Alessandro F. Seazzu

Virtual machines - an idea whose time has returned: application to network, security, and database courses

Virtual machines provide a secure environment within which students may install, configure, and experiment with operating system, network, and database software. This paper describes experiences teaching three advanced courses in system and network administration, information security and assurance, and database administration using VMware workstation in a shared student laboratory. The paper describes benefits and challenges in course and lab configuration, security, and administration.

Social Engineering: The Neglected Human Factor for Information Security Management

Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.

Virtual Computing Laboratories Using VMware Lab Manager

Virtual computing laboratories provide remote user access to standardized computing resources and enable many types of complex experiential and project-based learning applicable in the simulation of information warfare exercises, incident response training and digital forensics analysis. As more universities and government agencies consider implementing VLABs, they are faced with choosing an appropriate architecture and infrastructure components. This paper reports on a current VLAB implementation using VMware virtualization products. We describe the system architecture and report on benefits and challenges of the architecture and supporting infrastructure including issues of accessibility, administrative complexity, security, performance, configuration, and integration with other University IT resources and services. Our report is intended to guide faculty and administrators considering a similar implementation with lessons learned from our experience.

Investigating phishing victimization with the Heuristic-Systematic Model: A theoretical framework and an exploration

To the extent that phishing has become a serious threat to information security, there has been rather limited theory-grounded research on this burgeoning phenomenon. In this paper, we develop a theoretical model of victimization by phishing based on the Heuristic-Systematic Model of information processing. We argue that the Heuristic-Systematic Model offers an ideal theoretical framework for investigating the psychological mechanism underlying the effectiveness of phishing attacks. An exploratory experiment is presented to validate the research model based on the theory.

Virtual Computing Laboratories: A Case Study with Comparisons to Physical Computing Laboratories.

Current technology enables schools to provide remote or virtual computing labs. Virtual computing labs can be implemented in multiple ways ranging from remote access to banks of dedicated workstations to sophisticated access to large-scale servers hosting virtualized workstations. This paper reports on the implementation of a specific lab using remote access to dedicated workstations and supporting students enrolled in degree programs in management. Such a lab can be implemented at relatively low cost by reallocating resources dedicated to existing physical labs.

Cloud-Based Virtual Computing Laboratories

Virtual computing laboratories are widely implemented in universities, especially to support teaching and research in areas such as engineering, computer science, and information assurance. Most existing labs that support teaching or a combination of teaching and research are internally implemented and managed. Some universities are considering migrating their in-house labs into the cloud using solutions provided by multiple vendors. This paper explores the practical aspects of such a migration and describes costs, benefits, and challenges.

How Could I Fall for That? Exploring Phishing Victimization with the Heuristic-Systematic Model

To the extent that phishing has become a serious threat to information security, there has been rather limited theory-grounded research on this burgeoning phenomenon. In this paper, we propose a study on victimization by phishing based on the Heuristic-Systematic Model of information processing. We argue that the Heuristic-Systematic Model offers an ideal theoretical framework for investigating the psychological mechanism underlying the effectiveness of phishing attacks, and present a preliminary research model based on the theory.

Replicating and Sharing Computer Security Laboratory Environments

Many institutions are currently investigating the feasibility of creating Computer Security Laboratory environments for their researchers and students. This paper compares four of the current isolated and remote access labs that institutions could use as models to minimize the effort required to create or access a working computer security lab without investing the years of effort that the original creators did. Laboratory attributes investigated include scalability, access capabilities, teaching environments, time requirements, and cost requirements. Additionally a discussion of the challenges associated with each environment is presented. Finally, a model for sharing remote access laboratory capabilities is delineated as an alternative for programs for which the creation of a local remote access lab would not be cost effective and some future investigation areas are identified.

Bridging Differences in Digital Forensics for Law Enforcement and National Security

Digital forensics approaches used by national security and law enforcement agencies have evolved along separate lines to serve different purposes. As a result, practices, tools, and techniques used by each agency group differ. The changing nature of national security threats and the increasing sophistication of domestic digital crime necessitates bridging the different approaches. This paper compares and contrasts the historic and current differences between digital forensics and describes how and why those differences must be bridged.

Human centric cyber security: What are the new trends in data protection?

The debate about the use of automated security measures versus training and awareness of people with access to data (such as employees) to protect sensitive and/or private information has been going on for some time. In this paper, we outline the thinking behind security, what hackers are trying to accomplish and the best ways of combating these efforts using the latest techniques that combine multiple lines of defense. Different major categories of automated security measures as well as major training and awareness techniques are discussed outlining strengths and weaknesses of each method.