Software vulnerabilities in commercial products are an issue of national importance. The most prevalent breaches are input validation vulnerabilities, and these are easily avoidable. This dissertation contributes to cybersecurity education with a set of hands-on interventions tailored for three CS courses, a set of reflection prompts to encourage…

There is an ever-pressing need for cybersecurity awareness and implementation of learning strategies in the workplace to mitigate the increased threat posed by cyber-attacks and exacerbated by an untrained workforce. The lack of cybersecurity knowledge amongst government employees has increased to critical levels due to the amount of sensitive…

With the increase in cybercrime costing organizations financial loss and loss to their reputation, the need to hire qualified and experienced employees is paramount. As the gap in the workforce shortage widens, cybersecurity education and training institutions are struggling to produce a capable workforce with enough experience and skills that…

This Praxis develops a machine learning (ML) model to address ransomware threats in higher education institutions (HEIs). HEIs are vulnerable to cyberattacks due to their open-access environments, diverse user bases, and decentralized IT systems. These vulnerabilities are compounded by limited budgets, heightened risks from increased digital…

Popular platforms such as Facebook and Twitter integrate third-party apps from developers to enhance the experience of their users. While third-party apps are widely used to provide legitimate functionality, the abuse of third-party apps by attackers is also becoming prevalent. Attackers are abusing third-party apps to orchestrate their malicious…

With the recent proliferation of information technology, almost all users of technology, no matter the field, profession, or status, have experienced a commensurate increase in information security threats. This, in turn, creates a significant concern in higher institutions of public learning. Information Security Officers in public higher…

In today's rapidly digitizing society, people place their trust in a wide range of digital services and systems that deliver latest news, process financial transactions, store sensitive information, etc. However, this trust does not have a solid foundation, because software code that supports this digital world has security vulnerabilities. These…

Rationale: Former President Barack Obama's $3.9 trillion for the 2015 fiscal year budget request included a $2.9 billion investment in Science, Technology, Engineering and Math (STEM) education. Research then showed that the national spending for cybersecurity has exceeded $10.7 billion in the 2015 fiscal year. Nonetheless, the number of…

The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

The global nature of Internet has revolutionized cultural and commercial interactions while at the same time it has provided opportunities for cyber criminals. Crimeware services now exist that have transformed the nature of cyber crime by making it more automated and robust. Furthermore, these crimeware services are sold as a part of a growing…

Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are designed with many points of ingress, points of exposure that can be leveraged by a motivated attacker seeking to compromise the confidentiality, integrity or…

Cyber-security involves the monitoring a complex network of inter-related computers to prevent, identify and remediate from undesired actions. This work is performed in organizations by human analysts. These analysts monitor cyber-security sensors to develop and maintain situation awareness (SA) of both normal and abnormal activities that occur on…

This dissertation uses design science research and engineering to develop a cloud-based simulator for modeling next-generation cybersecurity protection frameworks in the United States. The claim is made that an agile and neutral framework extending throughout the cyber-threat plane is needed for critical infrastructure protection (CIP). This…

Recent rapid malware growth has exposed the limitations of traditional in-host malware-defense systems and motivated the development of secure virtualization-based solutions. By running vulnerable systems as virtual machines (VMs) and moving security software from inside VMs to the outside, the out-of-VM solutions securely isolate the anti-malware…

The past decade has projected much of Africa as a haven for cybercrime perpetration. This view was widely evidenced in Cameroon, a country regarded as a miniature Africa due to its diverse socio-cultural, economic and political characteristics. In spite of efforts by government to curb cybercrime, the perpetration rate has not declined due to a…