Business Commons^™

Smart Factories, Dumb Policy? Managing Cybersecurity And Data Privacy Risks In The Industrial Internet Of Things, Scott J. Shackelford

Minnesota Journal of Law, Science & Technology

No abstract provided.

Effectiveness Of Tools In Identifying Rogue Access Points On A Wireless Network, Ryan Vansickle, Tamirat Abegaz, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

Wireless access points have greatly improved users' ability to connect to the Internet. However, they often lack the security mechanisms needed to protect users. Malicious actors could create a rogue access point (RAP), using a device such as the WiFi Pineapple Nano, that could trick users into connecting to an illegitimate access point (AP). To make them look legitimate, adversaries tend to setup RAPs to include a captive portal. This is very effective, since most public networks use captive portals as a means to provide genuine access. The objective of this study is to examine the effectiveness of RAP identification …

Automatic Security Bug Detection With Findsecuritybugs Plugin, Hossain Shahriar, Kmarul Riad, Arabin Talukder, Hao Zhang, Zhuolin Li

KSU Proceedings on Cybersecurity Education, Research and Practice

The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android StThe security threats to mobile application are growing explosively. Mobile app …

Automated Reverse Engineering Of Automotive Can Bus Controls, Charles Barron Kirby, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

This research provides a means of automating the process to reverse engineer an automobile’s CAN Bus to quickly recover CAN IDs and message values to control the various systems in a modern automobile. This approach involved the development of a Python script that uses several open-source tools to interact with the CAN Bus, and it takes advantage of several vulnerabilities associated with the CAN protocol. These vulnerabilities allow the script to conduct replay attacks against the CAN Bus and affect various systems in an automobile without the operator’s knowledge or interaction.

These replay attacks can be accomplished by capturing recorded …

A World Of Cyber Attacks (A Survey), Mubarak Banisakher, Marwan Omar

KSU Proceedings on Cybersecurity Education, Research and Practice

The massive global network that connects billions of humans and millions of devices and allow them to communicate with each other is known as the internet. Over the last couple of decades, the internet has grown expeditiously and became easier to use and became a great educational tool. Now it can used as a weapon that can steal someone’s identity, expose someone’s financial information, or can destroy your networking devices. Even in the last decade, there have been more cyber attacks and threats destroying major companies by breaching the databases that have millions of personal information that can be sold …

An Exploratory Analysis Of Mobile Security Tools, Hossain Shahriar, Md Arabin Talukder, Md Saiful Islam

KSU Proceedings on Cybersecurity Education, Research and Practice

The growing market of the mobile application is overtaking the web application. Mobile application development environment is open source, which attracts new inexperienced developers to gain hands on experience with applicationn development. However, the security of data and vulnerable coding practice is an issue. Among all mobile Operating systems such as, iOS (by Apple), Android (by Google) and Blackberry (RIM), Android dominates the market. The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via the inadvertent or side channel, unsecured sensitive data storage, data transition and many others. Most of these …

Iot: Challenges In Information Security Training, Lech J. Janczewski, Gerard Ward

KSU Proceedings on Cybersecurity Education, Research and Practice

Both consumers and businesses are rapidly adopting IoT premised on convenience and control. Industry and academic literature talk about billions of embedded IoT devices being implemented with use-cases ranging from smart speakers in the home, to autonomous trucks, and trains operating in remote industrial sites. Historically information systems supporting these disparate use-cases have been categorised as Information Technology (IT) or Operational Technology (OT), but IoT represents a fusion between these traditionally distinct information security models.

This paper presents a review of IEEE and Elsevier peer reviewed papers that identifies the direction in IoT education and training around information security. It …

Proposal For A Joint Cybersecurity And Information Technology Management Program, Christopher Simpson, Debra Bowen, William Reid, James Juarez

KSU Proceedings on Cybersecurity Education, Research and Practice

Cybersecurity and Information Technology Management programs have many similarities and many similar knowledge, skills, and abilities are taught across both programs. The skill mappings for the NICE Framework and the knowledge units required to become a National Security Agency and Department of Homeland Security Center of Academic Excellence in Cyber Defense Education contain many information technology management functions. This paper explores one university’s perception on how a joint Cybersecurity and Information Technology Management program could be developed to upskill students to be work force ready.

Adversarial Thinking: Teaching Students To Think Like A Hacker, Frank Katz

KSU Proceedings on Cybersecurity Education, Research and Practice

Today’s college and university cybersecurity programs often contain multiple laboratory activities on various different hardware and software-based cybersecurity tools. These include preventive tools such as firewalls, virtual private networks, and intrusion detection systems. Some of these are tools used in attacking a network, such as packet sniffers and learning how to craft cross-site scripting attacks or man-in-the-middle attacks. All of these are important in learning cybersecurity. However, there is another important component of cybersecurity education – teaching students how to protect a system or network from attackers by learning their motivations, and how they think, developing the students’ “abilities to …

Internet Core Functions: Security Today And Future State, Jeffrey Jones

KSU Proceedings on Cybersecurity Education, Research and Practice

Never in the history of the world has so much trust been given to something that so few understand. Jeff reviews three core functions of the Internet along with recent and upcoming changes that will impact security and the world.

Preparing For Tomorrow By Looking At Yesterday, Peter Dooley

KSU Proceedings on Cybersecurity Education, Research and Practice

Why do we learn? Why do we study history? Why do we research the work of others? The answer is that there is value today in what was already learned and experienced, successes and failures. Mr. Dooley, a 25-year security professional and 20-year hospitality executive, will share his experiences and how our history in security will help us in thinking about our future.

Collusion Attacks And Fair Time-Locked Deposits For Fast-Payment Transactions In Bitcoin, Xingjie Yu, Shiwen Michael Thang, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

In Bitcoin network, the distributed storage of multiple copies of the block chain opens up possibilities for doublespending, i.e., a payer issues two separate transactions to two different payees transferring the same coins. While Bitcoin has inherent security mechanism to prevent double-spending attacks, it requires a certain amount of time to detect the doublespending attacks after the transaction has been initiated. Therefore, it is impractical to protect the payees from suffering in double-spending attacks in fast payment scenarios where the time between the exchange of currency and goods or services is shorten to few seconds. Although we cannot prevent double-spending …

From The Editors, Michael E. Whitman, Herbert J. Mattord, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

No abstract provided.

Adopting The Cybersecurity Curriculum Guidelines To Develop A Secondary And Primary Academic Discipline In Cybersecurity Postsecondary Education, Wasim A. Alhamdani

Journal of Cybersecurity Education, Research and Practice

A suggested curriculum for secondary and primarily academic discipline in Cybersecurity Postsecondary Education is presented. This curriculum is developed based on the Association for Computing Machinery guidelines and the National Centers of Academic Excellence Cyber Operations program.

Cybersecurity Education: The Need For A Top-Driven, Multidisciplinary, School-Wide Approach, Lucy Tsado

Journal of Cybersecurity Education, Research and Practice

The human resource skills gap in cybersecurity has created an opportunity for educational institutions interested in cybersecurity education. The current number of schools designated by the Department of Homeland Security (DHS) and National Security Agency (NSA) as Centers of Academic Excellence (CAE) to train cybersecurity experts are not sufficient to meet the shortfall in the industry. The DHS has clearly mapped out knowledge areas for cybersecurity education for both technical and non-technical disciplines; it is therefore possible for institutions not yet designated CAEs to generate cybersecurity experts, with the long-term goal of attaining the CAE designation. The purpose of this …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

A Design Case: Assessing The Functional Needs For A Multi-Faceted Cybersecurity Learning Space, Charles J. Lesko Jr.

Journal of Cybersecurity Education, Research and Practice

Following a multi-year effort that developed not only a detailed list of functional requirements but also the preliminary physical and logical design layouts, the concept for a multi-faceted cybersecurity center was approved and the physical, as well as, additional infrastructure space was subsequently allocated. This effort briefly describes the structure and scope of the current cybersecurity program being supported and then draws out the functional requirements that were identified for the center based on the needs of the institution’s cybersecurity program. It also highlights the physical and logical design specifications of the center, as well as, the many external program …

Changing The Current Perception Of Affordable Housing In Worcester, Simone Mcguinness, William Roberts, Vaske Gjino, Tong Zhou, Mengxin Ma, Sarawadee Sonpuak

School of Professional Studies

One of Worcester Interfaith’s goals is to eradicate the stigma of affordable housing in Worcester. Currently, the perception of affordable housing is of an image of unkept and old residences filled with destitute citizens who cannot afford basic needs to live in a city, let alone housing. This image is perpetuated by media, stigma, and a lack of education of the true reality of affordable housing and who its recipients are. Affordable housing-qualified citizens represent a range of educations, professions, age, race, and income levels. Affordable housing units, too, represent a variety of homes, many of which are extremely well-kept …

For One Child, Zion Bereket, Xin Huang, Yitong Lin, Ruobing Pei, Rachel White, Ziyuan Li

School of Professional Studies

The entirety of this project was completed on the foundation of the three focus areas, which were identified by our client as areas of high need. The client wanted to prioritize these three areas as they believed that these three areas were the most integral to the successful achievement of their mission, as well as to the overall health and longevity of the organization.

Hiv/Aids In The Latino Community Of San Francisco: Past And Present, Jessica Da Silva

School of Professional Studies

There are approximately 122,000 people of Latino origin in San Francisco, which account for 15% of the total population (Census, 2010). Historically, Latinos have and still face several barriers to access healthcare and improvements in health (Aguirre-Molina, Molina & Zambrana, 2001). When the world was exposed to the spread of a new and unknown virus, the broader population suffered from the epidemic. The Latino community in San Francisco was and still is one of the hardest hit by the virus.

Worcester Chamber Of Commerce: Recruiting Minority Business Owners, Ryan Dimaria, Alexander Hull, Xikun Lu, Haopeng Wang, Jiacheng Hou, Danning Zhao

School of Professional Studies

Our capstone project was to help the Worcester Regional Chamber of Commerce identify how to re-frame their marketing so it would be appealing to immigrant and minority owned businesses. Based on interviews and external research, our group was able to create a tangible and resourceful data set that provided justified recommendations and ideas on how the Chamber could make adjustments to their marketing plan to attract more businesses of this particular demographic in the city of Worcester. By implementing these recommendations, we believe the Chamber has the opportunity to create a more diverse group of Chamber members, add value to …

“Greening” Worcester: Municipal Best Practices For Sustainability, Erin Mckeon, Charline Kirongozi, Jared Duval, Antannia Greene, Qianshu Sun, Zewei Yao

School of Professional Studies

In response to the urgent threat posed by climate change, more and more cities, including Worcester, are attempting to become more environmentally responsible and sustainable. Worcester is attempting to develop ways to become more sustainable; both to strengthen their communities and to protect the planet. The Green Worcester Working Group (GWWG) tasked the Clark Capstone Team with researching best practices for municipal sustainability. The GWWG has set the following priorities: climate change mitigation, resilience, open spaces, sustainable resource management, education and awareness. Taking these into account, the Clark Capstone Team researched the sustainability practices of cities in New England, across …

Service Now: Cmdb Research, Monika Patel, Smita Patil, Katerina Tzanavara, Manish Chauhan, Yuhao Wang, Houmin Xie, Lei Shi

School of Professional Studies

The MAPFRE Capstone team has been tasked with reviewing and recommending roadmap on the existing CMDB configuration. Paper discusses the team’s overall research on ServiceNow CMDB, Client’s deliverables and introduction to the latest technological innovations. Based on given objectives and team’s analysis we have recommended key solutions for the client to better understand the IT environment areas of business service impact, asset management, compliance, and configuration management. In addition, our research has covered all the majority of the technical and functional areas to provide greater visibility and insight into existing CMDB and IT environment.

The Golden Ticket: How Blockchain Technology Can Be Implemented Into Event Ticketing, Jack Singer

Honors Capstone Projects - All

When the group/individual named Satoshi Nakamoto first conceptualized blockchain in 2008, it served as the underlying foundation to the cryptocurrency Bitcoin. In the years following, cryptocurrencies alike experiences massive gains in profitability; however, after the bubble had burst organizations began to look at the technology from a more academic standpoint. It was quickly found out that there is a massive application for blockchain in almost all sectors of industry from bulk stores (Walmart) to banking (IBM). This paper will explore how blockchain technology can be implemented into event ticketing, more specifically concerts. The current landscape of the industry is under …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

Information Systems For Business And Beyond, David T. Bourgeois, James L. Smith, Shouhong Wang, Joseph Mortati

Open Textbooks

This book is written as an introductory text, meant for those with little or no experience with computers or information systems. While sometimes the descriptions can get a bit technical, every effort has been made to convey the information essential to understanding a topic while not getting overly focused in detailed terminology.

The text is organized around thirteen chapters divided into three major parts, as follows:

• Part 1: What Is an Information System?

◦ Chapter 1: What Is an Information System? – This chapter provides an overview of information systems, including the history of how information systems got to …

Impact Of Framing And Base Size Of Computer Security Risk Information On User Behavior, Xinhui Zhan

Masters Theses

"This research examines the impact of framing and base size of computer security risk information on users' risk perceptions and behavior (i.e., download intention and download decision). It also examines individual differences (i.e., demographic factors, computer security awareness, Internet structural assurance, self-efficacy, and general risk-taking tendencies) associated with users' computer security risk perceptions. This research draws on Prospect Theory, which is a theory in behavioral economics that addresses risky decision-making, to generate hypotheses related to users' decision-making in the computer security context. A 2 x 3 mixed factorial experimental design (N = 178) was conducted to assess the effect of …

From The Editors, Herbert J. Mattord, Michael E. Whitman

Journal of Cybersecurity Education, Research and Practice

A message from the editors.

Investigating The Impact Of Publicly Announced Information Security Breaches On Corporate Risk Factor Disclosure Tendencies, Sandra J. Cereola, Joanna Dynowska

Journal of Cybersecurity Education, Research and Practice

As the reported number of data breaches increase and senators push for more disclosure regulation, the SEC staff issued a guidance in 2011 on disclosure obligations relating to cybersecurity risks and incidents. More recently, on February 26, 2018 the SEC Commission issued interpretive guidance to help assist public companies prepare disclosures regarding cybersecurity risks and incidents. As reported incidents of cybersecurity breaches occur, investors are concerned about the risks associated with these incidents and the impact they may have on financial performance. Although the SEC staff guidance warns public companies to make timely disclosure, recognizing the threat that cybercrime poses …

Sit Back, Relax, And Tell Me All Your Secrets, Sarah Kirk, Daniel Foreman, Cody Lee, Shannon W. Beasley

Journal of Cybersecurity Education, Research and Practice

The goal of this research is to describe an active learning opportunity that was conducted as a community service offering through our Center for Cybersecurity Education and Applied Research (CCEAR). As a secondary goal, the participants sought to gain real world experience by applying techniques and concepts studied in security classes. A local insurance company tasked the CCEAR with assembling a team of students to conduct penetration testing (including social engineering exploits) against company personnel. The endeavor allowed the insurance company to obtain information that would assess the effectiveness of employee training with regard to preventing the divulgence of sensitive …