Saturday, October 20th Room KC 400
|8:45 am||Welcome - Mike Whitman, Ph.D., Executive Director, KSU Center for Information Security Education|
|9:00 - 10:20 am||Keynote Presentation - Davina Pruitt-Mentle, Ph.D., Lead for Academic Engagement, National Initiative for Cybersecurity Education (NICE)|
|12:20 - 1:00 pm||Lunch|
|2:30 - 5:00 pm||Faculty Development Workshop|
|Saturday, October 20th|
Towards an Empirical Assessment of Cybersecurity Readiness and Resilience in Small Businesses
Darrell Eilts, Nova Southeastern University
10:30 AM - 10:55 AM
Many small businesses struggle to improve their cybersecurity posture despite the risk to their business. Small businesses lacking adequate protection from cyber threats, or a business continuity strategy to recover from disruptions, have a very high risk of loss due to a cyberattack. These cyberattacks, either deliberate or unintentional, can become costly when a small business is not prepared. This developmental research is focused on the relationship between two constructs that are associated with readiness and resilience of small businesses based on their cybersecurity planning, implementation, as well as response activities. A Cybersecurity Preparedness-Risk Taxonomy (CyPRisT) is proposed using the constructs of cybersecurity preparedness and small businesses decision maker’s perceived risk of cyberattack. This work-in-progress study will provide an empirical assessment of small businesses’ level of cybersecurity preparedness relative to their decision maker’s perceived risk of cyberattack. Subject matter experts (SMEs) will be used to validate a set of cybersecurity preparedness activities for small businesses in efforts to develop a benchmark scoring for the measure of cybersecurity preparedness. The SMEs will also identify weights for preparedness activities to enable benchmark scoring of cybersecurity preparedness that mitigate common cyber threats among small businesses. The construct of the decision maker’s perceived risk of cyberattack is based on prior research. Additionally, this work-in-progress study will develop and validate the Cybersecurity Assessment of Risk Management to optimize Readiness and Resilience (cyberARMoRR) program for small businesses. The CyPRisT scores will be used to evaluate significant differences before and after participation in cyberARMoRR program.
Car Hacking: CAN it be that simple?
Bryson Payne, University of North Georgia
10:55 AM - 11:20 AM
The Internet of Things (IoT) has expanded the reach of technology at work, at home, and even on the road. As Internet-connected and self-driving cars become more commonplace on our highways, the cybersecurity of these “data centers on wheels” is of greater concern than ever. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety. This article describes the integration of a module on car hacking into a semester-long ethical hacking cybersecurity course, including full installation and setup of all the open-source tools necessary to implement the hands-on labs in similar courses. The author demonstrates how to test an automobile for vulnerabilities involving replay attacks using a combination of open-source tools and a $20 commodity CAN-to-USB cable. Also provided are an introduction to the CAN (controller area network) bus in modern automobiles and a brief history of car hacking.
Design of Cybersecurity Risk Assessment Tool for Small and Medium Sized Businesses using the NIST Cybersecurity Framework
Vishnu Venkatesh, Babson College
11:30 AM - 11:55 AM
Using cybersecurity risk assessment techniques, organizations can gain a holistic and prioritized view of information security objectives. However, with current methods, cybersecurity risk assessments are cost-prohibitive for small and medium sized businesses (SMB). These organizations experience increased vulnerability to adverse cyber events, are stuck in a reactive cycle and scramble to meet compliance goals.
The ongoing research seeks to create a risk assessment tool using the NIST Cybersecurity Framework in conjunction with complementary innovations to reduce the cost of a cyber risk assessment exercise for SMBs and enable the effective communication of security controls to various stakeholders in small and medium sized businesses.
A Blockchain-based Security-Oriented Framework for Cloud Federation
Ramandeep Kaur sandhu, Virginia Commonwealth University
11:55 AM - 12:20 PM
Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality services. Hence, we propose an innovative blockchain- based framework that on the one hand permits secure communication between the members of the federation and the access control systems, while on the other hand provides the quality services to the members by considering the service constraints imposed by them.
Using Project Management Knowledge and Practice to Address Digital Forensic Investigation Challenges
Steven S. Presley, University of South Alabama
1:00 PM - 1:25 PM
The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results indicate that there are parallels between the two areas.
Hijacking Wireless Communications using WiFi Pineapple NANO as a Rogue Access Point
Shawn J. Witemyre, University of North Georgia
1:25 PM - 1:50 PM
Wireless access points are an effective solution for building scalable, flexible, mobile networks. The problem with these access points is often the lack of security. Users regularly connect to wireless access points without thinking about whether they are genuine or malicious. Moreover, users are not aware of the types of attacks that can come from “rogue” access points set up by attackers and what information can be captured by them. Attackers use this advantage to gain access to users’ confidential information. The objective of this study is to examine the effectiveness of the WiFi Pineapple NANO used as a rogue access point (RAP) in tricking users to connect to it. As part of the preliminary study, a brief survey was provided to users who connected to the Pineapple to evaluate the reasons why users connect to RAPs. The result of the cybersecurity pilot study indicated that lack of awareness played an important role. Specifically, users unknowingly connect to rogue wireless access points that put at risk not only their devices, but the whole network. The information collected in this research could be used to better educate users on identifying possible RAPs and the dangers of connecting to them.