Information Security Commons^™

An Application Risk Assessment Of Werner Enterprises, Nathan Andres

Theses/Capstones/Creative Projects

Risk assessments provide a systematic approach to identifying potential risks that could negatively impact an organization’s operations, financial performance, and reputation. Using a risk assessment, companies can evaluate potential risks and vulnerabilities, prioritize them based on their potential impact, and develop strategies to manage and address these risks effectively.

Werner Enterprises Inc. is a nationally known trucking company headquartered in Omaha, Nebraska. Our cybersecurity capstone project motivation was to partner with Werner to produce an assessment of known application risks in a functional way that can be repeated for all of Werner’s applications. To achieve this, we created a risk …

Healthcare Facilities: Maintaining Accessibility While Implementing Security, Ryan Vilter

UNO Student Research and Creative Activity Fair

In the wake of the Tulsa, Oklahoma hospital shooting in the summer of 2022, it was made clear that more security needed to be implemented in healthcare facilities. As a result, I inquired: What is the happy balance for healthcare facilities to maintain their accessibility to the public while also implementing security measures to prevent terrorist attacks? With that base, I give recommendations in the areas of cybersecurity, physical infrastructure, and physical and mental health, based off the existing literature and data gathered from terrorist attacks against hospitals over several decades.

Using Graph Theoretical Methods And Traceroute To Visually Represent Hidden Networks, Jordan M. Sahs

UNO Student Research and Creative Activity Fair

Within the scope of a Wide Area Network (WAN), a large geographical communication network in which a collection of networking devices communicate data to each other, an example being the spanning communication network, known as the Internet, around continents. Within WANs exists a collection of Routers that transfer network packets to other devices. An issue pertinent to WANs is their immeasurable size and density, as we are not sure of the amount, or the scope, of all the devices that exists within the network. By tracing the routes and transits of data that traverses within the WAN, we can identify …

Collaborcrack: A Collaborative Password Cracking Solution For Windows Penetration Testing, Andrew Griess

Theses/Capstones/Creative Projects

Cybersecurity professionals attempt to crack password hashes during penetration tests to determine if they are strong enough. A password hash is a way to encode a password securely. This paper describes a proof-of-concept program called CollaborCrack, a team-based password cracking solution. CollaborCrack addresses the issues of computational complexity, remote cracking security, duplication of work, and the cost associated with password cracking. To address computational complexity, CollaborCrack enables remote password cracking. Remote cracking requires additional safeguards, which CollaborCrack mitigates by storing sensitive information locally. To reduce the duplication of work, CollaborCrack provides a shared interface designed around collaboration and teamwork. CollaborCrack …

Politeness In Security Directives: Insights In Browser Compliance For The Human Element, Deanna House, Gabe Giordano

Information Systems and Quantitative Analysis Faculty Publications

The technical protection provided by information security technology is necessary as a frontline defense against threats. However, the human element adds great risk to systems and cannot be ignored. This research explores the human elements related to security communications and intention to comply with security directives. Security communications are more-commonly being sent using richer computer-based channels. While the goal of security communications is the gain compliance, there is still much to learn related to what influences a user to comply. This research explores the effects that (im)politeness has on intention to comply with security directives. The research utilized an experiment …

Encryption Decrypted, Alex Ramsey

UNO Student Research and Creative Activity Fair

Encryption is a complex and bewildering process, yet it is absolutely foundational for secure and safe activities on the internet. Encryption, in its many forms, ultimately enables identity verification, password protection, secure conversation, cryptocurrency trade, and other online activities. Despite this widespread use, encryption is not a process easily explained to the layperson due to its complexity. Thus, the object of this research is to demystify the process of encryption and provide an understanding of one of the most common forms of modern encryption - RSA Encryption. This will be accomplished through the information provided on my poster as well …

Automated Tool Support - Repairing Security Bugs In Mobile Applications, Larry Singleton

UNO Student Research and Creative Activity Fair

Cryptography is often a critical component in secure software systems. Cryptographic primitive misuses often cause several vulnerability issues. To secure data and communications in applications, developers often rely on cryptographic algorithms and APIs which provide confidentiality, integrity, and authentication based on solid mathematical foundations. While many advanced crypto algorithms are available to developers, the correct usage of these APIs is challenging. Turning mathematical equations in crypto algorithms into an application is a difficult task. A mistake in cryptographic implementations can subvert the security of the entire system. In this research, we present an automated approach for Finding and Repairing Bugs …

Phishing: Message Appraisal And The Exploration Of Fear And Self-Confidence, Deanna House, M. K. Raja

Information Systems and Quantitative Analysis Faculty Publications

Phishing attacks have threatened the security of both home users and organizations in recent years. Phishing uses social engineering to fraudulently obtain information that is confidential or sensitive. Individuals are targeted to take action by clicking on a link and providing information. This research explores fear arousal and self-confidence in subjects confronted by phishing attacks. The study collected data from multiple sources (including an attempted phishing attack). The survey results indicated that when individuals had a high level of fear arousal related to providing login credentials they had a decreased intention to respond to a phishing attack. Self-confidence did not …

Automated Tool Support For Security Bug Repair In Mobile Applications, Larry Singleton

Computer Science Graduate Research Workshop

No abstract provided.

Keep It Simple, Keep It Safe - Research On The Impacts Of Increasing Complexity Of Modern Enterprise Applications, Shawn Ware, David Phillips

UNO Student Research and Creative Activity Fair

As the Cybersecurity program within UNO continues to adapt to the ever-changing world of information systems and information security, the Cybersecurity Capstone has recently become an active, community-involvement project, where real-world organizations can receive valuable, useful research and information from students on their way towards a degree. This presentation encompasses two such projects from the Cybersecurity Capstone, looking at how modern, more complex systems can often increase system vulnerability.

Amazon Alexa: The Best Personal Assistant Or An Eavesdropping Witch, Alisa Bohac, Michael Keck

UNO Student Research and Creative Activity Fair

The prolific integration of Internet-of-Things (IoT) devices into our homes is continuously generating discussions surrounding the security and privacy of these devices. One device that has received particular attention in the past few years is the Amazon Alexa, a ‘personal assistant’ IoT device, which listens to user commands and performs certain actions. According to Amazon, “millions of Alexa devices” were sold in the 2017 Holiday period alone [1]. However, the continuous amalgamation of technology has prompted the idea that many digital devices, through their overall functionality, could be utilized by cybercriminals to digitally intrude into our personal lives [2]. Hence, …

Enhancing Security Incident Response Follow-Up Efforts With Lightweight Agile Retrospectives, George Grispos, William Bradley Glisson, Tim Storer

Interdisciplinary Informatics Faculty Publications

Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn …

In The Wild Residual Data Research And Privacy, William Bradley Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Interdisciplinary Informatics Faculty Publications

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering ‘real- world’ or ‘in-the-wild’ residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild …

U.S. Energy Sector Cybersecurity: Hands-Off Approach Or Effective Partnership?, T. M. Ballou, Joseph A. Allen, Kyle Francis

Psychology Faculty Publications

Recent reporting has identified significant threats to the U.S. energy’s critical infrastructure from nation states and other groups through cyberspace. Efforts to improve the security and resilience of U.S. energy infrastructure relies upon voluntary partnerships between the U.S. Government and public and private energy infrastructure owners. This paper examines ideal Public-Private Partnership (PPP) characteristics and compares them to an actual PPP in the U.S. The results identify strengths of and challenges to efforts to secure U.S. energy infrastructure. The research was conducted through a combination of literature reviews and interviews with a sample of U.S-government and private-energy infrastructure representatives.

Calm Before The Storm: The Challenges Of Cloud Computing In Digital Forensics, George Grispos, Tim Storer, William Bradley Glisson

Interdisciplinary Informatics Faculty Publications

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established …

A Comparison Of Forensic Evidence Recovery: Techniques For A Windows Mobile Smart Phone, George Grispos, Tim Storer, William Bradley Glisson

Interdisciplinary Informatics Faculty Publications

Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.

A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.

This paper …