A New Model for Understanding Users’ IS Security Compliance

The literature agrees that the major threat to IS security is constituted by careless employees. Therefore, effective IS security requires that users are not only aware of, but also comply with organizations’ IS security policies and procedures. To address this important concern, different IS security awareness, education and enforcement approaches have been proposed. Prior research on IS security compliance has criticized these extant IS security awareness approaches as lacking theoretically and empirically grounded principles to ensure that employees comply with IS security policies. This research-in-progress study proposes a new model that contains the factors that explain employees’ IS security compliance

A Computer Network Model for the Evaluation of Moving Target Network Defense Mechanisms

In order to combat the increasing complexity of cyber attacks, a new category of cyber defense called dynamic cyber defense has been the focus of a significant amount of work. Dynamic cyber defense mechanisms aim to protect networks by modifying their attributes in order to confuse would-be attackers. Currently, the majority of the existing mechanisms are purely theoretical and have been the subject of minimal performance analysis. There has also been almost no effort to perform comparative analysis of different techniques. As a result, there is a great need for a method of modeling different mechanisms within a single system in order to conduct comprehensive, comparative performance analysis. This work develops the framework of a system called Dynamic Virtual Terrain (DVT), which can be used for comparative analysis of dynamic cyber defense mechanisms under identical conditions. DVT models network topology using nodes, which represent members of a network, and access permissions, which describe the connectivity of the network. DVT also defines a generic dynamic cyber defense algorithm that can be extended in order to implement a hierarchy of techniques. An implementation of DVT is created in order to perform experiments with IP address hopping, port hopping, and dynamic firewall mechanisms in a cyber attack simulation environment. Attack scenarios are developed to evaluate the performance of the mechanisms under identical conditions, and the results of simulating these scenarios are used to analyze the performance of the implemented mechanisms