Information Security Commons^™

Threats To Information Protection - Industry And Academic Perspectives: An Annotated Bibliography, Michael E. Whitman, Herbert J. Mattord

KSU Proceedings on Cybersecurity Education, Research and Practice

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. The article includes a summary of threat classification models used in academic research is provided along with a summary of recent industry threat assessment reports. Finally, the article shares results from a recent study, 2015 SEC/CISE Threats to Information Protection Report Including a Current Snapshot of the State of the Industry, are given.

Improving Business Networking Through The Effective Utilisation Of Information Systems, Ylber Limani

UBT International Conference

This Research addresses topics concerned with the enterprise models and information systems. The research is divided into two parts, in the first part is conducted the examination of business information systems in general, while in the second part the main factors of business networking are investigated.

The existing operational business practices and Information Technology infrastructure are not sufficiently used of efficiently sustain the effective business networking. A methodical analysis of the operational systems is performed in order to cover the main elements of the Information Systems and their utilisation for business needs. The implementation of a most important information business …

The Role Of Knowledge Management In The Information System, Sejdi Xhemaili

UBT International Conference

We are living in a world in which the knowledge is a precious commodity. The fast pace of the development of the companies both for trade and service require management of the acquired knowledge in the best possible way.

This paper would show the influence of the knowledge management in the information system that is what is achieved when knowledge management itself is applied to the information system. The accumulated knowledge in terms of innovation, management of the staff and its training, competitiveness on the wide market and improvement of the level of the business processes and performance tend to …

The Implementation Of Information Systems In Network Administration: The Improvement Of Intranet Utilization In Higher Education Institutions, Besnik Skenderi, Murat Retkoceri, Rina Sadriu

UBT International Conference

Management Information systems or MIS broadly refers to a Computer system of Information that provides manager the tool to organize, Asses and manage efficiently departments within an organization.

Information System Management serves to assist in the more effective and efficient management of information. These systems make possible the production and preservation.

Nowadays the business, institutions and organization use MIS to certain functions or the entire organization. Some of the most important applicants are in dimensions or functions such as human resources, finance, marketing, manufacturing, asset management etc.

The primary definition shows that the primary task of management information system (MIS. …

The Importance Of Big Data Analytics, Eljona Proko

UBT International Conference

Identified as the tendency of IT, Big Data gained global attention. Advances in data analytics are changing the way businesses compete, enabling them to make faster and better decisions based on real-time analysis. Big Data introduces a new set of challenges. Three characteristics define Big Data: volume, variety, and velocity. Big Data requires tools and methods that can be applied to analyze and extract patterns from large-scale data. Companies generate enormous volumes of poly-structured data from Web, social network posts, sensors, mobile devices, emails, and many other sources. Companies need a cost-effective, massively scalable solution for capturing, storing, and analyzing …

Traditional Mathematics And New Methods Of Teaching Through Programming Together With Students, Robert Kosova, Teuta Thanasi, Lindita Mukli, Loreta Nakuçi Pëllumbi

UBT International Conference

We are used to the traditional methods of teaching mathematics. The textbook, the blackboard and a chalk have been for centuries a wonderful part of teaching. And, they always will be. Traditional teaching methods of mathematics are a wonderful legacy of our educational system that have educated generations of teachers, engineers, administrators, managers, leaders, and economists. American universities websites, the video- lectures of the best professors of well-known disciplines such as statistics, operational research, number theory, algebra, game theory, show impressing large blackboards, all over the auditor's walls. We always will need and admire traditional mathematics. But, beyond the lessons, …

Cloud Computing And Enterprise Data Reliability, Luan Gashi

UBT International Conference

Cloud services offer many benefits from information and communication technology that to be credible must first be secured. To use the potential of cloud computing, data is transferred, processed and stored in the infrastructures of these service providers. This indicates that the owners of data, particularly enterprises, have puzzled when storing their data is done outside the scope of their control.

Research conducted on this topic show how this should be addressed unequivocally. The provided information on the organization of cloud computing models, services and standards, with a focus on security aspects in protecting enterprise data where emphasis shows how …

Some Propositions About Inverse Semigroups, Osman Hysa, Arben Reka

UBT International Conference

The inverse semigroups are semigroups studied by many algebraists. In this paper we will formulate and prove some other propositions on these semigroups. So we will prove two propositions concerning the closure of a subsemigroup of a given inverse semigroup S, within the meaning introduced by Schein in 1962, two propositions on the group congruence on a normal subsemigroup of the inverse semigroup S, and a proposition about closed subsemigroup assertion of an inverse semigroup S.

Some Issues In The Testing Of Computer Simulation Models, David J. Murray-Smith

UBT International Conference

The testing of simulation models has much in common with testing processes in other types of application involving software development. However, there are also important differences associated with the fact that simulation model testing involves two distinct aspects, which are known as verification and validation. Model validation is concerned with investigation of modelling errors and model limitations while verification involves checking that the simulation program is an accurate representation of the mathematical and logical structure of the underlying model. Success in model validation depends upon the availability of detailed information about all aspects of the system being modelled. It also …

Securing Mobile Applications Based On Ntru, Hanqing Zhao, Vikram Hegde, Kefeng Shi, Yi Yang

ASA Multidisciplinary Research Symposium

Modern mobile devices have an urgent need for a new-generation public-key cryptographic system, which should provide sufficient security for mobile devices without degrading their performance due to limited resources. NTRU is an ideal model for this. We validate it through experimental studies. We apply NTRU to protect an Android mobile app.

Designing Laboratories For Small Scale Digital Device Forensics, Richard P. Mislan, Tim Wedge

Annual ADFSL Conference on Digital Forensics, Security and Law

The ubiquity of small scale digital devices (SSDD), the public’s ever increasing societal dependence on SSDD, and the continual presence of SSDD at all types of crime scenes, including non-technical and violent crimes, demand a formalized curriculum for the education and training of future cyber forensic examiners. This paper presents the various SSDD forensics labs currently in use and under development for future use at the Purdue University Cyber Forensics Laboratory. The primary objective of each module is to provide specific real-world cases for the learning, comprehension, and understanding of hands-on investigative techniques and methodologies. The purpose of this paper …

Network Forensic Investigation Of Internal Misuse/Crime In Saudi Arabia: A Hacking Case, Abdulrazaq Al-Murjan, Konstantinos Xynos

Annual ADFSL Conference on Digital Forensics, Security and Law

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic …

Paper Session Ii: Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota

Annual ADFSL Conference on Digital Forensics, Security and Law

With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the essence. In …

Secure Mobile Applications Based On Ntru, Vikram Hegde, Hanqing Zhao, Kefeng Shi, Yi Yang

ASA Multidisciplinary Research Symposium

Modern mobile devices have an urgent need for a new-generation public-key cryptographic system. This system should provide sufficient security for mobile devices without degrading performance due to their limited resources. NTRU is a decent model for this. We validate it through experimental studies and apply NTRU to protect a peer-to-peer communication app.

Development Of A National Repository Of Digital Forensic Intelligence, Mark Weiser, David P. Biros, Greg Mosier

Annual ADFSL Conference on Digital Forensics, Security and Law

Many people do all of their banking online, we and our children communicate with peers through computer systems, and there are many jobs that require near continuous interaction with computer systems. Criminals, however, are also “connected”, and our online interaction provides them a conduit into our information like never before. Our credit card numbers and other fiscal information are at risk, our children's personal information is exposed to the world, and our professional reputations are on the line.

The discipline of Digital Forensics in law enforcement agencies around the nation and world has grown to match the increased risk and …

Designing A Data Warehouse For Cyber Crimes, Il-Yeol Song, John D. Maguire, Ki Jung Lee, Namyoun Choi, Xiaohua Hu, Peter Chen

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the greatest challenges facing modern society is the rising tide of cyber crimes. These crimes, since they rarely fit the model of conventional crimes, are difficult to investigate, hard to analyze, and difficult to prosecute. Collecting data in a unified framework is a mandatory step that will assist the investigator in sorting through the mountains of data. In this paper, we explore designing a dimensional model for a data warehouse that can be used in analyzing cyber crime data. We also present some interesting queries and the types of cyber crime analyses that can be performed based on …

Integrate Text Mining Into Computer And Information Security Education, Hongmei Chi, Ezhil Kalaimannan, Dominique Hubbard

KSU Proceedings on Cybersecurity Education, Research and Practice

Insider threats has become a significant challenge to organization, due to the employees varying levels of access to the internal network. This will intern bypass the external security measures that have been put in place to protect the organization’s resources. Computer-mediated communication (CMC) is a form of communication over virtual spaces where users cannot see each other. CMC includes email and communication over social networks, amongst others. This paper focuses on the design and implementation of exercise modules, which can be integrated into cybersecurity courses. The main objectives of the paper include how to teach and integrate the CMC learning …

Cover Text Steganography: N-Gram And Entropy-Based Approach, Sara M. Rico-Larmer

KSU Proceedings on Cybersecurity Education, Research and Practice

Steganography is an ancient technique for hiding a secret message within ordinary looking messages or objects (e.g., images), also known as cover messages. Among various techniques, hiding text data in plain text file is a challenging task due to lack of redundant information. This paper proposes two new approaches to embed a secret message in a cover text document. The two approaches are n-gram and entropy metric-based generation of stego text. We provide examples of encoding secret messages in a cover text document followed by an initial evaluation of how well stego texts look close to the plain …

Hands-On Labs Demonstrating Html5 Security Concerns, Mounika Vanamala

KSU Proceedings on Cybersecurity Education, Research and Practice

The research is focused on the new features added in HTML5 standard that have strong implications towards the overall information security of a system that uses this implementation.A Hands-on Lab is developed to demonstrate how Web Storage and the Geo-location API of HTML5 can affect the privacy of the user.

“Not All Friends Are Equal”: Friendship Classification For Defending Against Social Engineering Attacks, Munene W. Kanampiu, Mohd Anwar

KSU Proceedings on Cybersecurity Education, Research and Practice

Social engineering is a serious security threat to Online Social Networks (OSNs). Identity theft, impersonation, phishing, and deception are some of the social engineering-based attacks that exploit vulnerabilities of interpersonal relationships of online users. As a result, relationships in OSNs need to be thoroughly examined. In this vein, we propose a relationship categorization model to evaluate relationship strength based on graph-theoretic properties and social network analysis (SNA) methods. For example, in Facebook, users may be categorized into close-neighbors, distant-neighbors, celebrities (influential by admiration), authority (influential by power), and loners. Close-neighbors category will help identify a set of trustworthy actors while …

Smart City Security, Shawn Ralko, Sathish Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

With rapid growth of technology involved and the implementation of the smart city concept, it is becoming vital to identify and implement security controls for their secure operation. Smart city security is essential for a city to incorporate the technologies into smart city cyber infrastructure and to improve the conditions of life for its citizens. In this paper, we have discussed the growth of smart city concept, their security issues. We also discuss the security solutions that needs to be implemented to keep the smart city cyber infrastructure secure. We have also pointed out the recommendations on the open issues …

The Role Of State Privacy Regulations In Mitigating Internet Users’ Privacy Concerns: A Multilevel Perspective, Tawfiq Alashoor

KSU Proceedings on Cybersecurity Education, Research and Practice

In the U.S., there is no comprehensive national law regulating the collection and use of personal information. As a response to the high level of privacy concerns among U.S. citizens and the currently limited regulations, states have enacted their own privacy laws over and above the principles of Fair Information Practices (FIP). In this exploratory study, we draw upon the privacy literature and the Restricted Access/Limited Control (RALC) theory of privacy to study the privacy concerns phenomenon with a multilevel theoretical lens. We introduce and test three novel propositions pertaining to the impact of state level privacy regulations on privacy …

Improvement And Maturity Of The Information Security Risk Management Process, Angela Jackson-Summers

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Combining The Extended Risk Analysis Model And The Attack Response Model To Introduce Risk Analysis, Randall Reid

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper uses the Extended Risk Analysis Model to introduce risk analysis in a classroom setting. The four responses to an attack, avoidance, transference, mitigation, and acceptance are overlaid on the Extended Risk Analysis Model to aid in the visualization of their relationship. It then expands and updates the cyber insurance portion of the Extended Risk Analysis Model.

Health It Security: An Examination Of Modern Challenges In Maintaining Hipaa And Hitech Compliance, Andrew S. Miller, Bryson R. Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

This work describes an undergraduate honors research project into some of the challenges modern healthcare providers face in maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) and HITECH (Health Information Technology for Economic and Clinical Health) Act. An overview of the pertinent sections of both the HIPAA and HITECH Acts regarding health information security is provided, along with a discussion of traditionally weak points in information security, including: people susceptible to social engineering, software that is not or cannot be regularly updated, and targeted attacks (including advanced persistent threats, or APTs). Further, the paper examines potential violations …

Investigating Information Security Policy Characteristics: Do Quality, Enforcement And Compliance Reduce Organizational Fraud?, Dennis T. Brown

KSU Proceedings on Cybersecurity Education, Research and Practice

Occupational fraud, the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets, is a growing concern for all organizations. While the typical organization loses at least 5% of annual revenues to fraud, current methods of detection and prevention are not fully adequate to reduce increasing occurrences. Although information systems are making life easier, they are increasingly being used to perpetrate fraudulent activities, and internal employee security threat is responsible for more information compromise than external threats.

The purpose of this research is to examine how information security policy quality and …

Individuals' Concern About Information Privacy In Ar Mobile Games, Dapeng Liu

KSU Proceedings on Cybersecurity Education, Research and Practice

Augmented Reality (AR) proves to be an attractive technology in mobile games. While AR techniques energize mobile games, the privacy issue is raised to be discussed. Employing social media analytics (SMA) techniques, this research makes efforts to examines Twitter postings of “PokemonGo” case and explores individuals’ attitudes toward privacy in AR games. In this research, we examine what are the privacy concerns of individuals in AR games and what are the individuals’ sentiments toward privacy. In the interesting case of PokemonGo, this paper suggests that individuals’ concerns about privacy are emphasized on six dimensions - collection, improper access, unauthorized secondary …

Semi-Supervised Deep Neural Network For Network Intrusion Detection, Mutahir Nadeem, Ochaun Marshall, Sarbjit Singh, Xing Fang, Xiaohong Yuan

KSU Proceedings on Cybersecurity Education, Research and Practice

Network security is of vital importance for corporations and institutions. In order to protect valuable computer systems, network data needs to be analyzed so that possible network intrusions can be detected. Supervised machine learning methods achieve high accuracy at classifying network data as normal or malicious, but they require the availability of fully labeled data. The recently developed ladder network, which combines neural networks with unsupervised learning, shows promise in achieving a high accuracy while only requiring a small number of labeled examples. We applied the ladder network to classifying network data using the Third International Knowledge Discovery and Data …

Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia

KSU Proceedings on Cybersecurity Education, Research and Practice

The GenCyber program is jointly sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF) to help faculty and cybersecurity experts provide summer cybersecurity camp experiences for K-12 students and teachers. The main objective of the program is to attract, educate, and motivate a new generation of young men and women to help address the nationwide shortage of trained cybersecurity professionals. The curriculum is flexible and centers on ten cybersecurity first principles. Currently, GenCyber provides cyber camp options for three types of audiences: students, teachers, and a combination of both teachers and students. In 2016, over 120 …

User Privacy Suffers At The Hands Of Access Controls, Chad N. Hoye

KSU Proceedings on Cybersecurity Education, Research and Practice

With advancements in personal hand held devices, smaller more mobile computers, tablets, and the world’s population connected with social media the threat to the user’s privacy has been diminished. I will look at how access control policies have opened the proverbial door to user’s privacy being attacked and threatened. You will see examples of how users have to divulge personal information to get better service and even be monitored while at work to prevent intrusions in to the company.