Subscribe to RSS Feed (Opens in New Window)
2019 | ||
Saturday, October 12th | ||
10:30 AM |
Angela Jackson-Summers, US Coast Guard Academy KSU Center Rm 400 10:30 AM - 10:55 AM Neurophysiological tools enable information systems (IS) researchers to measure subject responses when engaging in varying activities involving the central nervous system (CNS), the peripheral nervous system (PNS), or the hormone system (Riedl and Léger, 2016). Prior literature has called for rigor in the neuro-information-systems (NeuroIS) research methodology by addressing six critical factors, “reliability, validity, sensitivity, diagnosticity, objectivity, and intrusiveness of a measurement instrument” (Riedl, Davis and Hevner, 2014). Additional literature has reported strengths and weaknesses related to some critical factors, such as reliability and validity, when using neurophysiological tools, and the data and information that they provide (Dimoka, et al., 2012). This exploratory study uses the COBIT 5 (ISACA, 2012; ISACA 2019) framework to identify risks involving intraoperative neurophysiologic monitoring (IONM), a critical function that examines patient responses when engaging in varying activities (Rabai, Sessions and Seubert, 2016; Tamkus, Rice and McCaffrey, 2018) involving the central nervous system (CNS) and the peripheral nervous system (PNS). A questionnaire has been developed to facilitate the collection and examination of this study’s research data from a small sample of U.S. hospitals and other healthcare service providers. Interviews are planned as a follow-up to further examine those risks that address any of the previously stated six critical factors affecting the NeuroIS research methodology (reliability, validity, sensitivity, diagnosticity, objectivity, and intrusiveness) and that involve IONM tools and their derived information use. This study intends to provide a valued contribution to healthcare service providers in strengthening their reliability of interpretable IONM data and information. Also, as a contribution to the existing NeuroIS book of knowledge, this study looks to offer an extended risk management framework to NeuroIS researchers in their approach to future studies involving neurophysiological tools and their information use. |
|
---|---|---|
11:30 AM |
Molly Cooper, Nova Southeastern University KSU Center Rm 400 11:30 AM - 11:55 AM Phishing attacks target significant volume of Americans per year, and costs American organizations in the millions of dollars annually. Phishing is a cyber-attack using social engineering. Social engineering is the psychological manipulation of individuals in order to gain access to computer system(s) that the attacker is not authorized to use. Phishing can be presented in many ways: an email, link, website, text message, and other means. Phishing emails present a threat to both personal and organizational data loss. About 94% of cybersecurity incidents are due to phishing and/or social engineering. Significant volume of prior literature documented that end users are continuing to click on phishing links in emails, even after phishing awareness training, and it appears that there is a strong need for creative ways to warn and alert end users to signs of phishing in emails. Understanding a more aware state of mind, ‘System 2 Thinking Mode’ (S2), describes an individual in a more aware and alert state that s/he can utilize when making important decisions. End users have tendency to be more deliberate with their choices in S2, as opposed to ‘System 1 Thinking Mode’ (S1). S1 is more routine and not as deliberate. Some ways to trigger S2 include audio alerts, visual alerts, and vibrations. Assisting the end user in noticing signs of phishing in emails could possibly be studied through the delivery of audio and visual alerts and warnings. This study proposes to design and develop a method for a phishing alert and warning system that warns and alerts users to the signs of phishing in emails. The main goal of this work-in-progress research is to obtain Subject Matter Experts (SMEs) opinion to develop preliminary ranking of the top 10 signs of phishing in emails, and pair the signs of phishing with corresponding audio and visual warnings to be later used towards a phishing alert and warning system. Keywords: Phishing, phishing alerting, phishing warning, social engineering, cybersecurity, audio warning in cybersecurity, visual warning in cybersecurity, cyber risk mitigation, phishing emails susceptibility. |
|
11:55 AM |
An Exploratory Analysis of Mobile Security Tools Hossain Shahriar, Kennesaw State University KSU Center Rm 400 11:55 AM - 12:20 PM The growing market of the mobile application is overtaking the web application. Mobile application development environment is open source, which attracts new inexperienced developers to gain hands on experience with applicationn development. However, the security of data and vulnerable coding practice is an issue. Among all mobile Operating systems such as, iOS (by Apple), Android (by Google) and Blackberry (RIM), Android dominates the market. The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via the inadvertent or side channel, unsecured sensitive data storage, data transition and many others. Most of these vulnerabilities can be detected during mobile application analysis phase. In this paper, we explore vulnerability detection for static and dynamic analysis tools. We also suggest limitations of the tools and future directions such as the development of new plugins. |
|
1:00 PM |
A World of Cyber Attacks (A Survey) mubarak Banisakher KSU Center Rm 460 1:00 PM - 1:25 PM The massive global network that connects billions of humans and millions of devices and allow them to communicate with each other is known as the internet. Over the last couple of decades, the internet has grown expeditiously and became easier to use and became a great educational tool. Now it can used as a weapon that can steal someone’s identity, expose someone’s financial information, or can destroy your networking devices. Even in the last decade, there have been more cyber attacks and threats destroying major companies by breaching the databases that have millions of personal information that can be sold online. Cyber-attacks can happen numerous ways and can happen when no one is looking. In this paper we survey several cyber-attacks that has been around and the current ones which will give the readers a quick overview of the finding of this survey. We also arrived at a conclusion that education in this field is very important for companies and individuals to stay safe. |
|
1:00 PM |
Automated Reverse Engineering of Automotive CAN Bus Controls Charles Barron Kirby, University of North Georgia KSU Center Rm 400 1:00 PM - 1:25 PM This research provides a means of automating the process to reverse engineer an automobile’s CAN Bus to quickly recover CAN IDs and message values to control the various systems in a modern automobile. This approach involved the development of a Python script that uses several open-source tools to interact with the CAN Bus, and it takes advantage of several vulnerabilities associated with the CAN protocol. These vulnerabilities allow the script to conduct replay attacks against the CAN Bus and affect various systems in an automobile without the operator’s knowledge or interaction. These replay attacks can be accomplished by capturing recorded network traffic and resending them to find which traffic conducts certain actions. Automobiles are becoming more reliant on computer systems and networks to operate, including the integration of wireless interfaces to interact with these systems (Avatefipour & Malik, 2018). These systems contain numerous vulnerabilities as they were not built with consideration to hacking (Wolf, Weimerskirch, & Paar, 2004). Creating a tool to automate the reverse engineering process allows for a better understanding of the CAN Bus and its vulnerabilities. The aim of this script is to allow the user to identify what specific packets captured from CAN Bus traffic will initiate selected actions in the automobile’s controls. The results show the user can repeatedly split and send log files to the CAN Bus to narrow down the files to a single packet that is starting the selected outputs of the CAN Bus using this script. |
|
1:25 PM |
Automatic Security Bug Detection with FindSecurityBugs Plugin Hossain Shahriar, Kennesaw State University KSU Center Rm 400 1:25 PM - 1:50 PM The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android StThe security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnThe security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by povvtential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. erability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. udio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. ity defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. |
|
2:00 PM |
Factors Influencing Managed Security Services Vendor Selection Herbert J. Mattord, Kennesaw State University KSU Center Rm 400 2:00 PM - 2:25 PM Organizations that are considering managed security services (MSS) vendors undertake a variety of selection process to make a more informed decision regarding the selection of an MSS provider. This study is a work-in-progress that seeks to examine how some recent projects at medium to large organizations undertake these projects. The project intends to: 1) identify and document strategies and criteria for information technology outsourcing from academic and practice literature, 2) consider how those strategies and criteria may be adapted for use in managed security services (MSS) provider selection, and then 3) validate the strategies and criteria for MSS vendor selection from the prior and current practices of organizations engaged in IT outsourcing. The early work on this effort to date includes: 1) identify and document strategies for information technology outsourcing from academic and practice literature, 2) consider how those strategies may be adapted for use in managed security services (MSS) provider selection, and then 3) validate the strategies and criteria for MSS vendor selection from the prior and current practices of organizations engaged in IT outsourcing. |