Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation…

The first step to improving an organization's security posture is to define the organization's security goals. At a technical level, these goals are expressed as security policies. Security policies are predicates over programs, that return true or false if the program adheres to the policy. Defining these policies correctly is thus essential to…

After the Cold War period, with the restructuring of the world, globalization, the revolution in information technology and the reconstruction of capitalism have created a new type of society, the "network society". The dependence of countries on information technologies, especially the internet, has increased day by day, and it has…

Software vulnerabilities in commercial products are an issue of national importance. The most prevalent breaches are input validation vulnerabilities, and these are easily avoidable. This dissertation contributes to cybersecurity education with a set of hands-on interventions tailored for three CS courses, a set of reflection prompts to encourage…

The role of ethics becomes even more significant given the huge advent and increase of cyber-criminal activities in cyberspace. It has become an urgent necessity to curb the menace of unethical practices in cyberspace and contribute ethical guidelines to a safe and secure digital environment. To minimize the growth of cybercrimes and unethical…

We present a concrete situation where there is a difference between the theoretical security of a cipher and its limitations when implemented in practice. Specifically, when entering a PIN, smudges on the keypad substantially reduce its security. We show how the number of possible keys in the presence of the "smudge attack" can be…

Computer-supported learning technologies are essential for conducting hands-on cybersecurity training. These technologies create environments that emulate a realistic IT infrastructure for the training. Within the environment, training participants use various software tools to perform offensive or defensive actions. Usage of these tools generates…

The rise of Artificial Intelligence technology has raised concerns about the potential compromise of privacy due to the handling of personal data. Private AI prevents cybercrimes and falsehoods and protects human freedom and trust. While Federated Learning offers a solution by model training across decentralized devices or servers, thereby…

The problem addressed in this research study is that multinational organizations that often disregard adopting cybersecurity threat awareness training in the workplace to protect their cyberinfrastructure assets cannot efficiently detect and respond to malicious advance persistent threat (APT) cyberattacks. There is a disconnect between security…

Cloud adoption in industrial sectors, such as process, manufacturing, health care, and finance, is steadily rising, but as it grows, the risk of targeted cyberattacks has increased. Hence, effectively defending against such attacks necessitates skilled cybersecurity professionals. Traditional human-based cyber-physical education is resource…

Data transfer between isolated clusters is imperative for cybersecurity education, research, and testing. Such techniques facilitate hands-on cybersecurity learning in isolated clusters, allow cybersecurity students to practice with various hacking tools, and develop professional cybersecurity technical skills. Educators often use these remote…

Curriculum development is currently being done in a variety of ways: individually, with peers, through an academic committee that may or may not have an industry representative, or through workshops. But the current ways of developing curriculum have challenges and inefficiencies, specifically when using groups and committee (logistical…

Of the 17 industries studied by information-security company SecurityScorecard, the education sector ranked as the least secure in 2018, with the highest vulnerabilities present in application security, endpoint security, and keeping software up to date. Online learning, which has increased gradually over the past decade and significantly since…

Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We…

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are "general purpose" units (i.e., municipalities, counties, towns and townships).…