Business Commons^™

Turnstile File Transfer: A Unidirectional System For Medium-Security Isolated Clusters, Mark Monnin, Lori L. Sussman

Journal of Cybersecurity Education, Research and Practice

Data transfer between isolated clusters is imperative for cybersecurity education, research, and testing. Such techniques facilitate hands-on cybersecurity learning in isolated clusters, allow cybersecurity students to practice with various hacking tools, and develop professional cybersecurity technical skills. Educators often use these remote learning environments for research as well. Researchers and students use these isolated environments to test sophisticated hardware, software, and procedures using full-fledged operating systems, networks, and applications. Virus and malware researchers may wish to release suspected malicious software in a controlled environment to observe their behavior better or gain the information needed to assist their reverse engineering processes. …

Preparing Uk Students For The Workplace: The Acceptability Of A Gamified Cybersecurity Training, Oliver J. Mason, Siobhan Collman, Stella Kazamia, Ioana Boureanu

Journal of Cybersecurity Education, Research and Practice

This pilot study aims to assess the acceptability of Open University’s training platform called Gamified Intelligent Cyber Aptitude and Skills Training course (GICAST), as a means of improving cybersecurity knowledge, attitudes, and behaviours in undergraduate students using both quantitative and qualitative methods. A mixed-methods, pre-post experimental design was employed. 43 self-selected participants were recruited via an online register and posters at the university (excluding IT related courses). Participants completed the Human Aspects of Information Security Questionnaire (HAIS-Q) and Fear of Missing Out (FoMO) Scale. They then completed all games and quizzes in the GICAST course before repeating the HAIS-Q and …

Integrity, Confidentiality, And Equity: Using Inquiry-Based Labs To Help Students Understand Ai And Cybersecurity, Richard C. Alexander, Liran Ma, Ze-Li Dou, Zhipeng Cai, Yan Huang

Journal of Cybersecurity Education, Research and Practice

Recent advances in Artificial Intelligence (AI) have brought society closer to the long-held dream of creating machines to help with both common and complex tasks and functions. From recommending movies to detecting disease in its earliest stages, AI has become an aspect of daily life many people accept without scrutiny. Despite its functionality and promise, AI has inherent security risks that users should understand and programmers must be trained to address. The ICE (integrity, confidentiality, and equity) cybersecurity labs developed by a team of cybersecurity researchers addresses these vulnerabilities to AI models through a series of hands-on, inquiry-based labs. Through …

Building A Diverse Cybersecurity Workforce: A Study On Attracting Learners With Varied Educational Backgrounds, Mubashrah Saddiqa, Kristian Helmer Kjær Larsen1 Helmer Kjær Larsen, Robert Nedergaard Nielsen, Jens Myrup Pedersen

Journal of Cybersecurity Education, Research and Practice

Cybersecurity has traditionally been perceived as a highly technical field, centered around hacking, programming, and network defense. However, this article contends that the scope of cybersecurity must transcend its technical confines to embrace a more inclusive approach. By incorporating various concepts such as privacy, data sharing, and ethics, cybersecurity can foster diversity among audiences with varying educational backgrounds, thereby cultivating a richer and more resilient security landscape. A more diverse cybersecurity workforce can provide a broader range of perspectives, experiences, and skills to address the complex and ever-evolving threats of the digital age. The research focuses on enhancing cybersecurity education …

A Developed Framework For Studying Cyberethical Behaviour In North Central Nigeria, Aderinola Ololade Dunmade, Adeyinka Tella, Uloma Doris Onuoha

Journal of Cybersecurity Education, Research and Practice

ICT advancements have enabled more online activities, resulting in several cyberethical behaviours. Literature documents prevalence of plagiarism, and online fraud, among other misbehaviours. While behaviour has been explained by several theories, as scholarship and research advances, frameworks are modified to include more constructs. The researchers modified Fishbein and Ajzen (2011)'s Reasoned Action Approach to study female postgraduate students' perspectives toward cyberethical behaviour in North Central Nigerian universities.

The study focused on four variables, which were adequately captured by the model: perception, awareness, and attitude.

An adapted questionnaire collected quantitative data. This study used multistage sampling. A sample size of 989 …

Leveraging Vr/Ar/Mr/Xr Technologies To Improve Cybersecurity Education, Training, And Operations, Paul Wagner, Dalal Alharthi

Journal of Cybersecurity Education, Research and Practice

The United States faces persistent threats conducting malicious cyber campaigns that threaten critical infrastructure, companies and their intellectual property, and the privacy of its citizens. Additionally, there are millions of unfilled cybersecurity positions, and the cybersecurity skills gap continues to widen. Most companies believe that this problem has not improved and nearly 44% believe it has gotten worse over the past 10 years. Threat actors are continuing to evolve their tactics, techniques, and procedures for conducting attacks on public and private targets. Education institutions and companies must adopt emerging technologies to develop security professionals and to increase cybersecurity awareness holistically. …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Infrastructure As Code For Cybersecurity Training, Rui Pinto, Rolando Martins, Carlos Novo

Journal of Cybersecurity Education, Research and Practice

An organization's infrastructure rests upon the premise that cybersecurity professionals have specific knowledge in administrating and protecting it against outside threats. Without this expertise, sensitive information could be leaked to malicious actors and cause damage to critical systems. These attacks tend to become increasingly specialized, meaning cybersecurity professionals must ensure proficiency in specific areas. Naturally, recommendations include creating advanced practical training scenarios considering realistic situations to help trainees gain detailed knowledge. However, the caveats of high-cost infrastructure and difficulties in the deployment process of this kind of system, primarily due to the manual process of pre-configuring software needed for the …

Building The Operational Technology (Ot) Cybersecurity Workforce: What Are Employers Looking For?, Christopher A. Ramezan, Paul M. Coffy, Jared Lemons

Journal of Cybersecurity Education, Research and Practice

A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position …

Leading K-12 Community Responsiveness To Cyber Threats Via Education Of School Community, Michele Kielty, A. Renee Staton

Journal of Cybersecurity Education, Research and Practice

Cyber threats have escalated in recent years. Many of these threats have been direct and vicious attacks on K-12 systems. Educators are rarely trained on how to address cyber threats from a systemic and educational perspective when such challenges arise in their school buildings. This article explains the cyber threats that are looming large for K-12 systems and provides concrete tools for school leaders to employ in order to provide preventive education to their school communities.

An Interdisciplinary Approach To Experiential Learning In Cyberbiosecurity And Agriculture Through Workforce Development, Kellie Johnson, Tiffany Drape, Joseph Oakes, Joseph Simpson, Ann Brown, Donna M. Westfall-Rudd, Susan Duncan

Journal of Cybersecurity Education, Research and Practice

Cyberbiosecurity and workforce development in agriculture and the life sciences (ALS) is a growing area of need in the curriculum in higher education. Students that pursue majors related to ALS often do not include training in cyber-related concepts or expose the ‘hidden curriculum’ of seeking internships and jobs. Exposing students through workforce development training and hands-on engagement with industry professionals can provide learning opportunities to bridge the two and is an area of growth and demand as the workforce evolves. The objectives of this work were 1) to learn key concepts in cybersecurity, including data security, visualization, and analysis, to …

Editorial, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Editorial for Volume 2023, Issue 2

A Mixed-Method Study Exploring Cyber Ranges And Educator Motivation, Cheryl Beauchamp, Holly M. Matusovich

Journal of Cybersecurity Education, Research and Practice

A growing number of academic institutions have invested resources to integrate cyber ranges for applying and developing cybersecurity-related knowledge and skills. Cyber range developers and administrators provided much of what is known about cyber range resources and possible educational applications; however, the educator provides valuable understanding of the cyber range resources they use, how they use them, what they value, and what they do not value. This study provides the cyber range user perspective of cyber ranges in cybersecurity education by describing how K-12 educators are motivated using cyber ranges. Using mixed methods, this study explored educator motivation associated with …

Privacy Harm And Non-Compliance From A Legal Perspective, Suvineetha Herath, Haywood Gelman, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, …

Adoption Of Cybersecurity Policies By Local Governments 2020, Donald F. Norris Phd, Laura K. Mateczun Jd

Journal of Cybersecurity Education, Research and Practice

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. …

Integrating Certifications Into The Cybersecurity College Curriculum: The Efficacy Of Education With Certifications To Increase The Cybersecurity Workforce, Binh Tran, Karen C. Benson, Lorraine Jonassen

Journal of Cybersecurity Education, Research and Practice

One only needs to listen to the news reports to recognize that the gap between securing the enterprise and cybersecurity threats, breaches, and vulnerabilities appears to be widening at an alarming rate. An un-tapped resource to combat these attacks lies in the students of the secondary educational system. Necessary in the cybersecurity education is a 3-tiered approach to quickly escalate the student into a workplace-ready graduate. The analogy used is a three-legged-stool, where curriculum content, hands-on skills, and certifications are equal instruments in the edification of the cybersecurity student. This paper endeavors to delve into the 3^rd leg of …

Cybersecurity Challenges And Awareness Of The Multi-Generational Learners In Nepal, Raj Kumar Dhungana, Lina Gurung Dr, Hem Poudyal

Journal of Cybersecurity Education, Research and Practice

Increased exposure to technologies has lately emerged as one of the everyday realities of digital natives, especially K-12 students, and teachers, the digital immigrants. Protection from cybersecurity risks in digital learning spaces is a human right, but students are increasingly exposed to high-risk cyberspace without time to cope with cybersecurity risks. This study, using a survey (N-891 students and 157 teachers) and in-depth interviews (27 students and 14 teachers), described the students' cybersecurity-related experiences and challenges in Nepal. This study revealed that the school’s cybersecurity support system is poor and teachers has very low awareness and competencies to protect students …

What You See Is Not What You Know: Studying Deception In Deepfake Video Manipulation, Cathryn Allen, Bryson R. Payne, Tamirat Abegaz, Chuck Robertson

Journal of Cybersecurity Education, Research and Practice

Research indicates that deceitful videos tend to spread rapidly online and influence people’s opinions and ideas. Because of this, video misinformation via deepfake video manipulation poses a significant online threat. This study aims to discover what factors can influence viewers’ capability to distinguish deepfake videos from genuine video footage. This work focuses on exploring deepfake videos’ potential use for deception and misinformation by exploring people’s ability to determine whether videos are deepfakes in a survey consisting of deepfake videos and original unedited videos. The participants viewed a set of four videos and were asked to judge whether the videos shown …

Like Treating The Symptom Rather Than The Cause - The Omission Of Courses Over Terrorism In Nsa Designated Institutions, Ida L. Oesteraas

Journal of Cybersecurity Education, Research and Practice

The National Security Agency (NSA) awards Center of Academic Excellence (CAE) designations to institutions that commit to producing cybersecurity professionals who will work in careers that reduce vulnerabilities in our national infrastructure. A review of the curricula in the 327 institutions and their degree programs reveal that only two programs offer a required course about terrorism. Given the fluid nature of terrorism and its threat to national infrastructure, the omission is concerning. It is recommended that NSA-certified cybersecurity programs begin implementing educational content that aim to teach about this emerging crime and justice issue. One suggestion is to embrace the …

Cyberbullying: Senior Prospective Teachers’ Coping Knowledge And Strategies, Kürşat Arslan, İnan Aydın

Journal of Cybersecurity Education, Research and Practice

This study aimed to determine senior prospective teachers’ coping knowledge and strategies for cyberbullying in terms of demographic variables. The sample consisted of 471 prospective teachers (324 female and 147 male) studying in the 4th grade in Dokuz Eylül University Buca Education Faculty in Izmir in the 2019-2020 academic year. It was a quantitative study using a causal-comparative research design to find out whether prospective teachers’ coping knowledge differed by independent variables. The "Coping with Cyberbullying Scale" developed by Koç et al. (2016) was employed to discover prospective teachers’ coping strategies for cyberbullying. A "Personal Information" form was also prepared …

A Systematic Mapping Study On Gamification Applications For Undergraduate Cybersecurity Education, Sherri Weitl-Harms, Adam Spanier, John Hastings, Matthew Rokusek

Journal of Cybersecurity Education, Research and Practice

Gamification in education presents a number of benefits that can theoretically facilitate higher engagement and motivation among students when learning complex, technical concepts. As an innovative, high-potential educational tool, many educators and researchers are attempting to implement more effective gamification into undergraduate coursework. Cyber Security Operations (CSO) education is no exception. CSO education traditionally requires comprehension of complex concepts requiring a high level of technical and abstract thinking. By properly applying gamification to complex CSO concepts, engagement in students should see an increase. While an increase is expected, no comprehensive study of CSO gamification applications (GA) has yet been undertaken …

Sociocultural Barriers For Female Participation In Stem: A Case Of Saudi Women In Cybersecurity, Alanoud Aljuaid, Xiang Michelle Liu

Journal of Cybersecurity Education, Research and Practice

The participation of women in Science, Technology, Engineering, and Mathematics (STEM) workforces is overwhelmingly low as compared to their male counterparts. The low uptake of cybersecurity careers has been documented in the previous studies conducted in the contexts of the West and Eastern worlds. However, most of the past studies mainly covered the Western world leaving more knowledge gaps in the context of Middle Eastern countries such as Saudi Arabia. Thus, to fill the existing knowledge gaps, the current study focused on women in Saudi Arabia. The aim of the study was to investigate the factors behind the underrepresentation of …

Case Study: The Impact Of Emerging Technologies On Cybersecurity Education And Workforces, Austin Cusak

Journal of Cybersecurity Education, Research and Practice

A qualitative case study focused on understanding what steps are needed to prepare the cybersecurity workforces of 2026-2028 to work with and against emerging technologies such as Artificial Intelligence and Machine Learning. Conducted through a workshop held in two parts at a cybersecurity education conference, findings came both from a semi-structured interview with a panel of experts as well as small workgroups of professionals answering seven scenario-based questions. Data was thematically analyzed, with major findings emerging about the need to refocus cybersecurity STEM at the middle school level with problem-based learning, the disconnects between workforce operations and cybersecurity operators, the …

Anonymity And Gender Effects On Online Trolling And Cybervictimization, Gang Lee, Annalyssia Soonah

Journal of Cybersecurity Education, Research and Practice

The purpose of this study was to investigate the effects of the anonymity of the internet and gender differences in online trolling and cybervictimization. A sample of 151 college students attending a southeastern university completed a survey to assess their internet activities and online trolling and cybervictimization. Multivariate analyses of logistic regression and ordinary least squares regression were used to analyze online trolling and cybervictimization. The results indicated that the anonymity measure was not a significant predictor of online trolling and cybervictimization. Female students were less likely than male students to engage in online trolling, but there was no gender …

Examination Of Cybersecurity Technologies, Practices, Challenges, And Wish List In K-12 School Districts, Florence Martin, Julie Bacak, Erik Jon Byker, Weichao Wang, Jonathan Wagner, Lynn Ahlgrim-Delzell

Journal of Cybersecurity Education, Research and Practice

With the growth in digital teaching and learning, there has been a sharp rise in the number of cybersecurity attacks on K-12 school networks. This has demonstrated a need for security technologies and cybersecurity education. This study examined security technologies used, effective security practices, challenges, concerns, and wish list of technology leaders in K-12 settings. Data collected from 23 district websites and from interviews with 12 district technology leaders were analyzed. Top security practices included cloud-based technologies, segregated network/V-LAN, two-factor authentication, limiting access, and use of Clever or Class Link. Top challenges included keeping users informed, lack of buy-in from …

Editorial - 2023 - 1, Hossain Shahriar, Herbert J. Mattord, Michael E. Whitman

Journal of Cybersecurity Education, Research and Practice

No abstract provided.

How Effective Are Seta Programs Anyway: Learning And Forgetting In Security Awareness Training, David Sikolia, David Biros, Tianjian Zhang

Journal of Cybersecurity Education, Research and Practice

Prevalent security threats caused by human errors necessitate security education, training, and awareness (SETA) programs in organizations. Despite strong theoretical foundations in behavioral cybersecurity, field evidence on the effectiveness of SETA programs in mitigating actual threats is scarce. Specifically, with a broad range of cybersecurity knowledge crammed into in a single SETA session, it is unclear how effective different types of knowledge are in mitigating human errors in a longitudinal setting. his study investigates how knowledge gained through SETA programs affects human errors in cybersecurity to fill the longitudinal void. In a baseline experiment, we establish that SETA programs reduce …

Compete To Learn: Toward Cybersecurity As A Sport, Tj Oconnor, Dane Brown, Jasmine Jackson, Bryson Payne, Suzanna Schmeelk

Journal of Cybersecurity Education, Research and Practice

To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to integrate e-sports and gamified cybersecurity approaches into the inaugural US Cyber Games Team. During this tenure, we learned many lessons about recruiting, assessing, and training cybersecurity teams. We share our approach, materials, and lessons learned to serve as a model for fielding amateur cybersecurity teams for future competition.

Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford

Journal of Cybersecurity Education, Research and Practice

The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as …

Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur

Journal of Cybersecurity Education, Research and Practice

Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation operations for interactive authentication between the server and the IoT devices. Predominantly, the authentication is carried out by the server. It is observed that the algorithm is resilient against man-in-the-middle attacks, forward secrecy, Denial of Service (DoS) attacks, and offers mutual authentication. It is also observed that the …