Analyzing Information Security Model for Small-Medium Sized Businesses

As large organizations invest heavily in security frameworks, cyber criminals and malicious insiders are turning their attention to smaller businesses to steal or damage sensitive information. Unlike large enterprises, small businesses often pay little attention to hackers, cyber criminals, and malicious insiders. Furthermore, small-medium sized organizations are challenged to implement proper information security strategies due to insufficient resources. Very few methods and publications focus on information security for small and medium sized organizations._x000D_ This paper reviews the National Institute of Standards and technology (NIST) framework for security in small and medium-sized businesses. After discussing several concerns with NIST’s approach, our proposed methodology is introduced and examined to provide an information security framework suited for small and medium sized businesses

Big Data LifeCycle: Threats and Security Model

Big data is an emerging term referring to the process of managing huge amount of data from different sources, such as, DBMS, log files, postings of social media, and sensor data. Big data (text, number, images... etc.) could be divided into different forms: structured, semi-structured, and unstructured. Big data could be further described by some attributes like velocity, volume, variety, value, and complexity. The emerging big data technologies also raise many security concerns and challenges. In this paper, we present big data lifecycle framework. The lifecycle includes four phases, i.e., data collection, data storage, data analytics, and knowledge creation. We briefly introduce each phase. We further summarize the security threats and attacks for each phase. The big data lifecycle integrated with security threats and attacks to propose a security thread model to conduct research in big data security. Our work could be further used towards securing big data infrastructure

Detecting malicious short URLs on Twitter

Short URLs have gained immense popularity especially in Online Social Networks, blogs, and messages. Short URLs are used to avoid sharing overly long URLs and save limited text space in messages or tweets. Significant number of URLs shared in the Online Social Networks are either shortened with some URL shortening services or not too long. Despite of its potential benefits from genuine usage, attackers use shortened URLs to hide the malicious URLs, which direct users to malicious pages. Although, URL shortening services use some sort of detection mechanism to protect malicious URLs from being shortened, research has found that they fail to do so effectively. These malicious URLs are found to propagate through OSNs, which fail to stop them effectively as well. In this paper, we develop a machine learning classifier to detect malicious short URLs with visible content features, tweet context, and social features from Online Social Network Twitter

An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities

PurposeSpear phishing is a fraudulent practice that targets specific and well-researched users in an organization to collect their credentials. Previous studies have addressed the underlying drivers that significantly influence susceptibility to spear phishing. However, findings may not be generalized to other cultures and environments such as the developing Non-English-speaking countries. To fill this knowledge gap, this research investigated the drivers that affect susceptibility to spear phishing in the Middle Eastern culture. We proposed and tested a theoretical model that explains users' behavior toward phishing material in the context of Non-English-speaking countries. Design/Methodology/ApproachWe created the proposed model relying on the perceived risk theory, the theory of planned behavior, and the OSIR decision making model. The proposed model addressed the impact of information privacy risks, information security risks, and information security knowledge on the susceptibility to spear phishing attacks through the moderating trust construct. The study was conducted in Jordan, a developing and Non-English-speaking country in the Middle East. We designed a lab experiment to evaluate the robustness of the proposed model based on a multistage research, where 83 university students used a phishing website then answered a related survey. Collected data were empirically tested and evaluated using Partial Least Square Analysis and Structural Equation Modeling. FindingsThe results demonstrated the influence of the identified factors on the susceptibility to spear phishing. The study may provide an assistance in evaluating and selecting tools, methods and features for handling targeted types of phishing. Originality/ValueThere are several novel aspects in this study. 1) the experimental nature of study, where we used a real-life spear phishing scenario. 2) the nature of the targeted websites. We created spoofed pages of two webpages that provide academic activities, where students’ level of trust in those websites is likely higher than other websites. 3) the investigation of the mediation role of trust construct, particularly within a university environment, is a new direction in susceptibility to spear phishing. Unlike existing models that measure the direct effect of personality characteristics on phishing susceptibility, our model introduces trust attitude as an aggregation of positive and negative security-privacy interpretations. Finally, the study was conducted in a developing country environment where the Arabic Language is used in initiating and executing the attack