Research

Subscribe to RSS Feed

2019
Saturday, October 12th
10:30 AM

An Exploratory Study of Intraoperative Neurophysiologic Monitoring (IONM) Using COBIT 5 for Improving Neurophysiological Tools and Information Use

Angela Jackson-Summers, US Coast Guard Academy

KSU Center Rm 400

10:30 AM - 10:55 AM

Neurophysiological tools enable information systems (IS) researchers to measure subject responses when engaging in varying activities involving the central nervous system (CNS), the peripheral nervous system (PNS), or the hormone system (Riedl and Léger, 2016). Prior literature has called for rigor in the neuro-information-systems (NeuroIS) research methodology by addressing six critical factors, “reliability, validity, sensitivity, diagnosticity, objectivity, and intrusiveness of a measurement instrument” (Riedl, Davis and Hevner, 2014). Additional literature has reported strengths and weaknesses related to some critical factors, such as reliability and validity, when using neurophysiological tools, and the data and information that they provide (Dimoka, et al., 2012). This exploratory study uses the COBIT 5 (ISACA, 2012; ISACA 2019) framework to identify risks involving intraoperative neurophysiologic monitoring (IONM), a critical function that examines patient responses when engaging in varying activities (Rabai, Sessions and Seubert, 2016; Tamkus, Rice and McCaffrey, 2018) involving the central nervous system (CNS) and the peripheral nervous system (PNS). A questionnaire has been developed to facilitate the collection and examination of this study’s research data from a small sample of U.S. hospitals and other healthcare service providers. Interviews are planned as a follow-up to further examine those risks that address any of the previously stated six critical factors affecting the NeuroIS research methodology (reliability, validity, sensitivity, diagnosticity, objectivity, and intrusiveness) and that involve IONM tools and their derived information use. This study intends to provide a valued contribution to healthcare service providers in strengthening their reliability of interpretable IONM data and information. Also, as a contribution to the existing NeuroIS book of knowledge, this study looks to offer an extended risk management framework to NeuroIS researchers in their approach to future studies involving neurophysiological tools and their information use.

10:55 AM

A Survey of Security Vulnerabilities in Social Networking Media - The Case of Twitter

Arunima Choudhary, Kennesaw State University
Elizabeth Fokes, Southern Polytechnic State University
Lei Li, Kennesaw State University

KSU Center Rm 400

10:55 AM - 11:20 AM

Six Degrees is largely considered to be the first social networking platform that allowed users to interact with each other. Users could upload their pictures, make friends on the platform and communicate with them. Ever since, the usage of social networking has increased exponentially. Websites like Orkut, MySpace, LinkedIn, Facebook, Flickr, Photobucket, Instagram and Twitter quickly became an integral part of web usage for users across the globe. These social sites supported active communication among users across the globe, sharing of digital media (including pictures, music and videos) and cross platform sharing. According to Statista, over 3.5 billion people around the globe. Of which 244 million people reside in the United States alone (Statista, August 2019).

About 17 million people in the United States use Twitter (Pew Research Center, June 2019). As the propagation of Twitter continues through our society, it is important to consider the security vulnerabilities. This research paper considers the most common security vulnerabilities on Twitter. The primary research method has been conducting an extensive literature search on the vulnerabilities of Twitter. This was done by collecting information from credible academic sources, credible security blogs and finally going over presentations at security conferences. Our research found that one of the main reasons behind security issues related with Twitter arise from its usage of open source languages related to Java (The Verge, February 2013). Unfortunately, Java requires regular patches from Oracle which can create delays in fixing security issues. The paper goes into detail security vulnerabilities that arise from Twitter’s usage of Java and other related languages on its platform including DDoS attacks, ‘twitpocalaypse’ and propagation of misleading information created by its users. Along with Java related vulnerabilities, the research paper also looks at XML vulnerabilities in depth. Bad actors often use Twitter partners’ to gain access to Twitter’s data using XML exploits. This is done by attacking Twitter’s preferred partners to gain access to session token to gain access to Twitter’s databases. Additionally, instances of security exploits leveraging email ID and mouseover functionalities are also explored. Twitter’s applications like ‘tweetdeck’ are also notorious for having security exploits. This paper looks at a few applications and addresses their vulnerabilities. Finally, Twitter’s impact on Geopolitics is addressed including the usage of twitter to affect ‘British EU referendum’.

References:

(2019, August 9). U.S. population with a social media profile 2019. Retrieved from https://www.statista.com/statistics/273476/percentage-of-us-population-with-a-social-network-profile/

(2019, June 12). Demographics of Social Media Users and Adoption in the United States. Retrieved from https://www.pewinternet.org/fact-sheet/social-media/

Sandoval, G., Kopfstein, J., Franzen, C., Blagdon, J., Welch, C., Sottek, T. C., … Bishop, B. (2013, February 20). Cyber criminals exploit Java vulnerability to hack Apple, Facebook, and Twitter. Retrieved from https://www.theverge.com/web/2013/2/19/4006868/hackers-exploit-java-vulnerability-apple-facebook-twitter

11:30 AM

Towards An Assessment of Audio and Visual Alerts and Warnings to Mitigate Risk of Phishing Emails Susceptibility

Molly Cooper, Nova Southeastern University
Yair Levy, Nova Southeastern University
Ling Wang, Nova Southeastern University
Laurie Dringus, Nova Southeastern University

KSU Center Rm 400

11:30 AM - 11:55 AM

Phishing attacks target significant volume of Americans per year, and costs American organizations in the millions of dollars annually. Phishing is a cyber-attack using social engineering. Social engineering is the psychological manipulation of individuals in order to gain access to computer system(s) that the attacker is not authorized to use. Phishing can be presented in many ways: an email, link, website, text message, and other means. Phishing emails present a threat to both personal and organizational data loss. About 94% of cybersecurity incidents are due to phishing and/or social engineering. Significant volume of prior literature documented that end users are continuing to click on phishing links in emails, even after phishing awareness training, and it appears that there is a strong need for creative ways to warn and alert end users to signs of phishing in emails. Understanding a more aware state of mind, ‘System 2 Thinking Mode’ (S2), describes an individual in a more aware and alert state that s/he can utilize when making important decisions. End users have tendency to be more deliberate with their choices in S2, as opposed to ‘System 1 Thinking Mode’ (S1). S1 is more routine and not as deliberate. Some ways to trigger S2 include audio alerts, visual alerts, and vibrations. Assisting the end user in noticing signs of phishing in emails could possibly be studied through the delivery of audio and visual alerts and warnings. This study proposes to design and develop a method for a phishing alert and warning system that warns and alerts users to the signs of phishing in emails. The main goal of this work-in-progress research is to obtain Subject Matter Experts (SMEs) opinion to develop preliminary ranking of the top 10 signs of phishing in emails, and pair the signs of phishing with corresponding audio and visual warnings to be later used towards a phishing alert and warning system.

Keywords: Phishing, phishing alerting, phishing warning, social engineering, cybersecurity, audio warning in cybersecurity, visual warning in cybersecurity, cyber risk mitigation, phishing emails susceptibility.

11:55 AM

An Exploratory Analysis of Mobile Security Tools

Hossain Shahriar, Kennesaw State University
Md Arabin Talukder, Kennesaw State University
Md Saiful Islam, Kennesaw State University

KSU Center Rm 400

11:55 AM - 12:20 PM

The growing market of the mobile application is overtaking the web application. Mobile application development environment is open source, which attracts new inexperienced developers to gain hands on experience with applicationn development. However, the security of data and vulnerable coding practice is an issue. Among all mobile Operating systems such as, iOS (by Apple), Android (by Google) and Blackberry (RIM), Android dominates the market. The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via the inadvertent or side channel, unsecured sensitive data storage, data transition and many others. Most of these vulnerabilities can be detected during mobile application analysis phase. In this paper, we explore vulnerability detection for static and dynamic analysis tools. We also suggest limitations of the tools and future directions such as the development of new plugins.

1:00 PM

A World of Cyber Attacks (A Survey)

mubarak Banisakher
Marwan Omar, Saintleo University

KSU Center Rm 460

1:00 PM - 1:25 PM

The massive global network that connects billions of humans and millions of devices and allow them to communicate with each other is known as the internet. Over the last couple of decades, the internet has grown expeditiously and became easier to use and became a great educational tool. Now it can used as a weapon that can steal someone’s identity, expose someone’s financial information, or can destroy your networking devices. Even in the last decade, there have been more cyber attacks and threats destroying major companies by breaching the databases that have millions of personal information that can be sold online. Cyber-attacks can happen numerous ways and can happen when no one is looking. In this paper we survey several cyber-attacks that has been around and the current ones which will give the readers a quick overview of the finding of this survey. We also arrived at a conclusion that education in this field is very important for companies and individuals to stay safe.

Automated Reverse Engineering of Automotive CAN Bus Controls

Charles Barron Kirby, University of North Georgia
Bryson Payne, University of North Georgia

KSU Center Rm 400

1:00 PM - 1:25 PM

This research provides a means of automating the process to reverse engineer an automobile’s CAN Bus to quickly recover CAN IDs and message values to control the various systems in a modern automobile. This approach involved the development of a Python script that uses several open-source tools to interact with the CAN Bus, and it takes advantage of several vulnerabilities associated with the CAN protocol. These vulnerabilities allow the script to conduct replay attacks against the CAN Bus and affect various systems in an automobile without the operator’s knowledge or interaction.

These replay attacks can be accomplished by capturing recorded network traffic and resending them to find which traffic conducts certain actions. Automobiles are becoming more reliant on computer systems and networks to operate, including the integration of wireless interfaces to interact with these systems (Avatefipour & Malik, 2018). These systems contain numerous vulnerabilities as they were not built with consideration to hacking (Wolf, Weimerskirch, & Paar, 2004). Creating a tool to automate the reverse engineering process allows for a better understanding of the CAN Bus and its vulnerabilities. The aim of this script is to allow the user to identify what specific packets captured from CAN Bus traffic will initiate selected actions in the automobile’s controls. The results show the user can repeatedly split and send log files to the CAN Bus to narrow down the files to a single packet that is starting the selected outputs of the CAN Bus using this script.

1:25 PM

Automatic Security Bug Detection with FindSecurityBugs Plugin

Hossain Shahriar, Kennesaw State University
Kmarul Riad, Kennesaw State University
Arabin Talukder, KSU
Hao Zhang, KSU
Zhuolin Li, Kennesaw State University

KSU Center Rm 400

1:25 PM - 1:50 PM

The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android StThe security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnThe security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by povvtential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. erability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. udio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. ity defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time.

2:00 PM

Factors Influencing Managed Security Services Vendor Selection

Herbert J. Mattord, Kennesaw State University

KSU Center Rm 400

2:00 PM - 2:25 PM

Organizations that are considering managed security services (MSS) vendors undertake a variety of selection process to make a more informed decision regarding the selection of an MSS provider. This study is a work-in-progress that seeks to examine how some recent projects at medium to large organizations undertake these projects.

The project intends to:

1) identify and document strategies and criteria for information technology outsourcing from academic and practice literature,

2) consider how those strategies and criteria may be adapted for use in managed security services (MSS) provider selection, and then

3) validate the strategies and criteria for MSS vendor selection from the prior and current practices of organizations engaged in IT outsourcing.

The early work on this effort to date includes:

1) identify and document strategies for information technology outsourcing from academic and practice literature,

2) consider how those strategies may be adapted for use in managed security services (MSS) provider selection, and then

3) validate the strategies and criteria for MSS vendor selection from the prior and current practices of organizations engaged in IT outsourcing.