DigitalCommons@Kennesaw State University - KSU Proceedings on Cybersecurity Education, Research and Practice: Towards the Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standard (CTC&CS)
 

Towards the Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standard (CTC&CS)

Start Date

October 2018

End Date

October 2018

Location

KC 460

Abstract

Mobile devices are increasingly reshaping how users go about their daily lives. The increasing use of mobile devices and the unfettered access to cyberspace has introduced new threats to users. Thus, mobile device users are continually being targeted for cybersecurity threats via vectors such as: public information sharing on social media, user surveillance (geo-location, camera, etc.), phishing, malware, spyware, trojans, as well as keyloggers. However, in majority of the cases, users are uninformed of the cybersecurity threats posed by mobile devices upon purchasing it. Further, users are expected to be responsible for the security of their devices, and in recent years, financial institutions are passing the costs associated with fraud to the users due to their lack of such security. Thus, the purpose of this work-in-progress research is to design, develop, and empirically test new criteria for a Cybersecurity Threats Classification and Communication Standard (CTC&CS) for mobile devices. The theoretical foundation for this work is based on the philosophy behind the United States Occupational Safety and Health Administration (OSHA)’s Hazard Communication Standard (HCS) of Labels and Pictograms that is mainly focused on chemical substances. This research will attempt to extend HCS into the cybersecurity realms and is proposed to involve three phases: The first phase will utilize the Delphi technique to design and validate the initial criteria with cybersecurity Subject Matter Experts (SMEs); Phase 2 will operationalize the elicited and validated criteria into labels, pictograms, as well as safety data sheets; while Phase 3 will empirically test the use of the previously developed and validated criteria on a group of 100 mobile users when it comes to identify and take precautions against the cybersecurity threats depicted in the criteria.

This document is currently not available here.

Share

COinS
 
Oct 20th, 10:55 AM Oct 20th, 11:20 AM

Towards the Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standard (CTC&CS)

KC 460

Mobile devices are increasingly reshaping how users go about their daily lives. The increasing use of mobile devices and the unfettered access to cyberspace has introduced new threats to users. Thus, mobile device users are continually being targeted for cybersecurity threats via vectors such as: public information sharing on social media, user surveillance (geo-location, camera, etc.), phishing, malware, spyware, trojans, as well as keyloggers. However, in majority of the cases, users are uninformed of the cybersecurity threats posed by mobile devices upon purchasing it. Further, users are expected to be responsible for the security of their devices, and in recent years, financial institutions are passing the costs associated with fraud to the users due to their lack of such security. Thus, the purpose of this work-in-progress research is to design, develop, and empirically test new criteria for a Cybersecurity Threats Classification and Communication Standard (CTC&CS) for mobile devices. The theoretical foundation for this work is based on the philosophy behind the United States Occupational Safety and Health Administration (OSHA)’s Hazard Communication Standard (HCS) of Labels and Pictograms that is mainly focused on chemical substances. This research will attempt to extend HCS into the cybersecurity realms and is proposed to involve three phases: The first phase will utilize the Delphi technique to design and validate the initial criteria with cybersecurity Subject Matter Experts (SMEs); Phase 2 will operationalize the elicited and validated criteria into labels, pictograms, as well as safety data sheets; while Phase 3 will empirically test the use of the previously developed and validated criteria on a group of 100 mobile users when it comes to identify and take precautions against the cybersecurity threats depicted in the criteria.