Business Commons^™

"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Security Awareness Campaign, Rachael L. Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky J. Jenkins

Journal of Cybersecurity Education, Research and Practice

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.

From The Editors, Michael E. Whitman, Herbert J. Mattord, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

Welcome to the Spring 2018 issue of the Journal of Cybersecurity Education, Research, and Practice (JCERP). On behalf of the editorial team, we thank you for taking the time to read this issue and strongly encourage you to submit an article for consideration in an upcoming edition.

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, …

A Case Study In The Implementation Of A Human-Centric Higher Education Cybersecurity Program, John W. Coffey, Melanie Haveard, Geissler Golding

Journal of Cybersecurity Education, Research and Practice

This article contains a description of the implementation of a comprehensive cyber security program at a regional comprehensive university. The program was designed to create an effective cyber security management infrastructure and to train end users and other categories of security management personnel in data protection and cyber security. This work addresses the impetus for the program, the rather extensive planning and development that went into the program, its implementation, and insights gleaned from the experience. The paper concludes with a summary of the strengths and weaknesses of the initiative.

Student Misconceptions About Cybersecurity Concepts: Analysis Of Think-Aloud Interviews, Julia D. Thompson, Geoffrey L. Herman, Travis Scheponik, Linda Oliva, Alan Sherman, Ennis Golaszewski, Dhananjay Phatak, Kostantinos Patsourakos

Journal of Cybersecurity Education, Research and Practice

We conducted an observational study to document student misconceptions about cybersecurity using thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we provide a basis for developing rigorous evidence-based recommendations for improving teaching and assessment methods in cybersecurity and inform future research. This study is the first to explore student cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During these interviews, students grappled with security scenarios designed to probe their understanding of cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative method, novice-led paired thematic analysis, to document patterns in …

Experiential Learning Builds Cybersecurity Self-Efficacy In K-12 Students, Abdullah Konak

Journal of Cybersecurity Education, Research and Practice

In recent years, there have been increased efforts to recruit talented K-12 students into cybersecurity fields. These efforts led to many K-12 extracurricular programs organized by higher education institutions. In this paper, we first introduce a weeklong K-12 program focusing on critical thinking, problem-solving, and igniting interest in information security through hands-on activities performed in a state-of-the-art virtual computer laboratory. Then, we present an inquiry-based approach to design hands-on activities to achieve these goals. We claim that hands-on activities designed based on this inquiry-based framework improve K-12 students’ self-efficacy in cybersecurity as well as their problem-solving skills. The evaluation of …

Intuition In Employee Selection: Examining The Conditions For Accurate Intuitive Hiring Decisions, Vinod Vincent

Doctor of Business Administration Dissertations

In complex organizational environments, managers often rely on intuition to make decisions. Research has found intuition to be helpful when the task is complex; the decision maker is a domain expert; and when the decision environment has a high level of uncertainty, complexity, time pressure, insufficient data, and more than one reasonable solution. However, in employee selection, which is a decision environment that typically has the aforementioned characteristics that are conducive for intuition, scholars discount the usefulness of intuition in favor of more objective, analytical selection methods such as specific aptitude (e.g. sales ability) tests. A reason for the lack …

Social Capital And Dynamic Capabilities In A Top Management Team, Blaine Schreiner

Doctor of Business Administration Dissertations

Top management teams greatly influence the performance of their organizations based on their interpretations of the situations they face and the decisions they make built on those interpretations. In addition, the long-term success of the organization relies upon the top management team’s ability to properly balance the exploration and exploitation capabilities of the organization. The literature regarding the impact of the top management team’s social capital is limited and even less is known about the intra-organizational social capital of this group. This study examines the effect of the top management team’s intra-organizational social capital on exploratory and exploitative dynamic capability …

Investigating Information Security Policy Characteristics: Do Quality, Enforcement And Compliance Reduce Organizational Fraud?, Dennis T. Brown

Doctor of Business Administration Dissertations

Organizational fraud, a deceitful practice or willful device resorted to with intent to deprive another of his right, or in some manner to do harm or injury, is a growing global concern. While cyberattacks from the outside are more expected, the internal security threat from trusted insiders is responsible for significantly more information compromise than external threats. Information systems make life easier but are increasingly used by employees to perpetrate fraudulent activities. For example, a trusted insider employee with access to sensitive customer databases could misappropriate information and sell it to a competitor for personal gain. These type losses are …

Trust And Distrust Scale Development: Operationalization And Instrument Validation, John D. Rusk

Doctor of Business Administration Dissertations

Trust and distrust have been studied at great length by researchers in the field of information systems and various other fields over the past few decades without reaching consensus on conceptualization and measurement. The goal of this study was to determine if individual trust and distrust are separate constructs or opposite ends of the same continuum. To this end, based on theoretical rationale, an aggregation of extant, validated trust and distrust instruments combined with newly created trust and distrust items were used as input into a rigorous Q-sorting procedure. The Q-sorting process led to the first contribution of this research: …

Data Analytics In An Audit: Examining Fraud Risk And Audit Quality, Sondra Smith

Doctor of Business Administration Dissertations

ABSTRACT

DATA ANALYTICS IN AN AUDIT: EXAMINING FRAUD RISK AND

AUDIT QUALITY

by

Sondra Smith

This study is comprised of two papers which examine, through interviews and an experiment, the current practices of data analytics of CPA firms, whether and how fraud risk impacts the usage of data analytics in an audit, and the effect data analytics has on the efficiency and effectiveness of an audit. The implementation of data analytics in an audit is relatively new, and there is not a good understanding of how it is currently being used in practice. Although historically the auditing profession has been …

Development Of Digital Diary For Enhanced Parental School Involvement In Tanzania, Sekione R. Jeremiah, Joel S. Mtebe Phd

The African Journal of Information Systems

The study examined the use of digital diary as a tool for enhancing parental school involvement in Tanzania. The development of the digital diary followed eXtreme Programming agile method where 87 parents and 6 teachers from St. Florence school were involved. Parents and teachers were given six months to use the tool before testing for its effectiveness using data from 7 teachers and 156 parents through semi-structured interviews and questionnaires respectively. The study found that the majority of respondents (84.4% of parents and 96.7% of teachers) indicated that the digital diary was useful tool as enabled them to track children’s …

Framework Towards Enhancing Adoption Of Electronic Payment In A Developing Economy: A Case Of Uganda, Samuel Eelu, Agnes Nakakawa

The African Journal of Information Systems

Usage of electronic payment (e-payment) in developing economies is still limited, yet literature reveals several models and research efforts that explain adoption of innovations associated with information and communication technologies. This paper investigates issues hindering increased adoption of e-payment systems in a developing economy (specifically Uganda), and suggests possible strategic capabilities or interventions that key stakeholders can actualize to address the issues and enhance e-payment adoption. To achieve this, participatory action research was adopted and instantiated by: conducting an exploratory survey to gain relevant insights from target users of e-payment, devising a framework basing on survey findings and a literature-based …

Information Security Awareness Amongst Students Joining Higher Academic Institutions In Developing Countries: Evidence From Kenya, Joshua R A Ndiege, Gabriel O. Okello

The African Journal of Information Systems

Although there is a steady use of information technology in institutions of higher learning, little is known about the level of information security awareness (ISA) amongst students joining universities in developing countries and more specifically Africa. The purpose of this study was to investigate ISA amongst undergraduate students at a higher education institution in Kenya. The study made use of a quantitative survey approach. Overall, the study findings indicate that majority of the students surveyed did not possess adequate understanding of ISA. Consequently, we submit that there is a strong need to cultivate ISA culture amongst students joining universities in …

Acceptance Of Ict: Applicability Of The Unified Theory Of Acceptance And Use Of Technology (Utaut) To South African Students, Janet Liebenberg, Trudie Benade, Suria Ellis

The African Journal of Information Systems

We are told that university students are Digital Natives and the diffusion of digital technologies into education holds prospective advantages. However, will students in Africa be prepared to engage with and accept the technology? This study aimed to determine the applicability of the Unified Theory of Acceptance and Use of Technology (UTAUT) model within a South African higher education setting and to clarify the factors that are influencing students’ intentions to make use of two digital technologies: an eBook and SLMS. 738 ICT students completed a questionnaire to gauge their responses to Performance expectancy (PEx), Effort expectancy (EfEx), Facilitating conditions …

2018 - The Twenty-Third Annual Symposium Of Student Scholars

Symposium of Student Scholars Program Books

The full program book from the Twenty-third Annual Symposium of Student Scholars, held on April 19, 2018. Includes abstracts from the presentations and posters.

Sex May Sell But Gender Identity Predicts: An Investigation Of College Students’ Propensity To Join Entrepreneurship Clubs, Jerald Wallace

Doctor of Business Administration Dissertations

A rich and diverse stream of research has focused on assessing different outcomes between men and women entrepreneurs. Popular stereotypes maintain that women are neither as interested, or successful as entrepreneurs compared to men. However, most past research has used biological sex as a proxy to measure differences between women and men dichotomously. The problem with this approach is that it is an oversimplified approach to a complex issue. To address this problem, the more recent literature suggests the inclusion of more meaningful variables, such as gender identity, an individual’s concept of their traits both masculine and feminine, to assess …

Two-Pronged Approach To Imbedding Values In Organizations, Evans Lusuli

The Siegel Institute Journal of Applied Ethics

The purpose for this paper is to argue that in order to successfully implement values and develop an ethically conscious or morally intelligent organizations, a two-pronged strategy must be adopted. A two-pronged strategy is an approach that seeks to imbed ethical values at both the organizational level – which, in this case includes the organization’s leadership, and empowering employees at the individual level to do what Mary Gentile (2010) describes in her book, as giving voice to values. Empowering employees to speak their minds when they know what is right is an avenue that enables employees to imbed ethical values …

The E-Agriculture Research Landscape In South Africa: A Systematic Literature Review, Alain Nzuzi Kintoki

The African Journal of Information Systems

Despite the growing interest in e-agriculture research in South Africa, academic studies have not sufficiently and deeply investigated the current e-agriculture research trends in the South African context. It is unclear how primary e-agriculture research in South Africa will aid both current and future generations to create new and better ways to transform agricultural development using this modern technology. This study sought to determine the current status of e-agriculture research in the South African context. A systematic literature review was used to gather and analyze data. The results indicate that 17 papers (26.5%) were published during the first two years …

Tracing Sources Of Design Uncertainty And Controversy In Web 2.0 Facilitated Collaborative Design Process, Lockias Chitanana Dr, Desmond Wesley Govender Dr

The African Journal of Information Systems

The integration of Internet-based collaborative tools such as Web 2.0 technologies to facilitate the design process has rendered collaborative design a chaotic practice filled with controversy and uncertainty, with the inevitable risk of unintended consequences. The purpose of this study was to trace the sources of design controversy in a Web 2.0 facilitated collaborative design process. The study employed an Actor Network Theory (ANT) methodological framework to explore design controversy in five design teams comprising of 4 to 6 undergraduate engineering students. Data was constituted by following the traces left by the actors, both human and nonhumans, their actions and …

Mobile Bullying Among Rural South African Students: Examining The Applicability Of Existing Theories, Michael Eddie Kyobe Prof., Lucas Mimbi Dr, Phillimom Nembandona, Sive Mtshazi

The African Journal of Information Systems

Mobile bullying, which is one form of cyberbullying, is escalating in schools in South Africa. Research can contribute to better understanding of the nature of this aggression, and provide guidance in determining appropriate interventions and administration of justice. However, studies into cyberbullying tend to focus mainly on the urban environment. Rural South Africa involves a large percentage of mobile phone users and experiences in relatively different cultural and social-economic conditions. Lack of research on rural mobile bullying calls into question the applicability of existing theories of crime and cyberbullying to the rural context and their effectiveness in guiding legal and …

The Role Of The Transaction Assurance, Perceived Cost And The Perceived Innovation In The Decision To Continue Using Mobile Money Services Among Small Business Owners, Edison Wazoel Lubua Dr, Philip Pretorius

The African Journal of Information Systems

The motive of this study is to assess the role of the perceived transaction assurance, perceived transaction cost, and anticipated future innovations to predict the intention to continue using mobile money services. Currently, many models on the intention to continue using the technology are based on frameworks for general technology adoption. This study acknowledges the value of these frameworks, but extended the analysis to include the perceived transaction assurance and the perceived innovation upon testing. Other variables included in the study are as follows: the influence of the customer support, the ease of correcting mistakes, and the comfortability with transaction …

A Comparison Of Machine Learning Algorithms For Prediction Of Past Due Service In Commercial Credit, Liyuan Liu M.A, M.S., Jennifer Lewis Priestley Ph.D.

Published and Grey Literature from PhD Candidates

Credit risk modeling has carried a variety of research interest in previous literature, and recent studies have shown that machine learning methods achieved better performance than conventional statistical ones. This study applies decision tree which is a robust advanced credit risk model to predict the commercial non-financial past-due problem with better critical power and accuracy. In addition, we examine the performance with logistic regression analysis, decision trees, and neural networks. The experimenting results confirm that decision trees improve upon other methods. Also, we find some interesting factors that impact the commercials’ non-financial past-due payment.

Audit Committee Oversight Of Internal Control Over Financial Reporting, Andrea B. Weickgenannt

Doctor of Business Administration Dissertations

This study investigates the processes audit committees employ to fulfill their obligation to oversee internal control over financial reporting (ICFR). Specifically, I explore audit committee processes within five fundamental internal control components: control environment, risk assessment, control activities, information and communication, and monitoring (COSO, 2013). I consider agency theory and institutional theory, investigating the degree of substantive versus ceremonial processes used by audit committees. Additionally, this study considers comfort theory as it reveals details about how audit committees get “comfortable” with ICFR.

The research questions in this study are examined through a cross-sectional survey of 167 public company audit committee …

Influence Of The Event Rate On Discrimination Abilities Of Bankruptcy Prediction Models, Lili Zhang, Jennifer Priestley, Xuelei Ni

Published and Grey Literature from PhD Candidates

In bankruptcy prediction, the proportion of events is very low, which is often oversampled to eliminate this bias. In this paper, we study the influence of the event rate on discrimination abilities of bankruptcy prediction models. First the statistical association and significance of public records and firmographics indicators with the bankruptcy were explored. Then the event rate was oversampled from 0.12% to 10%, 20%, 30%, 40%, and 50%, respectively. Seven models were developed, including Logistic Regression, Decision Tree, Random Forest, Gradient Boosting, Support Vector Machine, Bayesian Network, and Neural Network. Under different event rates, models were comprehensively evaluated and compared …

Comparison Of Bankruptcy Prediction Models With Public Records And Firmographics, Lili Zhang, Jennifer Priestley, Xuelei Ni

Published and Grey Literature from PhD Candidates

Many business operations and strategies rely on bankruptcy prediction. In this paper, we aim to study the impacts of public records and firmographics and predict the bankruptcy in a 12-month-ahead period with using different classification models and adding values to traditionally used financial ratios. Univariate analysis shows the statistical association and significance of public records and firmographics indicators with the bankruptcy. Further, seven statistical models and machine learning methods were developed, including Logistic Regression, Decision Tree, Random Forest, Gradient Boosting, Support Vector Machine, Bayesian Network, and Neural Network. The performance of models were evaluated and compared based on classification accuracy, …

Trends In Manufacturing Inventory Efficiency: 1980-2013, Ahren Johnston

Atlantic Marketing Journal

This study was motivated by Cooke’s 2013 article questioning the inclusion on inventory carrying costs in CSCMP’s Annual State of Logistics Report since it is based on interest rates. This paper explores that question more fully and goes on to look at trends in inventory efficiency based on inventory turnover for U.S. manufacturing firms. Results of the study reveal that there has been a level trend between 1980 and 2013 after firm size is controlled for. Since these results are contradictory to those obtained by looking at inventory carrying costs as a percent of GDP, they suggest the need for …

Interpersonal Affect, Accountability And Experience In Auditor Fraud Risk Judgments And The Processing Of Fraud Cues, Jennifer Schafer, Brad Schafer

Faculty Articles

This paper examines whether auditors’ affect toward client management influences fraud likelihood judgments and whether accountability and experience with fraud risk judgments moderate this effect. This research also explores the process by which affect influences fraud judgments by examining affect’s influence on the evaluation of fraud evidence cues. Results indicate that more positive affect toward the client results in lower fraud likelihood judgments. Accountability is found to moderate this effect, but only for experienced auditors. These findings have implications for fraud brainstorming sessions where all staff levels provide input into fraud risk assessments and because client characteristics are especially salient …

Technology Over-Consumption: Helping Students Find Balance In A World Of Alluring Distractions, George D. Shows, Pia A. Albinsson, Tatyana B. Ruseva, Diane Marie Waryold

Atlantic Marketing Journal

The last two decades has seen a fundamental shift in society with the growth in technology and the growth of social media. This shift has been embraced in the classroom as a tool to enhance the learning experience of the student. Students have experienced a fundamental shift in interaction with themselves and the world they inhabit with the exponential growth in technology and social media both inside and outside the classroom. The result is the multitasking student, who must constantly switch between a growing number of interactions. Attention spans have a finite limit, and eventually students experience an over-consumption of …

A Course Project Designed To Aid Students’ Understanding Of The Structure Of Advertisements: An Application Of The Who Says What To Whom Over What Channel With What Effect Model, Paul J. Costanzo

Atlantic Marketing Journal

The author describes a project using a classic communication and attitude-change model and explains how instructors teaching a course in promotional strategy, advertising, or integrated marketing communications can use it to help students better understand the critical elements of an effective advertisement. The author provides an overview of the research on the classic model and describes how the model is still useful today. One benefit for the instructor who adopts this project in their respective course is that students are required to synthesize knowledge of the model with information provided in the current advertising literature and then use this knowledge …