The Relationship of Negotiation and Reciprocity to Knowledge Sharing among Software Developers

Elsayess, Mahmoud B.

06 December 2018

<p> Knowledge sharing among software developers enhances the success of software design and implementation. However, there is an inadequate understanding of how communication factors such as negotiation and reciprocity impact the knowledge-sharing process within software development teams and between team leaders and team members. The present study used a correlational research design to test the relationship between the reciprocity (i.e., communication between team members), negotiation (i.e., communication between team leaders and team members), and knowledge sharing to determine whether different types of communication influence knowledge-sharing outcomes. A cross-sectional survey was used to collect data from a target population of software developers. The sample consisted of 85 software developers with a minimum of 2 years of experience working on software development teams. Multiple linear regression analyses were run to determine the extent to which the variables of negotiation, reciprocity, and knowledge sharing were related. The results indicated that the variables were significantly related, and 70% of knowledge sharing was the result of reciprocity-exchange of ideas and reciprocity-meetings. Team meetings and the open exchange of ideas between team members were found to be the most effective methods of reciprocity related to knowledge sharing among team members. Negotiation and team cohesiveness, however, were not significant to the knowledge-sharing process. The findings indicated that the process of knowledge sharing is more important than individual relationships between software development team members. Thus, from an organizational perspective, holding regular project meetings with all team members would be a more effective knowledge-sharing strategy than using team-building exercises to strengthen personal bonds between team members. Additional research is necessary to determine how software developers&rsquo; personal characteristics impact knowledge-sharing processes.</p><p>

Accepting the Cloud| A Quantitative Predictive Analysis of Cloud Trust and Acceptance Among IT Security Professionals

Peake, Chris

20 December 2018

<p> Industry experts recognize the cloud and cloud-based services as advantageous from both operational and economic perspectives, yet the gap is that individuals and organizations hesitate to accept the cloud because of concerns about security and privacy. The purpose of this study is to examine what factors that may influence the cloud acceptance by IT professionals by focusing on the principal research question: To what extent do ease of use, usefulness, attitude, security apprehensions, compatibility, and trust predict IT security professionals&rsquo; acceptance of cloud computing. The population for this study consisted of IT security professionals who either had industry security certifications or had been in a security position for at least two years. Sample inclusion criteria consisted IT professionals with the qualification described above and over the age of 18 who were living in the United States. The study survey was administered using SurveyMonkey, which randomly selected and recruited potential participants who met the sample criteria from a participant database, resulting in ninety-seven total study participants. Among the six factors examined, perceived usefulness, attitudes, security apprehensions, and trust were found to significantly predict cloud acceptance. The results indicate that cloud service providers should focus their attention on these factors in order to promote cloud acceptance.</p><p>

Information technology|Computer science

The Impact of Mindfulness on Non-malicious Spillage within Images on Social Networking Sites

Landress, Angela D.

14 August 2018

<p> Insider threat by employees in organizations is a problematic issue in today&rsquo;s fast-paced, internet-driven society. Gone are the days when securing the perimeter of one&rsquo;s network protected their business. Security threats are now mobile, and employees have the ability to share sensitive business data with hundreds of people instantaneously from mobile devices. While prior research has addressed social networking topics such as trust in relation to information systems, the use of social networking sites, social networking security, and social networking sharing, there is a lack of research in the mindfulness of users who spill sensitive data contained within images posted on social networking sites (SNS). The author seeks to provide an understanding of how non-malicious spillage through images relates to the mindfulness of employees, who are also deemed insiders. Specifically, it explores the relationships between the following variables: mindfulness, proprietary information spillage, and spillage of personally identifiable information (PII). A quasi-experimental study was designed, which was correlational in nature. Individuals were the unit of analysis. A sample population of business managers with SNS accounts were studied. A series of video vignettes were used to measure mindfulness. Surveys were used as a tool to collect and analyze data. There was a positive correlation between non-malicious spillage of sensitive business, both personally identifiable information and proprietary data, and a lack of mindfulness. </p><p>

Analysis and Detection of the Silent Thieves

Perez, Jon

13 September 2018

<p> As the cryptocurrency market becomes more lucrative and accessible, cybercriminals will continue to adapt strategies to monetize the unauthorized use of system resources for mining operations. Some of these strategies involve infecting systems with malware that will deploy a cryptomining application. Other attack strategies involve deploying code to a target&rsquo;s web browser that will cause the web browser to perform mining operations. This research examines existing cryptomining malware, commonalities in targeting and infection vectors, techniques used by cryptomining malware, and distinguishable differences between legitimate and malicious use. </p><p> The research found that cybercriminals employing cryptomining malware, attack targets indiscriminately. Additionally, the techniques employed by cryptomining malware are also used by other types of malware. The research tested the impact of cryptomining applications on CPU utilization and showed a clear distinction when comparing the CPU utilization of cryptomining applications to common applications on a desktop PC. The research also found that distinguishing between the authorized and unauthorized use of cryptomining relied heavily on a holistic examination of the system in question. </p><p> The research synthesized existing literature and the results of the CPU testing to recommend two strategies for detecting malicious cryptomining activity. The optimal strategy involves endpoint, network, and CPU monitoring and the ability to aggregate, and correlate events or alerts produced. A less optimal strategy involves multiple event sources with manual or no correlation, or a single event source. </p><p>

Information technology|Computer science

Probabilistic Clustering Ensemble Evaluation for Intrusion Detection

McElwee, Steven M.

18 August 2018

<p> Intrusion detection is the practice of examining information from computers and networks to identify cyberattacks. It is an important topic in practice, since the frequency and consequences of cyberattacks continues to increase and affect organizations. It is important for research, since many problems exist for intrusion detection systems. Intrusion detection systems monitor large volumes of data and frequently generate false positives. This results in additional effort for security analysts to review and interpret alerts. After long hours spent reviewing alerts, security analysts become fatigued and make bad decisions. There is currently no approach to intrusion detection that reduces the workload of human analysts by providing a probabilistic prediction that a computer is experiencing a cyberattack. </p><p> This research addressed this problem by estimating the probability that a computer system was being attacked, rather than alerting on individual events. This research combined concepts from cyber situation awareness by applying clustering ensembles, probability analysis, and active learning. The unique contribution of this research is that it provides a higher level of meaning for intrusion alerts than traditional approaches. </p><p> Three experiments were conducted in the course of this research to demonstrate the feasibility of these concepts. The first experiment evaluated cluster generation approaches that provided multiple perspectives of network events using unsupervised machine learning. The second experiment developed and evaluated a method for detecting anomalies from the clustering results. This experiment also determined the probability that a computer system was being attacked. Finally, the third experiment integrated active learning into the anomaly detection results and evaluated its effectiveness in improving the accuracy. </p><p> This research demonstrated that clustering ensembles with probabilistic analysis were effective for identifying normal events. Abnormal events remained uncertain and were assigned a belief. By aggregating the belief to find the probability that a computer system was under attack, the resulting probability was highly accurate for the source IP addresses and reasonably accurate for the destination IP addresses. Active learning, which simulated feedback from a human analyst, eliminated the residual error for the destination IP addresses with a low number of events that required labeling.</p><p>

Information technology|Computer science

Protecting Digital Evidence during Natural Disasters| Why It Is Important

Dodrill, Charles A.

12 May 2018

<p> The safeguarding of digital evidence, valuable corporate proprietary intellectual property and related original objects on which it resides, such as cell phones, tablets, external drives and laptops, becomes a more complex challenge when a natural disaster is imminent. Natural devastation disrupts the investigative and legal process, often destroying the evidentiary elements required to serve justice. Traditional methods such as backups to external drives, and copies as well as cloud storage options, are inadequate to serve the requirements of evidence-gathering and chain of custody documentation required by the courts to prove original evidence. Courts point to the original data-containing object as proof of digital evidence validity and admissibility. Current research provides general guidelines for safeguarding digital evidence, but lacks specific detail for its successful safeguarding or evacuation during a natural disaster. Recent natural disasters have completely destroyed law enforcement or court facilities leaving them open to the elements and water damage. In some cases, digital evidence has been destroyed and cases dismissed due to lack of evidence, post-natural disaster. For these reasons, geographical relocation of digital evidence makes sense and is the best way to truly protect digital evidence and continue analysis of data that will successfully serve justice and put criminals away. Borrowing from the U.S. Military, the mobile digital evidence room can be implemented into the law enforcement private digital forensic laboratory and commercial or business sectors, to ensure that digital evidence remains intact. </p><p>

Information technology|Computer science

Security, Computation and Data Issues in Clouds

Li, Lifeng

07 September 2017

<p> Recently, Cloud has become quite attractive due to its elasticity, availability, and scalability. However, the technologies such as virtualization build up Cloud appear like a double-edged sword because of the expansion on attacking surfaces to entire hardware-software stack. Moreover, homogeneous computing in Cloud severely limits the computational power it could potentially provide. As a result, it is strongly desired to have new and comprehensive solutions to take in all benefits from Cloud and suppress backsides. This thesis proposes three new solutions to address security, computation and data issues in Cloud. Firstly, a GPU MapReduce framework specifically aims at improving performance and reducing energy consumption to data parallel problems in Cloud. In addition, the P-CP-ABE scheme overcomes not only the difficulties of data security, access control, and key management issues in Cloud, but the performance weakness of original CP-ABE is enhanced dramatically as well. Finally, the multi tenancy technology on top of the insecure network requires a strong network authentication protocol suite to assure authenticity and nonrepudiation in the Cloud.</p><p>

Information technology|Computer science

Constructing a Clinical Research Data Management System

Quintero, Michael C.

03 January 2018

<p> Clinical study data is usually collected without knowing what kind of data is going to be collected in advance. In addition, all of the possible data points that can apply to a patient in any given clinical study is almost always a superset of the data points that are actually recorded for a given patient. As a result of this, clinical data resembles a set of sparse data with an evolving data schema. To help researchers at the Moffitt Cancer Center better manage clinical data, a tool was developed called GURU that uses the Entity Attribute Value model to handle sparse data and allow users to manage a database entity&rsquo;s attributes without any changes to the database table definition. The Entity Attribute Value model&rsquo;s read performance gets faster as the data gets sparser but it was observed to perform many times worse than a wide table if the attribute count is not sufficiently large. Ultimately, the design trades read performance for flexibility in the data schema.</p><p>

Information technology|Computer science

Secure Semantic Search over Encrypted Big Data in the Cloud

Woodworth, Jason W.

21 December 2017

<p>Cloud storage is a widely used service for both a personal and enterprise demands. However, despite its advantages, many potential users with sensitive data refrain from fully using the service due to valid concerns about data privacy. An established solution to this problem is to perform encryption on the client?s end. This approach, however, restricts data processing capabilities (e.g. searching over the data). In particular, searching semantically with real-time response is of interest to users with big data. To address this, this thesis introduces an architecture for semantically searching encrypted data using cloud services. It presents a method that accomplishes this by extracting and encrypting key phrases from uploaded documents and comparing them to queries that have been expanded with semantic information and then encrypted. It presents an additional method that builds o? of this and uses topic-based clustering to prune the amount of searched data and improve performance times for big-data-scale. Results of experiments carried out on real datasets with fully implemented prototypes show that results are accurate and searching is e?cient.

Information technology|Computer science

Computational affect detection for education and health

Cooper, David G

01 January 2011

Emotional intelligence has a prominent role in education, health care, and day to day interaction. With the increasing use of computer technology, computers are interacting with more and more individuals. This interaction provides an opportunity to increase knowledge about human emotion for human consumption, well-being, and improved computer adaptation. This thesis explores the efficacy of using up to four different sensors in three domains for computational affect detection. We first consider computer-based education, where a collection of four sensors is used to detect student emotions relevant to learning, such as frustration, confidence, excitement and interest while students use a computer geometry tutor. The best classier of each emotion in terms of accuracy ranges from 78% to 87.5%. We then use voice data collected in a clinical setting to differentiate both gender and culture of the speaker. We produce classifiers with accuracies between 84% and 94% for gender, and between 58% and 70% for American vs. Asian culture, and we find that classifiers for distinguishing between four cultures do not perform better than chance. Finally, we use video and audio in a health care education scenario to detect students' emotions during a clinical simulation evaluation. The video data provides classifiers with accuracies between 63% and 88% for the emotions of confident, anxious, frustrated, excited, and interested. We find the audio data to be too complex to single out the voice source of the student by automatic means. In total, this work is a step forward in the automatic computational detection of affect in realistic settings.

Educational technology|Computer science