Educating The Next Generation Of Computer Security Professionals: The Rise And Relevancy Of Professional Certifications

This paper discusses the recent ascent and proliferation of computer security professional certifications.  Based upon the premise that secure information technology not only underpins the current US economy but also represents a pivot point for future economic growth, it highlights the recent phenomenon of many information technology professionals complementing their Computer Science (CS), Information Systems (IS), and Information Technology (IT) degrees with highly specialized certification-based training to secure jobs that help to protect our national IT infrastructure.   It also raises the question as to whether the trend of narrowly-focused specialized training signals a possible shift away from traditional academic computer security programs.  If the present trend continues, the longer-term consequences for traditional academic degree programs could be dramatic.  However, from the short-term perspective of this study, the proliferation of certification programs as a source of supplementary education is viewed as a positive phenomenon, helping to mitigate the disastrous effects associated with the continuous onslaught of domestic- and international-sourced cyber-attacks that threaten our national economic livelihood

Access Control In and For the Real World

Access control is a core component of any information-security strategy. Researchers have spent tremendous energy over the past forty years defining abstract access-control models and proving various properties about them. However, surprisingly little attention has been paid to how well these models work in real socio-technical systems (i.e., real human organizations). This dissertation describes the results of two qualitative studies (involving 52 participants from four companies, drawn from the financial, software, and healthcare sectors) and observes that the current practice of access control is dysfunctional at best. It diagnoses the broken assumptions that are at the heart of this dysfunction, and offers a new definition of the access-control problem that is grounded in the requirements and limitations of the real world

Countering Modern Terrorism: Military and other Options

Terrorism has been part of human development dating back to the era of the struggles for independence and liberation but still defy attempts at an accepted definition. Hence, it has become increasingly necessary for governments to tackle this menace by whichever counter-terrorism measures possible. However, one pivotal means is the use of military force introduced by the then President of the United States, George W. Bush through his “War on Terror” speech on September 20, 2001. This paper tries to assess the pros and cons of this measure and other counterterrorism strategies

Network-based APT profiler

Constant innovation in attack methods presents a significant problem for the security community which struggles to remain current in attack prevention, detection and response. The practice of threat hunting provides a proactive approach to identify and mitigate attacks in real-time before the attackers complete their objective. In this research, I present a matrix of adversary techniques inspired by MITRE’s ATT&CK matrix. This study allows threat hunters to classify the actions of advanced persistent threats (APTs) according to network-based behaviors

Knowledge Sharing and Customer Relations in Mobility

After the events of September 11, 2001, inadequacies in how government organizations and agencies shared knowledge and communication with defense mission partners became readily apparent. A reasonable U.S. government information technology expectation is the integrated use of mobile phones across organizations and agencies. Yet, it is difficult to meet this expectation, as the provisioning process for mobile devices can be different for each government organization or agency. The Department of Commerce National Institute of Standards and Technology does not set provisioning standards, and organizations and agencies determine policies tailored to their particular needs. Using Schein\u27s theory on organizational culture, the focus of this phenomenological study was to explore the Mobility provisioning process from the experiences of government customer support personnel. Eleven personnel responded to 10 semistructured interview questions derived from the research question. The data were manually transcribed and then coded, arranged, and analyzed using a software tool. Three major themes emerged from the analyzed data: (a) expand communication with customers and leaders, (b) identify policy guidelines, and (c) streamline and centralize the process. Using these themes, recommendations include enhancing communication among stakeholders, provisioners, and Warfighters, soldiers in the field; implementing standardized user policies; and improving cross-organization and cross-agency provisioning processes. Social change actions include increasing mobility provisioning efficiencies among provisioners, which not only saves time and money, but also provides Warfighters with affordable, dependable, and reliable mobile communications systems

Aligning Cybersecurity in Higher Education with Industry Needs

Cybersecurity is among the highest in-demand skills for Information Systems graduates and therefore is critical for the Information Systems curriculum. There is a substantial lack of skilled cybersecurity graduates. It is estimated that there is a global shortage of almost three and a half million cybersecurity professionals in 2022. Organizations are facing difficulties filling security positions. Thus, the Information Systems curriculum must be redesigned to meet business and industry needs and better prepare Information Systems graduates for cybersecurity careers. This study provides a model for designing a cybersecurity course that will align with industry needs to respond to the shortage of cybersecurity professionals. The proposed model is based on backward course design, aligned with the guidelines from the National Institute of Standards and Technology Cybersecurity Framework and The National Initiative for Cybersecurity Education Strategic Plan, and insights from interviews with industry professionals. We applied the model at a higher education institute in the USA, as higher education graduates fill most cybersecurity positions. The designed course was met with high levels of student satisfaction, positive industry feedback, and high levels of student success. Our proposed model can be applied to any educational institute and customized to desired needs of the institute, students, and the industry with minimal cost and time consideration

The Parthenon, October 4, 2011

The Parthenon, Marshall University’s student newspaper, is published by students Monday through Friday during the regular semester and weekly Thursday during the summer. The editorial staff is responsible for the news and the editorial content

The BG News January 11, 2018

The BGSU campus student newspaper. January 11, 2018. Volume 97-Issue 36.https://scholarworks.bgsu.edu/bg-news/10016/thumbnail.jp

Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security

The main contribution of this thesis is Secure*BPMN, a graphical security modelling extension for the de-facto industry standard business process modelling language BPMN 2.0.1. Secure*BPMN enables a cognitively effective representation of security concerns in business process models. It facilitates the engagement of experts with different backgrounds, including non-security and nontechnical experts, in the discussion of security concerns and in security decision-making. The strength and novelty of Secure*BPMN lie in its comprehensive semantics based on a Reference Model of Information Assurance & Security (RMIAS) and in its cognitively effective syntax. The RMIAS, which was developed in this project, is a synthesis of the existing knowledge of the Information Assurance & Security domain. The RMIAS helps to build an agreed-upon understanding of Information Assurance & Security, which experts with different backgrounds require before they may proceed with the discussion of security issues. The development process of the RMIAS, which was made explicit, and the multiphase evaluation carried out confirmed the completeness and accuracy of the RMIAS, and its suitability as a foundation for the semantics of Secure*BPMN. The RMIAS, which has multiple implications for research, education and practice is a secondary contribution of this thesis, and is a contribution to the Information Assurance & Security domain in its own right. The syntax of Secure*BPMN complies with the BPMN extensibility rules and with the scientific principles of cognitively effective notation design. The analytical and empirical evaluations corroborated the ontological completeness, cognitive effectiveness, ease of use and usefulness of Secure*BPMN. It was verified that Secure*BPMN has a potential to be adopted in practice