Physical Sciences and Mathematics Commons^™

Cybersecurity (Cs 3550): Lecture 12: Network & Endpoint Security, Michael Whiteman, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for the course: CIS 3550: Cybersecurity - "12: Network & Endpoint Security" delivered at Baruch College in Spring 2020 by Michael Whiteman as part of the Tech-in-Residence Corps program.

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Confidentiality, Integrity, Availability, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Confidentiality, Integrity, Availability" (Week One) delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Vulnerabilities And Exploits, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Vulnerabilities and Exploits" (Week Two) delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Encryption And Hashing, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Encryption and Hashing" (Week Four) delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the NYC Tech-in-Residence Corps program.

Cis 356 - Fundamentals Of Cybersecurity And Intelligence Gathering, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for the course: CIS 356: "Fundamentals of Cybersecurity and Intelligence Gathering" delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Case Study Assignment, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Assignment for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Case Study Assignment" delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356-Zi81: Intermediate-Level Topics In Computer Applications (Spring 2020), Fahad Choudhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for CIS 356-ZI81: Intermediate-Level Topics in Computer Applications (Spring 2020)

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Hackers, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Hackers" (Week Three) delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the NYC Tech-in-Residence Corps program.

A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey

Honors Program Contracts

Adversaries launch cyberattacks or cyber-exploits with contrasting intentions and desired outcomes. A cyberattack is a malicious attempt by a state, third party, or individual to disrupt a computer’s network; whereas, a cyber-exploit is an action that uncovers and steals “confidential” information from a computer’s data. 1 Within this research paper, the main adversary of such cyberattacks and/or exploits will be the nation-state. The victims of these cyberattacks will range from multinational corporations, such as Sony, to nuclear programs in Iran. This essay will focus on four motivations behind such cyberattacks: (1) private sector hacking (the theft of intellectual property) (2) …

Account Recovery Methods For Two-Factor Authentication (2fa): An Exploratory Study, Lauren Nicole Tiller

Psychology Theses & Dissertations

System administrators have started to adopt two-factor authentication (2FA) to increase user account resistance to cyber-attacks. Systems with 2FA require users to verify their identity using a password and a second-factor authentication device to gain account access. This research found that 60% of users only enroll one second-factor device to their account. If a user’s second factor becomes unavailable, systems are using different procedures to ensure its authorized owner recovers the account. Account recovery is essentially a bypass of the system’s main security protocols and needs to be handled as an alternative authentication process (Loveless, 2018). The current research aimed …

An Empirical Assessment Of The Effectiveness Of Deception For Cyber Defense, Kimberly J. Ferguson-Walter

Doctoral Dissertations

The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques. The Tularosa Study, was designed and conducted to understand how defensive deception, both cyber and psychological, affects cyber attackers Ferguson-Walter et al. [2019c]. More specifically, for this empirical study, cyber deception refers to a decoy system and psychological deception refers to false information of the presence of defensive deception techniques on the network. Over 130 red teamers participated in a network penetration test over two days in which we controlled both the presence of and explicit mention of …

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit

Theses and Dissertations

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …

Development And Evaluation Of A Security Agent For Internet Of Things, Youngjun Park

Theses and Dissertations

The proposed security agent, Internet of Things Active Management Unit (IoTAMU), provides confidentiality of IoT networks via the following capabilities: (1) authentication, (2) firewall, (3) encryption, and (4) spoofing. To test the spoofer's effect, an Identical Device Model Classifier (IDMC) is developed, which measures the similarities of the observed network signatures of each pair of devices, and recognize identical model devices. The IDMC performs well in baseline network settings without the spoofer, achieving 100% precision, recall, and specificity at high threshold (SS>0.9). When the spoofer is enabled, none of the identical pairs are identified at high threshold, and up …

Interoperable Ads-B Confidentiality, Brandon C. Burfeind

Theses and Dissertations

The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …

A Reverse Digital Divide: Comparing Information Security Behaviors Of Generation Y And Generation Z Adults, Scott M. Debb, Daniel R. Schaffer, Darlene G. Colson

International Journal of Cybersecurity Intelligence & Cybercrime

How individuals conceptualize their accountability related to digital technology. There may also be age-based vulnerabilities resulting from personal perceptions about the importance of engaging in best-practices. However, age may not be as critical as experience when it comes to implementation of these behaviors. Using the Cybersecurity Behaviors subscale of the Online Security Behaviors and Beliefs Questionnaire (OSBBQ), this study compared the self-reported cybersecurity attitudes and behaviors across college-aged individuals from Generation Y and Generation Z. Data were derived from a convenience sample of predominantly African-American and Caucasian respondents (N=593) recruited from two public universities in Virginia, USA. Four of the …

Book Review: The Cyber Risk Handbook By Domenic Antonucci, Stanley Mierzwa

International Journal of Cybersecurity Intelligence & Cybercrime

No abstract provided.

Review Of Fundamental To Know About The Future, Hannarae Lee

International Journal of Cybersecurity Intelligence & Cybercrime

What we consider fundamental elements can be easily overlooked or perceived as facts without the process of empirical testing. Especially in the field of cybercrime and cybersecurity, there are more speculations regarding the prevalence and the scope of harm carried out by wrongdoers than empirically tested studies. To fill the void, three articles included in the current issue addresses empirical findings of fundamental concerns and knowledge in the field of cybercrime and cybersecurity.

Harnessing Artificial Intelligence Capabilities To Improve Cybersecurity, Sherali Zeadally, Erwin Adi, Zubair Baig, Imran A. Khan

Information Science Faculty Publications

Cybersecurity is a fast-evolving discipline that is always in the news over the last decade, as the number of threats rises and cybercriminals constantly endeavor to stay a step ahead of law enforcement. Over the years, although the original motives for carrying out cyberattacks largely remain unchanged, cybercriminals have become increasingly sophisticated with their techniques. Traditional cybersecurity solutions are becoming inadequate at detecting and mitigating emerging cyberattacks. Advances in cryptographic and Artificial Intelligence (AI) techniques (in particular, machine learning and deep learning) show promise in enabling cybersecurity experts to counter the ever-evolving threat posed by adversaries. Here, we explore AI's …

Divergent Student Views Of Cybersecurity, Susan E. Ramlo, John B. Nicholas

Journal of Cybersecurity Education, Research and Practice

Cybersecurity is a worldwide issue and concern. Prior studies indicate that many people do not use cybersecurity best practices. Although these prior studies used large-scale surveys or interviews, this study used Q methodology [Q] because Q provides greater insight than Likert-format surveys. In fact, Q was created to scientifically study subjectivity. Within a Q study, various stages as well as philosophical, epistemological, and ontological principles represent a complete methodology. At first, Q researchers collect items that represent the broad range of communications about the topic (called the concourse). Although the items can be pictures, scents, or other means of communication, …

Teaching About The Dark Web In Criminal Justice Or Related Programs At The Community College And University Levels., Scott H. Belshaw, Brooke Nodeland, Lorrin Underwood, Alexandrea Colaiuta

Journal of Cybersecurity Education, Research and Practice

Increasingly, criminal justice practitioners have been called on to help solve breaches in cyber security. However, while the demand for criminal justice participation in cyber investigations increases daily, most universities are lagging in their educational and training opportunities for students entering the criminal justice fields. This article discusses the need to incorporate courses discussing the Dark Web in criminal justice. A review of existing cyber-criminal justice programs in Texas and nationally suggests that most community colleges and 4-year universities have yet to develop courses/programs in understanding and investigating the Dark Web on the internet. The Dark Web serves as the …

A Mixed Public-Private Partnership Approach For Cyber Resilience Of Space Technologies, Bilge Karabacak, Gokhan Ikitemur, Andy Igonor

All Faculty and Staff Scholarship

Governments today emphasize space systems as critical infrastructures. Many vital services, including communications, transportation, and maritime operations, depend on space systems. Cyber systems represent an essential component that enables effective functioning, configuration, and monitoring of technological space services. Space systems possess unique vulnerabilities and properties that attract the attention of hackers, and often with varying motivations. The private sector increasingly participates in the production of space technologies, and as a result of the differences in perceptions and priorities of governments and the private sector, handling the challenges of governance as it relates to the cybersecurity of space systems presents an …

Sns Use, Risk, And Executive Behavior, Andrew Green

CCE Theses and Dissertations

Andrew Green April 2020 Personal social networking sites (SNS) are popular outlets for people to share information about themselves, their family and friends, and their personal and professional lives. On the surface, the information shared may seem to be innocuous or nonthreatening. However, prior studies have shown that cybercriminals can take information shared via personal SNS and use it to conduct attacks against organizations. Organization executives are of particular interest to cybercriminals because they have access to sensitive data, and they also have the ability to command actions from their subordinates. The purpose of this study was to explore what …

An Empirical Assessment Of Audio/Visual/Haptic Alerts And Warnings To Mitigate Risk Of Phishing Susceptibility In Emails On Mobile Devices, Molly Marie Cooper

CCE Theses and Dissertations

Phishing emails present a threat to both personal and organizational data. Phishing is a cyber-attack using social engineering. About 94% of cybersecurity incidents are due to phishing and/or social engineering. A significant volume of prior literature documented that users are continuing to click on phishing links in emails, even after phishing awareness training. It appears there is a strong need for creative ways to alert and warn users to signs of phishing in emails.

The main goal of the experiments in this study was to measure participants’ time for recognizing signs of phishing in emails, thus, reducing susceptibility to phishing …

Cybersecurity Risk-Responsibility Taxonomy: The Role Of Cybersecurity Social Responsibility In Small Enterprises On Risk Of Data Breach, Keiona Davis

CCE Theses and Dissertations

With much effort being placed on the physical, procedural, and technological solutions for Information Systems (IS) cybersecurity, research studies tend to focus their efforts on large organizations while overlooking very smaller organizations (below 50 employees). This study addressed the failure to prevent data breaches in Very Small Enterprises (VSEs). VSEs contribute significantly to the economy, however, are more prone to cyber-attacks due to the limited risk mitigations on their systems and low cybersecurity skills of their employees. VSEs utilize Point-of-Sale (POS) systems that are exposed to cyberspace, however, they are often not equipped to prevent complex cybersecurity issues that can …

The Social Media Machines: An Investigation Of The Effect Of Trust Moderated By Disinformation On Users’ Decision-Making Process, Zulma Valedon Westney

CCE Theses and Dissertations

Social media networking sites (SMNS) have become a popular communications medium where users share information, knowledge, and persuasion. In less than two decades, social media's (SM) dominance as a communication medium can't be disputed, for good or evil. Combined with the newly found immediacy and pervasiveness, these SM applications' persuasive power are useful weapons for organizations, angry customers, employees, actors, and activists bent on attacking or hacking other individuals, institutions, or systems. Consequently, SM has become the preferred default mechanism of news sources; however, users are unsure if the information gathered is true or false. According to the literature, SMNS …

Protecting The Protector: Mapping The Key Terrain That Supports The Continuous Monitoring Mission Of A Cloud Cybersecurity Service Provider, Chris Bush

CCE Theses and Dissertations

Key terrain is a concept that is relevant to warfare, military strategy, and tactics. A good general maps out terrain to identify key areas to protect in support of a mission (i.e., a bridge allowing for mobility of supplies and reinforcements). Effective ways to map terrain in Cyberspace (KT-C) has been an area of interest for researchers in Cybersecurity ever since the Department of Defense designated Cyberspace as a warfighting domain. The mapping of KT-C for a mission is accomplished by putting forth efforts to understand and document a mission's dependence on Cyberspace and cyber assets. A cloud Cybersecurity Service …

Strategies Used To Mitigate Social Engineering Attacks, Lindiwe T. Hove

Walden Dissertations and Doctoral Studies

Cybercriminal activity performed widely through social engineering attacks is estimated to be one of the substantial challenges the world will face over the next 20 years. Cybercriminal activity is important to chief information security officers (CISOs) because these attacks represent the largest transfer of economic wealth in history and pose risks to the incentives for organizational innovation and investment and eventually become more profitable than the global trade of all major illegal drugs combined. Grounded in the balanced control theory, the purpose of this multiple case study was to explore strategies CISOs use to mitigate social engineering attacks within their …

Cybersecurity Using Risk Management Strategies Of U.S. Government Health Organizations, Ian Cornelius Wilkinson

Walden Dissertations and Doctoral Studies

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to …

Topical Review Of Vulnerability Management For Local Hampton Roads Industry, Gregory W. Hubbard Jr., Matthew Eunice

OUR Journal: ODU Undergraduate Research Journal

The progress towards an interconnected digital world offers an exciting level of advancement for humanity. Unfortunately, this “online” connection is not safe from the threats and dangers typically associated with physical operations. With the foundation of Cyber Command of DoD cyberspace, the United States Government is taking a prominent stance in cyberspace operations. Like the federal government, both industries and individuals are not immune and are oftentimes unknowingly at risk to cyberattack. This report hopes to bring awareness to common vulnerabilities in multi-user networks by describing a historical background on cyber security as well as outlining current methods of vulnerability …

Study Of The Feasibility Of A Virtual Environment For Home User Cybersecurity, Sean Powell

OUR Journal: ODU Undergraduate Research Journal

This research focuses on the average home computer user’s ability to download, install and manage a virtual machine software program. The findings of this research is to be used as a foundation to the possibility of using a virtual machine software program as another form of defense for the home user’s computer. Virtual machines already have various uses, some in the cybersecurity field; this possibility could add another useful application for the software program. This research is conducted by monitoring volunteers’ ability to download, install, set up, and perform basic instructions on the virtual environment. It was from the volunteers’ …