Business Commons^™

Cybersecurity Maturity Model Certification (Cmmc) Compliance For Dod Contractors, Sierra Burnett

Cybersecurity Undergraduate Research Showcase

The DoD is currently taking a supply-chain risk management strategy to foster cybersecurity. This unique strategy is often referred to as CMMC which stands for “Cybersecurity Maturity Model Certification”. The approach requires that all the 300,000 DoD contractors acquire third-party authentication that may attain the requirements for the CMMC maturity level suitable to the work they desire to do for the DoD. CMMC typically examines the organization's capability to safeguard Federal Contract Information as well as CUI. It integrates various cybersecurity standards already in place and plots the best practices alongside processes to five maturity levels that range from the …

Emotional Analysis Of Learning Cybersecurity With Games Using Iot, Maria Valero, Md Jobair Hossain, Shahriar Sobhan

KSU Proceedings on Cybersecurity Education, Research and Practice

The constant rise of cyber-attacks poses an increasing demand for more qualified people with cybersecurity knowledge. Games have emerged as a well-fitted technology to engage users in learning processes. In this paper, we analyze the emotional parameters of people while learning cybersecurity through computer games. The data are gathered using a non-invasive Brain-Computer Interface (BCI) to study the signals directly from the users’ brains. We analyze six performance metrics (engagement, focus, excitement, stress, relaxation, and interest) of 12 users while playing computer games to measure the effectiveness of the games to attract the attention of the participants. Results show participants …

Resilience Vs. Prevention. Which Is The Better Cybersecurity Practice?, Frank Katz

KSU Proceedings on Cybersecurity Education, Research and Practice

Students in multiple cohorts of our 3000 level Fundamentals of Information Systems Security course were given a discussion question where they had to either agree or disagree with the premise that given all the constant threats to our systems, we should dedicate more of our efforts to quickly repairing the damage of an attack rather than dedicate more of our time and energies to preventing such attacks. They were required to give their reasoning and provide sources to back up their analysis of his comment.

This paper will describe and explain the concept of cyber resiliency. It will then evaluate …

Warshipping: Hacking The Mailroom, Jackson Szwast, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

Everyone knows what package shipping is, but not everyone knows what warshipping is. Corporate mailrooms are rarely considered as part of the cybersecurity attack surface of most organizations, but they offer physical access to millions of uninspected packages daily. UPS shipped 5.5 billion items last year, with their daily average being 21.9 million items and operating through 1,800 locations in 2020. FedEx shipped 6.5 million packages daily and operates 2,150 locations. The United States Postal Service delivered 143 billion pieces of mail in 2019. Increasingly the world’s consumers are relying on e-commerce, and during the recent COVID-19 pandemic, package deliveries …

Towards Assessing Password Workarounds And Perceived Risk To Data Breaches For Organizational Cybersecurity Risk Management Taxonomy, Michael J. Rooney, Yair Levy, Wei Li, Ajoy Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their …

Analyzing Robotics Software Vulnerabilities, Hossain Shahriar, Md Jobair Hossain Faruk, Shahriar Sobhan, Mohammad Nazim

KSU Proceedings on Cybersecurity Education, Research and Practice

Robots are widely used in our day-to-day life in various domains. For example, eldercare robots, such as CareO-Bots [1]are used to perform household tasks and provide mobility assistance [2]. Amazon uses manufacturing robots to accomplish manufacturing labor activities, such as welding and assembling equipment [2]. According to the International Data Corporation, spending on robotics is expected to reach USD 241.4 billion by the end of 2023 [4].

However, malicious users can exploit security vulnerabilities in hardware and software components of robotics systems to conduct security attacks and cause malfunction, i.e., deviate robots from their expected behaviors. Security attacks on robots …

A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo

KSU Proceedings on Cybersecurity Education, Research and Practice

The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …

Leverage Psychological Factors Associated With Lapses In Cybersecurity In Organizational Management, Chad Holm

Cybersecurity Undergraduate Research Showcase

With computers being a standard part of life now with the evolution of the internet, many aspects of our lives have changed, and new ways of thinking must come. One of the biggest challenges in most cyber security problems is not related to the software or the hardware; it is the people that are using the computers to access the data and communicate with others, where the hackers could simply find a weak entry point that naturally exists and a weak link caused by human hands. The human factor as an “insider threat” will affect unauthorized access, credentials stealing, and …