Business Commons^™

Towards Assessing Cybersecurity Posture Of Manufacturing Companies: Review And Recommendations, John Del Vecchio, Yair Levy, Ling Wang, Ajoy Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

With the continued changes in the way businesses work, cyber-attack targets are in a constant state of flux between organizations, individuals, as well as various aspects of the supply chain of interconnected goods and services. As one of the 16 critical infrastructure sectors, the manufacturing sector is known for complex integrated Information Systems (ISs) that are incorporated heavily into production operations. Many of these ISs are procured and supported by third parties, also referred to as interconnected entities in the supply chain. Disruptions to manufacturing companies would not only have significant financial losses but would also have economic and safety …

Quantum Computing: Computing Of The Future Made Reality, Janelle Mathis

KSU Proceedings on Cybersecurity Education, Research and Practice

Abstract—Quantum computing is an emerging new area focused on technology consisting of quantum theory aspects such as electrons, sub-atomic particles, and other materials engineered using quantum mechanics. Through quantum mechanics, these computers can solve problems that classical computers deem too complex. Today the closest computing technology compared to quantum computers are supercomputers, but similarly to classical computers, supercomputers also have faults. With supercomputers, when a problem is deemed too complex, it is due to the classical machinery components within the computer, thus causing a halt in solving the task or problem. In contrast, these problems could be solved with a …

Rfid Key Fobs In Vehicles: Unmasking Vulnerabilities & Strengthening Security, Devon Magda, Bryson R. Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

The Impact Of Individual Techno-Characteristics On Information Privacy Concerns In The Diffusion Of Mobile Contact Tracing, Jiesen Lin, Dapeng Liu, Lemuria Carter

KSU Proceedings on Cybersecurity Education, Research and Practice

In the wake of the global health crisis, mobile contact tracing applications have emerged as important tools in managing disease spread. However, their effectiveness heavily relies on mass adoption, significantly influenced by the public's information privacy concerns. To date, systematic examination of how these privacy concerns relate to the innovation adopter categories in mobile contact tracing remains sparse. Furthermore, the influence of individual techno-characteristics on these concerns is to be explored. This research seeks to fill these gaps. Drawing on the diffusion of innovation theory, we examine the impact of the key techno-characteristics—adopter category, propensity for identification misrepresentation, and exposure …

Exploring Information Privacy Concerns During The Covid-19 Pandemic: A Juxtaposition Of Three Models, Dapeng Liu, Lemuria Carter, Jiesen Lin

KSU Proceedings on Cybersecurity Education, Research and Practice

Government agencies across the globe utilize mobile applications to interact with constituents. In response to the global pandemic, several nations have employed contact tracing services to manage the spread of COVID-19. Extent literature includes various models that explore information privacy. Several researchers have highlighted the need to compare the effectiveness of diverse information privacy models. To fill this gap, we explore the impact of information privacy concerns on citizens’ willingness to download a federal contact tracing app. In particular, we compare three types of prevalent information privacy concerns: global information privacy concerns (GIPC), concern for information privacy (CFIP), and internet …

How Chatgpt Can Be Used As A Defense Mechanism For Cyber Attacks, Michelle Ayaim

Cybersecurity Undergraduate Research Showcase

The powers of OpenAI's groundbreaking AI language model, ChatGPT, startled millions of users when it was released in November. But for many, the tool's ability to further accomplish the goals of evil actors swiftly replaced their initial excitement with significant concerns. ChatGPT gives malicious actors additional ways to possibly compromise sophisticated cybersecurity software. Leaders in a sector that is currently suffering from a 38% global spike in data breaches in 2022 must acknowledge the rising influence of AI and take appropriate action. Cybercriminals are writing more complex and focused business email compromise (BEC) and other phishing emails with the assistance …

Social Media & Privacy: Understanding Privacy In The Age Of Content Creator Culture, Robert Tagoe, Raphael Amponsah, Emmanuel Awuni Kolog, Eric Afful-Dadzie

African Conference on Information Systems and Technology

In today's digital age, content creators are gaining public attention and becoming highly influential. With that increased influence, it is important to acknowledge the privacy concerns within this culture. This interpretive research study seeks to identify and understand the dynamics of privacy within the content creator culture. This research will leverage information from interviews with content creators from various social media platforms such as YouTube, Instagram, Facebook, and TikTok. Using theories to understand the phenomena, theories of privacy calculus, privacy paradox and self-disclosure, will be used to view how content creators define and navigate privacy, strategies employed to control personal …

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore, Maria Valero, Amy Gruss

KSU Proceedings on Cybersecurity Education, Research and Practice

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage is the reason for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …

Cybercrime In The Developing World, David A. Ghelerter, John E. Wilson, Noah L. Welch, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper attempts to discover the reasons behind the increase in cybercrime in developing nations over the past two decades. It discusses many examples and cases of projects to increase internet access in developing countries and how they enabled cybercrime. This paper examines how nations where many cybercrimes occurred, did not have the necessary resources or neglected to react appropriately. The other primary focus is how cybercrimes are not viewed the same as other crimes in many of these countries and how this perception allows cybercriminals to do as they please with no stigma from their neighbors. It concludes that …

Microtransactions And Gambling In The Video Game Industry, Christopher L. Antepenko, Samuel R. Rickey, Angel L. Hibbets, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

The beginning of the 21st century has had a drastic effect on the video game industry. The advent of almost universal Internet access, the release of inexpensive broadband-enabled consoles, and the availability of mobile gaming have led to game developers and publishers heavily relying on premium in-game currencies, exclusive paid items, and loot boxes to subsidize or even replace profits from traditional video game business models. By 2020, in-game purchases made up a market of $92.6B worldwide and, in the US, experienced growth of over 30%.[1] In this highly lucrative market, the legal and ethical landscape is constantly bubbling with …

Social Media Platforms And Responsibility For Disinformation, Matt T. Figlia, Brandon M. Henschen, Joseph T. Sims, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

Researchers are paying closer attention to the rise of disinformation on social media platforms and what responsibility, if any, the companies that control these platforms have for false information being spread on their websites. In this paper, we highlight the recent growth in concern regarding online disinformation, discuss other works regarding the use of social media as a tool for spreading disinformation, and discuss how coordinated disinformation campaigns on social media platforms are used to spread propaganda and lies about current political events. We also evaluate the reactions of social media platforms in combatting disinformation and the difficulty in policing …

Using Experts For Improving Project Cybersecurity Risk Scenarios, Steven S. Presley, Jeffrey P. Landry, Jordan Shropshire, Philip Menard

KSU Proceedings on Cybersecurity Education, Research and Practice

This study implemented an expert panel to assess the content validity of hypothetical scenarios to be used in a survey of cybersecurity risk across project meta-phases. Six out of 10 experts solicited completed the expert panel exercise. Results indicate that although experts often disagreed with each other and on the expected mapping of scenario to project meta-phase, the experts generally found risk present in the scenarios and across all three project meta-phases, as hypothesized.

Towards Assessing Organizational Cybersecurity Risks Via Remote Workers’ Cyberslacking And Their Computer Security Posture, Ariel Luna, Yair Levy, Gregory Simco, Wei Li

KSU Proceedings on Cybersecurity Education, Research and Practice

Cyberslacking is conducted by employees who are using their companies’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity, however, recently, due to COVID19 pandemic move to remote working also pose a cybersecurity risk to organizations networks and infrastructure. In this work-in-progress research study, we are developing, validating, and will empirically test taxonomy to assess an organization’s remote workers’ risk level of cybersecurity threats. This study includes a three-phased developmental approach in developing the Remote Worker Cyberslacking Security Risk Taxonomy. With feedback from cybersecurity …

Nids In Airgapped Lans--Does It Matter?, Winston Messer

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper presents an assessment of the methods and benefits of adding network intrusion detection systems (NIDS) to certain high-security airgapped isolated local area networks. The proposed network architecture was empirically tested via a series of simulated network attacks on a virtualized network. The results show an improvement of double the chances of an analyst receiving a specific, appropriately-severe alert when NIDS is implemented alongside host-based measures when compared to host-based measures alone. Further, the inclusion of NIDS increased the likelihood of the analyst receiving a high-severity alert in response to the simulated attack attempt by four times when compared …

What You See Is Not What You Know: Deepfake Image Manipulation, Cathryn Allen, Bryson Payne, Tamirat Abegaz, Chuck Robertson

KSU Proceedings on Cybersecurity Education, Research and Practice

Research indicates that deceitful videos tend to spread rapidly online and influence people’s opinions and ideas. Because of this, video misinformation via deepfake video manipulation poses a significant online threat. This study aims to discover what factors can influence viewers’ capability of distinguishing deepfake videos from genuine video footage. This work focuses on exploring deepfake videos’ potential use for deception and misinformation by exploring people’s ability to determine whether videos are deepfakes in a survey consisting of deepfake videos and original unedited videos. The participants viewed a set of four videos and were asked to judge whether the videos shown …

Editors' Preface, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

KSU Proceedings on Cybersecurity Education, Research and Practice

Since 2004, Kennesaw State University, Georgia, has hosted an academic conference. Over the years, the event has brought together hundreds of faculty and students from throughout the U.S., sharing research into pedagogical efforts and instructional innovations. Initially, the conference was named the Information Security Curriculum Development conference and served as KSU’s contribution to engage our colleagues in growing security education from its infancy. It was paired with KSU’s inaugural security education journal, the Information Security Education Journal. In 2016, the event was rebranded as the Conference on Cybersecurity Education, Research, and Practice to reflect both an expansion of topics suitable …

The Impact Of Ethical Hacking Within Small Businesses, Nygia Tribbey

Cybersecurity Undergraduate Research Showcase

The Internet has brought about a new way for businesses to reach their customers. With the help of social media, websites, and email marketing, small businesses have gained a lot of new customers. However, these new online customers have also opened up their businesses to a whole new world of cyber crime. Cyber crime is the illegal use of computers and networks to cause damage or steal information. This type of crime affects small businesses as well as large corporations. Small businesses often find themselves at a disadvantage because they don't have the resources to hire an ethical hacker or …

A Qualitative Look Into Repair Practices, Jumana Labib

Undergraduate Student Research Internships Conference

This research poster is based on a working research paper which moves beyond the traditional scope of repair and examines the Right to Repair movement from a smaller, more personal lens by detailing the 6 categorical impediments as dubbed by Dr. Alissa Centivany (design, law, economic/business strategy, material asymmetry, informational asymmetry, and social impediments) have continuously inhibited repair and affected repair practices, which has consequently had larger implications (environmental, economic, social, etc.) on ourselves, our objects, and our world. The poster builds upon my research from last year (see "The Right to Repair: (Re)building a better future"), this time pulling …

Cyber Threat On The High Seas. A Growing Threat To Infrastructure, James Cummins

Cybersecurity Undergraduate Research Showcase

In a growing digital and cloud-connected world, all aspects of our lives are becoming interconnected. All these interconnections breed a possibility for ever-increasing cybersecurity threats. The oceans are not impervious to these attacks. In this research paper, we address the following questions.

What threats do commercial ships face today?

What actions are necessary to mitigate these threats?

Cybersecurity In Fintech Companies, Efstratios Zouros

Cybersecurity Undergraduate Research Showcase

Have you recently accessed your bank account online? Have you accessed any financial instrument through your computer or your mobile device? If you are reading this, chances are you have. Every time you utilize those services, you ultimately put your trust in the financial institutions that offer them. You trust that they can securely keep your private information, while also keeping your savings safe. Ultimately, there is a certain dependability and trust in financial institutions that have been present on earth before most of us.

Understanding The Effectivity And Increased Reliance Of Credit Risk Machine Learning Models In Banking, Grishma Baruah

Cybersecurity Undergraduate Research Showcase

Credit risk analysis and making accurate investment and lending decisions has been a challenge for the financial industry for many years, as can be seen with the 2008 financial crisis. However, with the rise of machine learning models and predictive analytics, there has been a shift to increased reliance on technology for determining credit risk. This transition to machine learning comes with both advantages, such as potentially eliminating human error and assumptions from lending decisions, and disadvantages, such as time constraints, data usage inabilities, and lack of understanding nuances in machine learning models. In this paper, I look at four …

Cybersecurity Maturity Model Certification (Cmmc) Compliance For Dod Contractors, Sierra Burnett

Cybersecurity Undergraduate Research Showcase

The DoD is currently taking a supply-chain risk management strategy to foster cybersecurity. This unique strategy is often referred to as CMMC which stands for “Cybersecurity Maturity Model Certification”. The approach requires that all the 300,000 DoD contractors acquire third-party authentication that may attain the requirements for the CMMC maturity level suitable to the work they desire to do for the DoD. CMMC typically examines the organization's capability to safeguard Federal Contract Information as well as CUI. It integrates various cybersecurity standards already in place and plots the best practices alongside processes to five maturity levels that range from the …

Emotional Analysis Of Learning Cybersecurity With Games Using Iot, Maria Valero, Md Jobair Hossain, Shahriar Sobhan

KSU Proceedings on Cybersecurity Education, Research and Practice

The constant rise of cyber-attacks poses an increasing demand for more qualified people with cybersecurity knowledge. Games have emerged as a well-fitted technology to engage users in learning processes. In this paper, we analyze the emotional parameters of people while learning cybersecurity through computer games. The data are gathered using a non-invasive Brain-Computer Interface (BCI) to study the signals directly from the users’ brains. We analyze six performance metrics (engagement, focus, excitement, stress, relaxation, and interest) of 12 users while playing computer games to measure the effectiveness of the games to attract the attention of the participants. Results show participants …

Resilience Vs. Prevention. Which Is The Better Cybersecurity Practice?, Frank Katz

KSU Proceedings on Cybersecurity Education, Research and Practice

Students in multiple cohorts of our 3000 level Fundamentals of Information Systems Security course were given a discussion question where they had to either agree or disagree with the premise that given all the constant threats to our systems, we should dedicate more of our efforts to quickly repairing the damage of an attack rather than dedicate more of our time and energies to preventing such attacks. They were required to give their reasoning and provide sources to back up their analysis of his comment.

This paper will describe and explain the concept of cyber resiliency. It will then evaluate …

Warshipping: Hacking The Mailroom, Jackson Szwast, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

Everyone knows what package shipping is, but not everyone knows what warshipping is. Corporate mailrooms are rarely considered as part of the cybersecurity attack surface of most organizations, but they offer physical access to millions of uninspected packages daily. UPS shipped 5.5 billion items last year, with their daily average being 21.9 million items and operating through 1,800 locations in 2020. FedEx shipped 6.5 million packages daily and operates 2,150 locations. The United States Postal Service delivered 143 billion pieces of mail in 2019. Increasingly the world’s consumers are relying on e-commerce, and during the recent COVID-19 pandemic, package deliveries …

Towards Assessing Password Workarounds And Perceived Risk To Data Breaches For Organizational Cybersecurity Risk Management Taxonomy, Michael J. Rooney, Yair Levy, Wei Li, Ajoy Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their …

Analyzing Robotics Software Vulnerabilities, Hossain Shahriar, Md Jobair Hossain Faruk, Shahriar Sobhan, Mohammad Nazim

KSU Proceedings on Cybersecurity Education, Research and Practice

Robots are widely used in our day-to-day life in various domains. For example, eldercare robots, such as CareO-Bots [1]are used to perform household tasks and provide mobility assistance [2]. Amazon uses manufacturing robots to accomplish manufacturing labor activities, such as welding and assembling equipment [2]. According to the International Data Corporation, spending on robotics is expected to reach USD 241.4 billion by the end of 2023 [4].

However, malicious users can exploit security vulnerabilities in hardware and software components of robotics systems to conduct security attacks and cause malfunction, i.e., deviate robots from their expected behaviors. Security attacks on robots …

A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo

KSU Proceedings on Cybersecurity Education, Research and Practice

The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …

Leverage Psychological Factors Associated With Lapses In Cybersecurity In Organizational Management, Chad Holm

Cybersecurity Undergraduate Research Showcase

With computers being a standard part of life now with the evolution of the internet, many aspects of our lives have changed, and new ways of thinking must come. One of the biggest challenges in most cyber security problems is not related to the software or the hardware; it is the people that are using the computers to access the data and communicate with others, where the hackers could simply find a weak entry point that naturally exists and a weak link caused by human hands. The human factor as an “insider threat” will affect unauthorized access, credentials stealing, and …

Contingency Planning Amidst A Pandemic, Natalie C. Belford

KSU Proceedings on Cybersecurity Education, Research and Practice

Proper prior planning prevents pitifully poor performance: The purpose of this research is to address mitigation approaches - disaster recovery, contingency planning, and continuity planning - and their benefits as they relate to university operations during a worldwide pandemic predicated by the Novel Coronavirus (COVID-19). The most relevant approach pertaining to the University’s needs and its response to the Coronavirus pandemic will be determined and evaluated in detail.