An Exploratory Analysis in Android Malware Trends

As smartphones become increasingly integral to our daily lives, so too is the prevalence of malware for smartphones. This is because while mobile phones used to only function as portable phones, today\u27s mobile phones are now miniature computers. This means that risks that used to only be for computers are now risks for our smartphones as well. As a result, a research stream dedicated to understanding whats unique about smartphone malware has emerged. In this study, we analyze malware characteristics from a non-technical view, unlike previous studies. Previous studies analyze the actual code and execution of malware, while we take advantage of anti-virus companies analysis of malware already conducted, and instead analyze these analyses. We do this to discover trends that are emerging in smartphone malware, such that anti-virus companies can give these trends greater priority to researching and discovering these malware

Modeling End User Behavior to Secure a PC in a Unmanaged Environment

The concept that central management policies represent the best thinking and model behavior for the operation of the system drives its use in a corporate environment. The majority of home and small business personal computers are operated under conditions that are not governed by a central management policy. Security is still an important aspect to be maintained even if the environment is devoid of central management policies. Responsibility for keeping a system up-to-date falls upon the owner or operator of the system. The desire to maintain an appropriate security posture is based on numerous factors including the user’s perception of risk. The development of a model based on the theory of planned behavior, technology acceptance model, and the unified theory of acceptance and use of technology with additional factors for risk is proposed to address this gap in existing theory. This model will lead to a better understanding of user actions with respect to maintaining security on personal computers in an unmanaged setting

Method to Identify High Value Assets for Small Government Agencies and Small to Mid-sized Organizations

In today’s increasingly connected world, it is more important than ever to ensure an organization’s information and information systems are protected from cyber threats. Every organization has critical information and technology assets that are essential to their business operations and require enhanced security. Organizational resources that can be dedicated to cybersecurity are finite; therefore, those resources should be applied deliberately and strategically focusing on the most important assets. While large cities, states and corporations, with robust IT capabilities, may be able to align their processes with federally mandated directives to identify those critical assets also deemed high value assets, the smaller government agencies and small to mid-sized organizations require a scalable and flexible process based on their individual requirements. This paper will describe a method for identifying high value assets that can be integrated into an organization’s or agency’s cybersecurity program

Security Operations Centers: A Holistic View on Problems and Solutions

Since Security Operations Centers (SOCs) were first implemented, they have strived to protect the organization and constituency they serve from all manner of Information Technology (IT) security threats. As SOCs have evolved over time to become as effective and efficient at this as possible, they have struggled with changes and upgrades to their foundational elements of people, processes, and technology in pursuit of this mission. While most relevant literature focuses on one challenge a SOC faces, or one aspect of one problem, the authors of this paper performed a literature review to identify and discuss the top current and future challenges that SOCs face in addition to the top current and future solutions to these problems

Secure Software Design Principles: A Systems Approach

The fact that security was often neglected in the design and construction of computer software has led to significant system changes in an attempt to add desired security functionality after the fact. Four methods of implementing security functionality, from augmentation through integration, are examined with respect to implementation strategy and efficacy of the desired security functionality. Using system theory, an examination of the issues associated with complex systems as applied to the addition of security functionality demonstrates the weaknesses of these approaches and the need to design security in from the beginning of a project. The application of system theory, the concepts of equifinality, feedback, control theory and the law of requisite variety assist in the understanding of the outcomes of the differing approaches to adding security to a design. The implications of understanding the foundational effects of adding security functionality will enable developers to properly invoke security in their designs

Identifying Multiple Categories of Cybersecurity Skills that Affect User Acceptance of Protective Information Technologies.

Cybersecurity threat is one of the major national security challenges confronting the United States, making it imperative to achieve safe user security behavior on information systems. Safe user security behavior hinges on the attitude of a computer user to accept the usage of Protective information technologies (PIT), including security software. Past studies focused on user acceptance of PIT with antecedents such as usefulness, capabilities, and self-efficacy but rarely addressed specific cybersecurity skills needed to improve the user attitude and acceptance of security software use. The purpose of this study is to examine what category of cybersecurity skills can improve the user acceptance of PIT. We propose a theoretical model that examines the effect of cybersecurity computing skills, cybersecurity initiative skills and cybersecurity action skills on user attitude and acceptance of PIT. This research addresses the national cybersecurity threat and has both theoretical and practical implications

A Social Network Analysis (SNA) Study On Data Breach Concerns Over Social Media

In the current era of digital devices, the concerns over data privacy and security breaches are rampant. Understanding these concerns by analyzing the messages posted on the social media from linguistic perspective has been a challenge that is increasing in complexity as the number of social media sites increase and the volume of data increases. We investigate the diffusion characteristics of the information attributed to data breach messages, first based on the literary aspects of the message and second, we build a social network of the users who are directly involved in spreading the messages. We found that the messages that involve the technicalities, threat and severity related security characteristics spread fast. Contrary to conventional news channels related posts on social media that capture wide attention, breach information diffusion follows a different pattern. The messages are widely shared across the tech-savvy groups and people involved in security-related studies. Analyzing the messages in both linguistic and visual perspective through social networks, researchers can extract grounded insights into these research questions

Knowledge Location, Differentiation, Credibility and Coordination in Open Source Software Development Teams

A number of high-quality, large-scale, complex software systems, such as Linux, Apache, and Perl, have been successfully produced through the open source software (OSS) paradigm. This fact suggests that effective knowledge coordination must exist within some OSS teams. However, very few studies have attempted to explicate what these coordination mechanisms are. Therefore, this study examines how knowledge is coordinated between the members of an OSS team from the transactive memory system (TMS) perspective. Specifically, we investigate 1) the relation between TMS and the team members’ knowledge coordination behaviors, and 2) the relation between knowledge coordination and the team’s performance. By surveying 61 OSS project teams, the study validates the important role that TMS plays in OSS developers’ knowledge coordination behaviors, which, in turn, have positive influence on their projects’ technical achievement

What the Graduate Needs to Know about Operational Information Security

Information security is becoming ever more important in our daily lives. Every day there are headlines concerning cyber attacks on government organizations, private and public firms and individuals. Colleges and universities have shown a strong interest in teaching information assurance because of the growing number if high paying jobs for graduates. The federal government has been backing information security education for years with numerous scholarship programs, center of academic excellence programs, and research funding. One of the challenges associated with teaching information security is how does one decide what belongs in a particular curriculum and what does not. The emphasis in cyber security is shifting from the traditional vulnerability prevention to risk assessment and protecting the digital assets in a near real time environment. The purpose of this paper is to examine the needs of industry and graduates in an attempt to create an educational program that assists in the placement and future success of graduates in cyber security careers