Global ETD Search

51	CYBERSECURITY INDUSTRY NEEDS AND THE CSEC ABET CURRICULUM ANALYSIS Sienna J Bates (13107504) 19 July 2022 (has links) <p>In the recent years, companies in the IT/cybersecurity industry have expressed their concerns about the lack of knowledge entry level cybersecurity employees are experiencing after graduating from a four-year cybersecurity program. Organizations such as National Initiative for Cybersecurity Education (NICE) which is led by the National Institute of Standards and Technology (NIST) provides a framework to map certain knowledge, skills, and tasks that have provided a way for universities to build their cybersecurity course curriculums. By following this framework at the competency level, it can be used to ensure students are adequately prepared for industry level jobs upon graduation from a four-year cybersecurity program.The goal of this study was to explore if there are gaps in terms of workforce development for cybersecurity competencies that graduates from ABET-accredited four-year bachelor’s cybersecurity -IT programs (Degrees and Majors) have? For this research, therewere three phases: a gap analysis, a survey, and a comparison. A gap analysis was conducted to assess the current cybersecurity curriculum for Purdue University’s undergraduate four-year program. The survey was conducted amongst a list of companies, obtained from Purdue University’s Center for Career Opportunities (CCO) who have previously hired students from the four-year cybersecurity program in the Polytechnic Institute. Finally,a comparison was done toshow what the gap analysis was, what was originally thought to be missing from the current curriculum, what industry said was missing, what was the same and what was different.Ithas been determined that a gap does exist, and this survey's results concluded there were three common issues with hiring newcybersecurity talent as well as identified what competencies wereoriginally thought to be missing based on the gap analysis and the industry survey. Also, while industry certifications are not required to secure entry level positions at the companies whoresponded to the survey, they certainly are preferred.This research can help make students from the four-year undergraduate cybersecurity program at Purdue University be more competitive when applying for entry-level cybersecurity industry positions upongraduation.</p> Cybersecurity curriculum development four-year undergraduate programs
52	Internal Auditing in a digitalised world : A qualitative study about the internal auditor´s approach in providing assurance of cybersecurity Poddar, Priyanka January 2022 (has links) This study aims to contribute to internal auditing´s body of knowledge. This will be done by identifying and evaluating the approaches taken by internal auditors in assuring in the management of an organisation's cybersecurity. Qualitative research has been undertaken for this study by collecting data through semistructured interviews. A total of five internal auditors, also members of the IIA, were interviewed for the data. Thematic analysis was used to analyse the data. Previous literature was examined, and four concepts were identified to analyse the data. These are internal auditing, cybersecurity, information security and assurance. Data collected through the interviews have been studied through these concepts and the theory of the Three Lines of Defence Model. Results showed that internal auditors assure reasonable cybersecurity through their audits from an independent position. Both internal auditors and information security are critical for cybersecurity. Assuring cybersecurity is challenging due to the people factor. Furthermore, internal auditors exert huge influence within organisations which should be used with integrity and objectivity. The study shows that internal auditors should expand their skills and competencies to assure cybersecurity in today´s new risk landscape. Internal auditors should also use their influence actively to assist in building a cybersecurity-aware culture. cybersecurity activity cybersecurity assurance internal auditing information security Economics and Business Ekonomi och näringsliv
53	Empirical study of the impact of e-government services on cybersecurity development Onumo, Aristotle, Cullen, Andrea J., Awan, Irfan U. January 2017 (has links) Yes / This study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 Inter-national Telecommunication Union global cybersecurity develop-ment index (GCI 2015). After analysing the various contextual factors affecting e-government development , the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relation-ship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services. / National Information Technology Development Agency, Nigeria.
54	Understanding Sociotechnical Factors Impacting Cybersecurity Controls on Mobile Devices and Smartphones at the Individual Level Gadi, Abdullah Mohamed Y. 05 1900 (has links) Technological advances such as mobile technology, big data, and machine learning allow businesses to associate advertisements with consumer behaviors to maximize sales. Thus, information about consumer behavior became the central resource of businesses. Recent discussions and concerns about the emerging economic order centered around capturing consumers' data suggest that more research efforts be allocated to address new challenges in different domains, such as health, education, smart cities, and communication. Research on individual cybersecurity behavior is relatively new and requires more attention in academic research. This study has proposed and validated a cybersecurity behavioral model to enrich our understanding of users' behavioral intention (BI) to use cybersecurity controls. An online survey was used to collect information from University of North Texas (UNT) students to explore various technology usage determinants and specific computer security practices. The instrument measured the actual cybersecurity controls behaviors (ACB) by incorporating technical and social factors. Accordingly, the construct of ACB was created and validated to test how it relates to the participants' behavioral intentions. The findings confirm a large number of the proposed relationships. Additionally, the results show that the model explained a significant amount of variance in the proposed dependent variables BI and ACB. Within the context of information control behavior, the relationships between the study's constructs suggest adequate generalizability and robustness of the study's theoretical framework. Cybersecurity awareness Information behavior mobile information systems Information Science
55	Towards an aligned South African National Cybersecurity Policy Framework Chigada, Joel 22 August 2023 (has links) (PDF) This thesis measured and aligned factors that contribute to the misalignment of the South African National Cybersecurity Policy Framework (SA-NCPF). The exponential growth rate of cyber-attacks and threats has caused more headaches for cybersecurity experts, law enforcement agents, organisations and the global business economy. The emergence of the global Corona Virus Disease-2019 has also contributed to the growth of cyber-attacks and threats thus, requiring concerted efforts from everyone in society to devise appropriate interventions that mitigate unacceptable user behaviour in the reality of cyberspace. In this study, various theories were identified and pooled together into an integrative theoretical framework to provide a better understanding of various aspects of the law-making process more comprehensively. The study identified nine influencing factors that contributed to misalignment of the South African National Cybersecurity Policy Framework. These influencing factors interact with each other continuously producing complex relationships, therefore, it is difficult to measure the degree of influence of each factor, hence the need to look at and measure the relationships as Gestalts. Gestalts view individual interactions between pairs of constructs only as a part of the overall pattern. Therefore, the integrative theoretical framework and Gestalts approach were used to develop a conceptual framework to measure the degree of alignment of influencing factors. This study proposed that the stronger the coherence among the influencing factors, the more aligned the South African National Security Policy Framework. The more coherent the SA-NCPF is perceived, the greater would be the degree of alignment of the country's cybersecurity framework to national, regional and global cyberlaws. Respondents that perceived a strong coherence among the elements also perceived an effective SA-NCPF. Empirically, this proposition was tested using nine constructs. Quantitative data was gathered from respondents using a survey. A major contribution of this study was that it was the first attempt in South Africa to measure the alignment of the SA-NCPF using the Gestalts approach as an effective approach for measuring complex relationships. The study developed the integrative theoretical framework which integrates various theories that helped to understand and explain the South African law making process. The study also made a significant methodological contribution by adopting the Cluster-based perspective to distinguish, describe and predict the degree of alignment of the SA-NCPF. There is a dearth of information that suggests that past studies have adopted or attempted to address the challenge of alignment of the SA-NCPF using the cluster-based and Gestalts perspectives. Practical implications from the study include a review of the law-making process, skills development strategy, a paradigm shift to address the global Covid-19 pandemic and sophisticated cybercrimes simultaneously. The study asserted the importance of establishing an independent cybersecurity board comprising courts, legal, cybersecurity experts, academics and law-makers to provide cybersecurity expertise and advice. From the research findings, government and practitioners can draw lessons to review the NCPF to ensure the country develops an effective national cybersecurity strategy. Limitations and recommendations for future research conclude the discussions of this study. Alignment Cybercrime Cyberlaws Cybersecurity Information Systems Security National Cybersecurity Policy Framework
56	CYBERSECURITY LEADERSHIP COMPETENCIES IN RESPONSE MODE Zaniewski, Michael January 2023 (has links) Due to the sophistication of cyber threats, organizations need to be defended on a strategic level, leading to the emergence of the cybersecurity leader role. However, the necessary competencies required for successful response are not fully understood due to the unique demands of the role. To bridge this gap, it is crucial to explore how these competencies manifest in practice. Data were collected through interviews and open ended surveys of cybersecurity leaders, which were analyzed using the method of thematic analysis. Four key themes related to necessary competencies were identified: one on knowledge, two on skills, and one on attitudes. The study found that cybersecurity leaders emphasize the importance of having knowledge about the organizational architecture, skills to simplify incident handling procedures, and the ability to convince management to invest in better incident preparedness. They also highlighted the need for a supportive and approachable environment to facilitate optimal cybersecurity incident handling. Cybersecurity Leadership Competencies Response Mode Cybersecurity Information Systems
57	Ranking Social Engineering Attack Vectors in The Healthcare and Public Health Sector Gaurav Sachdev (14563787) 06 February 2023 (has links) <p>The National Institute of Standards and Technology defines social engineering as an attack vector that deceives an individual into divulging confidential information or performing unwanted actions. Different methods of social engineering include phishing, pretexting, tailgating, baiting, vishing, SMSishing, and quid pro quo. These attacks can have devastating effects, especially in the healthcare sector, where there are budgetary and time constraints. To address these issues, this study aimed to use cybersecurity experts to identify the most important social engineering attacks to the healthcare sector and rank the underlying factors in terms of cost, success rate, and data breach. By creating a ranking that can be updated constantly, organizations can provide more effective training to users and reduce the overall risk of a successful attack. This study identified phishing attacks via email, voice and SMS to be the most important to defend against primarily due to the number of attacks. Baiting and quid pro quo consistently ranked as lower in priority and ranking.</p> Social Engineering Phishing attacks Healthcare and Public Health cybersecurity
58	A Behavioural Compliance Framework for Effective Cybersecurity Governance and Practice Onumo, Aristotle O. January 2020 (has links) Although behavioural security constructs have received extensive scholarly attention, the unpredictability of human behaviour has continued to add to the complexity of deploying effective countermeasures. Cross-cultural behavioural approach aimed at improving security compliance and practice have equally remained under-researched, a gap in literature this thesis addresses. This thesis argues that in order to establish a sound and efficient organisational security practice, it is necessary to integrate the various interdisciplinary component in a socio-cultural context. The goal of the thesis, therefore, is to examine the role of culture in cybersecurity development and organisational security practice. The study first used a group comparism approach, classification and examination of archival data from International Telecommunication Union (ITU), International Organisation of Standards (ISO), and Hofstede cultural score and further deployed structural equation modelling (SEM) to analyse data from a case study of 122 employees from three public sector information technology organisation in Nigeria. Drawing evidence from the case studies, an emergent conceptual model was developed from the traditional human behaviour and organisational security practice. The model contribute to information security management by by identifying organisational triggers related to cultural and cognitive dynamics in information security practice. The model was developed by combining three theoretical frameworks. The out- come of the case studies demonstrates that accountability to specific security practice is a product of integrated management of employee cognitive and cultural dynamics and by dimensionalising organisational culture, the individual capacity to respond to emerging security threats also evolved, while targeted security programs to enhance the efficiency of organisational security practice is achieved. This research, by exposing the underlying institutional drivers and ideational dynamics on individual security behaviour contribute to theory building of behavioural security research within organisational context. The research reports on the theory of integration as a demonstration of explanatory flexibility not normally associated with behaviour security models thereby providing a sound theoretical and ideational support for incorporating different theoretical frameworks into a single model. This is an original endeavour and s such makes a number of contribution to the scholarship. The findings in this research have implications for policymakers and practitioners by elevating the importance of cultural and cognitive dynamics by enhancing operational clarity in organisational security practice and presenting opportunity to develop a creative and robust solution to the challenge of organisational security in line with cultural peculiarities. Organisational security practice Structural equation modeling Cybersecurity Organisational culture Cybersecurity compliance
59	Exploring Cyber Ranges in Cybersecurity Education Beauchamp, Cheryl Lynn 01 April 2022 (has links) According to a report from McAfee, the global cost of cybercrime for 2020 was over one trillion dollars (Smith, Z. et al., 2020). Cybersecurity breaches and attacks have not only cost businesses and organizations millions of dollars but have also threatened national security and critical infrastructure. Examples include the Ransomware attack in May of 2021 on the largest fuel pipeline in the United States and the February 2021 remote access system breach of a Florida water treatment facility which raised sodium hydroxide to a lethal level. Improving cybersecurity requires a skilled workforce with relevant knowledge and skills. Academic degree programs, boot camps, and various certification programs provide education and training to assist this need. Cyber ranges are a more recent development to provide hands-on skill training. These ranges, often virtual, provide a safe and accessible environment to improve practical skills and experience through hands-on application. They provide a training environment to identify threats, apply countermeasures, and secure data from risks separately from the organization's actual network. More and more academic programs utilize cyber ranges due to the perceived benefit of integrating them into their cybersecurity-related programs. Academic cyber ranges offer virtualized environments that support cybersecurity educators' needs to provide students with a safe, separated, and engaging environment. The purpose of my research has two components: 1) to understand who the educators are using academic-facing cyber ranges and how they are using them to support their cybersecurity education efforts, and 2) to understand how cybersecurity educators and students are motivated by using them. Specifically, my research is comprised of three manuscripts: (1) a mixed-method exploratory study of who are the educators using cyber ranges for cybersecurity education and how they are using them to create significant cybersecurity learning experiences, (2) a mixed-method study exploring the motivation of educators using a cyber range for cybersecurity education, and (3) a mixed-method study exploring student motivation participating in cybersecurity CTF competitions. The three manuscripts contribute to understanding cyber ranges in cybersecurity education. The results from my research provided insight from the users of these cyber ranges, cybersecurity educators and students. Results from my first manuscript suggested that high school cybersecurity educators are the primary users. These educators have less formal cybersecurity education and experience compared to cybersecurity educators in higher education. The data also showed that cybersecurity educators primarily used cyber ranges for teaching and learning to meet learning goals and objectives. Results from my second manuscript suggested that educators were motivated mainly by the importance of using a cyber range for cybersecurity education and for the interest-enjoyment their students experience from cyber range usage. Educators found using the cyber range made their class more engaging and relevant to their students.These educators were also confident they could use a cyber range and learn how to use it. However, those without prior experience in cybersecurity or previous experience using a cyber range shared they needed instructor-facing resources, professional development opportunities, and time to learn. Results from my third manuscript suggested that students were motivated by the importance of participating in a cybersecurity CTF competition. Many reported that participating was useful for developing professional skills and readiness. Although CTF competitions were considered difficult and stressful, students did not consider the difficulty pejorative. Many shared that challenging CTFs contributed towards the enjoyment of participating, making them a rewarding and worthwhile experience. However, students also shared that academic and team support contributed towards their confidence in competing. In contrast, those who did not report confidence, stated they lacked a team strategy or support from their academic institution. Additionally, they did not know what to expect to prepare before the competition event. Overall, the results of this dissertation highlight the importance of prior preparation for educators and student CTF participants. For educators, this prior preparation includes curriculum supporting resources such as content mapping to learning objectives and professional development opportunities that do not assume any prior knowledge or experience. For students, prior preparation includes understanding what to expect and recommendations for academic and team support. / Doctor of Philosophy / The technology era has enabled a global connectedness to attend conferences and meetings via our laptop computers while working from home. The proliferation of smart devices has also provided a means to view and communicate with visitors who ring our smart doorbells while we are not home. This interconnected network, i.e., the Internet, has altered how we pay our bills, buy our groceries, and attend classes virtually. It has also enabled cyber attacks and breaches that have contributed to identity thefts, increasing financial costs, business collapses, job losses, and even threatened national security. A cybersecurity workforce has become increasingly vital to address the need for improving cybersecurity. Thus, there is a need for academic cybersecurity programs to prepare future professionals to fill this national workforce shortfall. Consequently, more and more organizations have integrated cyber ranges as the means to provide a simulated environment for applying and developing cybersecurity-related knowledge and skills. Similar to a driving range for a golfer to practice their golf swing or a shooting range for those in law enforcement to earn their firearms qualifications, a cyber range supports efforts to provide cybersecurity training with hands-on exercises and labs to practice skills in a safe, virtual environment. My research contributes to understanding who uses cyber ranges and how they are motivated to use them for cybersecurity education. The first purpose of my research was to understand the educators who were using cyber ranges and how they were using them for cybersecurity education. More specifically, I examined their usage for alignment with a learning taxonomy to verify the usage contributed to successful and significant student learning. This understanding contributed to my research's second purpose, which explored how educators were motivated using cyber ranges. The third purpose of my study explored student motivation using a cyber range. Due to varying cyber range resources and activities, my research focused on the cybersecurity competition activity, Capture the Flag (CTF). This study provided an understanding of how students who participated in a cybersecurity CTF competition were motivated. My research demonstrates that educators and students are interested in using cyber ranges and believe using them for cybersecurity education and professional readiness is important. However, both educators and students who lack prior knowledge or experience using a cyber range or participating in a CTF shared the concern of not knowing what they do not know. PD time and instructor-facing resources that do not assume any prior cybersecurity knowledge were recommended to support educators who did not have a background or experience in cybersecurity. Students shared that although not knowing was stressful and made participating difficult, the difficulty and stress were good attributes because if the CTF were easy, it wouldn't be worth their time and would be less rewarding. Students also reported that team strategies and academic support were motivational aspects of CTF participation. Overall, educators and students were motivated using cyber ranges for cybersecurity education, but professional development and preparation resources would contribute positively to their usage. cybersecurity education cyber ranges significant learning experiences cybersecurity CTF competition
60	Guardians of the Grid : A Comparative Study of Best Practices and Experts' Current Approaches in Cybersecurity for Control Systems Thyberg, Joel January 2024 (has links) This thesis investigates which cybersecurity strategies should be implemented in control systems to enhance cybersecurity. The study addresses three central questions, carefully designed to guide the research through its various phases and fulfill its purpose. The first question examines which cybersecurity strategies should be implemented in control systems in accordance with current requirements and established best practices. To answer this, a literature review of previous research and new cybersecurity requirements was conducted, identifying best practices for cybersecurity in control systems. The second question explores which cybersecurity strategies are currently implemented by actors in their management of products within the control system architecture. This was investigated through semi-structured interviews with five experts who deliver products within this architecture. To address the third question, which focuses on how actors within the control system architecture can streamline cybersecurity measures in their products, an analysis and comparison between best practices and current practices were conducted. This discussion revealed that a risk assessment and network segmentation should be implemented to enhance cybersecurity. Additionally, increased cybersecurity competence and the introduction of logging and monitoring of systems and components can further improve security. Cybersecurity Control system Cybersecurity in control system Robotics Robotteknik och automation Other Computer and Information Science Annan data- och informationsvetenskap

Search results