Open Access. Powered by Scholars. Published by Universities.®
Management Information Systems Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
-
- Kennesaw State University (170)
- Clark University (70)
- Selected Works (8)
- Singapore Management University (6)
- California State University, San Bernardino (4)
-
- Nova Southeastern University (3)
- Air Force Institute of Technology (2)
- Embry-Riddle Aeronautical University (2)
- The University of Akron (2)
- Biola University (1)
- Cleveland State University (1)
- Edith Cowan University (1)
- Georgia Southern University (1)
- Northern Michigan University (1)
- Old Dominion University (1)
- Southern Methodist University (1)
- University of Arkansas, Fayetteville (1)
- University of Nevada, Las Vegas (1)
- University of South Florida (1)
- Utah State University (1)
- Western University (1)
- Keyword
-
- MPA (33)
- Cybersecurity (29)
- MSIT (17)
- MSPC (13)
- Editorial (12)
-
- Information security (9)
- Social media (8)
- Information assurance (6)
- Security (6)
- Education (5)
- Information systems (5)
- Social engineering (5)
- COVID-19 (4)
- Curriculum development (4)
- Cyber Security (4)
- Cybersecurity education (4)
- Privacy (4)
- Training (4)
- Awareness (3)
- Blockchain (3)
- Compliance (3)
- Cyber security (3)
- DACUM (3)
- Diversity (3)
- Higher Education (3)
- Information Security (3)
- Information science (3)
- Job analysis (3)
- Marketing (3)
- Risk management (3)
- Publication Year
- Publication
-
- Journal of Cybersecurity Education, Research and Practice (86)
- KSU Proceedings on Cybersecurity Education, Research and Practice (82)
- School of Professional Studies (70)
- CCE Theses and Dissertations (3)
- Qing Hu (3)
-
- Research Collection School Of Computing and Information Systems (3)
- Maurice Dawson (2)
- Research Collection School Of Accountancy (2)
- Theses Digitization Project (2)
- Theses and Dissertations (2)
- Williams Honors College, Honors Research Projects (2)
- African Conference on Information Systems and Technology (1)
- All Graduate Theses and Dissertations, Spring 1920 to Summer 2023 (1)
- Conference Papers in Published Proceedings (1)
- Cybersecurity Undergraduate Research Showcase (1)
- David J Brooks Dr. (1)
- Electronic Theses and Dissertations (1)
- Electronic Theses, Projects, and Dissertations (1)
- Electronic Thesis and Dissertation Repository (1)
- Information Systems (1)
- Inquiry: The University of Arkansas Undergraduate Research Journal (1)
- Journal of Digital Forensics, Security and Law (1)
- Journal of International Technology and Information Management (1)
- Leila A. Halawi (1)
- Military Cyber Affairs (1)
- Open Textbooks (1)
- Publications (1)
- Publications (YM) (1)
- Research Collection School Of Economics (1)
- Research outputs 2012 (1)
- Publication Type
Articles 31 - 60 of 279
Full-Text Articles in Management Information Systems
Cyberbullying: Senior Prospective Teachers’ Coping Knowledge And Strategies, Kürşat Arslan, İnan Aydın
Cyberbullying: Senior Prospective Teachers’ Coping Knowledge And Strategies, Kürşat Arslan, İnan Aydın
Journal of Cybersecurity Education, Research and Practice
This study aimed to determine senior prospective teachers’ coping knowledge and strategies for cyberbullying in terms of demographic variables. The sample consisted of 471 prospective teachers (324 female and 147 male) studying in the 4th grade in Dokuz Eylül University Buca Education Faculty in Izmir in the 2019-2020 academic year. It was a quantitative study using a causal-comparative research design to find out whether prospective teachers’ coping knowledge differed by independent variables. The "Coping with Cyberbullying Scale" developed by Koç et al. (2016) was employed to discover prospective teachers’ coping strategies for cyberbullying. A "Personal Information" form was also prepared …
Case Study: The Impact Of Emerging Technologies On Cybersecurity Education And Workforces, Austin Cusak
Case Study: The Impact Of Emerging Technologies On Cybersecurity Education And Workforces, Austin Cusak
Journal of Cybersecurity Education, Research and Practice
A qualitative case study focused on understanding what steps are needed to prepare the cybersecurity workforces of 2026-2028 to work with and against emerging technologies such as Artificial Intelligence and Machine Learning. Conducted through a workshop held in two parts at a cybersecurity education conference, findings came both from a semi-structured interview with a panel of experts as well as small workgroups of professionals answering seven scenario-based questions. Data was thematically analyzed, with major findings emerging about the need to refocus cybersecurity STEM at the middle school level with problem-based learning, the disconnects between workforce operations and cybersecurity operators, the …
Examination Of Cybersecurity Technologies, Practices, Challenges, And Wish List In K-12 School Districts, Florence Martin, Julie Bacak, Erik Jon Byker, Weichao Wang, Jonathan Wagner, Lynn Ahlgrim-Delzell
Examination Of Cybersecurity Technologies, Practices, Challenges, And Wish List In K-12 School Districts, Florence Martin, Julie Bacak, Erik Jon Byker, Weichao Wang, Jonathan Wagner, Lynn Ahlgrim-Delzell
Journal of Cybersecurity Education, Research and Practice
With the growth in digital teaching and learning, there has been a sharp rise in the number of cybersecurity attacks on K-12 school networks. This has demonstrated a need for security technologies and cybersecurity education. This study examined security technologies used, effective security practices, challenges, concerns, and wish list of technology leaders in K-12 settings. Data collected from 23 district websites and from interviews with 12 district technology leaders were analyzed. Top security practices included cloud-based technologies, segregated network/V-LAN, two-factor authentication, limiting access, and use of Clever or Class Link. Top challenges included keeping users informed, lack of buy-in from …
Compete To Learn: Toward Cybersecurity As A Sport, Tj Oconnor, Dane Brown, Jasmine Jackson, Bryson Payne, Suzanna Schmeelk
Compete To Learn: Toward Cybersecurity As A Sport, Tj Oconnor, Dane Brown, Jasmine Jackson, Bryson Payne, Suzanna Schmeelk
Journal of Cybersecurity Education, Research and Practice
To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to integrate e-sports and gamified cybersecurity approaches into the inaugural US Cyber Games Team. During this tenure, we learned many lessons about recruiting, assessing, and training cybersecurity teams. We share our approach, materials, and lessons learned to serve as a model for fielding amateur cybersecurity teams for future competition.
Sociocultural Barriers For Female Participation In Stem: A Case Of Saudi Women In Cybersecurity, Alanoud Aljuaid, Xiang Michelle Liu
Sociocultural Barriers For Female Participation In Stem: A Case Of Saudi Women In Cybersecurity, Alanoud Aljuaid, Xiang Michelle Liu
Journal of Cybersecurity Education, Research and Practice
The participation of women in Science, Technology, Engineering, and Mathematics (STEM) workforces is overwhelmingly low as compared to their male counterparts. The low uptake of cybersecurity careers has been documented in the previous studies conducted in the contexts of the West and Eastern worlds. However, most of the past studies mainly covered the Western world leaving more knowledge gaps in the context of Middle Eastern countries such as Saudi Arabia. Thus, to fill the existing knowledge gaps, the current study focused on women in Saudi Arabia. The aim of the study was to investigate the factors behind the underrepresentation of …
How Effective Are Seta Programs Anyway: Learning And Forgetting In Security Awareness Training, David Sikolia, David Biros, Tianjian Zhang
How Effective Are Seta Programs Anyway: Learning And Forgetting In Security Awareness Training, David Sikolia, David Biros, Tianjian Zhang
Journal of Cybersecurity Education, Research and Practice
Prevalent security threats caused by human errors necessitate security education, training, and awareness (SETA) programs in organizations. Despite strong theoretical foundations in behavioral cybersecurity, field evidence on the effectiveness of SETA programs in mitigating actual threats is scarce. Specifically, with a broad range of cybersecurity knowledge crammed into in a single SETA session, it is unclear how effective different types of knowledge are in mitigating human errors in a longitudinal setting. his study investigates how knowledge gained through SETA programs affects human errors in cybersecurity to fill the longitudinal void. In a baseline experiment, we establish that SETA programs reduce …
Editorial - 2023 - 1, Hossain Shahriar, Herbert J. Mattord, Michael E. Whitman
Editorial - 2023 - 1, Hossain Shahriar, Herbert J. Mattord, Michael E. Whitman
Journal of Cybersecurity Education, Research and Practice
No abstract provided.
Combining Frameworks To Improve Military Health System Quality And Cybersecurity, Dr. Maureen L. Schafer, Dr. Joseph H. Schafer
Combining Frameworks To Improve Military Health System Quality And Cybersecurity, Dr. Maureen L. Schafer, Dr. Joseph H. Schafer
Military Cyber Affairs
Existing conceptual frameworks and commercially available technology could be considered to rapidly operationalize the use of Quality Measures (QM) within military health systems (Costantino et al. 2020). Purchased healthcare as well as digital healthcare services have paved the way for data collection from multiple information systems thus offering stakeholders actionable intelligence to both guide and measure healthcare outcomes. However, the collection of data secondary to Smart Devices, disparate information systems, cloud services, and the Internet of Medical Things (IOMT) is a complication for security experts that also affect clients, stakeholders, organizations, and businesses delivering patient care. We have combined three …
Informational Content Of Factor Structures In Simultaneous Discrete Response Models, Shakeeb Khan, Arnaud Maurel, Yichong Zhang
Informational Content Of Factor Structures In Simultaneous Discrete Response Models, Shakeeb Khan, Arnaud Maurel, Yichong Zhang
Research Collection School Of Economics
We study the informational content of factor structures in discrete triangular systems. Factor structures have been employed in a variety of settings in cross sectional and panel data models, and in this paper we attempt to formally quantify their informational content in a bivariate system often employed in the treatment effects literature. Our main findings are that under the factor structures often imposed in the literature, point identification of parameters of interest, such as both the treatment effect and the factor load, is attainable under weaker assumptions than usually required in these systems. For example, we show is that an …
Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn
Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn
SMU Data Science Review
Today, there is an increased risk to data privacy and information security due to cyberattacks that compromise data reliability and accessibility. New machine learning models are needed to detect and prevent these cyberattacks. One application of these models is cybersecurity threat detection and prevention systems that can create a baseline of a network's traffic patterns to detect anomalies without needing pre-labeled data; thus, enabling the identification of abnormal network events as threats. This research explored algorithms that can help automate anomaly detection on an enterprise network using Canadian Institute for Cybersecurity data. This study demonstrates that Neural Networks with Bayesian …
Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman
Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman
Journal of Cybersecurity Education, Research and Practice
The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh
Journal of Cybersecurity Education, Research and Practice
Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We conduct a sequential, mixed-methods study using multi-panel Delphi and thematic analysis techniques to understand consumer risk perceptions. The results identify four themes focused on data exposure and user experiences within IoT devices. Our thematic analysis also identified several emerging risks associated with the evolution of IoT device functionality and its potential positioning …
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid
Journal of Cybersecurity Education, Research and Practice
The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …
Small Business Office Network, Michael Gerome
Small Business Office Network, Michael Gerome
Williams Honors College, Honors Research Projects
This project will emulate a small office network environment. The project will demonstrate the process of building and configuring the network to meet the requirements laid out in the project plan. This network includes four subnets with Windows 10 end devices and a Kali Linux device, it also includes five Cisco layer 2 switches and three Cisco routers. There are also three subnets connecting the routers to each other to enable routing between the subnets. After the network environment is set up, various penetration tests are performed from the Kali Linux device to gather information. The Nmap reconnaissance tool is …
Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore, Maria Valero, Amy Gruss
Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore, Maria Valero, Amy Gruss
KSU Proceedings on Cybersecurity Education, Research and Practice
Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage is the reason for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …
Cybercrime In The Developing World, David A. Ghelerter, John E. Wilson, Noah L. Welch, John-David Rusk
Cybercrime In The Developing World, David A. Ghelerter, John E. Wilson, Noah L. Welch, John-David Rusk
KSU Proceedings on Cybersecurity Education, Research and Practice
This paper attempts to discover the reasons behind the increase in cybercrime in developing nations over the past two decades. It discusses many examples and cases of projects to increase internet access in developing countries and how they enabled cybercrime. This paper examines how nations where many cybercrimes occurred, did not have the necessary resources or neglected to react appropriately. The other primary focus is how cybercrimes are not viewed the same as other crimes in many of these countries and how this perception allows cybercriminals to do as they please with no stigma from their neighbors. It concludes that …
Microtransactions And Gambling In The Video Game Industry, Christopher L. Antepenko, Samuel R. Rickey, Angel L. Hibbets, John-David Rusk
Microtransactions And Gambling In The Video Game Industry, Christopher L. Antepenko, Samuel R. Rickey, Angel L. Hibbets, John-David Rusk
KSU Proceedings on Cybersecurity Education, Research and Practice
The beginning of the 21st century has had a drastic effect on the video game industry. The advent of almost universal Internet access, the release of inexpensive broadband-enabled consoles, and the availability of mobile gaming have led to game developers and publishers heavily relying on premium in-game currencies, exclusive paid items, and loot boxes to subsidize or even replace profits from traditional video game business models. By 2020, in-game purchases made up a market of $92.6B worldwide and, in the US, experienced growth of over 30%.[1] In this highly lucrative market, the legal and ethical landscape is constantly bubbling with …
Social Media Platforms And Responsibility For Disinformation, Matt T. Figlia, Brandon M. Henschen, Joseph T. Sims, John-David Rusk
Social Media Platforms And Responsibility For Disinformation, Matt T. Figlia, Brandon M. Henschen, Joseph T. Sims, John-David Rusk
KSU Proceedings on Cybersecurity Education, Research and Practice
Researchers are paying closer attention to the rise of disinformation on social media platforms and what responsibility, if any, the companies that control these platforms have for false information being spread on their websites. In this paper, we highlight the recent growth in concern regarding online disinformation, discuss other works regarding the use of social media as a tool for spreading disinformation, and discuss how coordinated disinformation campaigns on social media platforms are used to spread propaganda and lies about current political events. We also evaluate the reactions of social media platforms in combatting disinformation and the difficulty in policing …
Using Experts For Improving Project Cybersecurity Risk Scenarios, Steven S. Presley, Jeffrey P. Landry, Jordan Shropshire, Philip Menard
Using Experts For Improving Project Cybersecurity Risk Scenarios, Steven S. Presley, Jeffrey P. Landry, Jordan Shropshire, Philip Menard
KSU Proceedings on Cybersecurity Education, Research and Practice
This study implemented an expert panel to assess the content validity of hypothetical scenarios to be used in a survey of cybersecurity risk across project meta-phases. Six out of 10 experts solicited completed the expert panel exercise. Results indicate that although experts often disagreed with each other and on the expected mapping of scenario to project meta-phase, the experts generally found risk present in the scenarios and across all three project meta-phases, as hypothesized.
Towards Assessing Organizational Cybersecurity Risks Via Remote Workers’ Cyberslacking And Their Computer Security Posture, Ariel Luna, Yair Levy, Gregory Simco, Wei Li
Towards Assessing Organizational Cybersecurity Risks Via Remote Workers’ Cyberslacking And Their Computer Security Posture, Ariel Luna, Yair Levy, Gregory Simco, Wei Li
KSU Proceedings on Cybersecurity Education, Research and Practice
Cyberslacking is conducted by employees who are using their companies’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity, however, recently, due to COVID19 pandemic move to remote working also pose a cybersecurity risk to organizations networks and infrastructure. In this work-in-progress research study, we are developing, validating, and will empirically test taxonomy to assess an organization’s remote workers’ risk level of cybersecurity threats. This study includes a three-phased developmental approach in developing the Remote Worker Cyberslacking Security Risk Taxonomy. With feedback from cybersecurity …
Nids In Airgapped Lans--Does It Matter?, Winston Messer
Nids In Airgapped Lans--Does It Matter?, Winston Messer
KSU Proceedings on Cybersecurity Education, Research and Practice
This paper presents an assessment of the methods and benefits of adding network intrusion detection systems (NIDS) to certain high-security airgapped isolated local area networks. The proposed network architecture was empirically tested via a series of simulated network attacks on a virtualized network. The results show an improvement of double the chances of an analyst receiving a specific, appropriately-severe alert when NIDS is implemented alongside host-based measures when compared to host-based measures alone. Further, the inclusion of NIDS increased the likelihood of the analyst receiving a high-severity alert in response to the simulated attack attempt by four times when compared …
What You See Is Not What You Know: Deepfake Image Manipulation, Cathryn Allen, Bryson Payne, Tamirat Abegaz, Chuck Robertson
What You See Is Not What You Know: Deepfake Image Manipulation, Cathryn Allen, Bryson Payne, Tamirat Abegaz, Chuck Robertson
KSU Proceedings on Cybersecurity Education, Research and Practice
Research indicates that deceitful videos tend to spread rapidly online and influence people’s opinions and ideas. Because of this, video misinformation via deepfake video manipulation poses a significant online threat. This study aims to discover what factors can influence viewers’ capability of distinguishing deepfake videos from genuine video footage. This work focuses on exploring deepfake videos’ potential use for deception and misinformation by exploring people’s ability to determine whether videos are deepfakes in a survey consisting of deepfake videos and original unedited videos. The participants viewed a set of four videos and were asked to judge whether the videos shown …
Editors' Preface, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar
Editors' Preface, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar
KSU Proceedings on Cybersecurity Education, Research and Practice
Since 2004, Kennesaw State University, Georgia, has hosted an academic conference. Over the years, the event has brought together hundreds of faculty and students from throughout the U.S., sharing research into pedagogical efforts and instructional innovations. Initially, the conference was named the Information Security Curriculum Development conference and served as KSU’s contribution to engage our colleagues in growing security education from its infancy. It was paired with KSU’s inaugural security education journal, the Information Security Education Journal. In 2016, the event was rebranded as the Conference on Cybersecurity Education, Research, and Practice to reflect both an expansion of topics suitable …
Digital Contact Tracing And Privacy, Mahdi Nasereddin, Edward J. Glantz, Galen A. Grimes, Joanne Peca, Michelle Gordon, Mike Bartolacci
Digital Contact Tracing And Privacy, Mahdi Nasereddin, Edward J. Glantz, Galen A. Grimes, Joanne Peca, Michelle Gordon, Mike Bartolacci
Journal of Cybersecurity Education, Research and Practice
Digital contact tracing tools were developed to decrease the spread of COVID-19 by supplementing traditional manual methods. Although these tools have great potential, they were developed rather quickly resulting in tools with varying levels of success. The main issues with these tools are over privacy and who might have access to the information gathered. In general, their effectiveness varied globally, where users expressed privacy concerns associated with sharing identity, illness, and location information. This paper reviews these issues in deployments across Asia, Europe, and the United States. The goal is to begin a discussion that improves the design and development …
Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly
Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly
Journal of Cybersecurity Education, Research and Practice
Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …
Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar
Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar
Journal of Cybersecurity Education, Research and Practice
Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 12th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …
An Evaluation Of Security In Blockchain-Based Sharing Of Student Records In Higher Education, Timothy Arndt, Angela Guercio, Yonghun Chae
An Evaluation Of Security In Blockchain-Based Sharing Of Student Records In Higher Education, Timothy Arndt, Angela Guercio, Yonghun Chae
Information Systems
Blockchain has recently taken off as a disruptive technology, from its initial use in cryptocurrencies to wider applications in areas such as property registration and insurance due to its characteristic as a distributed ledger which can remove the need for a trusted third party to facilitate transactions. This spread of the technology to new application areas has been driven by the development of smart contracts – blockchain-based protocols which can automatically enforce a contract by executing code based on the logic expressed in the contract. One exciting area for blockchain is higher education. Students in higher education are ever more …
Experimental Study To Assess The Impact Of Timers On User Susceptibility To Phishing Attacks, Amy E. Antonucci, Yair Levy, Laurie P. Dringus, Martha Snyder
Experimental Study To Assess The Impact Of Timers On User Susceptibility To Phishing Attacks, Amy E. Antonucci, Yair Levy, Laurie P. Dringus, Martha Snyder
Journal of Cybersecurity Education, Research and Practice
Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate …
Subject Matter Experts’ Feedback On Experimental Procedures To Measure User’S Judgment Errors In Social Engineering Attacks, Tommy Pollock, Yair Levy, Wei Li, Ajoy Kumar
Subject Matter Experts’ Feedback On Experimental Procedures To Measure User’S Judgment Errors In Social Engineering Attacks, Tommy Pollock, Yair Levy, Wei Li, Ajoy Kumar
Journal of Cybersecurity Education, Research and Practice
Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research study was to design, develop, and validate a set of field experiments to assess user’s judgment when exposed to two types of simulated social engineering attacks: phishing and Potentially Malicious Search Engine Results (PMSER), based on the interaction of the environment (distracting vs. non-distracting) and type of device …
A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo
A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo
Journal of Cybersecurity Education, Research and Practice
The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …