Physical Sciences and Mathematics Commons^™

The Effects Of Security Framing, Time Pressure, And Brand Familiarity On Risky Mobile Application Downloads, Cody Parker

Psychology Theses & Dissertations

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect …

Digital Identity: A Human-Centered Risk Awareness Study, Toufic N. Chebib

USF Tampa Graduate Theses and Dissertations

Cybersecurity threats and compromises have been at the epicenter of media attention; their risk and effect on people’s digital identity is something not to be taken lightly. Though cyber threats have affected a great number of people in all age groups, this study focuses on 55 to 75-year-olds, as this age group is close to retirement or already retired. Therefore, a notable compromise impacting their digital identity can have a major impact on their life.

To help guide this study, the following research question was formulated, “What are the risk perceptions of individuals, between the ages of 55 and 75 …

Cyber-Situational Crime Prevention And The Breadth Of Cybercrimes Among Higher Education Institutions, Sinchul Back, Jennifer Laprade

International Journal of Cybersecurity Intelligence & Cybercrime

Academic institutions house enormous amounts of critical information from social security numbers of students to proprietary research data. Thus, maintaining up to date cybersecurity practices to protect academic institutions’ information and facilities against cyber-perpetrators has become a top priority. The purpose of this study is to assess common cybersecurity measures through a situational crime prevention (SCP) theoretical framework. Using a national data set of academic institutions in the United States, this study investigates the link between common cybersecurity measures, crime prevention activities, and cybercrimes. By focusing on the conceptualization of cybersecurity measures as SCP techniques, this study also offers the …

Proposal For The Development And Addition Of A Cybersecurity Assessment Section Into Technology Involving Global Public Health, Stanley Mierzwa, Saumya Ramarao, Jung Ah Yun, Bok Gyo Jeong

International Journal of Cybersecurity Intelligence & Cybercrime

This paper discusses and proposes the inclusion of a cyber or security risk assessment section during the course of public health initiatives involving the use of information and communication computer technology. Over the last decade, many public health research efforts have included information technologies such as Mobile Health (mHealth), Electronic Health (eHealth), Telehealth, and Digital Health to assist with unmet global development health needs. This paper provides a background on the lack of documentation on cybersecurity risks or vulnerability assessments in global public health areas. This study suggests existing frameworks and policies be adopted for public health. We also propose …

Toward Mitigating, Minimizing, And Preventing Cybercrimes And Cybersecurity Risks, Claire Seungeun Lee

International Journal of Cybersecurity Intelligence & Cybercrime

Cybercrime and cybersecurity are emerging fields of research, shaped by technological developments. Scholars in these interconnected fields have studied different types of cybercrimes as well as victimization and offending. Increasingly, some of these scholars have focused on the ways in which cybercrimes can be mitigated, minimized, and even prevented. However, such strategies are often difficult to achieve in reality due to the human and technical factors surrounding cybercrimes. In this issue of the International Journal of Cybersecurity Intelligence and Cybercrime, three papers adequately address such challenges using college student samples and nationally representative samples, as well as a framework through …

Lecture - Csci 275: Linux Systems Administration And Security, Moe Hassan, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for CSCI 275: Linux Systems Administration and Security

A Survey On Securing Personally Identifiable Information On Smartphones, Dar’Rell Pope, Yen-Hung (Frank) Hu, Mary Ann Hoppa

Virginia Journal of Science

With an ever-increasing footprint, already topping 3 billion devices, smartphones have become a huge cybersecurity concern. The portability of smartphones makes them convenient for users to access and store personally identifiable information (PII); this also makes them a popular target for hackers. This survey shares practical insights derived from analyzing 16 real-life case studies that exemplify: the vulnerabilities that leave smartphones open to cybersecurity attacks; the mechanisms and attack vectors typically used to steal PII from smartphones; the potential impact of PII breaches upon all parties involved; and recommended defenses to help prevent future PII losses. The contribution of this …

Toward A Sustainable Cybersecurity Ecosystem, Shahrin Sadik, Mohiuddin Ahmed, Leslie F. Sikos, A.K.M. Najmul Islam

Research outputs 2014 to 2021

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Cybersecurity issues constitute a key concern of today’s technology-based economies. Cybersecurity has become a core need for providing a sustainable and safe society to online users in cyberspace. Considering the rapid increase of technological implementations, it has turned into a global necessity in the attempt to adapt security countermeasures, whether direct or indirect, and prevent systems from cyberthreats. Identifying, characterizing, and classifying such threats and their sources is required for a sustainable cyber-ecosystem. This paper focuses on the cybersecurity of smart grids and the emerging trends such as using blockchain in …

Is The Transit Industry Prepared For The Cyber Revolution? Policy Recommendations To Enhance Surface Transit Cyber Preparedness, Scott Belcher, Terri Belcher, Eric Greenwald, Brandon Thomas

Mineta Transportation Institute

The intent of this study is to assess the readiness, resourcing, and structure of public transit agencies to identify, protect from, detect, respond to, and recover from cybersecurity vulnerabilities and threats. Given the multitude of connected devices already in use by the transit industry and the vast amount of data generated (with more coming online soon), the transit industry is vulnerable to malicious cyber-attack and other cybersecurity-related threats. This study reviews the state of best cybersecurity practices in public surface transit; outlines U.S. public surface transit operators’ cybersecurity operations; assesses U.S. policy on cybersecurity in public surface transportation; and provides …

First Year Students' Experience In A Cyber World Course - An Evaluation, Frank Breitinger, Ryan Tully-Doyle, Kristen Przyborski, Lauren Beck, Ronald S. Harichandran

Electrical & Computer Engineering and Computer Science Faculty Publications

Although cybersecurity is a major present concern, it is not a required subject in University. In response, we developed Cyber World which introduces students to eight highly important cybersecurity topics (primarily taught by none cybersecurity experts). We embedded it into our critical thinking Common Course (core curriculum) which is a team-taught first-year experience required for all students. Cyber World was first taught in Fall 2018 to a cohort of over 150 students from various majors at the University of New Haven. This article presents the evaluation of our Fall taught course. In detail, we compare the performance of Cyber World …

Malaware Defensive: A Game To Train Users To Combat Malware, Tyler Moon, Tamirat Abegaz, Bryson Payne, Abi Salimi

Journal of Cybersecurity Education, Research and Practice

Several research findings indicate that basic cyber hygiene can potentially deter the majority of cyber threats. One of the ways cybersecurity professionals can prepare users to ensure proper hygiene is to help them develop their ability to spot the difference between normal and abnormal behavior in a computer system. Malware disrupts the normal behavior of a computer system. The lack of appropriate user training has been one of the main reasons behind the exposure of computer systems to threats, from social engineering to viruses, trojans, and ransomware. Basic knowledge about common behavioral characteristics of malware could help users identify potentially …

Cybersecurity, Digital Forensics, And Mobile Computing: Building The Pipeline Of Next-Generation University Graduates Through Focused High School Summer Camps, Mahmoud K. Quweider, Fitratullah Khan, Liyu Zhang, Lei Xu, Yessica Rodriguez, Yessenia Rodriguez

Computer Science Faculty Publications and Presentations

To prepare the next generation of skilled university graduates that would help in filling the national need for cybersecurity, digital forensics, and mobile computing professionals, a team of minority/under-represented graduate students, the University Upward Bound Program (a federally funded program and part of the U.S. Department of Education; one of 967 programs nationwide) staff, and faculty from the Computer Science (CS) department got together and proposed a focused 10-week long funded summer camp for two local high schools with the following objectives:

1. Provide graduate students to instruct in the areas of` mobile application development, forensics and cyber Security.

2. …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Cybersecurity Methods For Grid-Connected Power Electronics, Stephen Joe Moquin

Graduate Theses and Dissertations

The present work shows a secure-by-design process, defense-in-depth method, and security techniques for a secure distributed energy resource. The distributed energy resource is a cybersecure, solar inverter and battery energy storage system prototype, collectively called the Cybersecure Power Router. Consideration is given to the use of the Smart Green Power Node for a foundation of the present work. Metrics for controller security are investigated to evaluate firmware security techniques. The prototype's ability to mitigate, respond to, and recover from firmware integrity degradation is examined. The prototype shows many working security techniques within the context of a grid-connected, distributed energy resource. …

Data Breach Consequences And Responses: A Multi-Method Investigation Of Stakeholders, Hamid Reza Nikkhah

Graduate Theses and Dissertations

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the …

Faculty Perceptions Of Open Educational Resources In Cyber Curriculum: A Pilot Study, Alan Stines

Masters Theses & Doctoral Dissertations

The cyber landscape is growing and evolving at a fast pace. Public and private industries need qualified applicants to protect and defend information systems that drive the digital economy. Currently, there are not enough candidates in the pipeline to fill this need in the workforce. The digital economy is still growing, thus presenting an even greater need for skilled workers in the future. The lack of a strong workforce in cybersecurity presents many challenges to safeguarding U.S. national security and citizens across the world. The William and Flora Hewlett Foundation defines Open Educational Resources (OER) as teaching, learning, and research …

Mitigating Safety Concerns And Profit/Production Losses For Chemical Process Control Systems Under Cyberattacks Via Design/Control Methods, Helen Durand, Matthew Wegener

Chemical Engineering and Materials Science Faculty Research Publications

One of the challenges for chemical processes today, from a safety and profit standpoint, is the potential that cyberattacks could be performed on components of process control systems. Safety issues could be catastrophic; however, because the nonlinear systems definition of a cyberattack has similarities to a nonlinear systems definition of faults, many processes have already been instrumented to handle various problematic input conditions. Also challenging is the question of how to design a system that is resilient to attacks attempting to impact the production volumes or profits of a company. In this work, we explore a process/equipment design framework for …

Csci 380 - Digital Operations And Cybersecurity Management (Syllabus), Eric Spector, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for the course "CSCI 380 - Digital Operations and Cybersecurity Management" delivered at the John Jay COllege in Spring 2020 by Eric Spector as part of the Tech-in-Residence Corps program.

Cis 356 - Fundamentals Of Cybersecurity And Intelligence Gathering, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for the course: CIS 356: "Fundamentals of Cybersecurity and Intelligence Gathering" delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Case Study Assignment, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Assignment for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Case Study Assignment" delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356-Zi81: Intermediate-Level Topics In Computer Applications (Spring 2020), Fahad Choudhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for CIS 356-ZI81: Intermediate-Level Topics in Computer Applications (Spring 2020)

A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey

Honors Program Contracts

Adversaries launch cyberattacks or cyber-exploits with contrasting intentions and desired outcomes. A cyberattack is a malicious attempt by a state, third party, or individual to disrupt a computer’s network; whereas, a cyber-exploit is an action that uncovers and steals “confidential” information from a computer’s data. 1 Within this research paper, the main adversary of such cyberattacks and/or exploits will be the nation-state. The victims of these cyberattacks will range from multinational corporations, such as Sony, to nuclear programs in Iran. This essay will focus on four motivations behind such cyberattacks: (1) private sector hacking (the theft of intellectual property) (2) …

Account Recovery Methods For Two-Factor Authentication (2fa): An Exploratory Study, Lauren Nicole Tiller

Psychology Theses & Dissertations

System administrators have started to adopt two-factor authentication (2FA) to increase user account resistance to cyber-attacks. Systems with 2FA require users to verify their identity using a password and a second-factor authentication device to gain account access. This research found that 60% of users only enroll one second-factor device to their account. If a user’s second factor becomes unavailable, systems are using different procedures to ensure its authorized owner recovers the account. Account recovery is essentially a bypass of the system’s main security protocols and needs to be handled as an alternative authentication process (Loveless, 2018). The current research aimed …

An Empirical Assessment Of The Effectiveness Of Deception For Cyber Defense, Kimberly J. Ferguson-Walter

Doctoral Dissertations

The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques. The Tularosa Study, was designed and conducted to understand how defensive deception, both cyber and psychological, affects cyber attackers Ferguson-Walter et al. [2019c]. More specifically, for this empirical study, cyber deception refers to a decoy system and psychological deception refers to false information of the presence of defensive deception techniques on the network. Over 130 red teamers participated in a network penetration test over two days in which we controlled both the presence of and explicit mention of …

Interoperable Ads-B Confidentiality, Brandon C. Burfeind

Theses and Dissertations

The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit

Theses and Dissertations

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …

Development And Evaluation Of A Security Agent For Internet Of Things, Youngjun Park

Theses and Dissertations

The proposed security agent, Internet of Things Active Management Unit (IoTAMU), provides confidentiality of IoT networks via the following capabilities: (1) authentication, (2) firewall, (3) encryption, and (4) spoofing. To test the spoofer's effect, an Identical Device Model Classifier (IDMC) is developed, which measures the similarities of the observed network signatures of each pair of devices, and recognize identical model devices. The IDMC performs well in baseline network settings without the spoofer, achieving 100% precision, recall, and specificity at high threshold (SS>0.9). When the spoofer is enabled, none of the identical pairs are identified at high threshold, and up …

A Reverse Digital Divide: Comparing Information Security Behaviors Of Generation Y And Generation Z Adults, Scott M. Debb, Daniel R. Schaffer, Darlene G. Colson

International Journal of Cybersecurity Intelligence & Cybercrime

How individuals conceptualize their accountability related to digital technology. There may also be age-based vulnerabilities resulting from personal perceptions about the importance of engaging in best-practices. However, age may not be as critical as experience when it comes to implementation of these behaviors. Using the Cybersecurity Behaviors subscale of the Online Security Behaviors and Beliefs Questionnaire (OSBBQ), this study compared the self-reported cybersecurity attitudes and behaviors across college-aged individuals from Generation Y and Generation Z. Data were derived from a convenience sample of predominantly African-American and Caucasian respondents (N=593) recruited from two public universities in Virginia, USA. Four of the …

Book Review: The Cyber Risk Handbook By Domenic Antonucci, Stanley Mierzwa

International Journal of Cybersecurity Intelligence & Cybercrime

No abstract provided.

Review Of Fundamental To Know About The Future, Hannarae Lee

International Journal of Cybersecurity Intelligence & Cybercrime

What we consider fundamental elements can be easily overlooked or perceived as facts without the process of empirical testing. Especially in the field of cybercrime and cybersecurity, there are more speculations regarding the prevalence and the scope of harm carried out by wrongdoers than empirically tested studies. To fill the void, three articles included in the current issue addresses empirical findings of fundamental concerns and knowledge in the field of cybercrime and cybersecurity.