The purpose of this research was to characterize the practices, experiences, and concerns of smal... more The purpose of this research was to characterize the practices, experiences, and concerns of small businesses regarding information security. As the global economy continues to embrace the marketplace of ideas, concern with how information security is practiced at every juncture is rising. Over the past decade, there have been many attempts to characterize the practices and experiences of businesses with regards to information security. Unfortunately, many of these surveys suffer from biases that make them unusable for generalizing the common state of practice or concern. In addition to flaws in methodology or weaknesses in design, the state of research has ignored the small business community, which is a critical sector in both the global economy and the economy of the United States. The method used for this research was a descriptive study using a questionnaire as primary instrument of data collection. Questionnaires were distributed in the first quarter of the year 2000 to 741 bu...
Journal of Entrepreneurship,Management and Innovation, 2017
The purpose of this article is to present a mental model of knowledge as a concept map as an inpu... more The purpose of this article is to present a mental model of knowledge as a concept map as an input to knowledge management (KM) investigations. This article's extended knowledge concept map can serve as a resource where the investigation, development, or application of knowledge would be served with a broad mental model of knowledge. Previously unrelated concepts are related; knowledge concepts can sometimes be expressed as a range, i.e., certainty related states: view, opinion, sentiment, persuasion, belief, and conviction. Extrathesis is identified as a potential skill level higher than synthesis, and associated with the concepts: discovery, institution, insight (the event), revelation, or illumination that precedes innovation. Qualitative methods were used to gather and document concepts. System engineering and object analysis methods were applied to define and relate concepts. However, the theoretical sampling and theoretical saturation methods applied do not guarantee all a...
2016 49th Hawaii International Conference on System Sciences (HICSS), 2016
The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of ... more The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of KM by identifying one based on required KM competencies. Operationalized, KM is knowledge accumulating, organizing, using, reasoning about, representing, storing, and communicating knowledge. The authors conducted exploratory research using systems engineering requirements definition and grounded theory concepts to identify and relate terms in looking for commonality across KM generalizations. Observations led to examining educational objectives and guidelines which supported the need for KM and helped understand KM more generically through its competency requirements. This paper reviews the process that led to identifying the need for a KM competency term and how the three KM competencies were discovered. Included is a graphic showing integrated KM activities based on the sub-elements of two competencies, an illustrative list of KM mediums, and a discussion of how the theory can be validated and verified.
Conference: 49th Hawaii International Conference on System Sciences, 2016
The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of ... more The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of KM by identifying one based on required KM competencies. Operationalized, KM is knowledge accumulating, organizing, using, reasoning about, representing, storing, and communicating knowledge. The authors conducted exploratory research using systems engineering requirements definition and grounded theory concepts to identify and relate terms in looking for commonality across KM generalizations. Observations led to examining educational objectives and guidelines which supported the need for KM and helped understand KM more generically through its competency requirements. This paper reviews the process that led to identifying the need for a KM competency term and how the three KM competencies were discovered. Included is a graphic showing integrated KM activities based on the sub-elements of two competencies, an illustrative list of KM mediums, and a discussion of how the theory can be vali...
For those who are responsible for the security of an enterprise or a group effort, an approach to... more For those who are responsible for the security of an enterprise or a group effort, an approach to managing the challenge of malicious messaging is useful. The best solution lies not in any single tool or school of thought, but in the layering of many of these tools in such a way as to create a layered approach to protection, which you can think about as similar to the layers of an onion: each layer provides a level of protection, but if it fails, there is another one underneath it. The “Malicious Messaging Layered Defense Framework,” or MMLDF, provides you with a guide to better consider and approach the task of defending the network from technical attacks based on social weaknesses or vulnerabilities.
Understanding the psychology of malicious messaging can be as much of a resource to stopping it a... more Understanding the psychology of malicious messaging can be as much of a resource to stopping it as any log file technology or security analysis. The vast majority of attacks are aimed at anyone who will respond, whereas only a small minority of attacks are exquisitely targeted for very high value targets. There are two primary goals for a sender of a malicious email. The first goal is for you to actually see the email. This means that the email needs to be constructed to avoid automated scanning and quarantining programs. The second goal is to have you act on the email. In some cases, this is as simple as opening it and reading it. In other cases, the sender wants you to open an attachment. Success for the bad guys comes when someone opens and replies to their messages, shares a like-farming post, clicks on a malicious link, or opens an attachment.
A malicious message is any message in electronic form, sent through an automated information proc... more A malicious message is any message in electronic form, sent through an automated information processing systems, which has been crafted or designed to assist in the achievement of a goal that is, in one or more ways, dangerous to the best interests of the recipient. In simpler terms, it is an electronic message that can cause you, or the systems you are connected to, harm. Herein lays the danger of malicious email: if simply opening an email can cause problems for you, how can you possibly know which emails are safe to open and which ones are not? Further, how can you know whether an attachment is safe to open or not? It is important to realize that there are no 100% solutions. Types of malicious messages range from phishing attacks, which are designed to get recipients to reveal sensitive information, to messaging with embedded malicious software. Understanding the characteristics of malicious messages can help you answer the question, “is this email legitimate and is it safe to open?”
It is easy to look at an email and not see what is hidden behind the display. In fact, most peopl... more It is easy to look at an email and not see what is hidden behind the display. In fact, most people would not even suspect that behind a very simple looking email might be lurking some complicated programming. The header of an email contains a treasure trove of information, which for malicious emails can be very useful information. The message body can include all kinds of hidden features that you may not be able to see when you view it in your normal viewing window. Sometimes the attackers hide their attack in one or more attachments. It is both a reality and a shame that bad guys figured out how to trick people into doing things they ordinarily would not do by simply disguising the actions, but with just a little bit of knowledge, you can understand how it works. Through that understanding, you can be more alert as to the potential problems.
Detection is an important foundation for other technical mitigation strategies. Detection helps u... more Detection is an important foundation for other technical mitigation strategies. Detection helps us develop the knowledge to prevent pending attacks and warn others. Detection is more than the act of catching an attack in progress. There are two major components to detecting and combatting malicious email: first, use the technology to help you as much as it can, and second, use your brain. Scientists and researchers are continually applying every trick possible to combat malicious email and significant advances have been made. But the bad guys continue to react to those measures and modify how they operate, in order to avoid detection. Your brain, therefore, is a critical part of your defense. Further, when you understand the detection process, you also develop an intuition as well as detailed understanding of how problems potentially occur and that gives you the ammunition to actually prevent many problems from occurring and to quickly contain what problems sneaked through your defenses.
Survey data on information security trends and concerns are used to justify increased expenditure... more Survey data on information security trends and concerns are used to justify increased expenditures on security tools and technologies. Students use the data to support term paper analyses. Government officials use these data to justify program initiatives and to berate companies for inadequate security. The numbers, however, are anecdotal, are not generalizable to the business level, and are reported in cumulative form. In a word, they are not useful for any of the purposes listed above. This paper examines this phenomenon, looking at survey data that has been published and the uses to which it has been put.
Virtual repositories allow researchers across a broad spectrum of disciplines to amalgamate their... more Virtual repositories allow researchers across a broad spectrum of disciplines to amalgamate their data for synergy. The system described relies heavily on both unique data storage models and 2D/3D visualization. Research into the security needs for a virtual archeological data repository (VADR) was conducted in the Fall 2011 using qualitative approaches for expert opinion elicitation from a variety of stakeholders, including archeologists, policy makers, human rights activists, and museum curators. The research revealed a rich tapestry of security concerns, which must inform the design of a VADR. These concerns include integrity issues, confidentiality issues, and availability issues. Security for information in all instantiations is both complex and intricate. Operational situations provide tensions among essential security services–confidentiality, integrity, and availability. In a virtual archeological data repository (VADR) integrity and availability are essential. Of these, the...
The purpose of this research was to characterize the practices, experiences, and concerns of smal... more The purpose of this research was to characterize the practices, experiences, and concerns of small businesses regarding information security. As the global economy continues to embrace the marketplace of ideas, concern with how information security is practiced at every juncture is rising. Over the past decade, there have been many attempts to characterize the practices and experiences of businesses with regards to information security. Unfortunately, many of these surveys suffer from biases that make them unusable for generalizing the common state of practice or concern. In addition to flaws in methodology or weaknesses in design, the state of research has ignored the small business community, which is a critical sector in both the global economy and the economy of the United States. The method used for this research was a descriptive study using a questionnaire as primary instrument of data collection. Questionnaires were distributed in the first quarter of the year 2000 to 741 bu...
Journal of Entrepreneurship,Management and Innovation, 2017
The purpose of this article is to present a mental model of knowledge as a concept map as an inpu... more The purpose of this article is to present a mental model of knowledge as a concept map as an input to knowledge management (KM) investigations. This article's extended knowledge concept map can serve as a resource where the investigation, development, or application of knowledge would be served with a broad mental model of knowledge. Previously unrelated concepts are related; knowledge concepts can sometimes be expressed as a range, i.e., certainty related states: view, opinion, sentiment, persuasion, belief, and conviction. Extrathesis is identified as a potential skill level higher than synthesis, and associated with the concepts: discovery, institution, insight (the event), revelation, or illumination that precedes innovation. Qualitative methods were used to gather and document concepts. System engineering and object analysis methods were applied to define and relate concepts. However, the theoretical sampling and theoretical saturation methods applied do not guarantee all a...
2016 49th Hawaii International Conference on System Sciences (HICSS), 2016
The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of ... more The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of KM by identifying one based on required KM competencies. Operationalized, KM is knowledge accumulating, organizing, using, reasoning about, representing, storing, and communicating knowledge. The authors conducted exploratory research using systems engineering requirements definition and grounded theory concepts to identify and relate terms in looking for commonality across KM generalizations. Observations led to examining educational objectives and guidelines which supported the need for KM and helped understand KM more generically through its competency requirements. This paper reviews the process that led to identifying the need for a KM competency term and how the three KM competencies were discovered. Included is a graphic showing integrated KM activities based on the sub-elements of two competencies, an illustrative list of KM mediums, and a discussion of how the theory can be validated and verified.
Conference: 49th Hawaii International Conference on System Sciences, 2016
The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of ... more The Unified Theory of Knowledge Management (KM) answers decade long calls for a general model of KM by identifying one based on required KM competencies. Operationalized, KM is knowledge accumulating, organizing, using, reasoning about, representing, storing, and communicating knowledge. The authors conducted exploratory research using systems engineering requirements definition and grounded theory concepts to identify and relate terms in looking for commonality across KM generalizations. Observations led to examining educational objectives and guidelines which supported the need for KM and helped understand KM more generically through its competency requirements. This paper reviews the process that led to identifying the need for a KM competency term and how the three KM competencies were discovered. Included is a graphic showing integrated KM activities based on the sub-elements of two competencies, an illustrative list of KM mediums, and a discussion of how the theory can be vali...
For those who are responsible for the security of an enterprise or a group effort, an approach to... more For those who are responsible for the security of an enterprise or a group effort, an approach to managing the challenge of malicious messaging is useful. The best solution lies not in any single tool or school of thought, but in the layering of many of these tools in such a way as to create a layered approach to protection, which you can think about as similar to the layers of an onion: each layer provides a level of protection, but if it fails, there is another one underneath it. The “Malicious Messaging Layered Defense Framework,” or MMLDF, provides you with a guide to better consider and approach the task of defending the network from technical attacks based on social weaknesses or vulnerabilities.
Understanding the psychology of malicious messaging can be as much of a resource to stopping it a... more Understanding the psychology of malicious messaging can be as much of a resource to stopping it as any log file technology or security analysis. The vast majority of attacks are aimed at anyone who will respond, whereas only a small minority of attacks are exquisitely targeted for very high value targets. There are two primary goals for a sender of a malicious email. The first goal is for you to actually see the email. This means that the email needs to be constructed to avoid automated scanning and quarantining programs. The second goal is to have you act on the email. In some cases, this is as simple as opening it and reading it. In other cases, the sender wants you to open an attachment. Success for the bad guys comes when someone opens and replies to their messages, shares a like-farming post, clicks on a malicious link, or opens an attachment.
A malicious message is any message in electronic form, sent through an automated information proc... more A malicious message is any message in electronic form, sent through an automated information processing systems, which has been crafted or designed to assist in the achievement of a goal that is, in one or more ways, dangerous to the best interests of the recipient. In simpler terms, it is an electronic message that can cause you, or the systems you are connected to, harm. Herein lays the danger of malicious email: if simply opening an email can cause problems for you, how can you possibly know which emails are safe to open and which ones are not? Further, how can you know whether an attachment is safe to open or not? It is important to realize that there are no 100% solutions. Types of malicious messages range from phishing attacks, which are designed to get recipients to reveal sensitive information, to messaging with embedded malicious software. Understanding the characteristics of malicious messages can help you answer the question, “is this email legitimate and is it safe to open?”
It is easy to look at an email and not see what is hidden behind the display. In fact, most peopl... more It is easy to look at an email and not see what is hidden behind the display. In fact, most people would not even suspect that behind a very simple looking email might be lurking some complicated programming. The header of an email contains a treasure trove of information, which for malicious emails can be very useful information. The message body can include all kinds of hidden features that you may not be able to see when you view it in your normal viewing window. Sometimes the attackers hide their attack in one or more attachments. It is both a reality and a shame that bad guys figured out how to trick people into doing things they ordinarily would not do by simply disguising the actions, but with just a little bit of knowledge, you can understand how it works. Through that understanding, you can be more alert as to the potential problems.
Detection is an important foundation for other technical mitigation strategies. Detection helps u... more Detection is an important foundation for other technical mitigation strategies. Detection helps us develop the knowledge to prevent pending attacks and warn others. Detection is more than the act of catching an attack in progress. There are two major components to detecting and combatting malicious email: first, use the technology to help you as much as it can, and second, use your brain. Scientists and researchers are continually applying every trick possible to combat malicious email and significant advances have been made. But the bad guys continue to react to those measures and modify how they operate, in order to avoid detection. Your brain, therefore, is a critical part of your defense. Further, when you understand the detection process, you also develop an intuition as well as detailed understanding of how problems potentially occur and that gives you the ammunition to actually prevent many problems from occurring and to quickly contain what problems sneaked through your defenses.
Survey data on information security trends and concerns are used to justify increased expenditure... more Survey data on information security trends and concerns are used to justify increased expenditures on security tools and technologies. Students use the data to support term paper analyses. Government officials use these data to justify program initiatives and to berate companies for inadequate security. The numbers, however, are anecdotal, are not generalizable to the business level, and are reported in cumulative form. In a word, they are not useful for any of the purposes listed above. This paper examines this phenomenon, looking at survey data that has been published and the uses to which it has been put.
Virtual repositories allow researchers across a broad spectrum of disciplines to amalgamate their... more Virtual repositories allow researchers across a broad spectrum of disciplines to amalgamate their data for synergy. The system described relies heavily on both unique data storage models and 2D/3D visualization. Research into the security needs for a virtual archeological data repository (VADR) was conducted in the Fall 2011 using qualitative approaches for expert opinion elicitation from a variety of stakeholders, including archeologists, policy makers, human rights activists, and museum curators. The research revealed a rich tapestry of security concerns, which must inform the design of a VADR. These concerns include integrity issues, confidentiality issues, and availability issues. Security for information in all instantiations is both complex and intricate. Operational situations provide tensions among essential security services–confidentiality, integrity, and availability. In a virtual archeological data repository (VADR) integrity and availability are essential. Of these, the...
Uploads