Mapping Knowledge Units Using A Learning Management System (Lms) Course Framework, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to examine the outcomes of using a Learning Management System (LMS) course as a framework for mapping the Centers of Academic Excellence in Cyber Defense (CAE-CD) 2019 Knowledge Units (KU) to college courses. The experience shared herein will be useful to faculty who are interested in performing the mapping and applying for CAE-CDE designation.

Hijacking Wireless Communications Using Wifi Pineapple Nano As A Rogue Access Point, Shawn J. Witemyre, Tamirat T. Abegaz, Bryson R. Payne, Ash Mady

KSU Proceedings on Cybersecurity Education, Research and Practice

Wireless access points are an effective solution for building scalable, flexible, mobile networks. The problem with these access points is often the lack of security. Users regularly connect to wireless access points without thinking about whether they are genuine or malicious. Moreover, users are not aware of the types of attacks that can come from “rogue” access points set up by attackers and what information can be captured by them. Attackers use this advantage to gain access to users’ confidential information. The objective of this study is to examine the effectiveness of the WiFi Pineapple NANO used as a rogue …

Towards A Development Of Predictive Models For Healthcare Hipaa Security Rule Violation Fines, Jim Furstenberg, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

The Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule (SR) mandate provides a national standard for the protection of electronic protected health information (ePHI). The SR’s standards provide healthcare covered entities (CEs’) flexibility in how to meet the standards because the SR regulators realized that all health care organizations are not the same. However, the SR requires CEs’ to implement reasonable and appropriate safeguards, as well as security controls that protect the confidentiality, integrity, and availability (CIA) of their ePHI data. However, compliance with the HIPAA SR mandates are confusing, complicated, and can be costly to CEs’. Flexibility in …

Using Project Management Knowledge And Practice To Address Digital Forensic Investigation Challenges, Steven S. Presley, Jeffrey P. Landry, Michael Black

KSU Proceedings on Cybersecurity Education, Research and Practice

The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results …

Capturing The Existential Cyber Security Threats From The Sub-Saharan Africa Zone Through Literature Database, Samuel B. Olatunbosun, Nathanial J. Edwards, Cytyra D. Martineau

KSU Proceedings on Cybersecurity Education, Research and Practice

Abstract - The Internet brought about the phenomenon known as Cyber-space which is boundless in nature. It is one of the fastest-growing areas of technical infrastructure development over the past decade. Its growth has afforded everyone the opportunity to carry out one or more transactions for personal benefits. The African continent; often branded as ‘backward’ by the Western press has been able to make substantial inroads into the works of Information and Computer Technology (ICT). This rapid transition by Africans into ICT power has thus opened up the opportunities for Cybercriminal perpetrators to seek and target victims worldwide including America …

Cybersecurity Education Employing Experiential Learning, Travis Lowe, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to discuss a curriculum design that employs Kolb’s Experiential Learning Theory stages and Kolb’s Learning Styles in four consecutive class sessions. The challenge each class is to present students with perplexing and often frustrating network problems that someday might be encountered on the job. By using Kolb’s theory, students address those problems from the perspective of each learning style, while passing through each phase of the learning cycle. As a result, students gain stronger cognitive thinking skills and hands-on troubleshooting skills in preparation for work as network administrators or cybersecurity analysts.

Laboratory Exercises To Accompany Industrial Control And Embedded Systems Security Curriculum Modules, Gretchen Richards

KSU Proceedings on Cybersecurity Education, Research and Practice

The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this …

A Blockchain-Based Security-Oriented Framework For Cloud Federation, Ramandeep Kaur Sandhu, Kweku Muata A. Osei-Bryson

KSU Proceedings on Cybersecurity Education, Research and Practice

Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality …

Information Privacy Concerns In The Age Of Internet Of Things, Madhav Sharma, David Biros

KSU Proceedings on Cybersecurity Education, Research and Practice

Internet of things (IoT) offer new opportunities for advancement in many domains including healthcare, home automation, manufacturing and transportation. In recent years, the number of IoT devices have exponentially risen and this meteoric rise is poised to continue according to the industry. Advances in the IoT integrated with ambient intelligence are intended to make our lives easier. Yet for all these advancements, IoT also has a dark side. Privacy and security were already priorities when personal computers, devices and work stations were the only point of vulnerability to personal information, however, with the ubiquitous nature of smart technologies has increased …

Car Hacking: Can It Be That Simple?, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

The Internet of Things (IoT) has expanded the reach of technology at work, at home, and even on the road. As Internet-connected and self-driving cars become more commonplace on our highways, the cybersecurity of these “data centers on wheels” is of greater concern than ever. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety. This article describes the integration of a module on car hacking into a semester-long ethical hacking cybersecurity course, including full …

Towards An Empirical Assessment Of Cybersecurity Readiness And Resilience In Small Businesses, Darrell Eilts, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

Many small businesses struggle to improve their cybersecurity posture despite the risk to their business. Small businesses lacking adequate protection from cyber threats, or a business continuity strategy to recover from disruptions, have a very high risk of loss due to a cyberattack. These cyberattacks, either deliberate or unintentional, can become costly when a small business is not prepared. This developmental research is focused on the relationship between two constructs that are associated with readiness and resilience of small businesses based on their cybersecurity planning, implementation, as well as response activities. A Cybersecurity Preparedness-Risk Taxonomy (CyPRisT) is proposed using the …

Digital Identity, Philip Andreae

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Managing 3rd Party Cybersecurity Risk Is A Matter Of National Security, Keith Deininger

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Six Things I Wish New Employees Knew, Brian Albertson

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Networks Still Matter, Tim O'Neill

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Beyond The Classroom - What Students Need To Know, Will Alexander

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Towards A Development Of A Social Engineering Exposure Index (Sexi) Using Publicly Available Personal Information, W. Shawn Wilkerson, Yair Levy, James Richard Kiper, Martha Snyder

KSU Proceedings on Cybersecurity Education, Research and Practice

Millions of people willingly expose their lives via Internet technologies every day, and even those who stay off the Internet find themselves exposed through data breaches. Trillions of private information records flow through the Internet. Marketers gather personal preferences to coerce shopping behavior, while providers gather personal information to provide enhanced services. Few users have considered where their information is going or who has access to it. Even fewer are aware of how decisions made in their own lives expose significant pieces of information, which can be used to harm the very organizations they are affiliated with by cyber attackers. …

A Comparison Of Personal Social Media Risk Perceptions Between Undergraduate Students And Human Resource Professionals, Julio C. Rivera, Jack Howard, Samuel Goh, James Worrell, Paul Di Gangi

KSU Proceedings on Cybersecurity Education, Research and Practice

This study contrasts the social media risk perceptions of undergraduate students, versus those of certified Human Resource professionals. Social media is widely used by most segments of the population, and particularly among the age group that includes most undergraduate students. Organizations hiring employees are increasingly examining job applicant's social media postings as part of the applicant screening process. In this study we examine how these groups differ in their perceptions of the risks inherent in using social media, and what these differences may mean for students seeking employment. Recommendations are made for raising undergraduate student awareness of these risks.

Experiments With Applying Artificial Immune System In Network Attack Detection, Alexis Cooper

KSU Proceedings on Cybersecurity Education, Research and Practice

The assurance of security within a network is difficult due to the variations of attacks. This research conducts various experiments to implement an Artificial Immune System based Intrusion Detection System to identify intrusions using the Negative Selection Algorithm. This research explores the implementation of an Artificial Immune System opposed to the industry standard of machine learning. Various experiments were conducted to identify a method to separate data to avoid false-positive results. The use of an Artificial Immune System requires a self and nonself classification to determine if an intrusion is present within the network. The results of an Artificial Immune …

A Developmental Study On Assessing The Cybersecurity Competency Of Organizational Information System Users, Richard Nilsen, Yair Levy, Steven Terrell, Dawn Beyer

KSU Proceedings on Cybersecurity Education, Research and Practice

Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study was to propose and validate, using subject matter experts (SMEs), a reliable hands-on assessment prototype tool for measuring the knowledge, skills, and abilities (KSAs) that comprise the cybersecurity competency of an OISU. Primarily using the Delphi methodology, this study implemented four phases of data collection using cybersecurity SMEs for proposing and …

Voice Hacking Proof Of Concept: Using Smartphones To Spread Ransomware To Traditional Pcs, Leonardo I. Mazuran, Bryson R. Payne, Tamirat T. Abegaz

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper presents a working proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, spreading …

Security Device Roles, Vabrice Wilder

KSU Proceedings on Cybersecurity Education, Research and Practice

“An abstract of this article was published in the proceedings of the Conference on Cybersecurity Education, Research & Practice, 2017”. Communication has evolved since the beginning of mankind from smoke signals to drones to now the internet. In a world filled with technology the security of one’s device is not to be taken for granted. A series of research was done in order to gather details about network devices that can aid in the protection of one’s information while being transferred through the internet. The findings included but not limited to, switches, the seven layers of OSI, routers, firewalls, load …

"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Secuity Awareness Campaign, Rachael Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky Jenkins

KSU Proceedings on Cybersecurity Education, Research and Practice

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.

Ssetgami: Secure Software Education Through Gamification, Hector Suarez, Hooper Kincannon, Li Yang

KSU Proceedings on Cybersecurity Education, Research and Practice

Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities …

Integrate Text Mining Into Computer And Information Security Education, Hongmei Chi, Ezhil Kalaimannan, Dominique Hubbard

KSU Proceedings on Cybersecurity Education, Research and Practice

Insider threats has become a significant challenge to organization, due to the employees varying levels of access to the internal network. This will intern bypass the external security measures that have been put in place to protect the organization’s resources. Computer-mediated communication (CMC) is a form of communication over virtual spaces where users cannot see each other. CMC includes email and communication over social networks, amongst others. This paper focuses on the design and implementation of exercise modules, which can be integrated into cybersecurity courses. The main objectives of the paper include how to teach and integrate the CMC learning …

Cover Text Steganography: N-Gram And Entropy-Based Approach, Sara M. Rico-Larmer

KSU Proceedings on Cybersecurity Education, Research and Practice

Steganography is an ancient technique for hiding a secret message within ordinary looking messages or objects (e.g., images), also known as cover messages. Among various techniques, hiding text data in plain text file is a challenging task due to lack of redundant information. This paper proposes two new approaches to embed a secret message in a cover text document. The two approaches are n-gram and entropy metric-based generation of stego text. We provide examples of encoding secret messages in a cover text document followed by an initial evaluation of how well stego texts look close to the plain …

Hands-On Labs Demonstrating Html5 Security Concerns, Mounika Vanamala

KSU Proceedings on Cybersecurity Education, Research and Practice

The research is focused on the new features added in HTML5 standard that have strong implications towards the overall information security of a system that uses this implementation.A Hands-on Lab is developed to demonstrate how Web Storage and the Geo-location API of HTML5 can affect the privacy of the user.

Smart City Security, Shawn Ralko, Sathish Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

With rapid growth of technology involved and the implementation of the smart city concept, it is becoming vital to identify and implement security controls for their secure operation. Smart city security is essential for a city to incorporate the technologies into smart city cyber infrastructure and to improve the conditions of life for its citizens. In this paper, we have discussed the growth of smart city concept, their security issues. We also discuss the security solutions that needs to be implemented to keep the smart city cyber infrastructure secure. We have also pointed out the recommendations on the open issues …

Combining The Extended Risk Analysis Model And The Attack Response Model To Introduce Risk Analysis, Randall Reid

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper uses the Extended Risk Analysis Model to introduce risk analysis in a classroom setting. The four responses to an attack, avoidance, transference, mitigation, and acceptance are overlaid on the Extended Risk Analysis Model to aid in the visualization of their relationship. It then expands and updates the cyber insurance portion of the Extended Risk Analysis Model.

Health It Security: An Examination Of Modern Challenges In Maintaining Hipaa And Hitech Compliance, Andrew S. Miller, Bryson R. Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

This work describes an undergraduate honors research project into some of the challenges modern healthcare providers face in maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) and HITECH (Health Information Technology for Economic and Clinical Health) Act. An overview of the pertinent sections of both the HIPAA and HITECH Acts regarding health information security is provided, along with a discussion of traditionally weak points in information security, including: people susceptible to social engineering, software that is not or cannot be regularly updated, and targeted attacks (including advanced persistent threats, or APTs). Further, the paper examines potential violations …