Management Information Systems Commons^™

Towards Structured Planning And Learning At The State Fisheries Agency Scale, Caleb A. Aldridge

Theses and Dissertations

Inland recreational fisheries has grown philosophically and scientifically to consider economic and sociopolitical aspects (non-biological) in addition to the biological. However, integrating biological and non-biological aspects of inland fisheries has been challenging. Thus, an opportunity exists to develop approaches and tools which operationalize planning and decision-making processes which include biological and non-biological aspects of a fishery. This dissertation expands the idea that a core set of goals and objectives is shared among and within inland fisheries agencies; that many routine operations of inland fisheries managers can be regimented or standardized; and the novel concept that current information and operations can …

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore, Maria Valero, Amy Gruss

KSU Proceedings on Cybersecurity Education, Research and Practice

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage is the reason for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …

Cybercrime In The Developing World, David A. Ghelerter, John E. Wilson, Noah L. Welch, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper attempts to discover the reasons behind the increase in cybercrime in developing nations over the past two decades. It discusses many examples and cases of projects to increase internet access in developing countries and how they enabled cybercrime. This paper examines how nations where many cybercrimes occurred, did not have the necessary resources or neglected to react appropriately. The other primary focus is how cybercrimes are not viewed the same as other crimes in many of these countries and how this perception allows cybercriminals to do as they please with no stigma from their neighbors. It concludes that …

Microtransactions And Gambling In The Video Game Industry, Christopher L. Antepenko, Samuel R. Rickey, Angel L. Hibbets, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

The beginning of the 21st century has had a drastic effect on the video game industry. The advent of almost universal Internet access, the release of inexpensive broadband-enabled consoles, and the availability of mobile gaming have led to game developers and publishers heavily relying on premium in-game currencies, exclusive paid items, and loot boxes to subsidize or even replace profits from traditional video game business models. By 2020, in-game purchases made up a market of $92.6B worldwide and, in the US, experienced growth of over 30%.[1] In this highly lucrative market, the legal and ethical landscape is constantly bubbling with …

Social Media Platforms And Responsibility For Disinformation, Matt T. Figlia, Brandon M. Henschen, Joseph T. Sims, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

Researchers are paying closer attention to the rise of disinformation on social media platforms and what responsibility, if any, the companies that control these platforms have for false information being spread on their websites. In this paper, we highlight the recent growth in concern regarding online disinformation, discuss other works regarding the use of social media as a tool for spreading disinformation, and discuss how coordinated disinformation campaigns on social media platforms are used to spread propaganda and lies about current political events. We also evaluate the reactions of social media platforms in combatting disinformation and the difficulty in policing …

Using Experts For Improving Project Cybersecurity Risk Scenarios, Steven S. Presley, Jeffrey P. Landry, Jordan Shropshire, Philip Menard

KSU Proceedings on Cybersecurity Education, Research and Practice

This study implemented an expert panel to assess the content validity of hypothetical scenarios to be used in a survey of cybersecurity risk across project meta-phases. Six out of 10 experts solicited completed the expert panel exercise. Results indicate that although experts often disagreed with each other and on the expected mapping of scenario to project meta-phase, the experts generally found risk present in the scenarios and across all three project meta-phases, as hypothesized.

Towards Assessing Organizational Cybersecurity Risks Via Remote Workers’ Cyberslacking And Their Computer Security Posture, Ariel Luna, Yair Levy, Gregory Simco, Wei Li

KSU Proceedings on Cybersecurity Education, Research and Practice

Cyberslacking is conducted by employees who are using their companies’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity, however, recently, due to COVID19 pandemic move to remote working also pose a cybersecurity risk to organizations networks and infrastructure. In this work-in-progress research study, we are developing, validating, and will empirically test taxonomy to assess an organization’s remote workers’ risk level of cybersecurity threats. This study includes a three-phased developmental approach in developing the Remote Worker Cyberslacking Security Risk Taxonomy. With feedback from cybersecurity …

Nids In Airgapped Lans--Does It Matter?, Winston Messer

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper presents an assessment of the methods and benefits of adding network intrusion detection systems (NIDS) to certain high-security airgapped isolated local area networks. The proposed network architecture was empirically tested via a series of simulated network attacks on a virtualized network. The results show an improvement of double the chances of an analyst receiving a specific, appropriately-severe alert when NIDS is implemented alongside host-based measures when compared to host-based measures alone. Further, the inclusion of NIDS increased the likelihood of the analyst receiving a high-severity alert in response to the simulated attack attempt by four times when compared …

What You See Is Not What You Know: Deepfake Image Manipulation, Cathryn Allen, Bryson Payne, Tamirat Abegaz, Chuck Robertson

KSU Proceedings on Cybersecurity Education, Research and Practice

Research indicates that deceitful videos tend to spread rapidly online and influence people’s opinions and ideas. Because of this, video misinformation via deepfake video manipulation poses a significant online threat. This study aims to discover what factors can influence viewers’ capability of distinguishing deepfake videos from genuine video footage. This work focuses on exploring deepfake videos’ potential use for deception and misinformation by exploring people’s ability to determine whether videos are deepfakes in a survey consisting of deepfake videos and original unedited videos. The participants viewed a set of four videos and were asked to judge whether the videos shown …

Editors' Preface, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

KSU Proceedings on Cybersecurity Education, Research and Practice

Since 2004, Kennesaw State University, Georgia, has hosted an academic conference. Over the years, the event has brought together hundreds of faculty and students from throughout the U.S., sharing research into pedagogical efforts and instructional innovations. Initially, the conference was named the Information Security Curriculum Development conference and served as KSU’s contribution to engage our colleagues in growing security education from its infancy. It was paired with KSU’s inaugural security education journal, the Information Security Education Journal. In 2016, the event was rebranded as the Conference on Cybersecurity Education, Research, and Practice to reflect both an expansion of topics suitable …

Singapore Public Sector Ai Applications Emphasizing Public Engagement: Six Examples, Steven M. Miller

Research Collection School Of Computing and Information Systems

This article provides an overview of six examples of public sector AI applications in Singapore that illustrate different ways of enhancing engagement with the public. These applications demonstrate ways of enhancing engagement with the public by providing greater accessibility to government services (access anywhere, anytime) and speedier responses to public processes and feedback. Some applications make it substantially easier for members of the public to do things or make choices, while others reduce waiting time, either across an entire public infrastructure, or for an individual transaction. Some provide highly individualized coaching to guide a person through the process of doing …

Improving Data-Driven Infrastructure Degradation Forecast Skill With Stepwise Asset Condition Prediction Models, Kurt R. Lamm, Justin D. Delorit, Michael N. Grussing, Steven J. Schuldt

Faculty Publications

Organizations with large facility and infrastructure portfolios have used asset management databases for over ten years to collect and standardize asset condition data. Decision makers use these data to predict asset degradation and expected service life, enabling prioritized maintenance, repair, and renovation actions that reduce asset life-cycle costs and achieve organizational objectives. However, these asset condition forecasts are calculated using standardized, self-correcting distribution models that rely on poorly-fit, continuous functions. This research presents four stepwise asset condition forecast models that utilize historical asset inspection data to improve prediction accuracy: (1) Slope, (2) Weighted Slope, (3) Condition-Intelligent Weighted Slope, and (4) …

Digital Contact Tracing And Privacy, Mahdi Nasereddin, Edward J. Glantz, Galen A. Grimes, Joanne Peca, Michelle Gordon, Mike Bartolacci

Journal of Cybersecurity Education, Research and Practice

Digital contact tracing tools were developed to decrease the spread of COVID-19 by supplementing traditional manual methods. Although these tools have great potential, they were developed rather quickly resulting in tools with varying levels of success. The main issues with these tools are over privacy and who might have access to the information gathered. In general, their effectiveness varied globally, where users expressed privacy concerns associated with sharing identity, illness, and location information. This paper reviews these issues in deployments across Asia, Europe, and the United States. The goal is to begin a discussion that improves the design and development …

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Empirical Assessment Of Big Data Technology Adoption Factors For Organizations With Data Storage Systems, Ahmad B. Alnafoosi

College of Computing and Digital Media Dissertations

Many organizations have on-premises data storage systems. Data storage systems are evolving in multiple ways. One way is the adoption of Big Data. Big Data is a data storage system with the ability to analyze large volumes, velocity, and a variety of data. Per the Economist, data is now the most valuable resource (Parkins, 2017). Big Data holds the promise of unlocking a substantial value of data stored. Yet many organizations are not implementing Big Data. There is a need to identify key factors affecting adoption for such organizations. The literature review revealed multiple gaps in studied adoption factors (un-studied …

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 12^th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …

An Evaluation Of Security In Blockchain-Based Sharing Of Student Records In Higher Education, Timothy Arndt, Angela Guercio, Yonghun Chae

Information Systems

Blockchain has recently taken off as a disruptive technology, from its initial use in cryptocurrencies to wider applications in areas such as property registration and insurance due to its characteristic as a distributed ledger which can remove the need for a trusted third party to facilitate transactions. This spread of the technology to new application areas has been driven by the development of smart contracts – blockchain-based protocols which can automatically enforce a contract by executing code based on the logic expressed in the contract. One exciting area for blockchain is higher education. Students in higher education are ever more …

The Iwar Range + 21 Years: Cyber Defense Education In 2022, Joseph H. Schafer, Chris Morrell, Ray Blaine

Military Cyber Affairs

Twenty-one years ago, The IWAR Range paper published by CCSC described nascent information assurance (now cybersecurity[1]) education programs and the inspiration and details for constructing cyber ranges and facilitating cyber exercises. This paper updates the previously published work by highlighting the dramatic evolution of the cyber curricula, exercise networks and ranges, influences, and environments over the past twenty years.

[1] In 2014, DoD adopted “cybersecurity” instead of “information assurance.” [34:1]

How Apis Create Growth By Inverting The Firm, Seth G. Benzell, Jonathan Hersh, Marshall Van Alstyne

Economics Faculty Articles and Research

Traditional asset management strategy has emphasized building barriers to entry or closely guarding unique assets to maintain a firm’s comparative advantage. A new “Inverted Firm” paradigm, however, has emerged. Under this strategy, firms share data seeking to become platforms by opening digital services to third-parties and capturing part of their external surplus. This contrasts with a “pipeline” strategy where the firm itself creates value. This paper quantitatively estimates the effect of adopting an inverted firm strategy through the lens of Application Programming Interfaces (APIs), a key enabling technology. Using both public data and that of a private API development firm, …

Experimental Study To Assess The Impact Of Timers On User Susceptibility To Phishing Attacks, Amy E. Antonucci, Yair Levy, Laurie P. Dringus, Martha Snyder

Journal of Cybersecurity Education, Research and Practice

Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate …

Subject Matter Experts’ Feedback On Experimental Procedures To Measure User’S Judgment Errors In Social Engineering Attacks, Tommy Pollock, Yair Levy, Wei Li, Ajoy Kumar

Journal of Cybersecurity Education, Research and Practice

Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research study was to design, develop, and validate a set of field experiments to assess user’s judgment when exposed to two types of simulated social engineering attacks: phishing and Potentially Malicious Search Engine Results (PMSER), based on the interaction of the environment (distracting vs. non-distracting) and type of device …

A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo

Journal of Cybersecurity Education, Research and Practice

The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …

The 2020 Twitter Hack – So Many Lessons To Be Learned, Paul D. Witman, Scott Mackelprang

Journal of Cybersecurity Education, Research and Practice

In mid-July 2020, the social media site Twitter had over 100 of its most prominent user accounts start to tweet requests to send Bitcoin to specified Bitcoin wallets. The requests promised that the Bitcoin senders would receive their money back doubled, as a gesture of charity amidst the COVID-19 pandemic. The attack appears to have been carried out by a small group of hackers, leveraging social engineering to get access to internal Twitter support tools. These tools allowed the hackers to gain full control of the high-profile user accounts and post messages on their behalf. The attack provides many paths …

Editorial Vol 2021, No 2, Herbert J. Mattord, Michael E. Whitman, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Welcome to the Winter 2021 edition of the Journal for Cybersecurity Education, Research, and Practice.

The Impact Of A Gencyber Camp On In-Service Teachers’ Tpack, Kevin M. Thomas, Jessica Ivy, Kristin Cook, Robert R. Kelley

Journal of Cybersecurity Education, Research and Practice

The purpose of this study was to examine the impact of a GenCyber camp curriculum on teachers’ technology, pedagogy, and content knowledge (TPACK). The camp was designed to engage participants in developing the knowledge and skills to incorporate GenCyber Cybersecurity First Principles and GenCyber Cybersecurity Concepts (GenCyber, 2019) into their curriculums. Participants (37 middle and high school teachers from a variety of disciplines) attended one of two weeklong camps held at a Midwestern liberal arts university. Using the TPACK Self-Reflection and TPACK Self-Assessment Surveys, pre- and post-camp data were collected from participants. Findings indicate that participants demonstrated an increase in …

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 13^th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …