Wm. Arthur Conklin

Barriers to Adoption of e-Government

Technology adoption is well defined in e-business. The environment within which leaders must act in government is significantly different that that navigated by business leaders. The differences in these environments plays a significant role in the diffusion of technology in e-government settings. This paper explores modifications to technology adoption models to account for the changes in environment. Issues such as information security play a significant role in new technology adoptions such as e-government. The inclusion of moderating variable to account for the environmental effects is done to extend adoption model applicability to the e-government sector

Re-engineering Cybersecurity Education in the US: An Analysis of the Critical Factors

The need for cyber security professionals continues to grow and education systems are responding in a variety of way. The US government has weighed in with two efforts, the NICE effort led by NIST and the CAE effort jointly led by NSA and DHS. Industry has unfilled needs and the CAE program is changing to meet both NICE and industry needs. This paper analyzes these efforts and examines several critical, yet unaddressed issues facing school programs as they adapt to new criteria and guidelines. Technical issues are easy to enumerate, yet it is the programmatic and student success factors that will define successful programs.

Secure Software Engineering: A New Paradigm

Software defects lead to security vulnerabilities, which are costing businesses millions of dollars each year and threaten the security of individuals and the nation. It can be demonstrated that changes to the software engineering process can help to reduce the number of defects in new or changed software. Universities play a major role in the education and training of software engineers. This paper proposes a new way of teaching software development. The changes in curricula are designed to be time neutral, to not increase the length of courses, yet still significantly improve the outcome

Software Assurance: The Need for Definitions

Software Assurance is a subject that has differing definitions depending upon who is providing them. An examination of the literature, including end user materials has produced a series of definitions. The disconnect between these definitions provides for miscommunication and disagreement about paths and options during the software development progress. This research project set out to discover the different definitions and construct a model where the differences can be resolved. Two principle forms of the definition have emerged, one product related and the other process related. The results are useful to educators, practitioners and students alike, each using the appropriate definition at the appropriate moment to achieve greater levels of understanding of options associated with secure software development.

Emergency Communications Using the Web: Matching Media Richness to the Situation

The Internet has become a method of mass communication during disasters and emergencies. Using Media Richness Theory, the design parameters of emergency communication techniques are examined and new methods of using the web are proposed. The objective is to better serve those in need at the time of need with targeted communications that provide value. The new methods proposed are starkly different than those in common use today, but after testing during hurricane Ike in 2008, they appear to offer functionality not currently available through existing methods of communication.

Introducing the Information Technology Security Essential Body of Knowledge Framework

Abstract The National Strategy to Secure Cyberspace spurred the development of the Essential Body of Knowledge (EBK) for Information Technology Security. The key feature of this security tool is its ability to act as a framework for analyzing institutional security training needs and managing security workforce development. This is accomplished through a series of steps that map security personnel roles, competency areas, and functional perspectives to an industry accepted matrix of organizational security needs. By capturing the human resource and functional elements of security, the EBK acts as a distillation of best practice, laid out in generic form ready for implementation across a wide spectrum of organizations. This paper introduces the EBK, explains its form and content, and demonstrates how to transition from the generic framework to functional model that is useful in determining organizational security structure and helpful for managing security personnel training and future security needs.

IT vs. OT Security: A Time to Consider a Change in CIA to Include Resilienc

There has long been debate over the differences between IT and OT networks, especially concerning security. Examining the business drivers behind OT and how security is typically measured provides insight into the cause of the mismatch. Adding a new measure, resilience, into the traditional CIA mix provides better security and business objective alignment in OT systems. This paper postulates a new method for the measurement of security in OT systems, specifically the addition of resilience as a driving factor. Using resilience as a framing method before attempting to employ security controls in an OT system will result in better alignment of security control outcomes with respect to system control objectives.

State Based Network Isolation for Critical Infrastructure Systems Security

The collision of information technology (IT) and operational technology (OT) networks has resulted in some significant security challenges. Cyber attacks are now taking place against critical infrastructures and the nature of industrial automation control systems equipment in OT networks makes traditional IT security measures more difficult if not impossible to employ. A new method of system isolation based on system state vice network traffic restrictions is presented as a means to protect critical systems from conventional IT based attacks. This new method of protection functions by isolating systems from the network, yet moving data in form of state transfer vice network message. This method improves reliability and provides a means of protection from most current IT based attack vectors.

Introduction to the E-government Secure Cyberspace in 21st Century Government Minitrack

The cybersecurity aspects of critical infrastructure systems have become a hot topic for countries all across the globe. Information Technology has become pervasive in all aspects of our lives and this includes elements referred to as critical infrastructures. This minitrack examines aspects associated with the security of information technology used by governments and critical infrastructures (with an emphasis on automated control systems) and explores ways that IT can enhance the ability of governments to ensure the safety and security of its citizens. The names for these systems vary, from industrial control systems to SCADA to process control networks and more. The systems they control range from electricity (Smartgrid), pipelines, chemical plants, manufacturing, traffic control and more.

Introduction to E-Government Infrastructure Security Minitrack

This is a Minitrack introduction for the e-Government minitrack titled Infrastructure Security