From The Editors, Carole L. Hollingsworth, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Welcome to the Fall 2018 issue of the Journal of Cybersecurity Education, Research, and Practice (JCERP). On behalf of the editorial team, we thank you for taking the time to read this issue and strongly encourage you to submit an article for consideration in an upcoming edition.

Using A Game To Improve Phishing Awareness, Patrickson Weanquoi, Jaris Johnson, Jinghua Zhang

Journal of Cybersecurity Education, Research and Practice

Cybersecurity education has become increasingly critical as we spend more of our everyday lives online. Research shows that college students are mostly unaware of the many online dangers. To teach students about cybersecurity using their preferred medium, gaming, we developed an educational 2D game called “Bird’s Life” that aims to teach college students, as well as general interest individuals, about phishing. Players will come to understand phishing attacks and how to avoid them in real-world scenarios through a fun gaming context. The game can be deployed to multiple platforms such as PC, web, and mobile devices. To measure the effect …

An Examination Of Cybersecurity Knowledge Transfer: Teaching, Research, And Website Security At U.S. Colleges And Universities, Aditya Gupta, James R. Wolf

Journal of Cybersecurity Education, Research and Practice

This work seeks to answer the question: Does faculty cybersecurity knowledge gained from teaching and research transfer to other IT units in the university? Specifically, do colleges and universities that excel in cybersecurity teaching and research have more secure websites? This work explores a unique setting where the knowledge of the source and recipient are both directly related and observable without outside intervention. Our study employed data from 591 U.S. colleges and universities, the National Centers of Academic Excellence (CAE) program, accepted paper data from the ACM Conference on Computer and Communications Security (CCS) and the IEEE Symposium on Security …

Secured Data Masking Framework And Technique For Preserving Privacy In A Business Intelligence Analytics Platform, Osama Ali

Electronic Thesis and Dissertation Repository

The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify, Map, Apply, …

Open Source Foundations For Spatial Decision Support Systems, Jochen Albrecht

Publications and Research

Spatial Decision Support Systems (SDSS) were a hot topic in the 1990s, when researchers tried to imbue GIS with additional decision support features. Successful practical developments such as HAZUS or CommunityViz have since been built, based on commercial desktop software and without much heed for theory other than what underlies their process models. Others, like UrbanSim, have been completely overhauled twice but without much external scrutiny. Both the practical and the theoretical foundations of decision support systems have developed considerably over the past 20 years. This article presents an overview of these developments and then looks at what corresponding tools …

Project Renew Worcester, Danni Yue, Amy Zhang, Jing Han, Omid Ashrafi, Yiming Xu

School of Professional Studies

n The client for this capstone project is RENEW Worcester which is a fledgling solar power project whose main goals are to bring renewable energy in the form of solar power into local, primarily low-income communities and are committed to the mission of making the transition off of fossil fuels to clean, renewable power. Based in Worcester, Massachusetts, they are a local chapter of Co-op Power which is a consumer-owned sustainable energy cooperative (co-op) made up of numerous different local chapters all over the New England area as well as the state of New York. The problem that we will …

The Rise Of Real-Time Retail Payments, Zhiling Guo

MITB Thought Leadership Series

TRANSACTING for just about anything using our mobile phones has become commonplace, and so many consumers will be intrigued to discover that after making a purchase it can still take longer for payment to reach a vendor’s bank account than it does for the purchased goods to be delivered.

Leveraging Artificial Intelligence To Capture The Singapore Rideshare Market, Pradeep Varakantham

MITB Thought Leadership Series

BIKE-SHARING programmes face many of the issues encountered by their counterparts in the carsharing world. But in Singapore, there are a number of factors that have a unique impact on the industry. These include the regulatory structure and the significant fines for those companies who do not abide by these regulations. When this is combined with the competitive nature of the industry in one of the world's most dynamic cities, it becomes clear that first movers who leverage machine learning and prediction will come to dominate the industry

Older Adults And The Authenticity Of Emails.Docx, Premankit Sannd, David M. Cook

Dr. David M Cook

Enhancing The Design Of A Cybersecurity Risk Management Solution For Communities Of Trust, James E. Fulford Jr.

USF Tampa Graduate Theses and Dissertations

Research into cybersecurity risks and various methods of evaluating those threats has become an increasingly important area of academic and practitioner investigations. Of particular interest in this field is enhancing the designs and informing capabilities of cybersecurity risk management solutions for users who desire to understand how organizations are impacted when such risks are exploited. Many of the cybersecurity risk management solutions are extremely technical and require their users to have a commensurate level of technical acumen. In the situation evaluated during this research project, the founders of the company being researched had created a highly technical risk management solution …

Jobsense: A Data-Driven Career Knowledge Exploration Framework And System, Xavier Jayaraj Siddarth Ashok, Ee-Peng Lim, Philips Kokoh Prasetyo

Research Collection School Of Computing and Information Systems

Today’s job market sees rapid changes due to technology and business model disruptions. To fully tap on one’s potential in career development, one has to acquire job and skill knowledge through working on different jobs. Another approach is to seek consultation with career coaches who are trained to offer career advice in various industry sectors. The above two approaches, nevertheless, suffer from several shortcomings. The on-the-job career development approach is highly inefficient for today’s fast changing job market. The latter career coach assisted approach could help to speed up knowledge acquisition but it relies on expertise of career coaches but …

Cross-Border Interbank Payments And Settlements: Emerging Opportunities For Digital Transformation, Yi Meng Lau, Et Al

Research Collection School Of Computing and Information Systems

The report “Cross-Border Interbank Payments and Settlements” is a cross-jurisdictional industry collaboration between Canada, Singapore and the United Kingdom to examine the existing challenges and frictions that arise when undertaking crossborder payments. This report explores proposals for new and more efficient models for processing cross-border transactions.

Double Learning Or Double Blinding: An Investigation Of Vendor Private Information Acquisition And Consumer Learning Via Online Reviews, Nan Hu, Kevin E. Dow, Alain Yee Loong Chong, Ling Liu

Research Collection School Of Computing and Information Systems

In this paper, building upon information acquisition theory and using portfolio methods and system equations, we made an empirical investigation into how online vendors and consumers are learning from each other, and how online reviews, prices, and sales interact among each other. First, this study shows that vendors acquire information from both private and public channels to learn the quality of their products to make price adjustment. Second, for the more popular products and newly released products, vendors are more motivated to acquire private information that is more precise than the average precision to adjust their price. Third, we document …

Heterogeneous Embedding Propagation For Large-Scale E-Commerce User Alignment, Vincent W. Zheng, Mo Sha, Yuchen Li, Hongxia Yang, Yuan Fang, Zhenjie Zhang, Kian-Lee Tan, Kevin Chen-Chuan Chang

Research Collection School Of Computing and Information Systems

We study the important problem of user alignment in e-commerce: to predict whether two online user identities that access an e-commerce site from different devices belong to one real-world person. As input, we have a set of user activity logs from Taobao and some labeled user identity linkages. User activity logs can be modeled using a heterogeneous interaction graph (HIG), and subsequently the user alignment task can be formulated as a semi-supervised HIG embedding problem. HIG embedding is challenging for two reasons: its heterogeneous nature and the presence of edge features. To address the challenges, we propose a novel Heterogeneous …

Mapping Knowledge Units Using A Learning Management System (Lms) Course Framework, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to examine the outcomes of using a Learning Management System (LMS) course as a framework for mapping the Centers of Academic Excellence in Cyber Defense (CAE-CD) 2019 Knowledge Units (KU) to college courses. The experience shared herein will be useful to faculty who are interested in performing the mapping and applying for CAE-CDE designation.

Hijacking Wireless Communications Using Wifi Pineapple Nano As A Rogue Access Point, Shawn J. Witemyre, Tamirat T. Abegaz, Bryson R. Payne, Ash Mady

KSU Proceedings on Cybersecurity Education, Research and Practice

Wireless access points are an effective solution for building scalable, flexible, mobile networks. The problem with these access points is often the lack of security. Users regularly connect to wireless access points without thinking about whether they are genuine or malicious. Moreover, users are not aware of the types of attacks that can come from “rogue” access points set up by attackers and what information can be captured by them. Attackers use this advantage to gain access to users’ confidential information. The objective of this study is to examine the effectiveness of the WiFi Pineapple NANO used as a rogue …

Towards A Development Of Predictive Models For Healthcare Hipaa Security Rule Violation Fines, Jim Furstenberg, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

The Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule (SR) mandate provides a national standard for the protection of electronic protected health information (ePHI). The SR’s standards provide healthcare covered entities (CEs’) flexibility in how to meet the standards because the SR regulators realized that all health care organizations are not the same. However, the SR requires CEs’ to implement reasonable and appropriate safeguards, as well as security controls that protect the confidentiality, integrity, and availability (CIA) of their ePHI data. However, compliance with the HIPAA SR mandates are confusing, complicated, and can be costly to CEs’. Flexibility in …

Using Project Management Knowledge And Practice To Address Digital Forensic Investigation Challenges, Steven S. Presley, Jeffrey P. Landry, Michael Black

KSU Proceedings on Cybersecurity Education, Research and Practice

The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results …

Cybersecurity Education Employing Experiential Learning, Travis Lowe, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to discuss a curriculum design that employs Kolb’s Experiential Learning Theory stages and Kolb’s Learning Styles in four consecutive class sessions. The challenge each class is to present students with perplexing and often frustrating network problems that someday might be encountered on the job. By using Kolb’s theory, students address those problems from the perspective of each learning style, while passing through each phase of the learning cycle. As a result, students gain stronger cognitive thinking skills and hands-on troubleshooting skills in preparation for work as network administrators or cybersecurity analysts.

Capturing The Existential Cyber Security Threats From The Sub-Saharan Africa Zone Through Literature Database, Samuel B. Olatunbosun, Nathanial J. Edwards, Cytyra D. Martineau

KSU Proceedings on Cybersecurity Education, Research and Practice

Abstract - The Internet brought about the phenomenon known as Cyber-space which is boundless in nature. It is one of the fastest-growing areas of technical infrastructure development over the past decade. Its growth has afforded everyone the opportunity to carry out one or more transactions for personal benefits. The African continent; often branded as ‘backward’ by the Western press has been able to make substantial inroads into the works of Information and Computer Technology (ICT). This rapid transition by Africans into ICT power has thus opened up the opportunities for Cybercriminal perpetrators to seek and target victims worldwide including America …

Laboratory Exercises To Accompany Industrial Control And Embedded Systems Security Curriculum Modules, Gretchen Richards

KSU Proceedings on Cybersecurity Education, Research and Practice

The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this …

A Blockchain-Based Security-Oriented Framework For Cloud Federation, Ramandeep Kaur Sandhu, Kweku Muata A. Osei-Bryson

KSU Proceedings on Cybersecurity Education, Research and Practice

Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality …

Information Privacy Concerns In The Age Of Internet Of Things, Madhav Sharma, David Biros

KSU Proceedings on Cybersecurity Education, Research and Practice

Internet of things (IoT) offer new opportunities for advancement in many domains including healthcare, home automation, manufacturing and transportation. In recent years, the number of IoT devices have exponentially risen and this meteoric rise is poised to continue according to the industry. Advances in the IoT integrated with ambient intelligence are intended to make our lives easier. Yet for all these advancements, IoT also has a dark side. Privacy and security were already priorities when personal computers, devices and work stations were the only point of vulnerability to personal information, however, with the ubiquitous nature of smart technologies has increased …

Study Of Physical Layer Security And Teaching Methods In Wireless Communications, Zhijian Xie, Christopher Horne

KSU Proceedings on Cybersecurity Education, Research and Practice

In most wireless channels, the signals propagate in all directions. For the communication between Alice and Bob, an Eavesdropper can receive the signals from both Alice and Bob as far as the Eavesdropper is in the range determined by the transmitting power. Through phased array antenna with beam tracking circuits or cooperative iteration, the signals are confined near the straight line connecting the positions of Alice and Bob, so it will largely reduce the valid placement of an Eavesdropper. Sometimes, this reduction can be prohibitive for Eavesdropper to wiretap the channel since the reduced space can be readily protected. Two …

Car Hacking: Can It Be That Simple?, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

The Internet of Things (IoT) has expanded the reach of technology at work, at home, and even on the road. As Internet-connected and self-driving cars become more commonplace on our highways, the cybersecurity of these “data centers on wheels” is of greater concern than ever. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety. This article describes the integration of a module on car hacking into a semester-long ethical hacking cybersecurity course, including full …

Evaluating Two Hands-On Tools For Teaching Local Area Network Vulnerabilities, Ariana Brown, Jinsheng Xu, Xiaohong Yuan

KSU Proceedings on Cybersecurity Education, Research and Practice

According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) …

Towards An Empirical Assessment Of Cybersecurity Readiness And Resilience In Small Businesses, Darrell Eilts, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

Many small businesses struggle to improve their cybersecurity posture despite the risk to their business. Small businesses lacking adequate protection from cyber threats, or a business continuity strategy to recover from disruptions, have a very high risk of loss due to a cyberattack. These cyberattacks, either deliberate or unintentional, can become costly when a small business is not prepared. This developmental research is focused on the relationship between two constructs that are associated with readiness and resilience of small businesses based on their cybersecurity planning, implementation, as well as response activities. A Cybersecurity Preparedness-Risk Taxonomy (CyPRisT) is proposed using the …

Digital Identity, Philip Andreae

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Managing 3rd Party Cybersecurity Risk Is A Matter Of National Security, Keith Deininger

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Six Things I Wish New Employees Knew, Brian Albertson

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.