Engineering Commons^™

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Adoption Of Cybersecurity Policies By Local Governments 2020, Donald F. Norris Phd, Laura K. Mateczun Jd

Journal of Cybersecurity Education, Research and Practice

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. …

The Rapid Increase Of Ransomware Attacks Over The 21st Century And Mitigation Strategies To Prevent Them From Arising, Sanjay Jacob

Senior Honors Theses

Cyber-attacks have continued to become more common throughout the past century as more people are exposed to the Internet. Every year, various studies, reports, and scholarly research is done to emphasis the rapid increase of attacks. In this honors thesis, the student sought to gather further information about the rise of ransomware attacks, various cyber threats, discuss the psychological manipulation that exist, and provided the reader with an ethical complement of cyber-attacks. Additionally, case studies from previous research have been analyzed and mitigation strategies have been explained to provide the reader with practical application. This research emphasizes in on key …

Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn

SMU Data Science Review

Today, there is an increased risk to data privacy and information security due to cyberattacks that compromise data reliability and accessibility. New machine learning models are needed to detect and prevent these cyberattacks. One application of these models is cybersecurity threat detection and prevention systems that can create a baseline of a network's traffic patterns to detect anomalies without needing pre-labeled data; thus, enabling the identification of abnormal network events as threats. This research explored algorithms that can help automate anomaly detection on an enterprise network using Canadian Institute for Cybersecurity data. This study demonstrates that Neural Networks with Bayesian …

Small Business Office Network, Michael Gerome

Williams Honors College, Honors Research Projects

This project will emulate a small office network environment. The project will demonstrate the process of building and configuring the network to meet the requirements laid out in the project plan. This network includes four subnets with Windows 10 end devices and a Kali Linux device, it also includes five Cisco layer 2 switches and three Cisco routers. There are also three subnets connecting the routers to each other to enable routing between the subnets. After the network environment is set up, various penetration tests are performed from the Kali Linux device to gather information. The Nmap reconnaissance tool is …

Predictors Of Email Response: Determinants Of The Intention Of Not Following Security Recommendations, Miguel Angel Toro-Jarrin

Engineering Management & Systems Engineering Theses & Dissertations

Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them …

Cross Domain Iw Threats To Sof Maritime Missions: Implications For U.S. Sof, Gary C. Kessler, Diane M. Zorri

Publications

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable.

Cybersecurity Risk Assessment Using Graph Theoretical Anomaly Detection And Machine Learning, Goksel Kucukkaya

Engineering Management & Systems Engineering Theses & Dissertations

The cyber domain is a great business enabler providing many types of enterprises new opportunities such as scaling up services, obtaining customer insights, identifying end-user profiles, sharing data, and expanding to new communities. However, the cyber domain also comes with its own set of risks. Cybersecurity risk assessment helps enterprises explore these new opportunities and, at the same time, proportionately manage the risks by establishing cyber situational awareness and identifying potential consequences. Anomaly detection is a mechanism to enable situational awareness in the cyber domain. However, anomaly detection also requires one of the most extensive sets of data and features …

Disruptive Technologies With Applications In Airline & Marine And Defense Industries, Randall K. Nichols, Hans C. Mumm, Wayne Lonstein, Suzanne Sincavage, Candice M. Carter, John-Paul Hood, Randall Mai, Mark Jackson, Bart Shields

NPP eBooks

Disruptive Technologies With Applications in Airline, Marine, Defense Industries is our fifth textbook in a series covering the world of Unmanned Vehicle Systems Applications & Operations On Air, Sea, and Land. The authors have expanded their purview beyond UAS / CUAS / UUV systems that we have written extensively about in our previous four textbooks. Our new title shows our concern for the emergence of Disruptive Technologies and how they apply to the Airline, Marine and Defense industries. Emerging technologies are technologies whose development, practical applications, or both are still largely unrealized, such that they are figuratively emerging into prominence …

Research Framework Of Human Factors Interactions With Technical And Security Factors In Cloud Computing, Hongjiang Xu, Sakthi Mahenthiran

Scholarship and Professional Work - Business

There are many advantages to adopt cloud computing, however, some important issues need to be addressed, such as cybersecurity, cost-saving, trust, implementation complexity, and cloud provider’s reliability. This study developed a research framework to study the human factors that interact with technical and cybersecurity factors to affect the cloud-computing provider’s performance from the user’s perspective. Research hypotheses were developed and a survey was conducted to test the hypotheses and validate the research framework.

The Soft Skills Business Demands Of The Chief Information Security Officer, Richard Smit, Jeroen Van Yperen Hagedoorn, Patric Versteeg, Pascal Ravesteijn

Journal of International Technology and Information Management

While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied in-depth. This paper describes a first study aimed at filling this gap.

In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis.

With an increasing threat to information security for …

Icts For Surveillance And Suppression: The Case Of The Indian Emergency 1975-1977, Ramesh Subramanian

Journal of International Technology and Information Management

Information and Communications technologies (ICT) pervade society. The Internet, wireless communication, and social media are ubiquitous in and indispensable in society today. As they continue to grow and mushroom, there are new and increased calls from various segments of the society such as technologists, activists, sociologists, and legal experts, who issue warnings on the more nefarious and undesirable uses of ICTs, especially by governments. In fact, government control and surveillance using ICTs is not a new phenomenon. By looking at history, we are able to see several instances when ICTs have been used by governments to control, surveil, and infringe …

Learning From Digital Failures? The Effectiveness Of Firms’ Divestiture And Management Turnover Responses To Data Breaches, Gui-Deng Say, Gurneeta Vasudeva

Research Collection Lee Kong Chian School Of Business

We examine whether firms learn from digital technology failures in the form of data breach events, based on the effectiveness of their failure responses. We argue that firms experiencing such technological failures interpret them broadly as organizational problems, and undertake unrelated divestitures and top management turnover to achieve better standardization and to remove dysfunctional routines. We test our hypotheses on unrelated subsidiary divestitures and chief technology officer (CTO) turnovers undertaken by 8,760 publicly traded U.S. firms that were at risk of experiencing data breaches in- volving the loss of personally identifiable information during the period 2005–2016. We find that data …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

Project Insight: A Granular Approach To Enterprise Cybersecurity, Sunna Quazi, Adam Baca, Sam Darsche

SMU Data Science Review

In this paper, we disambiguate risky activity corporate users are propagating with their software in real time by creating an enterprise security visualization solution for system administrators. The current problem in this domain is the lag in cyber intelligence that inhibits preventative security measure execution. This is partially due to the overemphasis of network activity, which is a nonfinite dataset and is difficult to comprehensively ingest with analytics. We address these concerns by elaborating on the beta of a software called "Insight" created by Felix Security. The overall solution leverages endpoint data along with preexisting whitelist/blacklist designations to unambiguously communicate …

Aviation Cybersecurity: An Overview, Gary C. Kessler, J. Philip Craiger

J. Philip Craiger, Ph.D.

Information security—aka cybersecurity—is the most rapidly growing threat to critical infrastructures, including the aviation industry. Due to the plethora of digital devices, ubiquity of the Internet and other networks, and the rapid growth in the adoption of technology, everyone is an information system security manager. Every professional in the aviation and aeronautics industry use computers, mobile devices, tablets, GPS devices, and/or other hardware on a daily basis, as well as go online for a variety of reasons.

Attacks on information have been ongoing since the inception of the industry a hundred years ago, in such forms as intellectual property theft …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

Aviation Cybersecurity: An Overview, Gary C. Kessler, J. Philip Craiger

National Training Aircraft Symposium (NTAS)

Information security—aka cybersecurity—is the most rapidly growing threat to critical infrastructures, including the aviation industry. Due to the plethora of digital devices, ubiquity of the Internet and other networks, and the rapid growth in the adoption of technology, everyone is an information system security manager. Every professional in the aviation and aeronautics industry use computers, mobile devices, tablets, GPS devices, and/or other hardware on a daily basis, as well as go online for a variety of reasons.

Attacks on information have been ongoing since the inception of the industry a hundred years ago, in such forms as intellectual property theft …

Autonomous Cars And The Anonymous Threat: The Immediate Need For Cybersecurity Legislation For Self-Driving Vehicles, Forrest Albiston

Brigham Young University Prelaw Review

This paper addresses the immediate need for cybersecurity regulations on self-driving cars. The focus of this paper is to discuss the urgency of these laws and put forth the SPY Car Act of 2017 as a solution with some edits. This Act will help ensure the safety of US citizens and will also benefit businesses.

Breadcrumbs: Privacy As A Privilege, Prachi Bhardwaj

Capstones

Breadcrumbs: Privacy as a Privilege Abstract

By: Prachi Bhardwaj

In 2017, the world saw more data breaches than in any year prior. The count was more than the all-time high record in 2016, which was 40 percent more than the year before that.

That’s because consumer data is incredibly valuable today. In the last three decades, data storage has gone from being stored physically to being stored almost entirely digitally, which means consumer data is more accessible and applicable to business strategies. As a result, companies are gathering data in ways previously unknown to the average consumer, and hackers are …

The Future Of Nuclear Security: A Medical Physicist’S Perspective, Katharine E. Thomson

International Journal of Nuclear Security

Planning for the future of nuclear security is a vital and complex task, requiring cooperation and contribution from many disciplines and industries. This diversity of expertise should include the medical sector, which faces many of the same challenges as the nuclear industry: controlling access to dangerous material, creating a strong security culture, cooperating with the wider world and engaging the public.

Medical physicists, of which the author is one, oversee all aspects of small-scale radiation use. This paper discusses three key areas increasingly important to both medical and nuclear uses of radioactive materials: public engagement, prevention of nuclear and radiological …