Business Commons^™

Applications Of Ai/Ml In Maritime Cyber Supply Chains, Rafael Diaz, Ricardo Ungo, Katie Smith, Lida Haghnegahdar, Bikash Singh, Tran Phuong

School of Cybersecurity Faculty Publications

Digital transformation is a new trend that describes enterprise efforts in transitioning manual and likely outdated processes and activities to digital formats dominated by the extensive use of Industry 4.0 elements, including the pervasive use of cyber-physical systems to increase efficiency, reduce waste, and increase responsiveness. A new domain that intersects supply chain management and cybersecurity emerges as many processes as possible of the enterprise require the convergence and synchronizing of resources and information flows in data-driven environments to support planning and execution activities. Protecting the information becomes imperative as big data flows must be parsed and translated into actions …

Data Science In Finance: Challenges And Opportunities, Xianrong Zheng, Elizabeth Gildea, Sheng Chai, Tongxiao Zhang, Shuxi Wang

Information Technology & Decision Sciences Faculty Publications

Data science has become increasingly popular due to emerging technologies, including generative AI, big data, deep learning, etc. It can provide insights from data that are hard to determine from a human perspective. Data science in finance helps to provide more personal and safer experiences for customers and develop cutting-edge solutions for a company. This paper surveys the challenges and opportunities in applying data science to finance. It provides a state-of-the-art review of financial technologies, algorithmic trading, and fraud detection. Also, the paper identifies two research topics. One is how to use generative AI in algorithmic trading. The other is …

A Review Of Hybrid Cyber Threats Modelling And Detection Using Artificial Intelligence In Iiot, Yifan Liu, Shancang Li, Xinheng Wang, Li Xu

Information Technology & Decision Sciences Faculty Publications

The Industrial Internet of Things (IIoT) has brought numerous benefits, such as improved efficiency, smart analytics, and increased automation. However, it also exposes connected devices, users, applications, and data generated to cyber security threats that need to be addressed. This work investigates hybrid cyber threats (HCTs), which are now working on an entirely new level with the increasingly adopted IIoT. This work focuses on emerging methods to model, detect, and defend against hybrid cyber attacks using machine learning (ML) techniques. Specifically, a novel ML-based HCT modelling and analysis framework was proposed, in which regularisation and Random Forest …

How Chatgpt Can Be Used As A Defense Mechanism For Cyber Attacks, Michelle Ayaim

Cybersecurity Undergraduate Research Showcase

The powers of OpenAI's groundbreaking AI language model, ChatGPT, startled millions of users when it was released in November. But for many, the tool's ability to further accomplish the goals of evil actors swiftly replaced their initial excitement with significant concerns. ChatGPT gives malicious actors additional ways to possibly compromise sophisticated cybersecurity software. Leaders in a sector that is currently suffering from a 38% global spike in data breaches in 2022 must acknowledge the rising influence of AI and take appropriate action. Cybercriminals are writing more complex and focused business email compromise (BEC) and other phishing emails with the assistance …

Digital Transformation, Applications, And Vulnerabilities In Maritime And Shipbuilding Ecosystems, Rafael Diaz, Katherine Smith

VMASC Publications

The evolution of maritime and shipbuilding supply chains toward digital ecosystems increases operational complexity and needs reliable communication and coordination. As labor and suppliers shift to digital platforms, interconnection, information transparency, and decentralized choices become ubiquitous. In this sense, Industry 4.0 enables "smart digitalization" in these environments. Many applications exist in two distinct but interrelated areas related to shipbuilding design and shipyard operational performance. New digital tools, such as virtual prototypes and augmented reality, begin to be used in the design phases, during the commissioning/quality control activities, and for training workers and crews. An application relates to using Virtual Prototypes …

Digital Energy Platforms Considering Digital Privacy And Security By Design Principles, Umit Cali, Marthe Fogstad Dynge, Ahmed Idries, Sambeet Mishra, Ivanko Dmytro, Naser Hashemipour, Murat Kuzlu, Aleksandra Mileva (Ed.), Steffen Wendzel (Ed.), Virginia Franqueira (Ed.)

Engineering Technology Faculty Publications

The power system and markets have become increasingly complex, along with efforts to digitalize the energy sector. Accessing flexibility services, in particular, through digital energy platforms, has enabled communication between multiple entities within the energy system and streamlined flexibility market operations. However, digitalizing these vast and complex systems introduces new cybersecurity and privacy concerns, which must be properly addressed during the design of the digital energy platform ecosystems. More specifically, both privacy and cybersecurity measures should be embedded into all phases of the platform design and operation, based on the privacy and security by design principles. In this study, these …

Applications Of Blockchain In Business Processes: A Comprehensive Review, Wattana Viriyasitavat, Li Xu, Dusit Niyato, Zhuming Bi, Danupol Hoonsopon

Information Technology & Decision Sciences Faculty Publications

Blockchain (BC), as an emerging technology, is revolutionizing Business Process Management (BPM) in multiple ways. The main adoption is to serve as a trusted infrastructure to guarantee the trust of collaborations among multiple partners in trustless environments. Especially, BC enables trust of information by using Distributed Ledger Technology (DLT). With the power of smart contracts, BC enforces the obligations of counterparties that transact in a business process (BP) by programming the contracts as transactions. This paper aims to study the state-of-the-art of BC technologies by (1) exploring its applications in BPM with the focus on how BC provides the trust …

The Impact Of Ethical Hacking Within Small Businesses, Nygia Tribbey

Cybersecurity Undergraduate Research Showcase

The Internet has brought about a new way for businesses to reach their customers. With the help of social media, websites, and email marketing, small businesses have gained a lot of new customers. However, these new online customers have also opened up their businesses to a whole new world of cyber crime. Cyber crime is the illegal use of computers and networks to cause damage or steal information. This type of crime affects small businesses as well as large corporations. Small businesses often find themselves at a disadvantage because they don't have the resources to hire an ethical hacker or …

Predictors Of Email Response: Determinants Of The Intention Of Not Following Security Recommendations, Miguel Angel Toro-Jarrin

Engineering Management & Systems Engineering Theses & Dissertations

Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them …

Cyber Threat On The High Seas. A Growing Threat To Infrastructure, James Cummins

Cybersecurity Undergraduate Research Showcase

In a growing digital and cloud-connected world, all aspects of our lives are becoming interconnected. All these interconnections breed a possibility for ever-increasing cybersecurity threats. The oceans are not impervious to these attacks. In this research paper, we address the following questions.

What threats do commercial ships face today?

What actions are necessary to mitigate these threats?

Cybersecurity In Fintech Companies, Efstratios Zouros

Cybersecurity Undergraduate Research Showcase

Have you recently accessed your bank account online? Have you accessed any financial instrument through your computer or your mobile device? If you are reading this, chances are you have. Every time you utilize those services, you ultimately put your trust in the financial institutions that offer them. You trust that they can securely keep your private information, while also keeping your savings safe. Ultimately, there is a certain dependability and trust in financial institutions that have been present on earth before most of us.

Ready Raider One: Exploring The Misuse Of Cloud Gaming Services, Guannan Liu, Daiping Liu, Shuai Hao, Xing Gao, Kun Sun, Haining Wang

Computer Science Faculty Publications

Cloud gaming has become an emerging computing paradigm in recent years, allowing computer games to offload complex graphics and logic computation to the cloud. To deliver a smooth and high-quality gaming experience, cloud gaming services have invested abundant computing resources in the cloud, including adequate CPUs, top-tier GPUs, and high-bandwidth Internet connections. Unfortunately, the abundant computing resources offered by cloud gaming are vulnerable to misuse and exploitation for malicious purposes. In this paper, we present an in-depth study on security vulnerabilities in cloud gaming services. Specifically, we reveal that adversaries can purposely inject malicious programs/URLs into the cloud gaming services …

The Effects Of Antecedents And Mediating Factors On Cybersecurity Protection Behavior, Ling Li, Li Xu, Wu He

Information Technology & Decision Sciences Faculty Publications

This paper identifies opportunities for potential theoretical and practical improvements in employees' awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees' cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their …

Understanding The Effectivity And Increased Reliance Of Credit Risk Machine Learning Models In Banking, Grishma Baruah

Cybersecurity Undergraduate Research Showcase

Credit risk analysis and making accurate investment and lending decisions has been a challenge for the financial industry for many years, as can be seen with the 2008 financial crisis. However, with the rise of machine learning models and predictive analytics, there has been a shift to increased reliance on technology for determining credit risk. This transition to machine learning comes with both advantages, such as potentially eliminating human error and assumptions from lending decisions, and disadvantages, such as time constraints, data usage inabilities, and lack of understanding nuances in machine learning models. In this paper, I look at four …

Civiic: Cybercrime In Virginia: Impacts On Industry And Citizens Final Report, Randy Gainey, Tancy Vandecar-Burdin, Jay Albanese, Thomas Dearden, James Hawdon, Katalin Parti

Sociology & Criminal Justice Faculty Publications

[First paragraph] Victimization from cybercrime is a major concern in Virginia, the US, and the world. As individuals and businesses spend more time online, it becomes increasingly important to understand cybercrime and how to protect against it. Such an understanding is dependent on valid and reliable baseline data that identifies the specific nature, extent, and outcomes of cybercrime activity. A better understanding of cybercrime activity is needed to target and prevent it more effectively, minimize its consequences, and provide support for both individual and corporate victims. Before that can occur, however, better baseline data are required, and this project was …

The Maritime Domain Awareness Center– A Human-Centered Design Approach, Gary Gomez

Political Science & Geography Faculty Publications

This paper contends that Maritime Domain Awareness Center (MDAC) design should be a holistic approach integrating established knowledge about human factors, decision making, cognitive tasks, complexity science, and human information interaction. The design effort should not be primarily a technology effort that focuses on computer screens, information feeds, display technologies, or user interfaces. The existence of a room with access to vast amounts of information and wall-to-wall video screens of ships, aircraft, weather data, and other regional information does not necessarily correlate to possessing situation awareness. Fundamental principles of human-centered information design should guide MDAC design and technology selection, and …

Cybersecurity Maturity Model Certification (Cmmc) Compliance For Dod Contractors, Sierra Burnett

Cybersecurity Undergraduate Research Showcase

The DoD is currently taking a supply-chain risk management strategy to foster cybersecurity. This unique strategy is often referred to as CMMC which stands for “Cybersecurity Maturity Model Certification”. The approach requires that all the 300,000 DoD contractors acquire third-party authentication that may attain the requirements for the CMMC maturity level suitable to the work they desire to do for the DoD. CMMC typically examines the organization's capability to safeguard Federal Contract Information as well as CUI. It integrates various cybersecurity standards already in place and plots the best practices alongside processes to five maturity levels that range from the …

Cybersecurity Risk Assessment Using Graph Theoretical Anomaly Detection And Machine Learning, Goksel Kucukkaya

Engineering Management & Systems Engineering Theses & Dissertations

The cyber domain is a great business enabler providing many types of enterprises new opportunities such as scaling up services, obtaining customer insights, identifying end-user profiles, sharing data, and expanding to new communities. However, the cyber domain also comes with its own set of risks. Cybersecurity risk assessment helps enterprises explore these new opportunities and, at the same time, proportionately manage the risks by establishing cyber situational awareness and identifying potential consequences. Anomaly detection is a mechanism to enable situational awareness in the cyber domain. However, anomaly detection also requires one of the most extensive sets of data and features …

Hidden Markov Model And Cyber Deception For The Prevention Of Adversarial Lateral Movement, Md Ali Reza Al Amin, Sachin Shetty, Laurent Njilla, Deepak K. Tosh, Charles Kamhoua

Computational Modeling & Simulation Engineering Faculty Publications

Advanced persistent threats (APTs) have emerged as multi-stage attacks that have targeted nation-states and their associated entities, including private and corporate sectors. Cyber deception has emerged as a defense approach to secure our cyber infrastructure from APTs. Practical deployment of cyber deception relies on defenders' ability to place decoy nodes along the APT path optimally. This paper presents a cyber deception approach focused on predicting the most likely sequence of attack paths and deploying decoy nodes along the predicted path. Our proposed approach combines reactive (graph analysis) and proactive (cyber deception technology) defense to thwart the adversaries' lateral movement. The …

Leverage Psychological Factors Associated With Lapses In Cybersecurity In Organizational Management, Chad Holm

Cybersecurity Undergraduate Research Showcase

With computers being a standard part of life now with the evolution of the internet, many aspects of our lives have changed, and new ways of thinking must come. One of the biggest challenges in most cyber security problems is not related to the software or the hardware; it is the people that are using the computers to access the data and communicate with others, where the hackers could simply find a weak entry point that naturally exists and a weak link caused by human hands. The human factor as an “insider threat” will affect unauthorized access, credentials stealing, and …

A Monte-Carlo Analysis Of Monetary Impact Of Mega Data Breaches, Mustafa Canan, Omer Ilker Poyraz, Anthony Akil

Engineering Management & Systems Engineering Faculty Publications

The monetary impact of mega data breaches has been a significant concern for enterprises. The study of data breach risk assessment is a necessity for organizations to have effective cybersecurity risk management. Due to the lack of available data, it is not easy to obtain a comprehensive understanding of the interactions among factors that affect the cost of mega data breaches. The Monte Carlo analysis results were used to explicate the interactions among independent variables and emerging patterns in the variation of the total data breach cost. The findings of this study are as follows: The total data breach cost …

Cyber-Assets At Risk (Car): Monetary Impact Of Personally Identifiable Information Data Breaches On Companies, Omer Ilker Poyraz

Engineering Management & Systems Engineering Theses & Dissertations

Cyber-systems provide convenience, ubiquity, economic advantage, and higher efficiency to both individuals and organizations. However, vulnerabilities of the cyber domain also offer malicious actors with the opportunities to compromise the most sensitive information. Recent cybersecurity incidents show that a group of hackers can cause a massive data breach, resulting in companies losing competitive advantage, reputation, and money. Governments have since taken some actions in protecting individuals and companies from such crime by authorizing federal agencies and developing regulations. To protect the public from losing their most sensitive records, governments have also been compelling companies to follow cybersecurity regulations. If companies …

Security Risk Tolerance In Mobile Payment: A Trade-Off Framework, Yong Chen

Information Technology & Decision Sciences Theses & Dissertations

Security is identified as a major barrier for consumers in adopting mobile payment. Although existing literature has incorporated security into the Technology Acceptance Model (TAM), the Unified Theory of Acceptance, and the Use of Technology (UTAUT) and it has investigated the way in which security affects consumers’ acceptance of mobile payment, security is a factor only in diverse research models. Studies of mobile payment that focus on security are not available. Additionally, previous studies of mobile payment are based on Direct Carrier Billing- (DCB)-based mobile payment or Near Field Communication- (NFC)-based mobile payment. The results regarding security might not be …

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation Of Intrusion Detection Capability, Agbotiname L. Imoize, Taiwo Oyedare, Michael E. Otuokere, Sachin Shetty

VMASC Publications

In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation; a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as …

Economics-Based Risk Management Of Distributed Denial Of Service Attacks: A Distance Learning Case Study, Omer Keskin, Unal Tatar, Omer Poyraz, Ariel Pinto, Adrian Gheorghe

Engineering Management & Systems Engineering Faculty Publications

Managing risk of cyber systems is still on the top of the agendas of Chief Information Security Officers (CISO). Investment in cybersecurity is continuously rising. Efficiency and effectiveness of cybersecurity investments are under scrutiny by boards of the companies. The primary method of decision making on cybersecurity adopts a risk-informed approach. Qualitative methods bring a notion of risk. However, particularly for strategic level decisions, more quantitative methods that can calculate the risk and impact in monetary values are required. In this study, a model is built to calculate the economic value of business interruption during a Distributed Denial-of-Service (DDoS) attack …

Earning A Seat At The Table: How It Departments Can Partner In Organizational Change And Innovation, Robert L. Moore, Nathan Johnson

STEMPS Faculty Publications

Few would argue that the information technology department (ITD) is not an essential part of an organization. It is hard to envision a project that does not need the support of the ITD. Despite this importance, the ITD is not always involved in the management of projects. Often, the ITD is brought into the project late in the planning and development process. In many cases, the inclusion of the ITD in an advanced project stage can result in project failure where early involvement could have prevented it. Why is it that ITDs, while clearly a vital part of project implementation, …