Journal of Cybersecurity Awareness and Education

Editor's Comments

2019-12-24T11:12:56-05:00

Comments from the editor to introduce the Journal and applaud the team's contributions.

Real-time Contextual Intrusion Detection

2019-12-24T11:13:29-05:00

Abstract—Cybersecurity is a growing problem. Cyber-threats are now affecting society on personal, organizational and national levels. Current threat detection and prediction models are far from being operational in realistic scenarios. Suggested threat detection approaches in current research are merely prototypes trained and tested with similar data sets, relying on well-known attacks and attack signatures steps. Attack prediction detection models suffer from false positives. In this paper, we present context-based threat detection model using design science. Our proposed detection model decreases false positives with greater detection of malicious activities. The proposed detection system aligns with organizational information security policies to provide better detection of insider threats.

Social Engineering Penetration Testing

2019-12-24T11:12:27-05:00

Human cybersecurity failures continue to be the major cause of data breaches. Social engineering takes advantage of these human failures, however penetration testing strategies and methodologies have still not fully embraced socio-technical aspects of cybersecurity brought on by human failures. Each stakeholder in the networked digital world has different focused requirements that they design and test for, but the lowest level – the individual user or organization – requires a more holistic approach to penetration testing that embraces a multi-discipline approach with a social engineering focus. The focus of cybersecurity in an organization must be aligned with the threat. This paper discusses black and white box testing methodologies and discusses how these type differentiations work for individual stakeholders i.e. application designers, network engineers, hardware engineers, etc, but are not sufficient for overall organization level penetration testing, where the goal is avoiding a data breach. Further, the paper discusses efforts to model and standardize penetration testing and the effect on social engineering penetration testing. Uniquely, social engineering itself can be an attack vector, can enable technical attacks, and or can identify vulnerabilities to exploit. Time and again research shows that people are the biggest cybersecurity threat to an organization. Social engineering aspects need to be the primary focus of dynamic organizational penetration test strategies using standards and models to focus the social-technical penetration test efforts.

Key Management and Secure Communications

2019-12-24T11:14:03-05:00

Key management is a critical component of computer/network security and encryption. At a fundamental level, systems today are utilizing the same encryption tools and techniques as a generation ago. The rapid pace of change in computing technology combined with ever-increasing sophistication in attack methodologies has put encryption techniques in jeopardy. There are also many sectors, such as the medical sector, that has an abundance of legacy systems that cannot make use of new encryption technologies but are still victim to the more sophisticated attack methods. The result is defense mechanisms becoming outdated while the attackers gain access to better tools and attacks.

Database Security Request for Proposal

2019-12-24T11:14:50-05:00

How could a vulnerability that has been known and understood since 1998 still be included in the Top 10 list of vulnerabilities from the Open Web Application Security Project (OWASP) from 2010 to 2017? The issues are well known and understood, as are the mitigation and fix actions to harden database vulnerabilities. Database vulnerabilities remain persistent because of the proliferation of databases in many aspects of data storage and web applications, where the perceived value of the information in the database is high and the attack mechanism is easy. There are actually several database vulnerabilities, depending on the database employment, which expands the targets and, thus, the vulnerabilities. Individual databases holding organizational data have vulnerabilities, as do web application databases— with web application SQL injection being the most well-known vulnerability. The different database vulnerabilities and attacks can be analyzed through the differentiation between information security and cybersecurity vulnerabilities to better understand the taxonomy and operational semantics for targeted mitigation. The root cause of database vulnerabilities remains poor design and coding. Ultimately, there are multiple SQL injection attack detection methodologies being researched, but prevention through proper design and coding is the best defense. Thus, while a defense in depth is required, when implementing a database solution one of the most important aspects is creating and implementing a robust functional database vulnerability test plan within the request for proposal to ensure that the root cause is mitigated.

Entropy: An Essential Component of Cryptographic Security

2020-04-27T12:05:23-04:00

Digital computers are deterministic, that is, for every input n, they will produce output x. Cryptographic systems use complex math to encrypt data using non-deterministically generated random keys, or pseudorandom keys, which are statistically indistinguishable from a random sample. Protecting data and ensuring integrity are core principals of information security. How essential is the use of secure cryptographic ciphers and truly random keys to modern cryptographic security?