Information Security Commons^™

The Infosys Times, Vol. 9, No. 1, St. Cloud State University

The Infosys TIMES

• Paving the Future
• Cybersecurity Week
• International Student Ambassadors
• Student Highlight
• MISA Internship Procedures
• Faculty Spotlight
• Staff Farewell - Kelley Hennen
• Alumni Diaries
• InfoSys Diaries
• HBS Updates
• Undergrad Certifications
• Congrats / Farewell Graduates

From Degree To Chief Information Security Officer (Ciso): A Framework For Consideration, Wendi M. Kappers, Martha Nanette Harrell,

Publications

Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master’s level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner’s world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears …

Student Misconceptions About Cybersecurity Concepts: Analysis Of Think-Aloud Interviews, Julia D. Thompson, Geoffrey L. Herman, Travis Scheponik, Linda Oliva, Alan Sherman, Ennis Golaszewski, Dhananjay Phatak, Kostantinos Patsourakos

Journal of Cybersecurity Education, Research and Practice

We conducted an observational study to document student misconceptions about cybersecurity using thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we provide a basis for developing rigorous evidence-based recommendations for improving teaching and assessment methods in cybersecurity and inform future research. This study is the first to explore student cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During these interviews, students grappled with security scenarios designed to probe their understanding of cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative method, novice-led paired thematic analysis, to document patterns in …

Examining The Influence Of Technology Acceptance, Self-Efficacy, And Locus Of Control On Information Security Behavior Of Social Media Users, Abdullah Almuqrin

Master's Theses and Doctoral Dissertations

Due to recent advances in online communication technology, social networks have become a vital avenue for human interaction. At the same time, they have been exploited as a target for viruses, attacks, and security threats. The first line of defense against such attacks and threats— as well as their primary cause—are social media users themselves. This study investigated the relationship between certain personality factors among social media users—i.e., technology acceptance of security protection technologies, self-efficacy of information security, and locus of control—and their information security behavior. Quantitative methods were used to examine this relationship. The population consisted of all students …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Wendi M. Kappers, PhD

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Leila A. Halawi

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler

Gary C. Kessler

This document is Dr. Kessler's review of Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions, edited by Kenneth J. Knapp. Information Science Reference, 2009. ISBN: 978-1-60566-326-5.

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Publications

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

Information Security As A Determinant Of Nation’S Networked Readiness: A Country Level Analysis, Manal Yunis, Madison Ngafeeson, Kai Koong

Conference Papers in Published Proceedings

No abstract provided.

Dod Cyber Technology Policies To Secure Automated Information Systems, Maurice E. Dawson Jr., Miguel Crespo, Stephen Brewster

Maurice Dawson

Availability, integrity, and confidentiality (AIC) is a key theme everywhere as cyber security has become more than an emerging topic. The Department of Defense (DoD) has implemented multiple processes such as the Department of Defense information assurance certification and accreditation process (DIACAP), common criteria (CC), and created proven baselines to include information assurance (IA) controls to protect information system (IS) resources. The aim of this research study shall provide insight to the applicable processes, IA controls, and standards to include providing a method for selecting necessary government models and for system development.

Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong

Leisa Armstrong

Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …

Malware Target Recognition Via Static Heuristics, Thomas E. Dube, Richard A. Raines, Gilbert L. Peterson, Kenneth W. Bauer, Michael R. Grimaila, Steven K. Rogers

Faculty Publications

Organizations increasingly rely on the confidentiality, integrity and availability of their information and communications technologies to conduct effective business operations while maintaining their competitive edge. Exploitation of these networks via the introduction of undetected malware ultimately degrades their competitive edge, while taking advantage of limited network visibility and the high cost of analyzing massive numbers of programs. This article introduces the novel Malware Target Recognition (MaTR) system which combines the decision tree machine learning algorithm with static heuristic features for malware detection. By focusing on contextually important static heuristic features, this research demonstrates superior detection results. Experimental results on large …

Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick

Journal of Digital Forensics, Security and Law

In the paper the author proposes that effectively and efficiently addressing cyber crime requires a shift in paradigm. For businesses and government departments alike the focus should be on prevention, rather than the prosecution of cyber criminals. The Defence in Depth strategy poses a practical solution for achieving Information Assurance in today’s highly networked environments. In a world where “absolute security” is an unachievable goal, the concept of Information Assurance poses significant benefits to securing one of an organization’s most valuable assets: Information. It will be argued that the approach of achieving Information Assurance within an organisation, coupled with the …

Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler

Publications

This document is Dr. Kessler's review of Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions, edited by Kenneth J. Knapp. Information Science Reference, 2009. ISBN: 978-1-60566-326-5.

Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong

Australian Information Security Management Conference

Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …

Deception On The Network: Thinking Differently About Covert Channels, Maarten Van Horenbeeck

Australian Information Warfare and Security Conference

The concept of covert channels has been visited frequently by academia in a quest to analyse their occurrence and prevention in trusted systems. This has lead to a wide variety of approaches being developed to prevent and identify such channels and implement applicable countermeasures. However, little of this research has actually trickled down into the field of operational security management and risk analysis. Quite recently a number of covert channels and enabling tools have appeared that did have a significant impact on the operational security of organizations. This paper identifies a number of those channels and shows the relative ease …