Social and Behavioral Sciences Commons^™

Predicting The Pebcak: A Quantitative Analysis Of How Cybersecurity Education, Literacy, And Awareness Affect Individual Preparedness., Annie Goodman

Theses/Capstones/Creative Projects

This essay explores the relationship between individuals' cybersecurity education, literacy, awareness, and preparedness. While cybersecurity is often associated with complex hacking scenarios, the majority of data breaches and cyber-attacks result from individuals inadvertently falling prey to phishing emails and malware. The lack of standardized education and training in cybersecurity, coupled with the rapid expansion of technology diversity, raises concerns about individuals' cybersecurity preparedness. As individuals are the first line of defense and the weakest link in cybersecurity, understanding the influence of education, literacy, and awareness on their adherence to best practices is crucial. This work aims to survey a diverse …

Generational Information Security Awareness And The Role Of Big Five Personality Traits, Gloria Mccue

Walden Dissertations and Doctoral Studies

AbstractTechnological change drives organizations to safeguard information systems. However, such safeguards are dependent upon people to follow security rules. This study examined generational cohorts and personality traits and their impact on information security awareness. Participants in this study were 137 volunteers who completed an anonymous survey online. Two tools were utilized to collect data from the participants: the Human Aspects of Information Security Questionnaire and the Big Five Inventory, which captured behaviors and personality traits, respectively. The three main generational cohorts represented in the study, Baby Boomers, Generation X, and Generation Y, were in today’s workforce. The results of the …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano

Emergency Preparedness, Homeland Security, and Cybersecurity

Human error is a significant contributing factor to the rise in Cybersecurity attacks regardless of increased technical control implemented to safeguard Information systems. Adversaries can circumvent technical safeguards due to human errors which result from inadequate enforceable policies and training on Cybersecurity for the everyday user. Several studies and articles show that the majority of successful attacks are human enabled, proving the need for human-centric cybersecurity research and practices. This exploratory work reviews the human aspect of Cybersecurity by investigating the cybersecurity policies at SUNY Albany and other SUNY institutions. We used a survey of students and faculty members at …

A Universal Cybersecurity Competency Framework For Organizational Users, Patricia A. Baker

CCE Theses and Dissertations

The global reliance on the Internet to facilitate organizational operations necessitates further investments in organizational information security. Such investments hold the potential for protecting information assets from cybercriminals. To assist organizations with their information security, The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) was created. The framework referenced the cybersecurity work, knowledge, and skills required to competently complete the tasks that strengthen their information security. Organizational users’ limited cybersecurity competency contributes to the financial and information losses suffered by organizations year after year. While most organizational users may be able to respond positively to a cybersecurity threat, …

Employees Breaking Bad With Technology: An Exploratory Analysis Of Human Factors That Drive Cyberspace Insider Threats, Marcus L. Green

USF Tampa Graduate Theses and Dissertations

As implementation of computer systems has continued to grow in business contexts, employee-driven cyberspace infractions have also grown in number. Employee cyberspace behaviors have continued to have detrimental effects on company computer systems. Actions that violate company cybersecurity policies can be either malicious or unmalicious. Solutions, by and large, have been electronic and centered on hardware and software. Those proposing solutions have begun to shift their focus to human risk vulnerabilities.

This study was novel in that its focus was identification of individual, cultural, and technological risk factors that drive cyberspace insider threat activities. Identifying factors that reduce insider threat …

Cybersecurity Legislation And Ransomware Attacks In The United States, 2015-2019, Joseph Skertic

Graduate Program in International Studies Theses & Dissertations

Ransomware has rapidly emerged as a cyber threat which costs the global economy billions of dollars a year. Since 2015, ransomware criminals have increasingly targeted state and local government institutions. These institutions provide critical infrastructure – e.g., emergency services, water, and tax collection – yet they often operate using outdated technology due to limited budgets. This vulnerability makes state and local institutions prime targets for ransomware attacks. Many states have begun to realize the growing threat from ransomware and other cyber threats and have responded through legislative action. When and how is this legislation effective in preventing ransomware attacks? This …

Human Errors In Data Breaches: An Exploratory Configurational Analysis, Gabriel A. Cornejo

CCE Theses and Dissertations

Information Systems (IS) are critical for employee productivity and organizational success. Data breaches are on the rise—with thousands of data breaches accounting for billions of records breached and annual global cybersecurity costs projected to reach $10.5 trillion by 2025. A data breach is the unauthorized disclosure of sensitive information—and can be achieved intentionally or unintentionally. Significant causes of data breaches are hacking and human error; in some estimates, human error accounted for about a quarter of all data breaches in 2018. Furthermore, the significance of human error on data breaches is largely underrepresented, as hackers often capitalize on organizational users’ …

The Effects Of Security Framing, Time Pressure, And Brand Familiarity On Risky Mobile Application Downloads, Cody Parker

Psychology Theses & Dissertations

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect …

Digital Identity: A Human-Centered Risk Awareness Study, Toufic N. Chebib

USF Tampa Graduate Theses and Dissertations

Cybersecurity threats and compromises have been at the epicenter of media attention; their risk and effect on people’s digital identity is something not to be taken lightly. Though cyber threats have affected a great number of people in all age groups, this study focuses on 55 to 75-year-olds, as this age group is close to retirement or already retired. Therefore, a notable compromise impacting their digital identity can have a major impact on their life.

To help guide this study, the following research question was formulated, “What are the risk perceptions of individuals, between the ages of 55 and 75 …

A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey

Honors Program Contracts

Adversaries launch cyberattacks or cyber-exploits with contrasting intentions and desired outcomes. A cyberattack is a malicious attempt by a state, third party, or individual to disrupt a computer’s network; whereas, a cyber-exploit is an action that uncovers and steals “confidential” information from a computer’s data. 1 Within this research paper, the main adversary of such cyberattacks and/or exploits will be the nation-state. The victims of these cyberattacks will range from multinational corporations, such as Sony, to nuclear programs in Iran. This essay will focus on four motivations behind such cyberattacks: (1) private sector hacking (the theft of intellectual property) (2) …

Account Recovery Methods For Two-Factor Authentication (2fa): An Exploratory Study, Lauren Nicole Tiller

Psychology Theses & Dissertations

System administrators have started to adopt two-factor authentication (2FA) to increase user account resistance to cyber-attacks. Systems with 2FA require users to verify their identity using a password and a second-factor authentication device to gain account access. This research found that 60% of users only enroll one second-factor device to their account. If a user’s second factor becomes unavailable, systems are using different procedures to ensure its authorized owner recovers the account. Account recovery is essentially a bypass of the system’s main security protocols and needs to be handled as an alternative authentication process (Loveless, 2018). The current research aimed …

The Social Media Machines: An Investigation Of The Effect Of Trust Moderated By Disinformation On Users’ Decision-Making Process, Zulma Valedon Westney

CCE Theses and Dissertations

Social media networking sites (SMNS) have become a popular communications medium where users share information, knowledge, and persuasion. In less than two decades, social media's (SM) dominance as a communication medium can't be disputed, for good or evil. Combined with the newly found immediacy and pervasiveness, these SM applications' persuasive power are useful weapons for organizations, angry customers, employees, actors, and activists bent on attacking or hacking other individuals, institutions, or systems. Consequently, SM has become the preferred default mechanism of news sources; however, users are unsure if the information gathered is true or false. According to the literature, SMNS …

Strategies Used To Mitigate Social Engineering Attacks, Lindiwe T. Hove

Walden Dissertations and Doctoral Studies

Cybercriminal activity performed widely through social engineering attacks is estimated to be one of the substantial challenges the world will face over the next 20 years. Cybercriminal activity is important to chief information security officers (CISOs) because these attacks represent the largest transfer of economic wealth in history and pose risks to the incentives for organizational innovation and investment and eventually become more profitable than the global trade of all major illegal drugs combined. Grounded in the balanced control theory, the purpose of this multiple case study was to explore strategies CISOs use to mitigate social engineering attacks within their …

Cybersecurity For Critical Infrastructure: Addressing Threats And Vulnerabilities In Canada, Samuel A. Cohen

MSU Graduate Theses

The aim of this thesis is to assess the unique technical and policy-based cybersecurity challenges facing Canada’s critical infrastructure environment and to analyze how current government and industry practices are not equipped to remediate or offset associated strategic risks to the country. Further, the thesis also provides cases and evidence demonstrating that Canada’s critical infrastructure has been specifically targeted by foreign and domestic cyber threat actors to pressure the country’s economic, safety and national security interests. Essential services that Canadians and Canadian businesses rely on daily are intricately linked to the availability and integrity of vital infrastructure sectors, such as …

A Comprehensive Cybersecurity Defense Framework For Large Organizations, Willarvis Smith

CCE Theses and Dissertations

There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient. …

Cybersecurity Policy Development At The State Level: A Case Study Of Middle Tennessee, Daniel Leslie Scherr

Walden Dissertations and Doctoral Studies

Cybersecurity is a growing threat not only to nations, critical infrastructure, and major entities, but also to smaller organizations and individuals. The growing number of successful attacks on all manner of U.S. targets highlights the need for effective and comprehensive policy from the local to federal level, though most research focuses on federal policy issues, not state issues. The purpose of this study was to examine the effectiveness of the decision-making process within the current cybersecurity policy environment in a southern state of the United States. Sabatier's advocacy coalition framework served as the theoretical framework for the study. Data were …

Public Servants' Perceptions Of The Cybersecurity Posture Of The Local Government In Puerto Rico, Julio C. Rodriguez

Walden Dissertations and Doctoral Studies

The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination …

Cybersecurity In The Classroom: Bridging The Gap Between Computer Access And Online Safety, Andrew Malecki

Cyber Security Capstone Research Project Reports

According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information.

A …

Countering Expansion And Organization Of Terrorism In Cyberspace, Sunday Oludare Ogunlana

Walden Dissertations and Doctoral Studies

Terrorists use cyberspace and social media technology to create fear and spread violent ideologies, which pose a significant threat to public security. Researchers have documented the importance of the application of law and regulation in dealing with the criminal activities perpetrated through the aid of computers in cyberspace. Using routine activity theory, this study assessed the effectiveness of technological approaches to mitigating the expansion and organization of terrorism in cyberspace. The study aligned with the purpose area analysis objective of classifying and assessing potential terrorist threats to preempt and mitigate the attacks. Data collection included document content analysis of the …

Breadcrumbs: Privacy As A Privilege, Prachi Bhardwaj

Capstones

Breadcrumbs: Privacy as a Privilege Abstract

By: Prachi Bhardwaj

In 2017, the world saw more data breaches than in any year prior. The count was more than the all-time high record in 2016, which was 40 percent more than the year before that.

That’s because consumer data is incredibly valuable today. In the last three decades, data storage has gone from being stored physically to being stored almost entirely digitally, which means consumer data is more accessible and applicable to business strategies. As a result, companies are gathering data in ways previously unknown to the average consumer, and hackers are …

The History Of Chinese Cybersecurity: Current Effects On Chinese Society Economy, And Foreign Relations, Vaughn C. Rogers

Seton Hall University Dissertations and Theses (ETDs)

Chinese cybersecurity has become an infamous topic in the field of cybersecurity today, causing a great deal of controversy. The controversy stems from whether or not censorship is hindering Chinese economy, society, and relationships with other countries. The White Papers (中国政府白皮书), the Constitution of the People’s Republic of China (中华人民共和国宪法), and The Internet in China (中国互联网状况) all suggest that there is a free flow of Internet both within and without China that promotes peaceful socioeconomic development which the Chinese government seeks to promote. But is China sacrificing lucrative business prospects to secure …