With the introduction of the 5th generation of wireless systems and communications (5G) comes new risks and challenges. This paper explores the potential security challenges of 5G communication compared with legacy cellular networks and prior generations of communication standards. This paper defines what 5G is and how it affects our lives on a daily basis. It further discusses the new security features involving different technologies applied to 5G, such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software-defined networks, and the internet of things, including autonomous cars, healthcare, automated manufacturing, and more.
Adware, an advertising-supported software, becomes a type of malware when it automatically delivers unwanted advertisements to an infected device, steals user information, and opens other vulnerabilities that allow other malware and adware to be installed. With the rise of more and complex evasive malware, specifically adware, better methods of detecting adware are required. Though a lot of work has been done on malware detection in general, very little focus has been put on the adware family. The novelty of this paper lies in analyzing the individual adware families. To date, no work has been done on analyzing the individual adware families. In this paper, using the CICAndMal2017 dataset, feature selection is performed using information gain, and classification is performed using machine learning. The best attributes for classification of each of the individual adware families using network traffic samples are presented. The results present an average classification rate that is an improvement over previous works for classification of individual adware families.
Data breaches have a profound effect on businesses associated with industries like the US healthcare system. This task extends more pressure on healthcare providers as they continue to gain unprecedented access to patient data, as the US healthcare system integrates further into the digital realm. Pressure has also led to the creation of the Health Insurance Portability and Accountability Act, Omnibus Rule, and Health Information Technology for Economic and Clinical Health laws. The Defense Information Systems Agency also develops and maintains security technical implementation guides that are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures. The objective is to design a network (physician's office) in order to meet the complexity standards and unpredictable measures posed by attackers. Additionally, the network must adhere to HIPAA security and privacy requirements required by law. Successful implantation of network design will articulate comprehension requirements of information assurance security and control.
The paper presents a new framework that allows both educators and operational personnel to better overlay incidents into a simplified framework. While other attack frameworks exist, they either lack simplicity or are too focused on specific types of attacks. Therefore, the authors have attempted to define a framework that can be used broadly across both physical and cyber incidents. Furthermore, the paper provides several high-profile examples wherein it is shown how this new framework more accurately represents the adversary's actions. Lastly, the framework allows room for expansion in that, within each stage, a plethora of questions can be addressed, giving greater specificity into how that stage was carried out.
Cybercrime has proliferated over the last decade and is increasing in velocity and intensity. The need for employers to find highly skilled technologists to fill the many critical roles is reaching unprecedented levels. Men dominate the information technology fields such as cybersecurity and computer science. However, the need to bring more women into the various fields is necessary and would bring tremendous benefit to any organization. Much work needs to be done to generate interest in secondary schools by training teachers in technology so they can develop effective STEM curricula. Post-secondary schools need to focus on teacher development as well as developing information technology curricula that appeals to women. And once in the workplace, organizations need to develop policies and inclusive environments that do not alienate women.
The aim of this exploratory research is to investigate people's perception of data sensitivity and their willingness to share such data. There has been little research within the UAE that identified the public/ordinary people's perspective of what is considered sensitive data and what is not, and which data can/not be shared with others such as social media applications, e-commerce websites, and friends. To achieve the aim of this research, empirical data was collected using a survey designed to evaluate the sensitivity of five categories of data types (personal, contact, online life, financial, and secure identifiers). The research findings revealed that the respondents tended to feel relatively low sensitivity to personal data, but they tended to feel a higher degree of sensitivity to financial-related data, and they are also not willing to share it. However, some personal data items like medical history records were largely deemed as not sensitive according to participants. This paper presents and discusses new insights and research implications based on findings from the UAE context.
Identity theft is a serious crime growing rapidly due to the ever-tighter integration of technology into people's lives. The psychological and financial loss to individual victims is devastating, and its costs to society at large staggering. In order to better understand the problem and to combat the crime more effectively, a comprehensive review of issues related to identity theft is performed in this paper. The human element of the crime is examined, along with the exploits used by perpetrators and countermeasures that have been developed. The findings highlight areas in need of continued research and guidelines that should benefit individuals and organizations in their pursuit of potential solutions.
Data breaches are events that have concluded in the compromise of personally identifiable information (PII) for millions of people globally. The consequences of such events can only result in certain serious outcomes, including identity theft. Such perilous outcomes highlight the importance of organizational entities accurately safeguarding and preserving the PII gathered from stakeholders or consumers. The user data breaches of Facebook, Equifax, and Uber concluded in the compromise of PII data for millions of consumers and employees, which are the most critical aspects that comprise any organizational infrastructure. This paper will examine the events leading to and transpiring after the data breaches of Facebook, Equifax, and Uber. In addition, the collective impact on every organization and its various incident management procedures will be addressed.
This research examined the extent to which social-media users' privacy concerns affected the likelihood that they would pay a fee in exchange for a social-media company promising not to use or sell that user's data. Data to empirically test the theoretical model were collected by administering a survey to social-media users. The sample consisted of 173 usable responses. The results of the analyses, including the structural model show that users' knowledge of privacy issues, personal experience with invasions of privacy, and their levels of risk intolerance, influenced the likelihood that they would pay a privacy fee, indirectly, through their concern for privacy. Furthermore, concern for privacy had a significant, positive effect on the magnitude of an expected privacy fee.
This paper presents the nature, effects, and dynamics of cybercrime in Nigeria and its effects to economic development in the country. The paper is sourced for secondary data through, journals, periodicals and publications as well as obtained primary data from the field. Primary data was sourced through the distribution of 66 questionnaires using the purposive sampling technique. Findings revealed that there exists an insecure cyberspace in Nigeria and the activities of the cybercriminals affects the economy negatively by discouraging Nigerians from partaking in electronic services/transactions, thus discouraging Nigerians from accepting the concept of digital economy. Findings also revealed that activities such as unauthorized access, hacking and cracking, online fraud, identity theft, cyber terrorism, amongst others were dominant threats in the cyberspace and finally the cyberspace provide jobs and by implication contribute to the socioeconomic development of the Nigerian State. Recommendations proffered include the federal government to train and retrain forensic experts in all financial/security agencies towards achieving a secured cyber space and the need for the federal, state, and local governments to create awareness amongst others.
The existing domains of warfare are land, sea, air, space, and now cyberspace. Once President Obama addressed the public on the cybersecurity threat and Executive Order 13636 was issued, the government gained traction in creating policy and collaborating with industry to gain a better presence in the U.S. Industry owns, operates, and controls most of the critical infrastructure in the U.S. and is perceived to have better knowledge, skills, and abilities in cybersecurity operations and capabilities. This study seeks to fill a gap that currently exists in scholarly research in the areas of partnerships in cybersecurity. Using the innovative e-Delphi electronic method to collect qualitative and quantitative data from experts, this study explores the competency, expertise, and partnership aspects of the U.S. Government and industry relationship in cybersecurity organizations.
Government cybersecurity organizations have faced unique challenges in the last decade. With the release of Executive Order 13636 in 2013, an otherwise amorphous domain of warfare matured quickly and began to take shape in the areas of information sharing, industry relations, and various areas of management. This study seeks to fill a gap that currently exists in scholarly research in the areas of acquisition and program management in cybersecurity. Using the innovative e-Delphi electronic method to collect qualitative and quantitative data from experts, this study explores the contractual complexity, intellectual property, and risk management aspects of the U.S. Government and industry relationship in cybersecurity organizations.
Innovations in digital technology are progressing at an unprecedented rate, and countries and all types of actors are capitalizing on these advancements. Moreover, if first adopters can obtain the digital technology without spending the lengthy time and ample funds for research and development of it, but rather through industrial espionage, this gives countries the potential global advantage without the costs. Included are further details on the rise of industrial espionage, its key issues, and effects on the internet and network security, the applicable hacking attacks and countermeasures, and major predictions and future issues.
This work aims to analyse the influence of the learning culture and transformational leadership in knowledge application in school context. Mediation analysis is used to quantify the effects that the learning culture has on the application of leadership, mediated by transformational leadership. The method involves two samples of subjects—school managers and teaching staff—of 17 educational organizations. This study used partial least squares (PLS) method in the SmartPLS v. 3.2.6 software. The results show, first, that there is a direct and significant effect of the learning culture in the application of knowledge and, secondly, a significant mediation effect of leadership in between learning culture and the knowledge application. This work has proven that leadership behaves as a mediating instrument. This situation is critical in organizations because it makes it possible to obtain synergies in human capital and the development of knowledge. The study deepens our understanding of the enablers that affect knowledge application within the school, especially of the leadership.
Companies providing technology-driven services are held to the high standard of full availability, integrity, and confidentiality. Achieving even near-perfect availability is an increasingly daunting task, even for these companies with seemingly limitless resources. In order to approach this very challenging goal, strategies must be implemented to ensure that changes and improvements to the provided services do not leave the currently functioning environment vulnerable to attacks or introduce new issues. Systems and processes must be evaluated to ensure their efficient and effective operation. Administrative security controls must be audited to ensure the proper implementation of policies and procedures. A failure to properly evaluate the programs and procedures leaves an organization at risk for a data incident or an attack on the organization's assets. This paper covers some of the most important elements of security assessments and testing.
With the development of new internet application technologies, cyberspace security is becoming more important. How to effectively identify network attacks is the core issue of cyberspace security. Deep learning is used in intrusion detection, which can find hidden attacks in intrusion data and then improve the accuracy of detection. Semi-supervised learning uses a small number of labeled data and a large number of unlabeled data to train. It reduces the requirements of the sample. In this paper, an intrusion detection algorithm based on semi-supervised learning and deep learning is proposed to solve the problem of low accuracy in intrusion detection systems. The algorithm uses sparse self-encoder and softmax classifier in deep learning to classify the data and improves the classification performance. Experimental verification is carried out using KDD CUP99 dataset. The experimental results verify the effectiveness of the algorithm.
The internet has become a medium for people to communicate locally or globally in business, education, and their social lives. The increased use of the internet has created an impact on the number of online harassing/cyberstalking cases. This exploratory study of 121 undergraduate students seeks to examine the extent to which cyberstalking is prevalent. This study argues that cyberstalking and harassment will only decrease when the extent of the problem is fully understood and potential victims and law enforcement understand the protections necessary under the law.
The present study compared three methods aimed at predicting the writer's gender based on writing features manifested in electronic discourse. The compared methods included qualitative content analysis, statistical analysis, and machine learning. These methods were further combined to create a mixed methods model. The findings showed that the machine learning model combined with qualitative content analysis produced the best prediction accuracy. Including qualitative content analysis was able to improve accuracy rates even when the training set for machine learning was relatively small. Thus, this study presented a concise model that can be fairly reliable in predicting gender based on electronic discourse with high accuracy rates and such accuracy was consistently found when the model was tested by two separate samples.
The possibility that computers, in particular, personal computers, can be used for harmful actions affecting global computer systems as a whole, due to two main reasons: (1) hardware and / or software failures, which are caused by problems related to their manufacture which must be solved by their respective manufacturers and (2) failures due to actions or inactions of their users, in particular people with low computer skills, people of very low age groups, e.g. children, or very old age groups, e.g. ageing people, or others without a minimum of computer skills. This problem is aggravated by the continuous proliferation of equipment, namely mobile devices, IOT devices and others that have Internet connectivity, namely through a browser. There are the possible ways in the area of cyber education that can contribute to cyber resilience of society and these are developed in this work.
This study investigated the effectiveness of Zimbabwe's cyber security frameworks in combating terrorism. Media reports and scholarly evidence have constantly shown that cybercrime has led to loss of life, money, security, damage to property. There is a lot of concern among citizens of African countries such as Zimbabwe, Kenya, and Nigeria that their governments are not equipped with effective cyber security systems to combat these cyber threats. It is on the basis of these concerns that this study was carried out with the hope of helping to close policy and knowledge gaps affecting the effectiveness of the cyber security frameworks of Zimbabwe. The study used qualitative methodology and a case study research design was utilised. The study was conducted in Harare the capital city of Zimbabwe. Key informant interviews and documentary search were used to collect data. Among the findings of the study were that cyber fraud and theft are some of the significant cyber security threats in Zimbabwe; that Zimbabwe lacks established legislation and other regulatory institutions for cyber-security. Among the recommendations are; that the Ministry of Justice, Legal and Parliamentary Affairs enacts cyber security laws in Zimbabwe to combat cyber terrorism.
This article describes how cybersecurity is a field that is growing at an exponential rate. In light of many highly publicized incidences of cyber-attacks against organizations, the need to hire experienced cybersecurity professionals is increasing. The lack of available workforce to fill open positions is alarming and organizations are finding that potential candidates with academic degrees and certifications alone are not as valuable as those with experience. Gaining rapid experience requires immersion into realistic virtual environments that mimic real-world environments. Currently, cybersecurity competitions leverage many technologies that immerse participants into virtual environments that mimic real-world systems to improve experiential learning. These systems are expensive to build and maintain, and to continuously improve realism is difficult. However, the training value of cyber competitions in which the participants cannot distinguish from real-world systems will ultimately develop highly experience cybersecurity professionals.
Cyber-attacks happen faster and more spontaneously than traditional warfare. This cyber landscape offers new challenges to organizations due to its unique nature. Building organizations to defend against cyber terrorism and innovating offensive solutions calls for strong information sharing amongst government and military organizations, as well as industry partners. Using an innovative electronic method to collect quantitative and qualitative data from experts, this study seeks to explore the effectiveness and establishment of information sharing practices and procedures in U.S. government cybersecurity organizations. This study also considers the impact of media leaks and terrorism on information sharing practices and procedures.
Social media makes it easier than ever to access information and opinions associated with criminal proceedings and viewing or discussing these pre-trial could reduce juror impartiality. This study explored whether viewing social media comments influenced mock juror verdicts. Seventy-two participants formed 12 six-person ‘mock juries'. All participants received information regarding a murder trial. Nine groups were exposed to social media comments, manipulated to be negative, positive or neutral towards the defendant. The remaining three groups only received trial information (control condition). Results showed that prior to group discussion, exposure to negatively-biased comments significantly increased the number of guilty verdicts, however these effects disappeared after group discussion. Therefore, although jurors may be unable to remain impartial before a trial, jury discussion can remove these prejudices, supporting previous group research. Further research is suggested where participants interact actively with social media, rather than passively viewing comments.
Proxy servers used around the globe are typically graded and built for small businesses to large enterprises. This does not dismiss any of the current efforts to keep the general consumer of an electronic device safe from malicious websites or denying youth of obscene content. With the emergence of machine learning, we can utilize the power to have smart security instantiated around the population's everyday life. In this work, we present a simple solution of providing a web proxy to each user of mobile devices or any networked computer powered by a neural network. The idea is to have a proxy server to handle the functionality to allow safe websites to be rendered per request. When a website request is made and not identified in the pre-determined website database, the proxy server will utilize a trained neural network to determine whether or not to render that website. The neural network will be trained on a vast collection of sampled websites by category. The neural network needs to be trained constantly to improve decision making as new websites are visited.
The purpose of this article is to assess the needs of local and state law enforcement agencies to investigate both cyber-enabled and cyber-dependent crimes. While large federal investigative agencies have the skills, tools and resources to investigate cyber-crimes, the increasing propagation of such crimes has overwhelmed their ability to investigate all but the most serious national security threats and large-scale cyber-crimes. To that end, this article assesses the current knowledge, skills, and abilities of local law enforcement to perform cyber-crime investigations and more importantly their desire to do so. As these crimes grow in ease and popularity it is posited that local law enforcement will be required to have the technical skills to investigate a myriad of cyber-crimes at the local level. As such, there will be a need for local training in cyber-crimes investigation and shared investigative resources. Additionally, this paper gauges local law enforcements' willingness to participate in such training.
Electronic health records (EHRs) pose unique concerns for administrators and information technology professionals with regard to cybersecurity. Due to the sensitive nature and increasing value of personal health information, cyber risks and information protection should be a high priority. A literature review was conducted to identify potential threat categories and best practices in protecting EHR information. Potential threats were identified and categorized into five areas; physical, portable devices, insider use, technical, and administrative. Government policies have created administrative, physical, and technical safeguards to keep EHR information safe. Despite these efforts, EHRs are being targeted by cyber-criminals due to flaws in personal and organizational management of protected healthcare information. This paper aims to educate, inform, and advocate for the proper handling of EHRs to alleviate the burden caused by compromised electronic documents.
Understanding employee's security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior (TPB) based on attitude, subjective norm, and perceived behavioral control constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on attitude and finds the most common measures for attitude, which can be used in organizations to develop a method to influence employees' attitude positively with the goal of inducing positive security behavior. Further, a conceptual model for operationalizing the obtained measures for enhancing information security in organizations is presented.
Every year many individuals and organizations suffer from cyberattacks, which include data loss, information hacks, transaction problem, and unauthorized access of information or data. The frequency of these attacks is increasing day by day and it's creating a lot of problems or threats in our life. These attacks can be extremely damaging to businesses as well as people. Therefore, we must know about cyberattacks and their preventive measures as many of us are still unaware about it. The objective of this paper is to create awareness of the various types of cyber-attacks and lay the foundation for their cyber security planning. In this paper, we discuss different types of cyberattacks and the tools used to perform these cyberattacks. Moreover, this paper presents a clear picture of some attacks that helps people to understand how attacker accomplishes all these attacks. Finally, we discuss the preventive measures.
Identity-based cryptosystems were introduced to overcome one of the main problems in public key encryption, the generation of public and private keys. In the identity-based cryptosystem, an identifier such as an e-mail address of a user can be used to generate public and private keys by a trusted third party. The trusted third party uses a system-wide master secret to provide private keys to a user. Identity-based cryptosystems can be constructed using the idea of pairings. This article discusses four different identity-based cryptosystems: the Boneh-Franklin scheme, the Cock's scheme, the Authenticated IBE scheme and the Hierarchical IBE scheme. This article also discusses the security notions considered for the identity-based cryptosystem. The security notions considered are: one-wayness, indistinguishability, semantic security and non-malleability. An architecture consisting of a public parameter server and private key generator for the implementation of the identity-based cryptosystems is also discussed.
Law enforcement officials (LEOs) in the UK conduct open source research (OSR) as part of their routine online investigations. OSR, in this instance, refers to publicly available information that is accessed via the Internet. As part of the research, identifying and tracing the electronic suspect (RITES) course provided by the UK's College of Policing, LEOs are introduced to the open source internet research tool (OSIRT); a free software tool designed to assist LEOs with OSR investigations. This article draws on analyses from questionnaires and observations from a RITES course; mapping them to Kirkpatrick's evaluation model. Results showed the positive impact the RITES course had in transferring knowledge back on-the-job, with LEOs applying knowledge learned to real-life investigative scenarios. Additionally, results showed OSIRT integrated both in the RITES course and into the LEOs investigative routine.
Cyber bullying is the unwise use of technology to harm and humiliate an individual or group over the Internet. The purpose of this article is to test the effectiveness of the cyber bullying sensitisation program (CBSP) to reduce the level of cyber bullying behaviour among middle school students. The sample was restricted to adolescents as they are the ones who are most exposed and vulnerable in the cyber space. A quasi-experimental pre-post design with intervention was adopted for the study. The participants of the study were comprised of 186 middle school students from two private schools in India. The experimental group had 94 participants while control groups had 92 participants. Statistical analysis indicated that there was a significant difference between pre- and post-test scores in the experimental group. No significant difference was found between the experiment and control group before the program, suggesting that the program was effective in helping students in reducing cyber bullying behaviour. The implications for prevention and intervention programs were discussed.
A log is a record of events that happens within an organization containing systems and networks. These logs are very important for any organization, because a log file will able to record all user activities. Due to this, log files play a vital role and contain sensitive information, and therefore security should be a high priority. It is very important to the proper functioning of any organization, to securely maintain log records over an extended period of time. So, management and maintenance of logs is a very difficult task. However, deploying such a system for high security and privacy of log records may be overhead for an organization and require additional costs. Many techniques have been designed for security of log records. The alternative solution for maintaining log records is using Blockchain technology. A blockchain will provide security of the log files. Log files over a Blockchain environment leads to challenges with a decentralized storage of log files. This article proposes a secured log management over Blockchain and the use of cryptographic algorithms for dealing the issues to access a data storage. This proposed technology may be one complete solution to the secure log management problem.
Blockchains used for the protection of patient information can serve as a way for hospitals and other medical facilities to secure patient records. With more information threats targeting hospitals and other medical facilities, it is becoming more important for these organizations to improve the information systems that are charged with protecting their patient records. HIPAA regulations are in place to try and protect patient records and information, but the hospitals do not allocate enough funds to information systems so they are put at risk of attack. Blockchains can offer the type of protection that these medical facilities need without them having to worry about upgrading the technology every year. The Blockchain is not without its faults, and that can be seen in the attacks that take place against Bitcoin. Even with these attacks, the use of Blockchain would be beneficial to the hospitals and medical facilities.
The Dark Web is its own clandestine network of thousands of websites that most of us do not even know exist, much less how to access. The Dark Web uses its own tools to keep users anonymous and their activities hidden. The Dark Web is so well concealed that the full extent of its use remains largely the topic of hushed conversations. From black market drug sales to child pornography, the Dark Web operates at two extremes of the Internet, from venues for anonymous whistleblowing on one end to unguarded censorship on the other. This article provides a primer for those interested in learning more about the “known unknowns” of the Dark Web. Readers will find an excellent opening manuscript for the newly launched International Journal of Cyber Research and Education as it sets the stage for future research in cyber security and law enforcement. The paper will examine three foundational questions for the reader: What constitutes the ‘deep/dark/underground' web and keeps it obscure and remote from the community of legitimate users? How can websites that occupy the same virtual space range exist in two parallel dimensions from discoverable to undiscoverable? And finally, how do the actors on the Dark Web mature from novice to advanced? Is it the same process followed by users of the known web? In the corpus of this article, the authors will briefly examine how online markets exist simultaneously on the Internet, serving clients in both known online environments as well as the more secretive, anonymous online world. They will examine how nefarious actors migrate from the “good” web to become novice and then advanced users of the “evil” environments. To the neophyte user, the process introduced herein may appear relatively straightforward. In truth, the notion that any but the most staunchly dedicated practitioner can become a vetted participant in the ‘dark web' is inconceivable. Even so, with the sheer volume of actors operating in numerous underground forums and marketplaces, the impact remains significant and growing geometrically. Government and industry from all over the globe are hindered in their ability to track and identify the truly advanced actors operating in these more secretive environments. We shall soon see why this is the case.
Bitcoin and blockchain are two new and innovative technologies that may be confusing. This purpose of this paper is to differentiate these two new technologies and explain their functionalities. The concept of Bitcoin “mining” will be addressed, as well as the impact it has had on the hardware market. Finally, the benefits and concerns of implementing blockchain and Bitcoin will be provided. Despite the concerns, both blockchain and Bitcoin provide a plethora of possible new technological advanced, both in the terms of digital currencies as well as other avenues.
The cyber awareness of online video game players (n = 183) was investigated by examining their online safety practices and the degree to which they were exposed to threats. With findings revealing that gamers engaged in poor online practices, despite expressing concern for their safety, this investigation supports the view that gamers are unaware of the possible consequences of their online actions, and/or continue to show resistance to cybersecurity practices perceived to hinder gameplay. While the findings should be regarded as preliminary, game developers and publishers, policymakers, and researchers may find them valuable in obtaining a clearer understanding of gamers' cyber awareness and online practices. Coupled with ongoing research, these findings may also prove valuable for the identification of strategies that may be used to curb risky online behavior.