Physical Sciences and Mathematics Commons^™

An Application Risk Assessment Of Werner Enterprises, Nathan Andres

Theses/Capstones/Creative Projects

Risk assessments provide a systematic approach to identifying potential risks that could negatively impact an organization’s operations, financial performance, and reputation. Using a risk assessment, companies can evaluate potential risks and vulnerabilities, prioritize them based on their potential impact, and develop strategies to manage and address these risks effectively.

Werner Enterprises Inc. is a nationally known trucking company headquartered in Omaha, Nebraska. Our cybersecurity capstone project motivation was to partner with Werner to produce an assessment of known application risks in a functional way that can be repeated for all of Werner’s applications. To achieve this, we created a risk …

Emerging Trends In Cybercrime Awareness In Nigeria, Ogochukwu Favour Nzeakor, Bonaventure N. Nwokeoma, Ibrahim Hassan, Benjamin Okorie Ajah, John T. Okpa

International Journal of Cybersecurity Intelligence & Cybercrime

The study examined the current trend in cybercrime awareness and the relationship such trend has with cybercrime vulnerability or victimization. Selecting a sample of 1104 Internet users from Umuahia, Abia State, Nigeria, We found that: 1) awareness of information security was high in that about 2 in every 3 (68%) participants demonstrated a favorable awareness of information security and cybercrime. It was, however, revealed that such a high level of awareness could be partial and weak. 2) most Internet users demonstrated the awareness of fraud-related cybercrime categories (39%), e-theft (15%), hacking (12%), and ATM theft (10%). However, they were rarely …

A Blockchain Based Policy Framework For The Management Of Electronic Health Record (Ehrs), Aysha Ali Mohammed Murad Qambar

Theses

The rapid development of information technology during the last decade has greatly influenced all aspects of society, including individuals and enterprise organizations. Adopting new technologies by individuals and organizations depends on several factors, such as usability, available resources, support needed for adoption benefits, and return on investment, to mention a few. When it comes to the adoption of new technologies, one of the main challenges faced by organizations is the ability to effectively incorporate such technologies into their enterprise solutions to maximize the expected benefits. For the last several years, Blockchain technology has become a popular trend in a variety …

Exploring Security Strategies To Protect Personally Identifiable Information In Small Businesses, Erin Banks

Walden Dissertations and Doctoral Studies

Organizations that do not adequately protect sensitive data are at high risk of data breaches. Organization leaders must protect confidential information as failing to do so could result in irreparable reputation damage, severe financial implications, and legal consequences. This study used a multiple case study design to explore small businesses’ strategies for protecting their customers’ PII against phishing attacks. This study’s population comprised information technology (IT) managers in small businesses in Northern Virginia. The conceptual framework used in this study was the technology acceptance model. Data collection was performed using telephone interviews with IT managers (n = 6) as well …

Medical Practitioners’ Intention To Use Secure Electronic Medical Records In Healthcare Organizations, Omar Enrique Sangurima

Walden Dissertations and Doctoral Studies

Medical practitioners have difficulty fully implementing secure electronic medical records (EMRs). Clinicians and medical technologists alike need to identify motivational factors behind secure EMR implementation to assure the safety of patient data. Grounded in the unified theory of acceptance and use of technology model, the purpose of this quantitative, correlational study was to examine the relationship between medical practitioners’ perceptions of performance expectancy, effort expectancy, social influence, facilitating conditions, and the intention to use secure EMRs in healthcare organizations. Survey data (N = 126) were collected from medical practitioners from the northeastern United States. The results of the multiple regression …

Lecture - Csci 275: Linux Systems Administration And Security, Moe Hassan, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for CSCI 275: Linux Systems Administration and Security

Denial Of Service Attacks: Difference In Rates, Duration, And Financial Damages And The Relationship Between Company Assets And Revenues, Abebe Gebreyes

Walden Dissertations and Doctoral Studies

AbstractDenial-of-service/distributed denial-of-service (DoS) attacks on network connectivity are a threat to businesses that academics and professionals have attempted to address through cyber-security practices. However, currently there are no metrics to determine how attackers target certain businesses. The purpose of this quantitative study was to address this problem by, first, determining differences among business sectors in rates and duration of attacks and financial damages from attacks and, second, examining relationship among assets and/or revenues and duration of attacks and financial damages. Cohen and Felson's routine activity theory and Cornish and Clarke's rational choice theory served as frameworks as they address the …

Cybersecurity Using Risk Management Strategies Of U.S. Government Health Organizations, Ian Cornelius Wilkinson

Walden Dissertations and Doctoral Studies

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to …

Combining Cryptographic Primitives According To Security Metrics And Vulnerabilities In Real Systems, Blerina Çeliku, Rafail Prodani, Emis Simo

UBT International Conference

There are so many applications and data that flow during our daily activities, either personal or institutional ones. Also the companies and business do transactions or their real operations through the Web and other Internet facilities. Security breaches are costing individuals or companies millions so information security has to be a major priority. There are several forms of security technology available, but encryption is one that everyday computer users should know about. Encryption and the performance of cryptographic algorithms are variable according to implemented platforms, software and hardware components or application scenarios. According to specific security metrics and requirements we …

Recommended Corrective Security Measures To Address The Weaknesses Identified Within The Shapash Nuclear Research Institute, Khadija Moussaid, Oum Keltoum Hakam

International Journal of Nuclear Security

The Shapash Nuclear Research Institute (SNRI) data book was issued by the International Atomic Energy Agency (IAEA) in 2013. The hypothetical facility data book describes the hypothetical site, which is divided into two areas: the low-security area, known as the administrative area, and the very high-security area, known as the protected area. The book contains detailed descriptions of each area’s safety and security measures, along with figures of multiple buildings in both areas, and also includes information about the site’s computer networks.

This paper aims to identify security weaknesses related to the institute’s location, the Administrative Area (AA), the Protected …

Examining The Influence Of Technology Acceptance, Self-Efficacy, And Locus Of Control On Information Security Behavior Of Social Media Users, Abdullah Almuqrin

Master's Theses and Doctoral Dissertations

Due to recent advances in online communication technology, social networks have become a vital avenue for human interaction. At the same time, they have been exploited as a target for viruses, attacks, and security threats. The first line of defense against such attacks and threats— as well as their primary cause—are social media users themselves. This study investigated the relationship between certain personality factors among social media users—i.e., technology acceptance of security protection technologies, self-efficacy of information security, and locus of control—and their information security behavior. Quantitative methods were used to examine this relationship. The population consisted of all students …

Identifying Factors Contributing Towards Information Security Maturity In An Organization, Madhuri M. Edwards

CCE Theses and Dissertations

Information security capability maturity (ISCM) is a journey towards accurate alignment of business and security objectives, security systems, processes, and tasks integrated with business-enabled IT systems, security enabled organizational culture and decision making, and measurements and continuous improvements of controls and governance comprising security policies, processes, operating procedures, tasks, monitoring, and reporting. Information security capability maturity may be achieved in five levels: performing but ad-hoc, managed, defined, quantitatively governed, and optimized. These five levels need to be achieved in the capability areas of information integrity, information systems assurance, business enablement, security processes, security program management, competency of security team, security …

An Enhanced Aodv Protocol For Avoiding Black Holes In Manet, Qussai M. Yaseen, Monther Aldwairi

All Works

© 2018 The Authors. Published by Elsevier Ltd. Black hole attack is one of the well-known attacks on Mobile Ad hoc Networks, MANET. This paper discusses this problem and proposes a new approach based on building a global reputation system that helps AODV protocol in selecting the best path to destination, when there is more than one possible route. The proposed protocol enhances the using of watchdogs in AODV by collecting the observations and broadcasting them to all nodes in the network using a low overhead approach. Moreover, the proposed protocol takes into account the detection challenge when a black …

Enhanced Version Control For Unconventional Applications, Ahmed Saleh Shatnawi

Theses and Dissertations

The Extensible Markup Language (XML) is widely used to store, retrieve, and share digital documents. Recently, a form of Version Control System has been applied to the language, resulting in Version-Aware XML allowing for enhanced portability and scalability. While Version Control Systems are able to keep track of changes made to documents, we think that there is untapped potential in the technology. In this dissertation, we present novel ways of using Version Control System to enhance the security and performance of existing applications. We present a framework to maintain integrity in offline XML documents and provide non-repudiation security features that …

The Dark Side Of Banning Hacking Technique Discussion, Qiu-Hong Wang, Ting Zhang Le

Research Collection School Of Computing and Information Systems

Prior studies have evidenced the effectiveness of more severe and broader enforcement in deterringcybercrimes. This study addresses the other side of the story. Our data analysis shows that theenforcement against the production / distribution / possession of computer misuse tools tends toincrease the contribution on detection and protection related posts in online hacker forums. Butthis enforcement may discourage those contributors who had originally actively contributed to theprotection discussions. Thus government regulations have to be cautiously justify the incentives ofmultiple parties in the cybersecurity context.

Core Elements In Information Security Accountability In The Cloud, Zahir Al-Rashdi, Martin Dick, Ian Storey

Australian Information Security Management Conference

This paper proposes 9 core elements of information security accountability in the area of cloud computing. The core elements were determined via a series of 18 case studies with Omani government organisations that were actively using and/or providing cloud computing. 36 interviews were conducted and then analysed using a grounded theory methodology As a result of the analysis, responsibility, transparency, assurance, remediation, accountability support environment, flexible change process, collaboration, mechanisms and commitment to external criteria. The research also found that the emphasis on specific core elements is context-dependent and that there was considerable variation in emphasis amongst the case study …

The Challenges Of Implementing Bring Your Own Device, Leslie Deshield

Walden Dissertations and Doctoral Studies

Research conducted by Tech Pro (2014) indicated that the Bring Your Own Device (BYOD) concept is gaining momentum with 74% of organizations already having some BYOD program or planning to implement one. While BYOD offers several benefits, it also presents challenges that concern information technology leaders and information security managers. This correlational study used the systems theory framework to examine the relationship between information security managers' intentions, perceptions of security, and compliance regarding BYOD implementation. Participants of the study consisted of information security managers in the eastern United States who had obtained the Certified Information Systems Manager certification. Data was …

An Exploratory Study Of The Approach To Bring Your Own Device (Byod) In Assuring Information Security, Coleen D. Santee

CCE Theses and Dissertations

The availability of smart device capabilities, easy to use apps, and collaborative capabilities has increased the expectations for the technology experience of employees. In addition, enterprises are adopting SaaS cloud-based systems that employees can access anytime, anywhere using their personal, mobile device. BYOD could drive an IT evolution for powerful device capabilities and easy to use apps, but only if the information security concerns can be addressed. This research proposed to determine the acceptance rate of BYOD in organizations, the decision making approach, and significant factors that led to the successful adoption of BYOD using the expertise of experienced internal …

Relationship Between Corporate Governance And Information Security Governance Effectiveness In United States Corporations, Robert Elliot Davis

Walden Dissertations and Doctoral Studies

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 …

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.

A Study Of Information Security Awareness Program Effectiveness In Predicting End-User Security Behavior, James Michael Banfield

Master's Theses and Doctoral Dissertations

As accessibility to data increases, so does the need to increase security. For organizations of all sizes, information security (IS) has become paramount due to the increased use of the Internet. Corporate data are transmitted ubiquitously over wireless networks and have increased exponentially with cloud computing and growing end-user demand. Both technological and human strategies must be employed in the development of an information security awareness (ISA) program. By creating a positive culture that promotes desired security behavior through appropriate technology, security policies, and an understanding of human motivations, ISA programs have been the norm for organizational end-user risk mitigation …

Exploring The Cybersecurity Hiring Gap, Adam O. Pierce

Walden Dissertations and Doctoral Studies

Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully …

Bounty Techniques For Web Vulnerability Scanning, Tanzer Abazi, Mentor Hoxhaj, Edmond Hajrizi, Gazmend Krasniqi

UBT International Conference

With the advancement of technology and the raising of massive amount of data, the used techniques for data security are continually a challenge. This paper contributes on identifying the gaps and evaluating security level on web portals hosted or managed by Republic of Kosovo institutions or businesses, whose data privacy and security could be a big business concern. The results have been obtained from real case scenario, where 25 security researchers have contributed in white hack activities. These activities, were part of a one day conference called. “The DAY when hacking is legal”, held in Pristine.

Workshop | Body Worn Video Recorders: The Socio-Technical Implications Of Gathering Direct Evidence, Katina Michael, Alexander Hayes

Alexander Hayes Mr.

- From in-car video recording to body-worn video recording

- Exploring available technologies: how do they work, pros and cons

- Storing direct evidence in secure storage: factors to consider

- Citizens “shooting” back with POV tech – what are their rights?

- Crowdsourced sousveillance- harnessing public data for forensic profiling

- Police force policies and practices on the application of new media

Loyalty Cards And The Problem Of Captcha: 2nd Tier Security And Usability Issues For Senior Citizens, David M. Cook, Apoorv Kumar, Charwina Unmar-Satiah

Australian Information Security Management Conference

Information Security often works in antipathy to access and useability in communities of older citizens. Whilst security features are required to prevent the disclosure of information, some security tools have a deleterious effect upon users, resulting in insecure practices. Security becomes unfit for purpose where users prefer to abandon applications and online benefits in favour of non-digital authentication and verification requirements. For some, the ability to read letters and symbols from a distorted image is a decidedly more difficult task than for others, and the resulting level of security from CAPTCHA tests is not consistent from person to person. This …

Secure Portable Execution And Storage Environments: A Capability To Improve Security For Remote Working, Peter James

Theses: Doctorates and Masters

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing …

Factors Impacting Information Security Noncompliance When Completing Job Tasks, Martha Nanette Harrell

CCE Theses and Dissertations

Work systems are comprised of the technical and social systems that should harmoniously work together to ensure a successful attainment of organizational goals and objectives. Information security controls are often designed to protect the information system and seldom consider the work system design. Using a positivist case study, this research examines the user's perception of having to choose between completing job tasks or remaining compliant with information security controls. An understanding of this phenomenon can help mitigate the risk associated with an information system security user's choice. Most previous research fails to consider the work system perspective on this issue. …

A Rapidly Moving Target: Conformance With E-Health Standards For Mobile Computing, Patricia A.H. Williams, Vincent B. Mccauley

Australian eHealth Informatics and Security Conference

The rapid adoption and evolution of mobile applications in health is posing significant challenges in terms of standards development, standards adoption, patient safety, and patient privacy. This is a complex continuum to navigate. There are many competing demands from the standards development process, to the use by clinicians and patients. In between there are compliance and conformance measures to be defined to ensure patient safety, effective use with integration into clinical workflow, and the protection of data and patient privacy involved in data collection and exchange. The result is a composite and intricate mixture of stakeholders, legislation, and policy together …

Information Security Management: Factors That Influence Security Investments In Smes, Zhi Xian Ng, Atif Ahmad, Sean B. Maynard

Australian Information Security Management Conference

In the modern information economy, the security of information is critically important to organizations. Information‐security risk assessments (ISRAs) allow organizations to identify key information assets and security risks so security expenditure can be directed cost‐effectively. Unfortunately conducting ISRAs requires special expertise and tends to be complex and costly for small to medium sized organizations (SMEs). Therefore, it remains unclear in practice, and unknown in literature, how SMEs address information security imperatives without the benefit of an ISRA process. This research makes a contribution to theory in security management by identifying the factors that influence key decision-makers in SMEs to address …

Book Review: Handbook On Securing Cyber-Physical Critical Infrastructure: Foundations And Challenges (Written By Sajal K. Das, Krishna Kant, Nan Zhang), Katina Michael

Professor Katina Michael

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.