Business Commons^™

Factors Influencing The Perceptions Of Human-Computer Interaction Curriculum Developers In Higher Education Institutions During Curriculum Design And Delivery, Cynthia Augustine, Salah Kabanda

The African Journal of Information Systems

Computer science (CS) and information systems students seeking to work as software developers upon graduating are often required to create software that has a sound user experience (UX) and meets the needs of its users. This includes addressing unique user, context, and infrastructural requirements. This study sought to identify the factors that influence the perceptions of human-computer interaction (HCI) curriculum developers in higher education institutions (HEIs) in developing economies of Africa when it comes to curriculum design and delivery. A qualitative enquiry was conducted and consisted of fourteen interviews with HCI curriculum developers and UX practitioners in four African countries. …

Comparing Cognitive Theories Of Learning Transfer To Advance Cybersecurity Instruction, Assessment, And Testing, Daniel T. Hickey Ph.D., Ronald J. Kantor

Journal of Cybersecurity Education, Research and Practice

The cybersecurity threat landscape evolves quickly, continually, and consequentially. This means that the transfer of cybersecurity learning is crucial. We compared how different recognized “cognitive” transfer theories might help explain and synergize three aspects of cybersecurity education. These include teaching and training in diverse settings, assessing learning formatively & summatively, and testing & measuring achievement, proficiency, & readiness. We excluded newer sociocultural theories and their implications for inclusion as we explore those theories elsewhere. We first summarized the history of cybersecurity education and proficiency standards considering transfer theories. We then explored each theory and reviewed the most relevant cybersecurity education …

Blockchain Applications In Higher Education Based On The Nist Cybersecurity Framework, Brady Lund Ph.D.

Journal of Cybersecurity Education, Research and Practice

This paper investigates the integration of blockchain technology into core systems within institutions of higher education, utilizing the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework as a guiding framework. It supplies definitions of key terminology including blockchain, consensus mechanisms, decentralized identity, and smart contracts, and examines the application of secure blockchain across various educational functions such as enrollment management, degree auditing, and award processing. Each facet of the NIST Framework is utilized to explore the integration of blockchain technology and address persistent security concerns. The paper contributes to the literature by defining blockchain technology applications and opportunities within …

Improving Belonging And Connectedness In The Cybersecurity Workforce: From College To The Profession, Mary Beth Klinger

Journal of Cybersecurity Education, Research and Practice

This article explores the results of a project aimed at supporting community college students in their academic pursuit of an Associate of Applied Science (AAS) degree in Cybersecurity through mentorship, collaboration, skill preparation, and other activities and touch points to increase students’ sense of belonging and connectedness in the cybersecurity profession. The goal of the project was focused on developing diverse, educated, and skilled cybersecurity personnel for employment within local industry and government to help curtail the current regional cybersecurity workforce gap that is emblematic of the lack of qualified cybersecurity personnel that presently exists nationwide. Emphasis throughout the project …

University Of Johannesburg Institutional Repository Cybersecurity Output: 2015-2021 Interdisciplinary Study, Mancha J. Sekgololo

Journal of Cybersecurity Education, Research and Practice

This study examines cybersecurity awareness in universities by analyzing related research output across different disciplines at the University of Johannesburg. The diffusion of innovation theory is used in this study as a theoretical framework to explain how cybersecurity awareness diffuses across disciplines. The University of Johannesburg Institutional Repository database was the data source for this study. Variations in cybersecurity keyword searches and topic modeling techniques were used to identify the frequency and distribution of research output across different disciplines. The study reveals that cybersecurity awareness has diffused across various disciplines, including non-computer science disciplines such as business, accounting, and social …

Privacy Principles And Harms: Balancing Protection And Innovation, Samuel Aiello

Journal of Cybersecurity Education, Research and Practice

In today's digitally connected world, privacy has transformed from a fundamental human right into a multifaceted challenge. As technology enables the seamless exchange of information, the need to protect personal data has grown exponentially. Privacy has emerged as a critical concern in the digital age, as technological advancements continue to reshape how personal information is collected, stored, and utilized. This paper delves into the fundamental principles of privacy and explores the potential harm that can arise from the mishandling of personal data. It emphasizes the delicate balance between safeguarding individuals' privacy rights and fostering innovation in a data-driven society. By …

Board Of Directors Role In Data Privacy Governance: Making The Transition From Compliance Driven To Good Business Stewardship, David Warner, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

Data collection, use, leveraging, and sharing as a business practice and advantage has proliferated over the past decade. Along with this proliferation of data collection is the increase in regulatory activity which continues to morph exponentially around the globe. Adding to this complexity are the increasing business disruptions, productivity and revenue losses, settlements, fines, and penalties which can amount to over $15 million, with many penalties now being ascribed to the organization’s leadership, to include the Board of Directors (BoD), the CEO and members of the senior leadership team (SLT). Thus, boards of directors can no longer ignore and in …

Towards Assessing Cybersecurity Posture Of Manufacturing Companies: Review And Recommendations, John Del Vecchio, Yair Levy, Ling Wang, Ajoy Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

With the continued changes in the way businesses work, cyber-attack targets are in a constant state of flux between organizations, individuals, as well as various aspects of the supply chain of interconnected goods and services. As one of the 16 critical infrastructure sectors, the manufacturing sector is known for complex integrated Information Systems (ISs) that are incorporated heavily into production operations. Many of these ISs are procured and supported by third parties, also referred to as interconnected entities in the supply chain. Disruptions to manufacturing companies would not only have significant financial losses but would also have economic and safety …

Quantum Computing: Computing Of The Future Made Reality, Janelle Mathis

KSU Proceedings on Cybersecurity Education, Research and Practice

Abstract—Quantum computing is an emerging new area focused on technology consisting of quantum theory aspects such as electrons, sub-atomic particles, and other materials engineered using quantum mechanics. Through quantum mechanics, these computers can solve problems that classical computers deem too complex. Today the closest computing technology compared to quantum computers are supercomputers, but similarly to classical computers, supercomputers also have faults. With supercomputers, when a problem is deemed too complex, it is due to the classical machinery components within the computer, thus causing a halt in solving the task or problem. In contrast, these problems could be solved with a …

Rfid Key Fobs In Vehicles: Unmasking Vulnerabilities & Strengthening Security, Devon Magda, Bryson R. Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

The Impact Of Individual Techno-Characteristics On Information Privacy Concerns In The Diffusion Of Mobile Contact Tracing, Jiesen Lin, Dapeng Liu, Lemuria Carter

KSU Proceedings on Cybersecurity Education, Research and Practice

In the wake of the global health crisis, mobile contact tracing applications have emerged as important tools in managing disease spread. However, their effectiveness heavily relies on mass adoption, significantly influenced by the public's information privacy concerns. To date, systematic examination of how these privacy concerns relate to the innovation adopter categories in mobile contact tracing remains sparse. Furthermore, the influence of individual techno-characteristics on these concerns is to be explored. This research seeks to fill these gaps. Drawing on the diffusion of innovation theory, we examine the impact of the key techno-characteristics—adopter category, propensity for identification misrepresentation, and exposure …

Exploring Information Privacy Concerns During The Covid-19 Pandemic: A Juxtaposition Of Three Models, Dapeng Liu, Lemuria Carter, Jiesen Lin

KSU Proceedings on Cybersecurity Education, Research and Practice

Government agencies across the globe utilize mobile applications to interact with constituents. In response to the global pandemic, several nations have employed contact tracing services to manage the spread of COVID-19. Extent literature includes various models that explore information privacy. Several researchers have highlighted the need to compare the effectiveness of diverse information privacy models. To fill this gap, we explore the impact of information privacy concerns on citizens’ willingness to download a federal contact tracing app. In particular, we compare three types of prevalent information privacy concerns: global information privacy concerns (GIPC), concern for information privacy (CFIP), and internet …

Turnstile File Transfer: A Unidirectional System For Medium-Security Isolated Clusters, Mark Monnin, Lori L. Sussman

Journal of Cybersecurity Education, Research and Practice

Data transfer between isolated clusters is imperative for cybersecurity education, research, and testing. Such techniques facilitate hands-on cybersecurity learning in isolated clusters, allow cybersecurity students to practice with various hacking tools, and develop professional cybersecurity technical skills. Educators often use these remote learning environments for research as well. Researchers and students use these isolated environments to test sophisticated hardware, software, and procedures using full-fledged operating systems, networks, and applications. Virus and malware researchers may wish to release suspected malicious software in a controlled environment to observe their behavior better or gain the information needed to assist their reverse engineering processes. …

Preparing Uk Students For The Workplace: The Acceptability Of A Gamified Cybersecurity Training, Oliver J. Mason, Siobhan Collman, Stella Kazamia, Ioana Boureanu

Journal of Cybersecurity Education, Research and Practice

This pilot study aims to assess the acceptability of Open University’s training platform called Gamified Intelligent Cyber Aptitude and Skills Training course (GICAST), as a means of improving cybersecurity knowledge, attitudes, and behaviours in undergraduate students using both quantitative and qualitative methods. A mixed-methods, pre-post experimental design was employed. 43 self-selected participants were recruited via an online register and posters at the university (excluding IT related courses). Participants completed the Human Aspects of Information Security Questionnaire (HAIS-Q) and Fear of Missing Out (FoMO) Scale. They then completed all games and quizzes in the GICAST course before repeating the HAIS-Q and …

Integrity, Confidentiality, And Equity: Using Inquiry-Based Labs To Help Students Understand Ai And Cybersecurity, Richard C. Alexander, Liran Ma, Ze-Li Dou, Zhipeng Cai, Yan Huang

Journal of Cybersecurity Education, Research and Practice

Recent advances in Artificial Intelligence (AI) have brought society closer to the long-held dream of creating machines to help with both common and complex tasks and functions. From recommending movies to detecting disease in its earliest stages, AI has become an aspect of daily life many people accept without scrutiny. Despite its functionality and promise, AI has inherent security risks that users should understand and programmers must be trained to address. The ICE (integrity, confidentiality, and equity) cybersecurity labs developed by a team of cybersecurity researchers addresses these vulnerabilities to AI models through a series of hands-on, inquiry-based labs. Through …

Building A Diverse Cybersecurity Workforce: A Study On Attracting Learners With Varied Educational Backgrounds, Mubashrah Saddiqa, Kristian Helmer Kjær Larsen1 Helmer Kjær Larsen, Robert Nedergaard Nielsen, Jens Myrup Pedersen

Journal of Cybersecurity Education, Research and Practice

Cybersecurity has traditionally been perceived as a highly technical field, centered around hacking, programming, and network defense. However, this article contends that the scope of cybersecurity must transcend its technical confines to embrace a more inclusive approach. By incorporating various concepts such as privacy, data sharing, and ethics, cybersecurity can foster diversity among audiences with varying educational backgrounds, thereby cultivating a richer and more resilient security landscape. A more diverse cybersecurity workforce can provide a broader range of perspectives, experiences, and skills to address the complex and ever-evolving threats of the digital age. The research focuses on enhancing cybersecurity education …

A Developed Framework For Studying Cyberethical Behaviour In North Central Nigeria, Aderinola Ololade Dunmade, Adeyinka Tella, Uloma Doris Onuoha

Journal of Cybersecurity Education, Research and Practice

ICT advancements have enabled more online activities, resulting in several cyberethical behaviours. Literature documents prevalence of plagiarism, and online fraud, among other misbehaviours. While behaviour has been explained by several theories, as scholarship and research advances, frameworks are modified to include more constructs. The researchers modified Fishbein and Ajzen (2011)'s Reasoned Action Approach to study female postgraduate students' perspectives toward cyberethical behaviour in North Central Nigerian universities.

The study focused on four variables, which were adequately captured by the model: perception, awareness, and attitude.

An adapted questionnaire collected quantitative data. This study used multistage sampling. A sample size of 989 …

Leveraging Vr/Ar/Mr/Xr Technologies To Improve Cybersecurity Education, Training, And Operations, Paul Wagner, Dalal Alharthi

Journal of Cybersecurity Education, Research and Practice

The United States faces persistent threats conducting malicious cyber campaigns that threaten critical infrastructure, companies and their intellectual property, and the privacy of its citizens. Additionally, there are millions of unfilled cybersecurity positions, and the cybersecurity skills gap continues to widen. Most companies believe that this problem has not improved and nearly 44% believe it has gotten worse over the past 10 years. Threat actors are continuing to evolve their tactics, techniques, and procedures for conducting attacks on public and private targets. Education institutions and companies must adopt emerging technologies to develop security professionals and to increase cybersecurity awareness holistically. …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Infrastructure As Code For Cybersecurity Training, Rui Pinto, Rolando Martins, Carlos Novo

Journal of Cybersecurity Education, Research and Practice

An organization's infrastructure rests upon the premise that cybersecurity professionals have specific knowledge in administrating and protecting it against outside threats. Without this expertise, sensitive information could be leaked to malicious actors and cause damage to critical systems. These attacks tend to become increasingly specialized, meaning cybersecurity professionals must ensure proficiency in specific areas. Naturally, recommendations include creating advanced practical training scenarios considering realistic situations to help trainees gain detailed knowledge. However, the caveats of high-cost infrastructure and difficulties in the deployment process of this kind of system, primarily due to the manual process of pre-configuring software needed for the …

Building The Operational Technology (Ot) Cybersecurity Workforce: What Are Employers Looking For?, Christopher A. Ramezan, Paul M. Coffy, Jared Lemons

Journal of Cybersecurity Education, Research and Practice

A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position …

Leading K-12 Community Responsiveness To Cyber Threats Via Education Of School Community, Michele Kielty, A. Renee Staton

Journal of Cybersecurity Education, Research and Practice

Cyber threats have escalated in recent years. Many of these threats have been direct and vicious attacks on K-12 systems. Educators are rarely trained on how to address cyber threats from a systemic and educational perspective when such challenges arise in their school buildings. This article explains the cyber threats that are looming large for K-12 systems and provides concrete tools for school leaders to employ in order to provide preventive education to their school communities.

An Interdisciplinary Approach To Experiential Learning In Cyberbiosecurity And Agriculture Through Workforce Development, Kellie Johnson, Tiffany Drape, Joseph Oakes, Joseph Simpson, Ann Brown, Donna M. Westfall-Rudd, Susan Duncan

Journal of Cybersecurity Education, Research and Practice

Cyberbiosecurity and workforce development in agriculture and the life sciences (ALS) is a growing area of need in the curriculum in higher education. Students that pursue majors related to ALS often do not include training in cyber-related concepts or expose the ‘hidden curriculum’ of seeking internships and jobs. Exposing students through workforce development training and hands-on engagement with industry professionals can provide learning opportunities to bridge the two and is an area of growth and demand as the workforce evolves. The objectives of this work were 1) to learn key concepts in cybersecurity, including data security, visualization, and analysis, to …

Editorial, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Editorial for Volume 2023, Issue 2

A Mixed-Method Study Exploring Cyber Ranges And Educator Motivation, Cheryl Beauchamp, Holly M. Matusovich

Journal of Cybersecurity Education, Research and Practice

A growing number of academic institutions have invested resources to integrate cyber ranges for applying and developing cybersecurity-related knowledge and skills. Cyber range developers and administrators provided much of what is known about cyber range resources and possible educational applications; however, the educator provides valuable understanding of the cyber range resources they use, how they use them, what they value, and what they do not value. This study provides the cyber range user perspective of cyber ranges in cybersecurity education by describing how K-12 educators are motivated using cyber ranges. Using mixed methods, this study explored educator motivation associated with …

Privacy Harm And Non-Compliance From A Legal Perspective, Suvineetha Herath, Haywood Gelman, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, …

Integrating Certifications Into The Cybersecurity College Curriculum: The Efficacy Of Education With Certifications To Increase The Cybersecurity Workforce, Binh Tran, Karen C. Benson, Lorraine Jonassen

Journal of Cybersecurity Education, Research and Practice

One only needs to listen to the news reports to recognize that the gap between securing the enterprise and cybersecurity threats, breaches, and vulnerabilities appears to be widening at an alarming rate. An un-tapped resource to combat these attacks lies in the students of the secondary educational system. Necessary in the cybersecurity education is a 3-tiered approach to quickly escalate the student into a workplace-ready graduate. The analogy used is a three-legged-stool, where curriculum content, hands-on skills, and certifications are equal instruments in the edification of the cybersecurity student. This paper endeavors to delve into the 3^rd leg of …

Cybersecurity Challenges And Awareness Of The Multi-Generational Learners In Nepal, Raj Kumar Dhungana, Lina Gurung Dr, Hem Poudyal

Journal of Cybersecurity Education, Research and Practice

Increased exposure to technologies has lately emerged as one of the everyday realities of digital natives, especially K-12 students, and teachers, the digital immigrants. Protection from cybersecurity risks in digital learning spaces is a human right, but students are increasingly exposed to high-risk cyberspace without time to cope with cybersecurity risks. This study, using a survey (N-891 students and 157 teachers) and in-depth interviews (27 students and 14 teachers), described the students' cybersecurity-related experiences and challenges in Nepal. This study revealed that the school’s cybersecurity support system is poor and teachers has very low awareness and competencies to protect students …

What You See Is Not What You Know: Studying Deception In Deepfake Video Manipulation, Cathryn Allen, Bryson R. Payne, Tamirat Abegaz, Chuck Robertson

Journal of Cybersecurity Education, Research and Practice

Research indicates that deceitful videos tend to spread rapidly online and influence people’s opinions and ideas. Because of this, video misinformation via deepfake video manipulation poses a significant online threat. This study aims to discover what factors can influence viewers’ capability to distinguish deepfake videos from genuine video footage. This work focuses on exploring deepfake videos’ potential use for deception and misinformation by exploring people’s ability to determine whether videos are deepfakes in a survey consisting of deepfake videos and original unedited videos. The participants viewed a set of four videos and were asked to judge whether the videos shown …

Like Treating The Symptom Rather Than The Cause - The Omission Of Courses Over Terrorism In Nsa Designated Institutions, Ida L. Oesteraas

Journal of Cybersecurity Education, Research and Practice

The National Security Agency (NSA) awards Center of Academic Excellence (CAE) designations to institutions that commit to producing cybersecurity professionals who will work in careers that reduce vulnerabilities in our national infrastructure. A review of the curricula in the 327 institutions and their degree programs reveal that only two programs offer a required course about terrorism. Given the fluid nature of terrorism and its threat to national infrastructure, the omission is concerning. It is recommended that NSA-certified cybersecurity programs begin implementing educational content that aim to teach about this emerging crime and justice issue. One suggestion is to embrace the …