An Undergraduate Business Information Security Course and Laboratory

In an environment of growing security threats, it is essential to raise the awareness and capabilities of business students entering the workforce to mitigate threats to the enterprise. In this paper, the authors present their experience in the design, implementation, and teaching of a foundation undergraduate business information security course with laboratory components using security tools. The authors identify key resources consulted in the development of the curriculum and discuss various teaching methods and their effectiveness in offering the course for the first time

Insider Threats to Information Systems

There are few, if any, organizations immune to the adverse and costly effects of successful information system attacks. As reliance on information systems continues to increase, organizations must continue to implement effective computer security measures to maintain their operability. This paper focuses on internal attacks executed by those individuals within the organization who have authorized access to information systems and behave in an unethical manner. We examine categorization of insiders; the motives and psychological profiles behind their destructive behavior; and conclude with a discussion of several measures that organizations can implement in order to detect and defend against insider threats

Security Management Life Cycle (SMLC): A Comparative Study

We introduce an integrated conceptualization of enterprise information technology security management in the form of a life cycle that accounts for the people, processes, infrastructure, and applications within an enterprise. Our life cycle view provides a lens through which one can view the security management activities at the strategic, tactical, and operational levels with regard to their strategic alignment with organizational goals. We compare and contrast three widely adopted frameworks (COSO, COBIT and ITIL) for enterprise risk and IT management with respect to our life cycle. We conclude that although the definitions of each stage of the life cycle are similar in these frameworks, their approach, philosophy, and method of execution is primarily determined by their unique focus. By developing a life cycle abstraction which encapsulates all of these frameworks, security management can better understand how their responsibilities and activities support organizational objectives

Electronic Medical Record (EMR) Informatics Security

Medical records, once archived on paper and stored in filing cabinets, are now housed in electronic data repositories. While converting medical information into electronic format yields enormous benefits, it also raises new privacy and security concerns. The fact that medical information is now accessed, stored, processed, and transmitted through multiple organizations has led to the need for medical informatics security. In this paper, we examine the evolution of electronic medical records, review relevant legislation, and examine issues of privacy and security as it relates to medical information

Management of Information Security: Challenges and Research Directions

Over the past decade management of information systems security has emerged to be a challenging task. Given the increased dependence of businesses on computer-based systems and networks, vulnerabilities of systems abound. Clearly, exclusive reliance on either the technical or the managerial controls is inadequate. Rather, a multifaceted approach is needed. In this paper, based on a panel presented at the 2007 Americas Conference on Information Systems held in Keystone, Colorado, we provide examples of failures in information security, identify challenges for the management of information systems security, and make a case that these challenges require new theory development via examining reference disciplines. We identify these disciplines, recognize applicable research methodologies, and discuss desirable properties of applicable theories

ADS-B Classification using Multivariate Long Short-term Memory–fully Convolutional Networks and Data Reduction Techniques

Researchers typically increase training data to improve neural net predictive capabilities, but this method is infeasible when data or compute resources are limited. This paper extends previous research that used long short-term memory–fully convolutional networks to identify aircraft engine types from publicly available automatic dependent surveillance-broadcast (ADS-B) data. This research designs two experiments that vary the amount of training data samples and input features to determine the impact on the predictive power of the ADS-B classification model. The first experiment varies the number of training data observations from a limited feature set and results in 83.9% accuracy (within 10% of previous efforts with only 25% of the data). The findings show that feature selection and data quality lead to higher classification accuracy than data quantity. The second experiment accepted all ADS-B feature combinations and determined that airspeed, barometric pressure, and vertical speed had the most impact on aircraft engine type prediction

Cybersecurity Architectural Analysis for Complex Cyber-Physical Systems

In the modern military’s highly interconnected and technology-reliant operational environment, cybersecurity is rapidly growing in importance. Moreover, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes, cybersecurity is no longer limited to traditional computer systems and IT networks. While architectural analysis approaches are critical to improving cybersecurity, these approaches are often poorly understood and applied in ad hoc fashion. This work addresses these gaps by answering the questions: 1. “What is cybersecurity architectural analysis?” and 2. “How can architectural analysis be used to more effectively support cybersecurity decision making for complex cyber-physical systems?” First, a readily understandable description of key architectural concepts and definitions is provided which culminates in a working definition of “cybersecurity architectural analysis,” since none is available in the literature. Next, we survey several architectural analysis approaches to provide the reader with an understanding of the various approaches being used across government and industry. Based on our proposed definition, the previously introduced key concepts, and our survey results, we establish desirable characteristics for evaluating cybersecurity architectural analysis approaches. Lastly, each of the surveyed approaches is assessed against the characteristics and areas of future work are identified