Spelling suggestions: "subject:"cybersecurity"" "subject:"cibersecurity""
61 |
Low overhead methods for improving education capacity and outcomes in computer scienceBell, Richard Scott January 1900 (has links)
Doctor of Philosophy / Department of Computing and Information Sciences / Eugene Vasserman / Computer science departments face numerous challenges. Enrollment over the past 15
years reached an all-time high, endured a rapid decline and is now experiencing a just as rapid rebound. Meanwhile, demand for graduates continues to grow at an incredible rate. This is especially true in specialized sub-fields such as cybersecurity, where employers are constantly working to keep up with changing technology and new threats emerging on a daily basis. My research consists of two main objectives. The rst is gauging the ability of pre-service teachers from non-STEM areas of study to introduce and utilize computing concepts in a classroom setting. The second goal is to develop an assessment tool that enables improvements in quality of education for students within cybersecurity courses.
Currently, few K-12 school districts in the United States o er stand-alone courses in computer science. My work shows that pre-service teachers in non-STEM areas are capable of effectively introducing basic concepts to students using modern software development tools while exploring content within their own areas of expertise. Survey results indicate that student interest and self-efficacy increased when they were taught by these pre-service teachers. I also found that with only 2 hours of experience, pre-service teachers enrolled in an education technology course showed dramatic increases in interest and confidence related to using this technology. These two findings demonstrate that there are potential ways to increase interest in computing among a broad student population at the K-12 level without changing core curriculum requirements.
Even when students choose to enter computer science departments, a large number do
not remain within the program. The second portion of my research focuses on developing an assessment tool for measuring student interest and self-efficacy in cybersecurity courses. Using information gleaned from a series of interviews with cybersecurity students, I developed, and performed the initial testing of, a survey instrument which measures these 2 values. Initial results show that the survey responses were very different between a group of introductory programming students and those enrolled in a cybersecurity course and that general trends in both self-efficacy and interest among theses differing student populations can be observed
|
62 |
Assessing the Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills toward Computer Misuse Intention at Government AgenciesChoi, Min Suk 01 January 2013 (has links)
Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Cybersecurity criminals are stealing more than one billion dollars from banks every year by exploiting vulnerabilities caused by bank users' computer misuse. Cybersecurity breaches are threatening the common welfare of citizens since more and more terrorists are using cyberterrorism to target critical infrastructures (e.g., transportation, telecommunications, power, nuclear plants, water supply, banking) to coerce the targeted government and its people to accomplish their political objectives. Cyberwar is another major concern that nations around the world are struggling to get ready to fight. It has been found that intentional and unintentional users' misuse of information systems (IS) resources represents about 50% to 75% of cybersecurity threats and vulnerabilities to organizations. Computer Crime and Security Survey revealed that nearly 60% of security breaches occurred from inside the organization by users.
Computer users are one of the weakest links in the information systems security chain, because users seem to have very limited or no knowledge of user computer self-efficacy (CSE), cybersecurity countermeasures awareness (CCA), and cybersecurity skills (CS). Users' CSE, CCA, and CS play an important role in users' computer misuse intention (CMI). CMI can be categorized as unauthorized access, use, disruption, modification, disclosure, inspection, recording, or destruction of information system data. This dissertation used a survey to empirically assess users' CSE, CCA, CS, and computer misuse intention (CMI) at government agencies. This study used Partial Least Square (PLS) technique to measure the fit of a theoretical model that includes seven independent latent variables (CSE, UAS-P, UAS-T, UAC-M, CCS, CIS, & CAS) and their influences on the dependent variable CMI. Also, PLS was used to examine if the six control variables (age, gender, job function, education level, length of working in the organization, & military status such as veteran) had any significant impact on CMI.
This study included data collected from 185 employees of a local and state transportation agency from a large metropolitan in the northeastern United States. Participants received an email invitation to take the Web-based survey. PLS was used to test the four research hypotheses. The results of the PLS model showed that UAC-M and CIS were significant contributors (p
|
63 |
Investigating Attacks on Industrial Control Systems Using Deterministic Replay SimulationGregory Walkup (6623090) 10 June 2019 (has links)
From factories to power grids, industrial systems are increasingly being digitally controlled and networked. While networking these systems together improves their efficiency and convenience, it also opens them up to attack by malicious actors. When these attacks occur, forensic investigators need to quickly be able to determine what was compromised and which corrective actions should be taken. In this thesis, a method is proposed for investigating attacks on industrial control systems by simulating the logged inputs of the system over time using a model constructed from the control programs that make up the system. When evaluated, this led to the detection of attacks which perturbed the normal operation of the system by comparing the simulated output to the actual output. It also allowed for dependency tracing between the inputs and outputs of the system, so that attacks could be traced from their unwanted effects to their source and vice-versa. This method can thus greatly aid investigators in recovering the complete attack story using only logs of inputs and outputs to an industrial control system.
|
64 |
Propuesta de implementación de un modelo de gestión de ciberseguridad para el centro de operaciones de seguridad (SOC) de una empresa de telecomunicacionesVilcarromero Zubiate, Ladi Lizeth, Vilchez Linares, Evit 06 August 2018 (has links)
La seguridad nacional y económica de los países depende del funcionamiento confiable de su infraestructura crítica. Las amenazas de ciberseguridad explotan la creciente complejidad de dichos sistemas, colocando la economía, la seguridad pública y la salud en riesgo. Al igual que el riesgo financiero y de reputación, el riesgo de ciberseguridad afecta a los objetivos estratégicos de una empresa. Puede aumentar los costos y afectar los ingresos. Puede dañar la capacidad de una organización para Innovar, brindar servicios, ganar y mantener a los clientes.
Así mimo, la información se ha convertido en uno de los activos más importantes para cualquier organización, y el aseguramiento de la misma como un punto primordial para lograr ventajas competitivas y generación del valor, basando en el adecuado resguardo de la Confidencialidad, Disponibilidad e Integridad de la Información.
El propósito del presente trabajo es desarrollar y proponer un método que permita gestionar la ciberseguridad en empresas del sector telecomunicaciones sobre la base de una adecuada gestión del riesgo y la medición de controles según un nivel de madurez.
Este método propuesto se encuentra basado en el Cyber Security Framework (CSF) del National Institute of Standards and Technology (NIST) promulgada por el Presidente Obama mediante la Orden Ejecutiva (EO) 13636. / The national and economic security of the countries depends on the reliable operation of their
critical infrastructure. Cybersecurity threats exploit the increasing complexity of these systems,
putting the economy, public safety and health at risk. Like financial and reputation risk,
cybersecurity risk affects the strategic objectives of a company. It can increase costs and affect
income. It can damage the ability of an organization to innovate, provide services, earn and
maintain customers.
Likewise, information has become one of the most important assets for any organization, and
the assurance of it as a fundamental point to achieve competitive advantages and generation of
value, based on the appropriate protection of Confidentiality, Availability and Integrity of the
information.
The purpose of this paper is to develop and propose a method for managing cybersecurity in
companies in the telecommunications sector on the basis of an adequate risk management and
the measurement of controls according to a level of maturity.
This proposed method is based on the Cyber Security Framework (CSF) of the National Institute
of Standards and Technology (NIST) promulgated by President Obama through Executive Order
(EO) 13636. / Trabajo de investigación
|
65 |
The freedom of information hacked: console cowboys, computer wizards, and personal freedom in the digital ageKelly, Nicholas M. 01 May 2016 (has links)
“The Freedom of Information Hacked: Console Cowboys, Computer Wizards, and Personal Freedom in the Digital Age” examines depictions of computer hackers in fiction, the media, and popular culture, assessing how such depictions both influence and reflect popular conceptions of hackers and what they do. In doing so, the dissertation demonstrates the central concerns of hacker stories—concerns about digital security, privacy, and the value of information—have become the concerns of digital culture as a whole, hackers laying bare collective hopes and fears regarding digital networks.
|
66 |
Threat Intelligence in Support of Cyber Situation AwarenessGilliam, Billy Paul 01 January 2017 (has links)
Despite technological advances in the information security field, attacks by unauthorized individuals and groups continue to penetrate defenses. Due to the rapidly changing environment of the Internet, the appearance of newly developed malicious software or attack techniques accelerates while security professionals continue in a reactive posture with limited time for identifying new threats. The problem addressed in this study was the perceived value of threat intelligence as a proactive process for information security. The purpose of this study was to explore how situation awareness is enhanced by receiving advanced intelligence reports resulting in better decision-making for proper response to security threats. Using a qualitative case study methodology a purposeful sample of 13 information security professionals were individually interviewed and the data analyzed through Nvivo 11 analytical software. The research questions addressed threat intelligence and its impact on the security analyst's cognitive situation awareness. Analysis of the data collected indicated that threat intelligence may enhance the security analyst's situation awareness, as supported in the general literature. In addition, this study showed that the differences in sources or the lack of an intelligence program may have a negative impact on determining the proper security response in a timely manner. The implications for positive social change include providing leaders with greater awareness through threat intelligence of ways to minimize the effects of cyber attacks, which may result in increasing business and consumer confidence in the protection of personal and confidential information.
|
67 |
Strategies to Reduce the Fiscal Impact of CyberattacksSmith, Shirley Denise 01 January 2019 (has links)
A single cyberattack event involving 1 major corporation can cause severe business and social devastation. In this single case study, a major U.S. airline company was selected for exploration of the strategies information technology administrators and airline managers implemented to reduce the financial devastation that may be caused by a cyberattack. Seven participants, of whom 4 were airline managers and 3 were IT administrators, whose primary responsibility included implementation of strategies to plan for and respond to cyberattacks participated in the data collection process. This study was grounded on the general systems theory. Data collection entailed semistructured face-to-face and telephone interviews and collection and review of public documents. The data analysis process of this study involved the use of Yin's 5-step process of compiling, disassembling, reassembling, interpreting, and concluding, which provided a detailed analysis of the emerging themes. The findings produced results that identified strategies organizational managers and administrators of a U.S. airline implemented to reduce the fiscal influence of cyberattacks, such as proactive plans for education and training, active management, and an incident response plan. The findings of this study might affect social change by offering all individuals a perspective on creating effective cyberculture. An understanding of cyberculture could include the focus of a heightened understanding, whereby, to ensure the security of sensitive or privileged data and information and of key assets, thus, reducing the fiscal devastation that may be caused by cyberattacks.
|
68 |
Offensive and Defensive Security for Everyday Computer SystemsMarkwood, Ian 29 June 2018 (has links)
This dissertation treats a variety of topics in the computer security domain which have direct impact on everyday life. The first extends false data injection attacks against state estimation in electric power grids and then provides a novel power flow model camouflage method to hamper these attacks. The second deals with automotive theft response, detailing a method for a car to intelligently identify when it has been stolen, based on collected behavioral traits of its driver. The third demonstrates a new attack against the content integrity of the PDF file format, caus- ing humans and computers to see different information within the same PDF documents. This dissertation lastly describes some future work efforts, identifying some potential vulnerabilities in the automated enforcement of copyright protection for audio (particularly music) in online systems such as YouTube.
|
69 |
Better Safe than Sorry: The Relationship Between Locus of Control, Perception of Risk, and Cyber MisbehaviorsJohnson, Kim 22 March 2018 (has links)
Information security is of vital importance to organizations. Breaches in security very often stem from behaviors of the system operator. Cyber misbehaviors on the part of employees can have devastating repercussions on the well-being of an organization. Up to now, research has mainly focused on how to protect information systems from outside attack, and only recently have researchers turned to the part the operator plays in keeping the systems safe. The present study investigated some individual differences that may play a role in people’s cyber behavior. The purpose of the study was to determine if locus of control was related to an individual’s perception of cyber risk and likelihood of engaging in cyber misbehaviors. Internal locus of control was found to be associated with higher perception of cyber risk, and higher cyber risk perception was found to lead to fewer cyber misbehaviors. The trait sensation seeking was also explored but no firm conclusions could be drawn from those results. Gaining an understanding of some of the differences between individuals that make some more likely to commit cyber misbehaviors-- as well as the dynamics behind these relationships—should be greatly beneficial in helping develop deterrents to cyber misbehavior and keeping information systems safer.
|
70 |
Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication systemChang, Simon Yi-Fan January 2013 (has links)
Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security. / 2031-01-01
|
Page generated in 0.0745 seconds