The first step to improving an organization's security posture is to define the organization's security goals. At a technical level, these goals are expressed as security policies. Security policies are predicates over programs, that return true or false if the program adheres to the policy. Defining these policies correctly is thus essential to…

Over the last two decades, online safety education has emerged as a new field of research focusing on concerns about a myriad of cyber risks. These risks range from online sexual exploitation through to the reproduction of social inequalities. The main assumption underlying this field is that online risks can be mitigated via educational…

The role of ethics becomes even more significant given the huge advent and increase of cyber-criminal activities in cyberspace. It has become an urgent necessity to curb the menace of unethical practices in cyberspace and contribute ethical guidelines to a safe and secure digital environment. To minimize the growth of cybercrimes and unethical…

We present a concrete situation where there is a difference between the theoretical security of a cipher and its limitations when implemented in practice. Specifically, when entering a PIN, smudges on the keypad substantially reduce its security. We show how the number of possible keys in the presence of the "smudge attack" can be…

Computer-supported learning technologies are essential for conducting hands-on cybersecurity training. These technologies create environments that emulate a realistic IT infrastructure for the training. Within the environment, training participants use various software tools to perform offensive or defensive actions. Usage of these tools generates…

Curriculum development is currently being done in a variety of ways: individually, with peers, through an academic committee that may or may not have an industry representative, or through workshops. But the current ways of developing curriculum have challenges and inefficiencies, specifically when using groups and committee (logistical…

Cloud adoption in industrial sectors, such as process, manufacturing, health care, and finance, is steadily rising, but as it grows, the risk of targeted cyberattacks has increased. Hence, effectively defending against such attacks necessitates skilled cybersecurity professionals. Traditional human-based cyber-physical education is resource…

Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We…

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are "general purpose" units (i.e., municipalities, counties, towns and townships).…

K-12 schools in Louisiana face unique cybersecurity challenges due to the state's high poverty rate, resource constraints, infrastructure weaknesses, and vulnerability to natural disasters. Public school systems in Louisiana have been particularly vulnerable to these attacks, with incidents of cyberattacks tripling in 2020 alone. The Louisiana…

Of the 17 industries studied by information-security company SecurityScorecard, the education sector ranked as the least secure in 2018, with the highest vulnerabilities present in application security, endpoint security, and keeping software up to date. Online learning, which has increased gradually over the past decade and significantly since…

The study helped investigate Peruvian Higher Education Institutions' (PHEI) security posture and how the adoption of modern technology enhanced the operational processes to reduce cyber threats. The purpose of the research was based on research questions to assess access controls effectiveness, infrastructure security gaps, emerging technology…

Competency models are widely adopted frameworks that are used to improve human resource functions and education. However, the characteristics of competency models related to the information security and cybersecurity domains are not well understood. To bridge this gap, this study investigates the current state of competency models related to the…

Cybersecurity threats have been intensifying and becoming more diverse. Social engineering can enable or enhance these technical attacks. This interplay between technical attacks and social engineering, when used, makes every employee, manager and board member a part of the security infrastructure of an organization. As such, it is incumbent upon…

This study sought to understand how cybersecurity professionals in technical U.S. Federal Government (USFG) positions transition into first-time cybersecurity leader roles. The study also sought to explore which leadership competencies were used/developed in this transition and how those leaders gained the knowledge and skills to perform their…