Management Information Systems Commons^™

Integrity, Confidentiality, And Equity: Using Inquiry-Based Labs To Help Students Understand Ai And Cybersecurity, Richard C. Alexander, Liran Ma, Ze-Li Dou, Zhipeng Cai, Yan Huang

Journal of Cybersecurity Education, Research and Practice

Recent advances in Artificial Intelligence (AI) have brought society closer to the long-held dream of creating machines to help with both common and complex tasks and functions. From recommending movies to detecting disease in its earliest stages, AI has become an aspect of daily life many people accept without scrutiny. Despite its functionality and promise, AI has inherent security risks that users should understand and programmers must be trained to address. The ICE (integrity, confidentiality, and equity) cybersecurity labs developed by a team of cybersecurity researchers addresses these vulnerabilities to AI models through a series of hands-on, inquiry-based labs. Through …

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

An Evaluation Of Security In Blockchain-Based Sharing Of Student Records In Higher Education, Timothy Arndt, Angela Guercio, Yonghun Chae

Information Systems

Blockchain has recently taken off as a disruptive technology, from its initial use in cryptocurrencies to wider applications in areas such as property registration and insurance due to its characteristic as a distributed ledger which can remove the need for a trusted third party to facilitate transactions. This spread of the technology to new application areas has been driven by the development of smart contracts – blockchain-based protocols which can automatically enforce a contract by executing code based on the logic expressed in the contract. One exciting area for blockchain is higher education. Students in higher education are ever more …

Evaluation Approach For An Effective Blockchain Implementation In An Accounting Environment, Angel R. Otero, Ryan P. Fink

Communications of the IIMA

Blockchain has the potential to revolutionize accounting transactions in the same way the Internet revolutionized the collection and dissemination of information. Nonetheless, like the Internet, blockchain technology is a double-edged sword offering tremendous benefits but also drawbacks. The literature points to inadequacies in blockchain implementations, particularly when evaluating and selecting controls to help ensure an effective blockchain implementation in organizations. This research develops an approach that not only addresses the inadequacies identified in the literature, but also prompts organizations to a more precise evaluation and selection of controls to achieve effective blockchain implementation. The approach uses Desirability Functions to quantify …

Phishing For All Ages, Rachana Vann

Electronic Theses, Projects, and Dissertations

Since the start of the pandemic in 2020 and the increase in teleworking, we have witnessed a subsequent increase in cyber-attacks. This project focused on the tools and techniques a teleworker should use to stay safe from online predators. An online predator or hacker is defined as someone who uses the internet to get access to proprietary information or seek a ransom. This project sought to introduce tools and techniques that would help people of all ages to stay safe online. The questions asked were: What techniques do online predators use to lure their unsuspecting victims? On the American Generation …

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, …

The Impact Of Information Security Threat Awareness On Privacy-Protective Behaviors, Stanislav Mamonov, Raquel Benbunan-Fich

Department of Information Management and Business Analytics Faculty Scholarship and Creative Works

In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions …

Social Engineering Knowledge Measured As A Security Countermeasure, Christopher Artejus Sanders

Theses and Dissertations

Social Engineering has become a significant threat to the security of business, government, and academic institutions. As vulnerabilities to social engineering attacks increase, organizations must incorporate risk mitigation strategies to their portfolios of Information Systems Security Countermeasures (ISSC). The goal is to implement mitigation strategies that balance the cost of implementation, the privacy of employees, and the resulting expected costs of social engineering attacks. In this paper we develop an analytical model that calculates the total cost of protection, including the trade-off between the cost of implementing protection strategies and the resulting expected cost of social engineering attacks. We use …

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

Implementation Of Agile Methodology In Public Sector, Kajal Patel

Dissertations and Theses

The purpose of this thesis is to identify the drawbacks and positives of agile methodology in public sector projects. This paper will help provide the business groups the solution to overcome any issues with agile for any of the development processes within the Public sector. This assignment will help us see the results of adoption of agile by various business groups within the public sector where it is been implemented. The idea of fast paced development with set goals and deadlines have transformed how the implementation works as compared to traditional methods in Public sector. Agile methodology has always focused …

An Exploration Of Mobile Device Security Artifacts At Institutions Of Higher Education, Amita Goyal Chin, Diania Mcrae, Beth H. Jones, Mark A. Harris

Journal of International Technology and Information Management

The explosive growth and rapid proliferation of smartphones and other mobile

devices that access data over communication networks has necessitated advocating

and implementing security constraints for the purpose of abetting safe computing.

Remote data access using mobile devices is particularly popular among students at

institutions of higher education. To ensure safe harbor for constituents, it is

imperative for colleges and universities to establish, disseminate, and enforce

mobile device security artifacts, where artifacts is defined as policies, procedures,

guidelines or other documented or undocumented protocols. The purpose of this

study is to explore the existence of, specific content of, and the …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …

Explicitly Stated Security Policies Of Web Sites Of Global Banks Of Europe, Australia, Asia And The U.S, Donald R. Moscato, Eric D. Moscato

Communications of the IIMA

This paper is the latest component of a research project conducted by the authors over a three-year period. The first phase emphasized the privacy policies of global banks and other businesses engaged in E-commerce. Over 600 individualized web-sites were visited and evaluated. This, the second phase of the research project, focuses on the security policies in place for global financial institutions. The purpose of this research study is to review, compare and summarize the security policies of global banks as they are expressed on their web sites. A total of over 300 web sites of global banks were included in …

The Price Of Security: The Challenge Of Measuring Business Value Investments In Securing Information Systems, Tony Coulson, Jake Zhu, Shan Miyuan, Tapie Rohm

Communications of the IIMA

With powerful regulations surrounding security and privacy of information, the authors attempt to identify challenges valuing information security investments. The authors examine three primary approaches to measuring information value: Perceived, Real, and Normative. Literature is reviewed and the approaches are examined in terms of their strengths and weaknesses in providing value measurements for secure information systems. A framework is presented to suggest at what level in an organization and in what situations these information value approaches are most suitable.

The Interrelationship And Effect Of Trust And Strong Cultures In Setting Information Systems Security Goals, Ioannis V. Koskosas, Jyoti Choudrie, Ray J. Paul

Communications of the IIMA

This paper investigates the interrelationship and effect of trust and culture on the level of goal setting within the context of information systems security. In doing so, it explores and discusses the concepts of trust and strong culture and seeks to demonstrate their importance in setting efficiently information systems security goals. The paper contributes to interpretive information systems research with the study of goal setting in a security management context and its grounding within an interpretive epistemology.

Developing Security For E-Commerce Applications: A Teaching Case, Chang Liu, Brian G. Mackie

Communications of the IIMA

The number of severe computer security breaches in e-commerce applications has been on the increase over the last few years. This has become one of the biggest security problems in recent years. Although there are tools to build e-commerce application firewalls to alert and prevent intruder attacks, these tools are not trivial to install (they are not plug-and-play). Internet intruders can create havoc and produce catastrophe results by exploiting weaknesses in e- commerce applications. Therefore, developers of e-commerce web sites have to incorporate ways to systematically identify and eliminate vulnerabilities in the EC applications to enhance their security. This paper …

The State Of Cryptocurrencies, Their Issues And Policy Interactions, Ramesh Subramanian, Theo Chino

Journal of International Technology and Information Management

This paper focuses on the evolution of cryptocurrencies. It traces the history of early cryptography, the ‘cypherpunk’ movement, and how the work of some cyber libertarians and cryptographers enabled the emergence of popular cryptocurrencies. The paper then focuses on Bitcoin. It delves into the technology behind the Bitcoin architecture and shows how exactly this technology works. The paper then does an analysis of security and regulatory considerations that affect the growth of Bitcoin-based businesses. The paper concludes with some suggestions for future work in the area.

Effects Of Exchange Benefits, Security Concerns And Situational Privacy Concerns On Mobile Commerce Adoption, Hua Dai, Yan Chen

Journal of International Technology and Information Management

Few empirical studies have examined both privacy and security concerns in the context of mobile commerce (m-commerce) while accounting for the effects of situational privacy concerns specific to the context of m-commerce. This research fills this gap in research by exploring users’ exchange perceptions specific to the context of m-commerce in China and by examining the inhibitors and drives of m-commerce adoption in China from the perspectives of social exchange. Particularly, this research develops an integrated research model in which users’ perceptions on value added of and usefulness of m-commerce, and users’ privacy concerns and security concerns of m- commerce …

Limitations Of Nonfinancial Metrics Reported By Social Media Companies, Rob Weitz, Theresa Henry, David Rosenthal

Journal of International Technology and Information Management

Publicly traded companies in the U.S. are required by the Securities and Exchange Commission (SEC) to file annual and quarterly financial statements (form 10-K and form 10-Q respectively). The Management Discussion and Analysis (MD&A) section of these reports, as per SEC requirements, should include the identification and discussion of nonfinancial performance metrics that are critical to management and important to investors. This paper examines a set of common nonfinancial metrics reported by some well-known social media companies. These metrics include such quantities as number of registered users, monthly average users, and number of unique visitors. The definition and use of …

Rethinking Fs-Isac: An It Security Information Sharing Model For The Financial Services Sector, Charles Liu, Humayun Zafar, Yoris A. Au

Faculty and Research Publications

This study examines a critical incentive alignment issue facing FS-ISAC (the information sharing alliance in the financial services industry). Failure to encourage members to share their IT security-related information has seriously undermined the founding rationale of FS-ISAC. Our analysis shows that many information sharing alliances’ membership policies are plagued with the incentive misalignment issue and may result in a “free-riding” or “no information sharing” equilibrium. To address this issue, we propose a new information sharing membership policy that incorporates an insurance option and show that the proposed policy can align members’ incentives and lead to a socially optimal outcome. Moreover, …

The Future Of National And International Security On The Internet, Maurice Dawson, Marwan Omar, Jonathan Abramson, Dustin Bessette

Maurice Dawson

Hyperconnectivity is a growing trend that is driving cyber security experts to develop new security architectures for multiple platforms such as mobile devices, laptops, and even wearable displays. The futures of national and international security rely on complex countermeasures to ensure that a proper security posture is maintained during this state of hyperconnectivity. To protect these systems from exploitation of vulnerabilities it is essential to understand current and future threats to include the laws that drive their need to be secured. Examined within this chapter are the potential security-related threats with the use of social media, mobile devices, virtual worlds, …

Hybrid Spread-Spectrum Tcp For Combating Fraudulent Cyber Activities Against Reconnaissance Attacks, Simon Enoch Yusuf, Olumide Longe

The African Journal of Information Systems

The inefficiencies of current intrusion detection system against fraudulent cyber activities attracts the attention of computer gurus, also known as “hackers” to exploit known weakness on a particular host or network. These hackers are expert programmers who mainly focus on how the Internet works, and they interact with each other to know its strengths and weaknesses. Then they develop advanced tools which an average attacker with little background can use to know the liveness, reachability and running service on the network. Once an attacker identifies these details, he can accurately launch an effective attack and get maximum benefit out of …

Aligning Security And Usability Objectives For Computer Based Information Systems, Santa Ram Susarapu

Theses and Dissertations

With extensive use of information systems in day-to-day business operations, many organizations are facing challenges to develop robust computer-based information systems that are secure and widely used by the user community. In order to develop information systems that are secure and useful, understanding what stakeholders consider important and value about the security and usability is critical. Security refers to confidentiality, integrity and availability and usability refers to efficiency, effectiveness and user satisfaction. Using Value Focused Thinking approach, this research first proposes the usability objectives based on the values of system developers and users. Using the security objectives proposed by Dhillon …

Consumers’ Attitudes Of E-Commerce In China, Hongjiang Xu, Xiaowen Zou, Hengshan Wang

Hongjiang Xu

This research studied the problem of B2C and C2Cconsumers’ attitudes towards trust of the businesstransaction process in China by using the“Consumer Attitudes towards Trust in the e-Business Model.” Four factors in the model wereanalyzed, privacy, security, financial institution andtrusted seal. From this analysis, the conclusion onthe consumers’ attitudes was drawn.

Enterprise Systems Network: Securid Solutions, The Authentication To Global Security Systems, Emmanuel U. Opara, Vance Etnyre

Journal of International Technology and Information Management

Enterprise systems need reliable, flexible and secure means for making public and confidential information available to users in a secured and trusted manner. Although enterprise systems have variety of choice to authenticate these users, organizations face significant issues when granting access and providing a manageable structure for valuable access control. Logon functionalities such as user name and password algorithm have been used to grant authentication and authorization into enterprise systems network resources. Since most systems clients prefer the ease of using passwords, and since passwords are easily compromised, the urgency for a stronger authentication process becomes paramount. This study performed …

Evaluating The Perceived Impact Of Collaborative Exchange And Formalization On Information Security, Randall Young

Journal of International Technology and Information Management

Organizations integrate information security measures through information security planning and policy development. This study aims to examine how the extent of collaborative exchange within the organization and extent of formalization of the information security function impact the effective utilization of well-established information security objectives. The security objectives of interest, described in general deterrence theory, are deterrence, detection and recovery. This study finds that organizations that exhibit higher levels of collaborative exchange and develop and implement more information security policies are more effectively utilizing the information security strategies of detection, deterrence and recovery. This study highlights the importance of the complementary …

Why It Managers Don't Go For Cyber-Insurance Products, Tridib Bandyopadhyay, Vijay S. Mookerjee, Ram C. Rao

Faculty and Research Publications

Despite positive expectations, cyber-insurance products have failed to take center stage in the management of IT security risk. Market inexperience, leading to conservatism in pricing cyber-insurance instruments, is often cited as the primary reason for the limited growth of the cyber-insurance market. In contrast, here we provide a demand-side explanation for why cyber-insurance products have not lived up to their initial expectations. We highlight the presence of information asymmetry between customers and providers, showing how it leads to overpricing cyber-insurance contracts and helps explain why cyber insurance might have failed to deliver its promise as a cornerstone of IT security-management …

More Secure Passwords, Scott Magruder, Stanley X. Lewis Jr

Journal of International Technology and Information Management

Passwords are often the first line of defense against hackers trying to logon to a user’s account. Due to this, the password that a user selects for protection of their account is critical. These passwords must be “good” passwords that are not easily cracked. However, how does the network administrator enforce this? A simple change to the login process can make the passwords chosen by users much more secure. A description of this simple process is given in this paper. The normal login process is described. A description of the how hackers attempt to crack passwords is given. The simple …

Improving The Judicial System To Handle Computer Crime, Gerald V. Post, Albert Kagan

Journal of International Technology and Information Management

This paper asked professionals in the legal system to evaluate the current state and effectiveness of laws to identify and deter computer crime. Responses were evaluated with a formal structural equation model. The results generally show that legal professionals believe potential jurors have minimal knowledge of computer crime issues. More importantly, they also believe that judges have little knowledge or experience. A similar lack of knowledge by defense attorneys indicates that it could be difficult for a person accused of computer related infractions to find adequate representation. On the other hand, more experienced participants do not believe computer laws present …

The Role Of Quantitative Analysis In The Information Security Systems Development Lifecycle, Stephen R. Rosenkranz, Michael E. Busing, Faye P. Teer, Karen A. Forcht

Journal of International Technology and Information Management

Today’s numerous Quantitative Analysis (QA) tools have been successfully utilized to solve business problems in diverse applications. However, the application of QA tools in solving information security problems has been sparse. Devising the means and ways to use QA tools in resolving industry-wide security problems has the potential to yield enormous global economic benefit. The purpose of this paper is to explore the use of QA tools as a means of improving the processes involved in the Information Security Systems Development Lifecycle (SecSDL). Information security professionals use the SecSDL as a guide for formulating a comprehensive information security program. The …