Student Misconceptions about Cybersecurity Concepts: Analysis of Think-Aloud Interviews

We conducted an observational study to document student misconceptions about cybersecurity using thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we provide a basis for developing rigorous evidence-based recommendations for improving teaching and assessment methods in cybersecurity and inform future research. This study is the first to explore student cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During these interviews, students grappled with security scenarios designed to probe their understanding of cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative method, novice-led paired thematic analysis, to document patterns in student misconceptions and problematic reasoning that transcend institutions, scenarios, or demographics. Themes generated from this analysis describe a taxonomy of misconceptions but not their causes or remedies. Four themes emerged: overgeneralizations, conflated concepts, biases, and incorrect assumptions. Together, these themes reveal that students generally failed to grasp the complexity and subtlety of possible vulnerabilities, threats, risks, and mitigations, suggesting a need for instructional methods that engage students in reasoning about complex scenarios with an adversarial mindset. These findings can guide teachers’ attention during instruction and inform the development of cybersecurity assessment tools that enable cross-institutional assessments that measure the effectiveness of pedagogies

Toward a New Meta-Theory for Designing Information Systems (IS) Security Training Approaches

Employees’ non-compliance with IS security procedures is a key concern for organizations. To tackle this problem, there exist several training approaches aimed at changing employees’ behavior. However, the extant literature does not examine the elementary characteristics of IS security training, such as the ways in which IS security training differs from other forms of training. We argue that IS security training needs a theory that both lays down these elementary characteristics and explains how these characteristics shape IS security training principles in practice. We advance a theory that suggests that IS security training has certain elementary characteristics that separate it from other forms of training, and we set a fundamental direction for IS security training practices. Second, the theory defines four pedagogical requirements for designing and evaluating IS security training approaches. We point out that no existing IS security training approach meets all of these requirements and demonstrate how to design an IS security training approach that does meet these requirements. Implications for research and practice are discussed

Build and Design of Voyage Account Applications Using C#, WPF, and SQL Server 2012 (Case Study PT. X)

Voyage Account is an application that record consumption data on each voyage, then the data is used to calculate the profit or loss of each voyage. The application interface was created using Windows Presentation Foundation (WPF). Prototyping development methods were used to create these applications, C# as the programming language, and SQL Server 2012 as the database. This study discusses the making of the interface, backend, and database of application. WPF has been selected, because WPF is the latest technology developed by Microsoft after WinForms. WPF presents a display that can be customized to user needs. The test results showed that the Voyage Account application is already functioning in accordance with wishes of the user, the test is done using sql query by entering the appropriate username and password and match the query returns results with what is displayed by the application. As for testing the interface shows if WPF can be flexibly adapted to the screen resolution of 1366 x 768, 1920 x 1080 and 1280 x 720

Build and Design of Voyage Account Applications Using C#, WPF, and SQL Server 2012 (Case Study Company X)

Voyage Account is an application that record consumption data on each voyage, then the data is used to calculate the profit or loss of each voyage. The application interface was created using Windows Presentation Foundation (WPF). Prototyping development methods were used to create these applications, C# as the programming language, and SQL Server 2012 as the database. This study discusses the making of the interface, backend, and database of application. WPF has been selected, because WPF is the latest technology developed by Microsoft after WinForms. WPF presents a display that can be customized to user needs. The test results showed that the Voyage Account application is already functioning in accordance with wishes of the user, the test is done using sql query by entering the appropriate username and password and match the query returns results with what is displayed by the application. As for testing the interface shows if WPF can be flexibly adapted to the screen resolution of 1366 x 768, 1920 x 1080 and 1280 x 720.Keyword: Voyage Account, WPF, prototyping, C#, SQL Server 2012

Teams Responsibilities for Digital Forensic Process

This paper presents a detailed digital forensics process model and the responsible teams to perform it. The discussed model presents three teams and a forensic leader who coordinate between the three teams; these teams are physical crime scene team, laboratory examination team and courtroom team. These teams are responsible of achieving the digital forensic model by applying five main phases which are preparation phase, physical forensics and investigation phase, digital forensics phase, reporting and presentation phase and closure phase. Most of the existing models in this field are either theoretical that deals with data processing or based on a legal point of view. Although they gave good information to base on it a guide, but they are not detailed enough to describe fully the investigative process and do not define teams and their responsibilities for investigation in a way that can be used by investigators during investigation. In this model the responsibilities and procedures of each team is represented given detailed steps for each team, so it can be used as guidance for the forensic investigators during investigation and assist their training. Keywords: digital forensics, computer forensics, digital investigation, forensic model, reference framework, Forensic teams’ responsibilities

Securing Cloud Storage by Transparent Biometric Cryptography

With the capability of storing huge volumes of data over the Internet, cloud storage has become a popular and desirable service for individuals and enterprises. The security issues, nevertheless, have been the intense debate within the cloud community. Significant attacks can be taken place, the most common being guessing the (poor) passwords. Given weaknesses with verification credentials, malicious attacks have happened across a variety of well-known storage services (i.e. Dropbox and Google Drive) – resulting in loss the privacy and confidentiality of files. Whilst today's use of third-party cryptographic applications can independently encrypt data, it arguably places a significant burden upon the user in terms of manually ciphering/deciphering each file and administering numerous keys in addition to the login password. The field of biometric cryptography applies biometric modalities within cryptography to produce robust bio-crypto keys without having to remember them. There are, nonetheless, still specific flaws associated with the security of the established bio-crypto key and its usability. Users currently should present their biometric modalities intrusively each time a file needs to be encrypted/decrypted – thus leading to cumbersomeness and inconvenience while throughout usage. Transparent biometrics seeks to eliminate the explicit interaction for verification and thereby remove the user inconvenience. However, the application of transparent biometric within bio-cryptography can increase the variability of the biometric sample leading to further challenges on reproducing the bio-crypto key. An innovative bio-cryptographic approach is developed to non-intrusively encrypt/decrypt data by a bio-crypto key established from transparent biometrics on the fly without storing it somewhere using a backpropagation neural network. This approach seeks to handle the shortcomings of the password login, and concurrently removes the usability issues of the third-party cryptographic applications – thus enabling a more secure and usable user-oriented level of encryption to reinforce the security controls within cloud-based storage. The challenge represents the ability of the innovative bio-cryptographic approach to generate a reproducible bio-crypto key by selective transparent biometric modalities including fingerprint, face and keystrokes which are inherently noisier than their traditional counterparts. Accordingly, sets of experiments using functional and practical datasets reflecting a transparent and unconstrained sample collection are conducted to determine the reliability of creating a non-intrusive and repeatable bio-crypto key of a 256-bit length. With numerous samples being acquired in a non-intrusive fashion, the system would be spontaneously able to capture 6 samples within minute window of time. There is a possibility then to trade-off the false rejection against the false acceptance to tackle the high error, as long as the correct key can be generated via at least one successful sample. As such, the experiments demonstrate that a correct key can be generated to the genuine user once a minute and the average FAR was 0.9%, 0.06%, and 0.06% for fingerprint, face, and keystrokes respectively. For further reinforcing the effectiveness of the key generation approach, other sets of experiments are also implemented to determine what impact the multibiometric approach would have upon the performance at the feature phase versus the matching phase. Holistically, the multibiometric key generation approach demonstrates the superiority in generating the bio-crypto key of a 256-bit in comparison with the single biometric approach. In particular, the feature-level fusion outperforms the matching-level fusion at producing the valid correct key with limited illegitimacy attempts in compromising it – 0.02% FAR rate overall. Accordingly, the thesis proposes an innovative bio-cryptosystem architecture by which cloud-independent encryption is provided to protect the users' personal data in a more reliable and usable fashion using non-intrusive multimodal biometrics.Higher Committee of Education Development in Iraq (HCED

Guideline Model for Digital Forensic Investigation

This paper proposes a detailed guideline model for digital forensics; the proposed model consists of five main phases, Preparation phase, Physical Forensics and Investigation Phase, Digital Forensics Phase, Reporting and Presentation Phase, and Closure Phase. Most of the existing models in this field do not cover all aspects of digital forensic investigations, as they focus mainly on the processing of digital evidence or on the legal points. Although they gave good information to base on it a guide, but they are not detailed enough to describe fully the investigative process in a way that can be used by investigators during investigation. In this model detailed steps for each phase is given, so it can be used as guidance for the forensic investigators, and it can assist the development of new investigative tools and techniques. Keywords: digital forensics, computer forensics, digital investigation, forensic model, reference framework