Wyniki wyszukiwania - BazTech

1

Technology threat avoidance factors affecting cybersecurity professionals' willingness to share information

Session Willie, Muller S. Raschid

Annals of Computer Science and Information Systems

|

2022

|

Vol. 34

209--213

EN

Through the Cybersecurity Information Sharing Act of 2015, a DHS information-sharing program was mandated to protect U.S. businesses and critical infrastructure and mitigate cyberattacks. The present study examined cybersecurity professionals' willingness to collaborate and share information regarding cybersecurity threats via that program. The technology threat avoidance theory (TTAT) served as the study's theoretical framework. This research examined to what extent technology threat avoidance factors affect cybersecurity professionals' willingness to collaborate and share information regarding cybersecurity threats. Threat avoidance factors consisted of perceived susceptibility, perceived severity, perceived threat, prevention effectiveness, prevention cost, and self-efficacy. This cross- sectional study used partial least squares-structural equation modeling to analyze data collected from 137 cybersecurity professionals with a minimum of five years of cybersecurity experience. The data analysis indicated that perceived susceptibility and perceived severity significantly predicted participants' perceptions of cybersecurity threats, and perceived threat explained 44\% of the variance in avoidance motivation. Prevention effectiveness, prevention cost, and self-efficacy were not significant predictors of avoidance motivations and the willingness to participate in the DHS's information- sharing program. These results indicate that more research is necessary to understand the factors influencing information sharing among cybersecurity professionals working in U.S. organizations.

2

Integration of supply chain risk management into the enterprise risk management program for the department of defense

Muller S. Raschid, Thomas Corey E.

Annals of Computer Science and Information Systems

|

2022

|

Vol. 34

37--41

EN

This paper explores supply chain risk management (SCRM) integration into the enterprise risk management (ERM) program across the Department of Defense for three main reasons: responsibility, necessity, and visibility. Multiple laws, orders, policies, strategies, and standards hold Federal leaders responsible for their agencies' performance. The current global nature of the DoD's supply chain, its dependency on information technology, and the constant threats in the cyber realm make it necessary to integrate SCRM into the ERM program. Should DoD leadership lose sight of these threats, the impact on the enterprise could be catastrophic. As a result, DoD leaders must maintain the visibility of the supply chain as part of the ERM program. While many organizations have treated SCRM and ERM separately throughout the years, technology and the exponential growth of cyber threats have brought those days to a close. The importance of the supply chain to mission accomplishment, coupled with persistent threats in the cyber-realm, dictates the integration of SCRM and ERM as a requirement. This paper explains the issues above while giving multiple examples of why integration is imperative. Should the DoD make SCRM part of its ERM program, the chances of remaining a dominant global force will continue well into the future for Cybersecurity professionals working in U.S. organizations.

3

Digital forensic readiness of cybercrime investigating institutions in nigeria: a case study of the Economic and Financial Crimes Commission (EFCC) and the Nigeria police force

Sibe Robinson Tombari, Muller S. Raschid

Annals of Computer Science and Information Systems

|

2022

|

Vol. 34

53--57

EN

This case study investigates Nigeria's cybercrime agencies' digital forensic readiness and forensic capability and how this affects the cybercrime caseloads and prosecution. The Routine Activity Theory (RAT) and the Technology, Organization, and Environment (TOE) theories were applied. This study used the TOE framework to examine the digital forensic technology adoption and forensic readiness of cybercrime investigators in Nigeria and relates this with the RAT framework and the effectiveness of law enforcement agencies as capable guardians. The research population of this study was the Nigerian Internet fraud investigative agencies -- the Economic and Financial Crimes Commission (EFCC) and the Nigeria Police Force (NPF). Eighteen participants from the two organizations were interviewed. The paper concluded that the cybercrime investigators in Nigeria are not forensically ready given the established lack of digital forensic resources (technological gap, human resources gap, skills gap, funding gap), particularly when juxtaposed with the high cybercrime caseloads in the country.

4

Election Infrastructure Security: Grants and Reimbursement to the States for Usage of their National Guards in State Active Duty Status to Provide Cybersecurity for Federal Elections

Muller S. Raschid, Thomas Corey E.

Annals of Computer Science and Information Systems

|

2020

|

Vol. 24

73--78

EN

Because presidential and congressional elections (hereinafter Federal elections) are State-administered activities with a Federal nexus, the Federal government should both reimburse and provide grants to the States when using their National Guards in their State Active Duty (SAD) status1 to perform cybersecurity assessments and testing before the election, provide general cybersecurity and immediate cyber support in response to a cyber-attack (if required) on Election Day, and provide any post-election support as necessary and appropriate. First, decision-makers must develop an election infrastructure protection plan that effectively utilizes the best assets in a whole-of-nation approach to help meet the three policy goals of election cybersecurity, "access, integrity, and security.'' Currently, there are gaps in election security that the National Guard is well-position and best-qualified to fill. Once the decision-makers agree on the approach, they can move on to the second step, which is to address how to best support the States in funding the activities through grants, reimbursement, or a combination of the two. This paper explains how the U.S. Constitution, along with specific Federal laws, support the thesis and proposes new legislation that Congress should pass to eliminate current confusion while promoting the unity of effort amongst all stakeholders.

5

An Analysis and Discussion of the Defense Information Systems Agency’s Level of Compliance and Integration of the U.S. Congress’ Title Viii National Defense Authorization Act Fy 2015 Subtitle D - Federal Information Technology Acquisition Reform

Muller S. Raschid

Annals of Computer Science and Information Systems

|

2020

|

Vol. 24

79--86

EN

This paper reflects a conducted assessment of the Defense Information Systems Agency's (Department of Defense) compliance with the Federal Information Technology Acquisition Reform Action (FITARA) Section 833: Portfolio Management and Section 834: Federal Data Center Consolidation Initiatives. The paper is organized by providing an overview of DISA leading into a brief history of FITARA (and its associated federal government implementation). For Section 833, the Government Accountability Office (GAO) Information Technology Investment Management (ITIM) assessment tool was applied to DISA's Information Technology Capital Planning and Investment Control (CPIC) process for evaluation, analysis, and recommendations for improvement. Following GAO ITIM, Section 834 was introduced, leading into a PEST and SWOT analyses relative to DISA's implementation of the framework concluding with the evaluation and recommendations. Summarily, Kotter's 8-step change model was applied in a proposed 12 -- 36-month plan for implementation throughout the agency for senior leadership in addressing the various gaps of both sections 833 and 834.

6

A Perspective on the Intersection of Information Security Policies and IA Awareness, Factoring in End-User Behavior

Muller S. Raschid

Annals of Computer Science and Information Systems

|

2020

|

Vol. 24

137--142

EN

In 2017 Executive Order 13800 was enacted for all federal entities to use the NIST Cybersecurity Framework to report on FISMA compliance. According to GAO-19-545 report sixteen agencies were identified as failing to successfully implement FISMA regulations rooted in information security policies (ISPs). This paper will introduce the link between information assurance awareness with the prescribed actions and its direct influence on information security policies. While organizations are conscious of the federal rules and regulations, most continue to fail to successfully implement and comply with the guidelines due to a sincere lack of information assurance and awareness, which ties directly into human behavior. A discussion on the intersection of information security awareness and behavior will be presented. The UTAUT theory measures and informs the researcher on factors that influence the end-user. Conclusively, recommendations will be offered on why organizations need to invest in a mechanism that measures these factors, which increases information awareness to change behavior, thus achieving better compliance with their organizational ISPs.