The study helped investigate Peruvian Higher Education Institutions' (PHEI) security posture and how the adoption of modern technology enhanced the operational processes to reduce cyber threats. The purpose of the research was based on research questions to assess access controls effectiveness, infrastructure security gaps, emerging technology…

This Praxis develops a machine learning (ML) model to address ransomware threats in higher education institutions (HEIs). HEIs are vulnerable to cyberattacks due to their open-access environments, diverse user bases, and decentralized IT systems. These vulnerabilities are compounded by limited budgets, heightened risks from increased digital…

While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture -- building blocks of the…

ISACA, a non-profit, independent association that advocates for professionals involved in information security, assurance, risk management, and governance, recently updated its IT governance framework, Control Objectives for Information and Related Technology (COBIT). COBIT 2019 presents a logical approach to information technology and policy…

Modern higher education institutions must contend with a litany of cyber threats, regulations, and environmental dynamics. These institutions are increasingly being targeted due to the value of the data they possess and their historically permissive configurations that are intended to support academic freedom. Many universities are implementing…

As cyber security attack rates increase, so do cyber security concerns. Cyber security is the collection of tools, policies, security concepts, security measures, risk management approaches, actions, education, applications, security and technologies that can be used in order to protect the cyber environment and user rights. The aim of this study…

The purpose of this study is to identify the best model that explains the relationship between conflicting risk structures and decision quality. Using confirmatory factor analysis and hierarchical regression techniques as statistical methods, the author confirmed that changes in the conflicting risk structures correlated with changes in decision…

This case asks information systems analysts to assess the cybersecurity posture of a manufacturing company. The exercise works well as a group activity in an information systems course that addresses cybersecurity controls. The case introduces guidance from the National Institute of Standards and Technology, and learners develop work products…

Purpose: The information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible. To find out, the author did a case study: developing an information security master curriculum based on a generic PVIB job profile and the…

With the recent proliferation of information technology, almost all users of technology, no matter the field, profession, or status, have experienced a commensurate increase in information security threats. This, in turn, creates a significant concern in higher institutions of public learning. Information Security Officers in public higher…

As the reported number of data breaches increase and senators push for more disclosure regulation, the SEC "staff" issued a guidance in 2011 on disclosure obligations relating to cybersecurity risks and incidents. More recently, on February 26, 2018 the SEC Commission issued interpretive guidance to help assist public companies prepare…

With the advancement in technology over the past decades, networks have become increasingly large and complex. In the meantime, cyberattacks have become highly sophisticated making them difficult to detect. These changes make securing a network more challenging than ever before. Hence, it is critical to prepare a comprehensive guide of network…

Individuals whom have legitimate access to network resources, trade secrets, or otherwise sensitive data as part of their daily functions are categorized as an Insider Risk. Insider Risk has been pushed into the public eye in recent years with the Edward Snowden leaks of 2013. Snowden had a business need to access the data he retrieved but the…

Employers want applicants with experience, even for entry-level cybersecurity roles. Universities traditionally help students gain cybersecurity experience by hiring them for on-campus jobs or by matching job seekers to employers for off-campus work. A third option is described in this paper in which universities bring external companies on…

Cybersecurity has emerged as one of the most critical issues confronting schools in the 21st century. Computer security is an essential instrument for protecting children, but K-12 schools are considered one of the most attractive targets for data privacy crimes often due to the less-than-effective cybersecurity practices in schools. The human…