A HIPAA Security and Privacy Compliance Audit and Risk Assessment Mitigation Approach

Data breaches have a profound effect on businesses associated with industries like the US healthcare system. This task extends more pressure on healthcare providers as they continue to gain unprecedented access to patient data, as the US healthcare system integrates further into the digital realm. Pressure has also led to the creation of the Health Insurance Portability and Accountability Act, Omnibus Rule, and Health Information Technology for Economic and Clinical Health laws. The Defense Information Systems Agency also develops and maintains security technical implementation guides that are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures. The objective is to design a network (physician's office) in order to meet the complexity standards and unpredictable measures posed by attackers. Additionally, the network must adhere to HIPAA security and privacy requirements required by law. Successful implantation of network design will articulate comprehension requirements of information assurance security and control.

The Security Risks and Challenges of 5G Communications

With the introduction of the 5th generation of wireless systems and communications (5G) comes new risks and challenges. This paper explores the potential security challenges of 5G communication compared with legacy cellular networks and prior generations of communication standards. This paper defines what 5G is and how it affects our lives on a daily basis. It further discusses the new security features involving different technologies applied to 5G, such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software-defined networks, and the internet of things, including autonomous cars, healthcare, automated manufacturing, and more.

Addressing the Gender Gap in the Cybersecurity Workforce

Cybercrime has proliferated over the last decade and is increasing in velocity and intensity. The need for employers to find highly skilled technologists to fill the many critical roles is reaching unprecedented levels. Men dominate the information technology fields such as cybersecurity and computer science. However, the need to bring more women into the various fields is necessary and would bring tremendous benefit to any organization. Much work needs to be done to generate interest in secondary schools by training teachers in technology so they can develop effective STEM curricula. Post-secondary schools need to focus on teacher development as well as developing information technology curricula that appeals to women. And once in the workplace, organizations need to develop policies and inclusive environments that do not alienate women.

Android Adware Detection Using Machine Learning

Adware, an advertising-supported software, becomes a type of malware when it automatically delivers unwanted advertisements to an infected device, steals user information, and opens other vulnerabilities that allow other malware and adware to be installed. With the rise of more and complex evasive malware, specifically adware, better methods of detecting adware are required. Though a lot of work has been done on malware detection in general, very little focus has been put on the adware family. The novelty of this paper lies in analyzing the individual adware families. To date, no work has been done on analyzing the individual adware families. In this paper, using the CICAndMal2017 dataset, feature selection is performed using information gain, and classification is performed using machine learning. The best attributes for classification of each of the individual adware families using network traffic samples are presented. The results present an average classification rate that is an improvement over previous works for classification of individual adware families.

Introducing the Common Attack Process Framework for Incident Mapping

The paper presents a new framework that allows both educators and operational personnel to better overlay incidents into a simplified framework. While other attack frameworks exist, they either lack simplicity or are too focused on specific types of attacks. Therefore, the authors have attempted to define a framework that can be used broadly across both physical and cyber incidents. Furthermore, the paper provides several high-profile examples wherein it is shown how this new framework more accurately represents the adversary's actions. Lastly, the framework allows room for expansion in that, within each stage, a plethora of questions can be addressed, giving greater specificity into how that stage was carried out.

Identity Theft

Identity theft is a serious crime growing rapidly due to the ever-tighter integration of technology into people's lives. The psychological and financial loss to individual victims is devastating, and its costs to society at large staggering. In order to better understand the problem and to combat the crime more effectively, a comprehensive review of issues related to identity theft is performed in this paper. The human element of the crime is examined, along with the exploits used by perpetrators and countermeasures that have been developed. The findings highlight areas in need of continued research and guidelines that should benefit individuals and organizations in their pursuit of potential solutions.

Organizational Cyber Data Breach Analysis of Facebook, Equifax, and Uber Cases

Data breaches are events that have concluded in the compromise of personally identifiable information (PII) for millions of people globally. The consequences of such events can only result in certain serious outcomes, including identity theft. Such perilous outcomes highlight the importance of organizational entities accurately safeguarding and preserving the PII gathered from stakeholders or consumers. The user data breaches of Facebook, Equifax, and Uber concluded in the compromise of PII data for millions of consumers and employees, which are the most critical aspects that comprise any organizational infrastructure. This paper will examine the events leading to and transpiring after the data breaches of Facebook, Equifax, and Uber. In addition, the collective impact on every organization and its various incident management procedures will be addressed.

Government and Industry Relations in Cybersecurity

The existing domains of warfare are land, sea, air, space, and now cyberspace. Once President Obama addressed the public on the cybersecurity threat and Executive Order 13636 was issued, the government gained traction in creating policy and collaborating with industry to gain a better presence in the U.S. Industry owns, operates, and controls most of the critical infrastructure in the U.S. and is perceived to have better knowledge, skills, and abilities in cybersecurity operations and capabilities. This study seeks to fill a gap that currently exists in scholarly research in the areas of partnerships in cybersecurity. Using the innovative e-Delphi electronic method to collect qualitative and quantitative data from experts, this study explores the competency, expertise, and partnership aspects of the U.S. Government and industry relationship in cybersecurity organizations.

Acquisition Issues in Cybersecurity

Government cybersecurity organizations have faced unique challenges in the last decade. With the release of Executive Order 13636 in 2013, an otherwise amorphous domain of warfare matured quickly and began to take shape in the areas of information sharing, industry relations, and various areas of management. This study seeks to fill a gap that currently exists in scholarly research in the areas of acquisition and program management in cybersecurity. Using the innovative e-Delphi electronic method to collect qualitative and quantitative data from experts, this study explores the contractual complexity, intellectual property, and risk management aspects of the U.S. Government and industry relationship in cybersecurity organizations.

Cybercrime

This paper presents the nature, effects, and dynamics of cybercrime in Nigeria and its effects to economic development in the country. The paper is sourced for secondary data through, journals, periodicals and publications as well as obtained primary data from the field. Primary data was sourced through the distribution of 66 questionnaires using the purposive sampling technique. Findings revealed that there exists an insecure cyberspace in Nigeria and the activities of the cybercriminals affects the economy negatively by discouraging Nigerians from partaking in electronic services/transactions, thus discouraging Nigerians from accepting the concept of digital economy. Findings also revealed that activities such as unauthorized access, hacking and cracking, online fraud, identity theft, cyber terrorism, amongst others were dominant threats in the cyberspace and finally the cyberspace provide jobs and by implication contribute to the socioeconomic development of the Nigerian State. Recommendations proffered include the federal government to train and retrain forensic experts in all financial/security agencies towards achieving a secured cyber space and the need for the federal, state, and local governments to create awareness amongst others.