Digital Commons Network^™

Crisis Management: Unveiling Information And Communication Technologies’ Revamped Role Through The Lens Of Sub-Saharan African Countries During Covid-19, Ruthbetha Kateule, Egidius Kamanyi, Mahadia Tunga

The African Journal of Information Systems

The management of COVID-19 pandemic has revealed inefficiencies in coordinating global response, particularly in African countries. Therefore, creating an urgent need to examine the literature on Information and Communication Technologies (ICT) in crisis management to appreciate its contextual role. Employing a systematic review, using the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA), this paper critically assessed the extent of the use of ICT in crisis management in Africa’s response to COVID-19 to reconstruct its resilience against future crises. Findings indicate that while countries with limited ICT infrastructure faced considerable challenges in utilizing ICT solutions in COVID-19 management, countries …

Comparing Cognitive Theories Of Learning Transfer To Advance Cybersecurity Instruction, Assessment, And Testing, Daniel T. Hickey Ph.D., Ronald J. Kantor

Journal of Cybersecurity Education, Research and Practice

The cybersecurity threat landscape evolves quickly, continually, and consequentially. This means that the transfer of cybersecurity learning is crucial. We compared how different recognized “cognitive” transfer theories might help explain and synergize three aspects of cybersecurity education. These include teaching and training in diverse settings, assessing learning formatively & summatively, and testing & measuring achievement, proficiency, & readiness. We excluded newer sociocultural theories and their implications for inclusion as we explore those theories elsewhere. We first summarized the history of cybersecurity education and proficiency standards considering transfer theories. We then explored each theory and reviewed the most relevant cybersecurity education …

It Deployment And Integration – An Assessment Of Enabling And Inhibiting Factors, Lesley Matshwane, Carl Marnewick

The African Journal of Information Systems

Although delivery of services in South Africa is the responsibility of all spheres of government, the provision of basic services lies at the doorstep of local municipalities. Local municipalities have, for many reasons, frequently been unable to live up to this mandate despite the fact that some of the challenges that they face can be addressed by using IT. This paper assesses factors enabling and inhibiting the efficient deployment and integration of IT in local municipalities. The technological, organizational and environmental (TOE) framework was deployed to assess the factors. A multiple case study in which semi-structured interviews were conducted produced …

Improving Belonging And Connectedness In The Cybersecurity Workforce: From College To The Profession, Mary Beth Klinger

Journal of Cybersecurity Education, Research and Practice

This article explores the results of a project aimed at supporting community college students in their academic pursuit of an Associate of Applied Science (AAS) degree in Cybersecurity through mentorship, collaboration, skill preparation, and other activities and touch points to increase students’ sense of belonging and connectedness in the cybersecurity profession. The goal of the project was focused on developing diverse, educated, and skilled cybersecurity personnel for employment within local industry and government to help curtail the current regional cybersecurity workforce gap that is emblematic of the lack of qualified cybersecurity personnel that presently exists nationwide. Emphasis throughout the project …

Board Of Directors Role In Data Privacy Governance: Making The Transition From Compliance Driven To Good Business Stewardship, David Warner, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

Data collection, use, leveraging, and sharing as a business practice and advantage has proliferated over the past decade. Along with this proliferation of data collection is the increase in regulatory activity which continues to morph exponentially around the globe. Adding to this complexity are the increasing business disruptions, productivity and revenue losses, settlements, fines, and penalties which can amount to over $15 million, with many penalties now being ascribed to the organization’s leadership, to include the Board of Directors (BoD), the CEO and members of the senior leadership team (SLT). Thus, boards of directors can no longer ignore and in …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Leading K-12 Community Responsiveness To Cyber Threats Via Education Of School Community, Michele Kielty, A. Renee Staton

Journal of Cybersecurity Education, Research and Practice

Cyber threats have escalated in recent years. Many of these threats have been direct and vicious attacks on K-12 systems. Educators are rarely trained on how to address cyber threats from a systemic and educational perspective when such challenges arise in their school buildings. This article explains the cyber threats that are looming large for K-12 systems and provides concrete tools for school leaders to employ in order to provide preventive education to their school communities.

An Interdisciplinary Approach To Experiential Learning In Cyberbiosecurity And Agriculture Through Workforce Development, Kellie Johnson, Tiffany Drape, Joseph Oakes, Joseph Simpson, Ann Brown, Donna M. Westfall-Rudd, Susan Duncan

Journal of Cybersecurity Education, Research and Practice

Cyberbiosecurity and workforce development in agriculture and the life sciences (ALS) is a growing area of need in the curriculum in higher education. Students that pursue majors related to ALS often do not include training in cyber-related concepts or expose the ‘hidden curriculum’ of seeking internships and jobs. Exposing students through workforce development training and hands-on engagement with industry professionals can provide learning opportunities to bridge the two and is an area of growth and demand as the workforce evolves. The objectives of this work were 1) to learn key concepts in cybersecurity, including data security, visualization, and analysis, to …

Examination Of Cybersecurity Technologies, Practices, Challenges, And Wish List In K-12 School Districts, Florence Martin, Julie Bacak, Erik Jon Byker, Weichao Wang, Jonathan Wagner, Lynn Ahlgrim-Delzell

Journal of Cybersecurity Education, Research and Practice

With the growth in digital teaching and learning, there has been a sharp rise in the number of cybersecurity attacks on K-12 school networks. This has demonstrated a need for security technologies and cybersecurity education. This study examined security technologies used, effective security practices, challenges, concerns, and wish list of technology leaders in K-12 settings. Data collected from 23 district websites and from interviews with 12 district technology leaders were analyzed. Top security practices included cloud-based technologies, segregated network/V-LAN, two-factor authentication, limiting access, and use of Clever or Class Link. Top challenges included keeping users informed, lack of buy-in from …

Compete To Learn: Toward Cybersecurity As A Sport, Tj Oconnor, Dane Brown, Jasmine Jackson, Bryson Payne, Suzanna Schmeelk

Journal of Cybersecurity Education, Research and Practice

To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to integrate e-sports and gamified cybersecurity approaches into the inaugural US Cyber Games Team. During this tenure, we learned many lessons about recruiting, assessing, and training cybersecurity teams. We share our approach, materials, and lessons learned to serve as a model for fielding amateur cybersecurity teams for future competition.

Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman

Journal of Cybersecurity Education, Research and Practice

The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …

Principles Of Information Security, Alison Hedrick

KSU Distinguished Course Repository

An introduction to the various technical and administrative aspects of Information Security and Assurance. This course provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features.

Digital Contact Tracing And Privacy, Mahdi Nasereddin, Edward J. Glantz, Galen A. Grimes, Joanne Peca, Michelle Gordon, Mike Bartolacci

Journal of Cybersecurity Education, Research and Practice

Digital contact tracing tools were developed to decrease the spread of COVID-19 by supplementing traditional manual methods. Although these tools have great potential, they were developed rather quickly resulting in tools with varying levels of success. The main issues with these tools are over privacy and who might have access to the information gathered. In general, their effectiveness varied globally, where users expressed privacy concerns associated with sharing identity, illness, and location information. This paper reviews these issues in deployments across Asia, Europe, and the United States. The goal is to begin a discussion that improves the design and development …

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Assessing The Practical Cybersecurity Skills Gained Through Criminal Justice Academic Programs To Benefit Security Operations Centers (Socs), Lucy Tsado, Jung Seob "Scott" Kim

Journal of Cybersecurity Education, Research and Practice

Private-sector and public-sector organizations have increasingly built specific business units for securing company assets, reputation, and lives, known as security operations centers (SOCs). Depending on the organization, these centers may also be referred to as global security operations centers, cybersecurity operations centers, fusion centers, and corporate command centers, among many other names. The concept of centralized function within an organization to improve an organization’s security posture has attracted both the government and the private sectors to either build their own SOCs or hire third-party SOC companies.

In this article, the need for a multidisciplinary approach to cybersecurity education at colleges …

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 13^th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …

Toward A Student-Ready Cybersecurity Program: Findings From A Survey Of Stem-Students, Lora Pitman, Brian K. Payne, Tancy Vandecar-Burdin, Lenora Thorbjornsen

Journal of Cybersecurity Education, Research and Practice

As the number of available cybersecurity jobs continues to grow, colleges strive to offer to their cybersecurity students an environment which will make them sufficiently prepared to enter the workforce after graduation. This paper explores the academic and professional needs of STEM-students in various higher education institutions across Virginia and how cybersecurity programs can cater to these needs. It also seeks to propose an evidence-based approach for improving the existing cybersecurity programs so that they can become more inclusive and student-ready. A survey of 251 college students in four higher-education institutions in Virginia showed that while there are common patterns …

Government Workspace Digitalization And Socioeconomic Development Outcomes In Ghana, Winfred Ofoe Larkotey, John Effah, Richard Boateng

The African Journal of Information Systems

The study sought to understand how the structurational environment shapes socioeconomic outcomes of government workspace digitalization in Ghana based on a qualitative, interpretive case study and the structurational model of technology as a theoretical lens. The findings show how the availability of electronic transactions law, government borrowing, and extendable system design can positively influence socioeconomic outcomes of government workspace digitalization. However, use of multiple system development environments, bureaucracy, a within-country digital divide, and a persistent physical signature and letterhead culture can negatively influence the socioeconomic development goals of government workspace digitalization.

Gophish: Implementing A Real-World Phishing Exercise To Teach Social Engineering, Andy Luse, Jim Burkman

Journal of Cybersecurity Education, Research and Practice

Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner, students learned the legal, technical, behavioral, analysis, and reporting aspects of social engineering. The outcome provided both usable data for a real-world corporation as well as valuable educational experience for the students.

Applying High Impact Practices In An Interdisciplinary Cybersecurity Program, Brian K. Payne, Lisa Mayes, Tisha Paredes, Elizabeth Smith, Hongyi Wu, Chunsheng Xin

Journal of Cybersecurity Education, Research and Practice

The Center for Cybersecurity Education and Research at Old Dominion University has expanded its use of high impact practices in the university’s undergraduate cybersecurity degree program. Strategies developed to promote student learning included learning communities, undergraduate research, a robust internship program, service learning, and electronic portfolios. This paper reviews the literature on these practices, highlights the way that they were implemented in our cybersecurity program, and discusses some of the challenges encountered with each practice. Although the prior literature on high impact practices rarely touches on cybersecurity coursework, the robust evidence of the success of those practices provides a sound …

Cybersecurity Education: The Need For A Top-Driven, Multidisciplinary, School-Wide Approach, Lucy Tsado

Journal of Cybersecurity Education, Research and Practice

The human resource skills gap in cybersecurity has created an opportunity for educational institutions interested in cybersecurity education. The current number of schools designated by the Department of Homeland Security (DHS) and National Security Agency (NSA) as Centers of Academic Excellence (CAE) to train cybersecurity experts are not sufficient to meet the shortfall in the industry. The DHS has clearly mapped out knowledge areas for cybersecurity education for both technical and non-technical disciplines; it is therefore possible for institutions not yet designated CAEs to generate cybersecurity experts, with the long-term goal of attaining the CAE designation. The purpose of this …

Sit Back, Relax, And Tell Me All Your Secrets, Sarah Kirk, Daniel Foreman, Cody Lee, Shannon W. Beasley

Journal of Cybersecurity Education, Research and Practice

The goal of this research is to describe an active learning opportunity that was conducted as a community service offering through our Center for Cybersecurity Education and Applied Research (CCEAR). As a secondary goal, the participants sought to gain real world experience by applying techniques and concepts studied in security classes. A local insurance company tasked the CCEAR with assembling a team of students to conduct penetration testing (including social engineering exploits) against company personnel. The endeavor allowed the insurance company to obtain information that would assess the effectiveness of employee training with regard to preventing the divulgence of sensitive …

M-Pesa’S Failure In India: Why Couldn’T Vodafone Replicate Its Kenyan Success? An International Marketing Case Study (Addendum By Former And Current Executives At The Vodafone Group), Jackson Lott, Mona Sinha

The Kennesaw Journal of Undergraduate Research

Vodafone’s mobile wallet service, M-Pesa, was originally created in 2007 for Kenya and was extremely successful in providing millions with access to mobile-based financial services. Essentially, a mobile wallet service enables payments via digital money in the form of mobile airtime. According to industry estimates, the global mobile money market is expected to reach USD 112.3 billion in 2021, with a compounded annual growth rate of 39.6% since 2016. Vodafone launched M-Pesa in India in 2013, but by mid-2019 it had announced its plans to merge its mobile wallet business with an associate company or a third party. Clearly, Vodafone …

An Examination Of Cybersecurity Knowledge Transfer: Teaching, Research, And Website Security At U.S. Colleges And Universities, Aditya Gupta, James R. Wolf

Journal of Cybersecurity Education, Research and Practice

This work seeks to answer the question: Does faculty cybersecurity knowledge gained from teaching and research transfer to other IT units in the university? Specifically, do colleges and universities that excel in cybersecurity teaching and research have more secure websites? This work explores a unique setting where the knowledge of the source and recipient are both directly related and observable without outside intervention. Our study employed data from 591 U.S. colleges and universities, the National Centers of Academic Excellence (CAE) program, accepted paper data from the ACM Conference on Computer and Communications Security (CCS) and the IEEE Symposium on Security …

A Case Study In The Implementation Of A Human-Centric Higher Education Cybersecurity Program, John W. Coffey, Melanie Haveard, Geissler Golding

Journal of Cybersecurity Education, Research and Practice

This article contains a description of the implementation of a comprehensive cyber security program at a regional comprehensive university. The program was designed to create an effective cyber security management infrastructure and to train end users and other categories of security management personnel in data protection and cyber security. This work addresses the impetus for the program, the rather extensive planning and development that went into the program, its implementation, and insights gleaned from the experience. The paper concludes with a summary of the strengths and weaknesses of the initiative.

Synergistic Security: A Work System Case Study Of The Target Breach, Martha Nanette Harrell

Journal of Cybersecurity Education, Research and Practice

Recent publicized security breaches can be used to evaluate information security programs. The processes and procedures that allowed the event to occur can be examined in a case study and then be used to find methods for future mitigation of risk. The Target security breach is used in this study to examine the organization’s information security program using a macro-ergonomic model. This research posits that an information security program should consider the work system design, based in macro-ergonomics, to help mitigate information security risk to the organization and ensure an efficient and effective information security program. Based on a seminal …

Planning And Implementing A Successful Nsa-Nsf Gencyber Summer Cyber Academy, Bryson R. Payne, Tamirat Abegaz, Keith Antonia

Journal of Cybersecurity Education, Research and Practice

The GenCyber program is jointly sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF) to help faculty and cybersecurity experts provide summer cybersecurity camp experiences for K-12 students and teachers. The main objective of the program is to attract, educate, and motivate a new generation of young men and women to help address the nationwide shortage of trained cybersecurity professionals. The curriculum is flexible and centers on ten cybersecurity first principles. Currently, GenCyber provides cyber camp options for three types of audiences: students, teachers, and a combination of both teachers and students. In 2016, over 120 …

Holistic Approach: Paradigm Shift In The Research Agenda For Digitalisation Of Healthcare In Sub-Saharan Africa, Tadeusz K. Bara-Slupski

The African Journal of Information Systems

Despite significant resources employed in the digitalisation agenda in the healthcare sector in Sub-Saharan Africa, the transformative impact of information and communication technologies has not been realised. This article makes two contributions towards developing an understanding of this failure. First, it provides a review of a rich body of academic literature and practitioner accounts regarding barriers to digitalisation and organises them using an established framework. Second, recognising the continuing struggle that digitalisation presents, it proposes a paradigmatic shift in thinking about barriers to digitalisation and suggests the existence of a more fundamental barrier related to inappropriate incentives within the international …

Using A Virtual Computing Laboratory To Foster Collaborative Learning For Information Security And Information Technology Education, Abdullah Konak, Michael R. Bartolacci

Journal of Cybersecurity Education, Research and Practice

Virtual computer laboratories have been an excellent technological solution to the problem of providing students with hands-on experimentation in information technology fields such as information security in a cost effective and secure manner. A virtual computer laboratory was utilized in this work as a collaborative environment for student learning with the goal of measuring its effect on student learning and attitudes toward laboratory assignments. Experiments were carried out utilizing specially-designed computer-based laboratory activities that included student assessments and surveys upon their completion. The experiments involved both small groups and individual students completing their respective laboratory activities and subsequent assessments/surveys. …

Exploring The Roles Of People, Governance And Technology In Organizational Readiness For Emerging Technologies, Abiodun A. Ogunyemi, Kevin A. Johnston

The African Journal of Information Systems

The rapid development and release of emerging technologies have made their adoption challenging. Most often there are failing issues in organizational adoption of emerging technologies. It is yet unclear which component(s) of organization play the prominent role(s) in organizational readiness to adopt emerging technologies. Using a mixed method, this study conducted an online survey of 83 South African organizations for server virtualization adoption. Server virtualization is an emerging technology being widely adopted in most organizations in developed countries. IT executives rated server virtualization as the second-most important technology to help achieve cost reductions and optimize productivity in recent surveys. Very …