing these applications. We evaluated five Windows 7 compatible software products whose advertised features include the ability for users to wipe targeted files, folders, or evidence of selected …

Judges' Awareness, Understanding, And Application Of Digital Evidence, Gary C. Kessler

Security Studies & International Affairs - Daytona Beach

"As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the …

Forensic Analysis Of Plug Computers, Scott Conrad, Greg Dorn, Philip Craiger

Publications

A plug computer is essentially a cross between an embedded computer and a traditional computer, and with many of the same capabilities. However, the architecture of a plug computer makes it difficult to apply commonly used digital forensic methods. This paper describes methods for extracting and analyzing digital evidence from plug computers. Two popular plug computer models are examined, the SheevaPlug and the Pogoplug.

Book Review: Digital Forensic Evidence Examination, Gary C. Kessler

Publications

This document is Dr. Kessler's review of the second edition of Digital Forensic Evidence Examination by Fred Cohen. ASP Press, 2010. ISBN: 978-1-878109-45-3

Utilizing The Technology Acceptance Model To Assess The Employee Adoption Of Information Systems Security Measures, Cynthia M. Jones, Richard V. Mccarthy, Leila Halawi, Bahaudin Mujtaba

Publications

In this study, the factors that affect employee acceptance of information systems security measures were examined by extending the Technology Acceptance Model. Partial least squares structural equation modeling was applied to examine these factors. 174 valid responses from employees from companies in various industry segments in the United States and Canada were analyzed. The results of the statistical analysis indicate that subjective norm moderated by management support showed the strongest effect on intention to use information systems security measures.

Forensic Analysis Of A Playstation 3 Console, Scott Conrad, Greg Dorn, Philip Craiger

Publications

The Sony PlayStation 3 (PS3) is a powerful gaming console that supports Internet-related activities, local file storage and the playing of Blu-ray movies. The PS3 also allows users to partition and install a secondary operating system on the hard drive. This “desktop-like” functionality along with the encryption of the primary hard drive containing the gaming software raises significant issues related to the forensic analysis of PS3 systems. This paper discusses the PS3 architecture and behavior, and provides recommendations for conducting forensic investigations of PS3 systems.

Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler

Publications

This document is Dr. Kessler's review of Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions, edited by Kenneth J. Knapp. Information Science Reference, 2009. ISBN: 978-1-60566-326-5.

Book Review: Mac Os X, Ipod, And Iphone Forensic Analysis Dvd Toolkit, Gary C. Kessler

Publications

This document is Dr. Kessler's review of MAC OS X, iPod, and iPhone Forensic Analysis DVD Toolkit, edited by Jesse Varsalone. Syngress, 2009. ISBN: 978-1-59749-297-3.

Book Review: The Dotcrime Manifesto: How To Stop Internet Crime, Gary C. Kessler

Publications

This document is Dr. Kessler's review of The dotCrime Manifesto: How to Stop Internet Crime, by Phillip Hallam-Baker. Addison-Wesley, 2008. ISBN: 0-321-50358-9

Book Review: Challenges To Digital Forensic Evidence, Gary C. Kessler

Publications

This document is Dr. Kessler's review of Challenges to Digital Forensic Evidence, by Fred Cohen. Fred Cohen & Associates, 2008. ISBN 1-878109-41-3