Matching Items (8)
136939-Thumbnail Image.png

The Use of an Effective Security Awareness Program to Reduce Information Security Related Issues of ObamaCare

Description
ObamaCare is a healthcare reform looking to provide efficiency and cost savings to healthcare patients. As such, ObamaCare requires that all medical documents be in electronic form as well as a website be created to allow Americans to sign up for healthcare coverage. The ObamaCare website has many vulnerabilities: excessive

ObamaCare is a healthcare reform looking to provide efficiency and cost savings to healthcare patients. As such, ObamaCare requires that all medical documents be in electronic form as well as a website be created to allow Americans to sign up for healthcare coverage. The ObamaCare website has many vulnerabilities: excessive code, clear text protected information, and insufficient testing. The remediation efforts will cost over one billion dollars and require many months of recoding. In order to help reduce security risks in the healthcare industry, an effective security awareness program must be implemented. This program would help to prevent the factor of human vulnerability as well as prevent healthcare companies from experiencing any bad publicity and fines as the result of a preventable security incident.
ContributorsWeidman, Shannyn Marie (Author) / Olsen, Christopher (Thesis director) / Prince, Linda (Committee member) / Barrett, The Honors College (Contributor) / WPC Graduate Programs (Contributor) / Department of Information Systems (Contributor) / W. P. Carey School of Business (Contributor) / School of Politics and Global Studies (Contributor) / School of Historical, Philosophical and Religious Studies (Contributor)
Created2014-05
168710-Thumbnail Image.png

Defeating Attackers by Bridging the Gaps Between Security and Intelligence

Description
The omnipresent data, growing number of network devices, and evolving attack techniques have been challenging organizations’ security defenses over the past decade. With humongous volumes of logs generated by those network devices, looking for patterns of malicious activities and identifying them in time is growing beyond the capabilities of their

The omnipresent data, growing number of network devices, and evolving attack techniques have been challenging organizations’ security defenses over the past decade. With humongous volumes of logs generated by those network devices, looking for patterns of malicious activities and identifying them in time is growing beyond the capabilities of their defense systems. Deep Learning, a subset of Machine Learning (ML) and Artificial Intelligence (AI), fills in this gapwith its ability to learn from huge amounts of data, and improve its performance as the data it learns from increases. In this dissertation, I bring forward security issues pertaining to two top threats that most organizations fear, Advanced Persistent Threat (APT), and Distributed Denial of Service (DDoS), along with deep learning models built towards addressing those security issues. First, I present a deep learning model, APT Detection, capable of detecting anomalous activities in a system. Evaluation of this model demonstrates how it can contribute to early detection of an APT attack with an Area Under the Curve (AUC) of up to 91% on a Receiver Operating Characteristic (ROC) curve. Second, I present DAPT2020, a first of its kind dataset capturing an APT attack exploiting web and system vulnerabilities in an emulated organization’s production network. Evaluation of the dataset using well known machine learning models demonstrates the need for better deep learning models to detect APT attacks. I then present DAPT2021, a semi-synthetic dataset capturing an APT attackexploiting human vulnerabilities, alongside 2 less skilled attacks. By emulating the normal behavior of the employees in a set target organization, DAPT2021 has been created to enable researchers study the causations and correlations among the captured data, a much-needed information to detect an underlying threat early. Finally, I present a distributed defense framework, SmartDefense, that can detect and mitigate over 90% of DDoS traffic at the source and over 97.5% of the remaining DDoS traffic at the Internet Service Provider’s (ISP’s) edge network. Evaluation of this work shows how by using attributes sent by customer edge network, SmartDefense can further help ISPs prevent up to 51.95% of the DDoS traffic from going to the destination.
ContributorsMyneni, Sowmya (Author) / Xue, Guoliang (Thesis advisor) / Doupe, Adam (Committee member) / Li, Baoxin (Committee member) / Baral, Chitta (Committee member) / Arizona State University (Publisher)
Created2022
191218-Thumbnail Image.png

Cybersecurity and research are not a dichotomy: : How to form a productive operational relationship between research computing and data support teams and information security teams

Description
Cybersecurity and research do not have to be opposed to each other. With increasing cyberattacks, it is more important than ever for cybersecurity and research to corporate. The authors describe how Research Liaisons and Information Assurance: Michigan Medicine (IA:MM) collaborate at Michigan Medicine, an academic medical center subject to strict

Cybersecurity and research do not have to be opposed to each other. With increasing cyberattacks, it is more important than ever for cybersecurity and research to corporate. The authors describe how Research Liaisons and Information Assurance: Michigan Medicine (IA:MM) collaborate at Michigan Medicine, an academic medical center subject to strict HIPAA controls and frequent risk assess- ments. IA:MM provides its own Liaison to work with the Research Liaisons to better understand security process and guide researchers through the process. IA:MM has developed formal risk decision processes and informal engagements with the CISO to provide risk- based cybersecurity instead of controls-based. This collaboration has helped develop mitigating procedures for researchers when standard controls are not feasible.
ContributorsMcCaffrey, Deb (Author) / Kelley, Jessica (Author)
Created2022-07-14
131892-Thumbnail Image.png

Automated Vulnerability/Adversary Testing Using AI/ML Algorithms

Description
Vulnerability testing/evaluation is a regular task for cyber-security groups. Conducting tasks like this can take up a great amount of time and may not be perfect. Automating these tasks helps speed up the rate at which experts can test systems. However, script based or static programs that run automatically often

Vulnerability testing/evaluation is a regular task for cyber-security groups. Conducting tasks like this can take up a great amount of time and may not be perfect. Automating these tasks helps speed up the rate at which experts can test systems. However, script based or static programs that run automatically often do not have the versatility required to properly replace human analysis. With the advances in Artificial Intelligence and Machine Learning, a utility can be developed that would allow for the creation of penetration testing plans rather than manually testing vulnerabilities. A variety of existing cyber-security programs and utilities provide an API layer that commonly interacts with the Python environment. With the commonality of AI/ML tools within the Python ecosystem, a plugin like interface can be developed to feed any AI/ML program real world data and receive a response/report in return. Using Python 2.7+, Python 3.6+, pymdptoolbox, and POMDPy, a program was developed that ingests real-world data from scanning tools and returned a suggested course of action to be used by analysts in order to perform a practical validation of the algorithms in a real world setting. This program was able to successfully navigate a test network and produce results that were expected to be found on the target machines without needing human analysis of the network. Using POMDP based systems for more cyber-security type tasks may be a valuable use case for future developments and help ease the burden faced in a rapid paced world.
ContributorsBelanger, Connor Lawrence (Author) / Huang, Dijiang (Thesis director) / Chowdhary, Ankur (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05

Models of Business Growth: Reinvestment Into the 4 Pillars

Description

In the end, an increase in repurchases of company stock will also influence the rate of dividends to increase. This means, an investor should not necessarily worry about the dividends they receive, but rather to see if the company is making profit at a consistent rate and reinvesting into value-added

In the end, an increase in repurchases of company stock will also influence the rate of dividends to increase. This means, an investor should not necessarily worry about the dividends they receive, but rather to see if the company is making profit at a consistent rate and reinvesting into value-added activities. Through the major pillars of finance, technology, legal, and human resources, the budget for reinvestment can be optimized by investing into these respective categories with percentages that are mindful of the specific companies needs and functions. Any firm that chooses to ensure proven methods of growth will enact a combination of these four verticals. A larger emphasis on finance will branch out efficiency in the entire organization, as finance control everything from the toilet paper to the acquisitions the company is making. The more technology is used to reduce redundancy and inefficient or costly operations, the more capability the organization will have. IT, however, comes with its technical challenges; having a team on-hand or even outsourced, to solve the critical problems to help the business continue operation. Over-reliance into technology can be detrimental to a business as well if clear processes are not set about straight to counteract problems the business will face like IT ticketing systems or recovery and continuity support. Therefore, technology will require a larger chunk of attention as well.

The upcoming legal and HR investments a company will make will depend upon its current position and thus the restructuring will differ for every firm. Each company has its own flavour and style of work. In that regard, the required legal counsel will vary; different problems will require different solutions for risk control and management, which are often professionally advised by intelligent corporate counsel. This ability to hire efficient legal counsel would not arise in the first place if a firm were to give out dividends; the leftover profit would have gone towards the shareholders and not back into growing the equity of the business. Lastly, nothing is possible without the contribution of people, and their efforts. A quality that long-lasting, successful businesses have, is they are investing in their people and development. Paying salaries, insurances, bonuses, all requires extra capital that is needed to be set aside in order to grow human capital. Good people, better people. There are qualities for each role that need to be defined and a process for attracting talent needs to be invested in. This process can also include outsourcing to an external firm who specializes in these strategies. By retaining profits internally, the company is able to stretch its legs to have further reach upon the market they work in. Financially and statistically, dividends are likely to grow as well with the increase in equity due to the increase in security an investor feels with more cash reserve and liquidity within the company.

All in all, a company should not be pressured into giving out periodic payments in predetermined timeframes, in other words a dividend, to investors even when they are insisting. Rather, pitch and prove, a new method for reinvestment within the company that will raise the value of the company, through proven methods like the value chain model, to increase the equity in the company. By expanding the scope and capability, the company is allowing for a larger target market which will reap more benefits; none of it would be possible if it had continued to give out large percentages of capital to investors as dividends. Companies, and investors, should not be worried about dividends at all as a matter of fact; an increase in stock buyback, in other words reinvesting into the company, will increase the rate of dividends anyway, due to increased confidence and capital within the company.
ContributorsKabra, Dev (Author) / Ahern, James (Thesis director) / Kabra , J. (Committee member) / Barrett, The Honors College (Contributor) / Department of Information Systems (Contributor) / School of Politics and Global Studies (Contributor) / Department of Finance (Contributor)
Created2022-05
165155-Thumbnail Image.jpg

Dev Kabra Thesis Presentation

ContributorsKabra, Dev (Author) / Ahern, James (Thesis director) / Kabra , J. (Committee member) / Barrett, The Honors College (Contributor) / Department of Information Systems (Contributor)
Created2022-05
165156-Thumbnail Image.png

Dev Kabra Thesis Paper

ContributorsKabra, Dev (Author) / Ahern, James (Thesis director) / Kabra , J. (Committee member) / Barrett, The Honors College (Contributor) / Department of Information Systems (Contributor)
Created2022-05
165157-Thumbnail Image.png

Dev Kabra Thesis PowerPoint

ContributorsKabra, Dev (Author) / Ahern, James (Thesis director) / Kabra , J. (Committee member) / Barrett, The Honors College (Contributor) / Department of Information Systems (Contributor)
Created2022-05