Engineering Commons^™

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

Emergent Ai, Social Robots And The Law: Security, Privacy And Policy Issues, Ramesh Subramanian

Journal of International Technology and Information Management

The rapid growth of AI systems has implications on a wide variety of fields. It can prove to be a boon to disparate fields such as healthcare, education, global logistics and transportation, to name a few. However, these systems will also bring forth far-reaching changes in employment, economy and security. As AI systems gain acceptance and become more commonplace, certain critical questions arise: What are the legal and security ramifications of the use of these new technologies? Who can use them, and under what circumstances? What is the safety of these systems? Should their commercialization be regulated? What are the …

An Exploration Of Mobile Device Security Artifacts At Institutions Of Higher Education, Amita Goyal Chin, Diania Mcrae, Beth H. Jones, Mark A. Harris

Journal of International Technology and Information Management

The explosive growth and rapid proliferation of smartphones and other mobile

devices that access data over communication networks has necessitated advocating

and implementing security constraints for the purpose of abetting safe computing.

Remote data access using mobile devices is particularly popular among students at

institutions of higher education. To ensure safe harbor for constituents, it is

imperative for colleges and universities to establish, disseminate, and enforce

mobile device security artifacts, where artifacts is defined as policies, procedures,

guidelines or other documented or undocumented protocols. The purpose of this

study is to explore the existence of, specific content of, and the …

Slides: Ag Water Sharing: Legal Challenges And Considerations, Peter D. Nichols

Innovations in Managing Western Water: New Approaches for Balancing Environmental, Social and Economic Outcomes (Martz Summer Conference, June 11-12)

Presenter: Peter D. Nichols, Esq., Partner, Berg, Hill, Greenleaf and Ruscitti, Boulder, CO

25 slides

The Future Of National And International Security On The Internet, Maurice Dawson, Marwan Omar, Jonathan Abramson, Dustin Bessette

Maurice Dawson

Hyperconnectivity is a growing trend that is driving cyber security experts to develop new security architectures for multiple platforms such as mobile devices, laptops, and even wearable displays. The futures of national and international security rely on complex countermeasures to ensure that a proper security posture is maintained during this state of hyperconnectivity. To protect these systems from exploitation of vulnerabilities it is essential to understand current and future threats to include the laws that drive their need to be secured. Examined within this chapter are the potential security-related threats with the use of social media, mobile devices, virtual worlds, …

Privacy Issues And Solutions In Social Network Sites, Xi Chen, Katina Michael

Associate Professor Katina Michael

The boom of the internet and the explosion of new technologies have brought with them new challenges and thus new connotations of privacy. Clearly, when people deal with e-government and e-business, they do not only need the right to be let alone, but also to be let in secret. Not only do they need freedom of movement, but also to be assured of the secrecy of their information. Solove [6] has critiqued traditional definitions of privacy and argued that they do not address privacy issues created by new online technologies. Austin [7] also asserts: “[w]e do need to sharpen and …

Book Review: Handbook On Securing Cyber-Physical Critical Infrastructure: Foundations And Challenges (Written By Sajal K. Das, Krishna Kant, Nan Zhang), Katina Michael

Professor Katina Michael

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Book Review Of Hacking: The Next Generation (Written By Nitesh Dhanjani, Billy Rios & Brett Hardin), Katina Michael

Professor Katina Michael

Hacking: The Next Generation demonstrates just how hackers continue to exploit “back doors”. New ways of working and new ways of communicating have meant that the number of attack vectors continue to rise rapidly. This provides hackers with a greater number of opportunities to penetrate systems using blended approaches while organizations struggle to come up to speed with the latest technology developments and commensurate security capabilities. Dealing with anticipated threats is a lot harder than dealing with known threats.

Book Review: Securing The Cloud: Cloud Computer Security Techniques And Tactics, Katina Michael

Associate Professor Katina Michael

With so much buzz around Cloud Computing, books like this one written by Winkler are much in demand. Winkler’s experience in the computing business shines through and as readers we are spoiled with a great deal of useful strategic information- a jam packed almost 300 page volume on securing the cloud.

Book Review: Security Risk Management: Building An Information Security Risk Management Program From The Ground Up, Katina Michael

Associate Professor Katina Michael

In an age of outsourcing tasks that are not considered to be a core competency of the business, organisations have often relied on external consultants for matters pertaining to security. In actual fact, most companies could have utilized existing skill-sets in-house to produce a security risk management program, if only they knew what steps to take, and how to go about it all. Evan Wheeler in his book on information security risk management does just that- he equips professionals tasked with security, with the thinking required to create a program that is more preoccupied with the complex strategic-level questions than …

More Secure Passwords, Scott Magruder, Stanley X. Lewis Jr

Journal of International Technology and Information Management

Passwords are often the first line of defense against hackers trying to logon to a user’s account. Due to this, the password that a user selects for protection of their account is critical. These passwords must be “good” passwords that are not easily cracked. However, how does the network administrator enforce this? A simple change to the login process can make the passwords chosen by users much more secure. A description of this simple process is given in this paper. The normal login process is described. A description of the how hackers attempt to crack passwords is given. The simple …

Improving The Judicial System To Handle Computer Crime, Gerald V. Post, Albert Kagan

Journal of International Technology and Information Management

This paper asked professionals in the legal system to evaluate the current state and effectiveness of laws to identify and deter computer crime. Responses were evaluated with a formal structural equation model. The results generally show that legal professionals believe potential jurors have minimal knowledge of computer crime issues. More importantly, they also believe that judges have little knowledge or experience. A similar lack of knowledge by defense attorneys indicates that it could be difficult for a person accused of computer related infractions to find adequate representation. On the other hand, more experienced participants do not believe computer laws present …

The Role Of Quantitative Analysis In The Information Security Systems Development Lifecycle, Stephen R. Rosenkranz, Michael E. Busing, Faye P. Teer, Karen A. Forcht

Journal of International Technology and Information Management

Today’s numerous Quantitative Analysis (QA) tools have been successfully utilized to solve business problems in diverse applications. However, the application of QA tools in solving information security problems has been sparse. Devising the means and ways to use QA tools in resolving industry-wide security problems has the potential to yield enormous global economic benefit. The purpose of this paper is to explore the use of QA tools as a means of improving the processes involved in the Information Security Systems Development Lifecycle (SecSDL). Information security professionals use the SecSDL as a guide for formulating a comprehensive information security program. The …