Popular platforms such as Facebook and Twitter integrate third-party apps from developers to enhance the experience of their users. While third-party apps are widely used to provide legitimate functionality, the abuse of third-party apps by attackers is also becoming prevalent. Attackers are abusing third-party apps to orchestrate their malicious…

The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. In fiscal year (FY) 2020, the focus of the audit was solely on Departmental Systems. This year the focus…

In today's rapidly digitizing society, people place their trust in a wide range of digital services and systems that deliver latest news, process financial transactions, store sensitive information, etc. However, this trust does not have a solid foundation, because software code that supports this digital world has security vulnerabilities. These…

Nigeria is considered by many to be a cyber crime hot spot, and is often ranked among the world's top cyber crime committing countries (e.g. advanced fee fraud is also known as Nigerian scams and 419 scams--419 is a section under the Nigerian Criminal Code Act that prohibits obtaining goods by false pretences). We designed a cyber crime prevention…

Recent rapid malware growth has exposed the limitations of traditional in-host malware-defense systems and motivated the development of secure virtualization-based solutions. By running vulnerable systems as virtual machines (VMs) and moving security software from inside VMs to the outside, the out-of-VM solutions securely isolate the anti-malware…

Over the past three years, California State University, Bakersfield received NSF funding to support hands-on explorations in "network security" and "cryptography" through Research Experience Vitalizing Science-University Program (REVS-UP). In addition to the summer bridge component, the grant included development of…

With the ability of modern system developers to develop intelligent programs that allows machines to learn, modify and evolve themselves, current trends of reactionary methods to detect and eradicate malicious software code from infected machines is proving to be too costly. Addressing malicious software after an attack is the current methodology…

The purpose of this study is to explore systems users' behavior on IS under the various circumstances (e.g., email usage and malware threats, online communication at the individual level, and IS usage in organizations). Specifically, the first essay develops a method for analyzing and predicting the impact category of malicious code, particularly…