Management Information Systems Commons^™

Integrity, Confidentiality, And Equity: Using Inquiry-Based Labs To Help Students Understand Ai And Cybersecurity, Richard C. Alexander, Liran Ma, Ze-Li Dou, Zhipeng Cai, Yan Huang

Journal of Cybersecurity Education, Research and Practice

Recent advances in Artificial Intelligence (AI) have brought society closer to the long-held dream of creating machines to help with both common and complex tasks and functions. From recommending movies to detecting disease in its earliest stages, AI has become an aspect of daily life many people accept without scrutiny. Despite its functionality and promise, AI has inherent security risks that users should understand and programmers must be trained to address. The ICE (integrity, confidentiality, and equity) cybersecurity labs developed by a team of cybersecurity researchers addresses these vulnerabilities to AI models through a series of hands-on, inquiry-based labs. Through …

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Evaluation Approach For An Effective Blockchain Implementation In An Accounting Environment, Angel R. Otero, Ryan P. Fink

Communications of the IIMA

Blockchain has the potential to revolutionize accounting transactions in the same way the Internet revolutionized the collection and dissemination of information. Nonetheless, like the Internet, blockchain technology is a double-edged sword offering tremendous benefits but also drawbacks. The literature points to inadequacies in blockchain implementations, particularly when evaluating and selecting controls to help ensure an effective blockchain implementation in organizations. This research develops an approach that not only addresses the inadequacies identified in the literature, but also prompts organizations to a more precise evaluation and selection of controls to achieve effective blockchain implementation. The approach uses Desirability Functions to quantify …

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, …

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

An Exploration Of Mobile Device Security Artifacts At Institutions Of Higher Education, Amita Goyal Chin, Diania Mcrae, Beth H. Jones, Mark A. Harris

Journal of International Technology and Information Management

The explosive growth and rapid proliferation of smartphones and other mobile

devices that access data over communication networks has necessitated advocating

and implementing security constraints for the purpose of abetting safe computing.

Remote data access using mobile devices is particularly popular among students at

institutions of higher education. To ensure safe harbor for constituents, it is

imperative for colleges and universities to establish, disseminate, and enforce

mobile device security artifacts, where artifacts is defined as policies, procedures,

guidelines or other documented or undocumented protocols. The purpose of this

study is to explore the existence of, specific content of, and the …

Explicitly Stated Security Policies Of Web Sites Of Global Banks Of Europe, Australia, Asia And The U.S, Donald R. Moscato, Eric D. Moscato

Communications of the IIMA

This paper is the latest component of a research project conducted by the authors over a three-year period. The first phase emphasized the privacy policies of global banks and other businesses engaged in E-commerce. Over 600 individualized web-sites were visited and evaluated. This, the second phase of the research project, focuses on the security policies in place for global financial institutions. The purpose of this research study is to review, compare and summarize the security policies of global banks as they are expressed on their web sites. A total of over 300 web sites of global banks were included in …

The Price Of Security: The Challenge Of Measuring Business Value Investments In Securing Information Systems, Tony Coulson, Jake Zhu, Shan Miyuan, Tapie Rohm

Communications of the IIMA

With powerful regulations surrounding security and privacy of information, the authors attempt to identify challenges valuing information security investments. The authors examine three primary approaches to measuring information value: Perceived, Real, and Normative. Literature is reviewed and the approaches are examined in terms of their strengths and weaknesses in providing value measurements for secure information systems. A framework is presented to suggest at what level in an organization and in what situations these information value approaches are most suitable.

The Interrelationship And Effect Of Trust And Strong Cultures In Setting Information Systems Security Goals, Ioannis V. Koskosas, Jyoti Choudrie, Ray J. Paul

Communications of the IIMA

This paper investigates the interrelationship and effect of trust and culture on the level of goal setting within the context of information systems security. In doing so, it explores and discusses the concepts of trust and strong culture and seeks to demonstrate their importance in setting efficiently information systems security goals. The paper contributes to interpretive information systems research with the study of goal setting in a security management context and its grounding within an interpretive epistemology.

Developing Security For E-Commerce Applications: A Teaching Case, Chang Liu, Brian G. Mackie

Communications of the IIMA

The number of severe computer security breaches in e-commerce applications has been on the increase over the last few years. This has become one of the biggest security problems in recent years. Although there are tools to build e-commerce application firewalls to alert and prevent intruder attacks, these tools are not trivial to install (they are not plug-and-play). Internet intruders can create havoc and produce catastrophe results by exploiting weaknesses in e- commerce applications. Therefore, developers of e-commerce web sites have to incorporate ways to systematically identify and eliminate vulnerabilities in the EC applications to enhance their security. This paper …

The State Of Cryptocurrencies, Their Issues And Policy Interactions, Ramesh Subramanian, Theo Chino

Journal of International Technology and Information Management

This paper focuses on the evolution of cryptocurrencies. It traces the history of early cryptography, the ‘cypherpunk’ movement, and how the work of some cyber libertarians and cryptographers enabled the emergence of popular cryptocurrencies. The paper then focuses on Bitcoin. It delves into the technology behind the Bitcoin architecture and shows how exactly this technology works. The paper then does an analysis of security and regulatory considerations that affect the growth of Bitcoin-based businesses. The paper concludes with some suggestions for future work in the area.

Effects Of Exchange Benefits, Security Concerns And Situational Privacy Concerns On Mobile Commerce Adoption, Hua Dai, Yan Chen

Journal of International Technology and Information Management

Few empirical studies have examined both privacy and security concerns in the context of mobile commerce (m-commerce) while accounting for the effects of situational privacy concerns specific to the context of m-commerce. This research fills this gap in research by exploring users’ exchange perceptions specific to the context of m-commerce in China and by examining the inhibitors and drives of m-commerce adoption in China from the perspectives of social exchange. Particularly, this research develops an integrated research model in which users’ perceptions on value added of and usefulness of m-commerce, and users’ privacy concerns and security concerns of m- commerce …

Limitations Of Nonfinancial Metrics Reported By Social Media Companies, Rob Weitz, Theresa Henry, David Rosenthal

Journal of International Technology and Information Management

Publicly traded companies in the U.S. are required by the Securities and Exchange Commission (SEC) to file annual and quarterly financial statements (form 10-K and form 10-Q respectively). The Management Discussion and Analysis (MD&A) section of these reports, as per SEC requirements, should include the identification and discussion of nonfinancial performance metrics that are critical to management and important to investors. This paper examines a set of common nonfinancial metrics reported by some well-known social media companies. These metrics include such quantities as number of registered users, monthly average users, and number of unique visitors. The definition and use of …

Hybrid Spread-Spectrum Tcp For Combating Fraudulent Cyber Activities Against Reconnaissance Attacks, Simon Enoch Yusuf, Olumide Longe

The African Journal of Information Systems

The inefficiencies of current intrusion detection system against fraudulent cyber activities attracts the attention of computer gurus, also known as “hackers” to exploit known weakness on a particular host or network. These hackers are expert programmers who mainly focus on how the Internet works, and they interact with each other to know its strengths and weaknesses. Then they develop advanced tools which an average attacker with little background can use to know the liveness, reachability and running service on the network. Once an attacker identifies these details, he can accurately launch an effective attack and get maximum benefit out of …

Enterprise Systems Network: Securid Solutions, The Authentication To Global Security Systems, Emmanuel U. Opara, Vance Etnyre

Journal of International Technology and Information Management

Enterprise systems need reliable, flexible and secure means for making public and confidential information available to users in a secured and trusted manner. Although enterprise systems have variety of choice to authenticate these users, organizations face significant issues when granting access and providing a manageable structure for valuable access control. Logon functionalities such as user name and password algorithm have been used to grant authentication and authorization into enterprise systems network resources. Since most systems clients prefer the ease of using passwords, and since passwords are easily compromised, the urgency for a stronger authentication process becomes paramount. This study performed …

Evaluating The Perceived Impact Of Collaborative Exchange And Formalization On Information Security, Randall Young

Journal of International Technology and Information Management

Organizations integrate information security measures through information security planning and policy development. This study aims to examine how the extent of collaborative exchange within the organization and extent of formalization of the information security function impact the effective utilization of well-established information security objectives. The security objectives of interest, described in general deterrence theory, are deterrence, detection and recovery. This study finds that organizations that exhibit higher levels of collaborative exchange and develop and implement more information security policies are more effectively utilizing the information security strategies of detection, deterrence and recovery. This study highlights the importance of the complementary …

More Secure Passwords, Scott Magruder, Stanley X. Lewis Jr

Journal of International Technology and Information Management

Passwords are often the first line of defense against hackers trying to logon to a user’s account. Due to this, the password that a user selects for protection of their account is critical. These passwords must be “good” passwords that are not easily cracked. However, how does the network administrator enforce this? A simple change to the login process can make the passwords chosen by users much more secure. A description of this simple process is given in this paper. The normal login process is described. A description of the how hackers attempt to crack passwords is given. The simple …

Improving The Judicial System To Handle Computer Crime, Gerald V. Post, Albert Kagan

Journal of International Technology and Information Management

This paper asked professionals in the legal system to evaluate the current state and effectiveness of laws to identify and deter computer crime. Responses were evaluated with a formal structural equation model. The results generally show that legal professionals believe potential jurors have minimal knowledge of computer crime issues. More importantly, they also believe that judges have little knowledge or experience. A similar lack of knowledge by defense attorneys indicates that it could be difficult for a person accused of computer related infractions to find adequate representation. On the other hand, more experienced participants do not believe computer laws present …

The Role Of Quantitative Analysis In The Information Security Systems Development Lifecycle, Stephen R. Rosenkranz, Michael E. Busing, Faye P. Teer, Karen A. Forcht

Journal of International Technology and Information Management

Today’s numerous Quantitative Analysis (QA) tools have been successfully utilized to solve business problems in diverse applications. However, the application of QA tools in solving information security problems has been sparse. Devising the means and ways to use QA tools in resolving industry-wide security problems has the potential to yield enormous global economic benefit. The purpose of this paper is to explore the use of QA tools as a means of improving the processes involved in the Information Security Systems Development Lifecycle (SecSDL). Information security professionals use the SecSDL as a guide for formulating a comprehensive information security program. The …

Enterprise Integrated Security Platform: A Comparison Of Remote Access And Extranet Virtual Private Networks, Emmanuel U. Opara, Jack T. Marchewka

Journal of International Technology and Information Management

The Internet has created unprecedented opportunities for both organizations and individuals. However, these opportunities also have created a double-edge sword as organizations attempt to connect trading partners, customers, and remote users while providing adequate security measures that are flexible and cost-effective. This paper explores why secured socket layer (SSL) may be better tool for secured remote access and extranets by comparing it to internet protocol security virtual private networks (IPSec-based VPNs).

Computer Security Checklist For Non-Security Technology Professionals, Chlotia P. Garrison, Roderick B. Posey

Journal of International Technology and Information Management

Networked computers and electronic data storage make computer security a fundamental component of a company’s survival. Security incidents can cause reputation damage, loss customers, or even liability. Companies that are unable or unwilling to hire certified security professionals often rely on non-security IT professionals for assistance. This paper provides a checklist the non-security professional can use to assist the company in the critical areas of conducting risk analysis, performing vulnerability assessments, educating employees and developing computer security policies and procedures

Online Privacy Policies: An Assessment Of The Fortune Global 100, Randy Ryker, M. Khurrum S. Bhutta

Journal of International Technology and Information Management

Both industry leaders and government officials around the globe are struggling with how to address online privacy. One solution suggested by both groups within the United States is for companies to voluntarily comply with the fair information practices of Notice, Choice, Access, and Security. A content analysis of the online privacy policies of the firms in the Fortune Global 100 was conducted to determine the extent to which the most successful global companies comply with fair information practices. The results indicate that 1.2% fully complies, 87.2% partially comply and 11.6% fail to comply with one or more fair information practice.