Cybersecurity remains a critical concern for school systems nationwide, showing a consistent increase in publicly disclosed K-12 cyber incidents over the past 5 years. The U.S. Department of Homeland Security's 2024 Homeland Threat Assessment underscores this trend, predicting ongoing targeting of K-12 school networks by cyber actors who will…

Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against…

There is an ever-pressing need for cybersecurity awareness and implementation of learning strategies in the workplace to mitigate the increased threat posed by cyber-attacks and exacerbated by an untrained workforce. The lack of cybersecurity knowledge amongst government employees has increased to critical levels due to the amount of sensitive…

Many districts struggle to access the cybersecurity expertise or other resources needed to secure their networks and data appropriately. This isn't because mitigation strategies don't exist. Often, the barrage of suggestions and warnings directed at school IT leaders are too overwhelming to navigate, are not properly scoped for educational…

This Praxis develops a machine learning (ML) model to address ransomware threats in higher education institutions (HEIs). HEIs are vulnerable to cyberattacks due to their open-access environments, diverse user bases, and decentralized IT systems. These vulnerabilities are compounded by limited budgets, heightened risks from increased digital…

There is a significant skill gap, with millions of cybersecurity jobs still needing to be fulfilled due to a lack of a trained workforce. Various academic programs are available that teach students in different aspects of cybersecurity. This paper investigates if the title of an IT program has any impact on the desirability of a program and if…

The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as…

Popular platforms such as Facebook and Twitter integrate third-party apps from developers to enhance the experience of their users. While third-party apps are widely used to provide legitimate functionality, the abuse of third-party apps by attackers is also becoming prevalent. Attackers are abusing third-party apps to orchestrate their malicious…

With the recent proliferation of information technology, almost all users of technology, no matter the field, profession, or status, have experienced a commensurate increase in information security threats. This, in turn, creates a significant concern in higher institutions of public learning. Information Security Officers in public higher…

Private-sector and public-sector organizations have increasingly built specific business units for securing company assets, reputation, and lives, known as "security operations centers" (SOCs). Depending on the organization, these centers may also be referred to as global security operations centers, "cybersecurity" operations…

The goal of this research is to describe an active learning opportunity that was conducted as a community service offering through our Center for Cybersecurity Education and Applied Research (CCEAR). As a secondary goal, the participants sought to gain real world experience by applying techniques and concepts studied in security classes. A local…

Cybersecurity has emerged as one of the most critical issues confronting schools in the 21st century. Computer security is an essential instrument for protecting children, but K-12 schools are considered one of the most attractive targets for data privacy crimes often due to the less-than-effective cybersecurity practices in schools. The human…

The purpose of this document is to provide timely and useful best practice information to help education agencies proactively prepare for, appropriately mitigate, and responsibly recover from a cybersecurity incident. This resource reflects lessons learned by the education community and provides recommendations that will help agencies protect…

When the COVID-19 pandemic forced the closure of schools across the nation, many K-12 schools moved from in-person to remote education, increasing their dependence on IT and making them potentially more vulnerable to cyberattacks. Education Facilities, including K-12 schools, is one of the nation's critical infrastructure subsectors. Several…

In this presentation we will discuss the many and varied cyber attacks that have recently occurred in the higher ed community. We will discuss the perpetrators, the victims, the impact and how these institutions have evolved to meet this threat. Mitigation techniques and defense strategies will be covered as will a discussion of effective security…