Andrew Green

Kennesaw State University, Information Systems Department, Faculty Member

Followers

Following

Co-authors

Public Views

Andrew Green, Ph.D., is an Assistant Professor of Information Security and Assurance in the Information Systems Department, located in the Michael J. Coles College of Business at Kennesaw State University, Kennesaw, Georgia. Andy currently serves as the program coordinator for the Information Security and Assurance undergraduate degree program, as well as the faculty advisor for the award-winning student-led KSU Offensive Security Research Club.

Green has almost two decades of experience in information security. Before entering academia full-time, Andy worked as an information security consultant, focusing primarily on the needs of small and medium-sized businesses. Before that, Green worked in the healthcare IT field, where he developed and supported transcription interfaces for medical facilities throughout the United States.

Andy’s research interest focuses on problems found at the intersection of security, privacy, and public policy, and his research has been published in top-tier academic journals. Green is also a co-author of several academic textbooks on various information security-related topics that have been used in classrooms globally. Andy is also a frequent contributor to local, regional, and national media outlets on issues related to information security.

less

Haitham El-Ghareeb

Mansoura University

Greg Simons

Turiba University

Colin Scott

University College Dublin

Lluís Codina

Pompeu Fabra University

Oleg Yu Vorobyev

Siberian Federal University

Dr Yusri Arshad

Universiti Teknikal Malaysia Melaka

Kostas Zafiropoulos

University of Macedonia

Adam Burgess

University of Kent

David Seamon

Kansas State University

Remo Caponi

University of Cologne

InterestsView All (30)

Uploads

Books by Andrew Green

Principles Of Incident Response And Disaster Recovery by Michael E.-Whitman Herbert J.-Mattord And

by Tina Tapper, Andrew Green, and Michael Whitman

Principles Of Incident Response And Disaster Recovery by Michael E.-Whitman Herbert J.-Mattord And

Guide to Network Security, 1st Edition

Principles of Incident Response and Disaster Recovery, 2nd Edition

by Andrew Green and Michael Whitman

Guide to Firewalls & VPNs, Third Edition

Teaching Documents by Andrew Green

ISA 4805 - Penetration Testing

ISA 4330 - Incident Response and Contingency Planning

ISA 4220 - Server Systems Security

ISA 4200 - Perimeter Defense

ISA 3210 - Client Systems Security

ISA 3200 - Network Security

ISA 3100 - Principles of Information Security

ISA 2100 - Principles of Information Security

ISA 4700 - Emerging Issues In Information Security and Assurance

ISA 4810 - Cyber Defense

IS 2101 - Computers and Your World

IS 2040 & IT 3300- Web Development I

IS 2080 - Data Management

Conference Presentations by Andrew Green

Towards a Taxonomy of Information Spillage and Leakage

by Andrew Green and Tyler Pieron

Studies of information exposure are a cornerstone of information security research. Within the re... more Studies of information exposure are a cornerstone of information security research. Within the research realm of information exposure, the inadvertent exposure of information is a topic of particular interest. In the extent literature this phenomenon is often referred to as information leakage or information spillage. In this work in progress, we seek to understand the extent usage of these terms and to work towards a harmonized definition of both terms. We present a systematic review of literature detailing the prior use of both terms and the definitions put forward in the literature. Furthermore, we propose a framework for defining information spillage and information leakage based on the dimensions of user action and system behavior.

Download

Management of Security Policies for Mobile Devices

This paper discusses management of security policies for mobile devices. The increasing use of mo... more This paper discusses management of security policies for mobile devices. The increasing use of mobile devices in the workplace is covered, as well as new software applications that allow employees to use their mobile devices to increase their productivity. Various risks to businesses arising from compromised mobile devices are discussed. Mobile devices are
defined, as are some common attack vectors currently present in most devices. A framework for creating mobile device security policies is discussed, and sample policy language for mobile devices is offered.

Download

Addressing Emerging Information Security Personnel Needs. A Look at Competitions in Academia: Do Cyber Defense Competitions Work?

This paper is part of a proposed study that looks at the emerging information security personnel ... more This paper is part of a proposed study that looks at the emerging information security personnel needs of organizations. We are attempting to explore the correlation between components of a regional cyber defense competition and an organization’s needs in terms of employing adequately trained information security personnel. We look to identify some unique
characteristics of a regional academic cyber defense competition via the critical success factors method.

Download

Principles Of Incident Response And Disaster Recovery by Michael E.-Whitman Herbert J.-Mattord And

by Tina Tapper, Andrew Green, and Michael Whitman

Principles Of Incident Response And Disaster Recovery by Michael E.-Whitman Herbert J.-Mattord And

Guide to Network Security, 1st Edition

Principles of Incident Response and Disaster Recovery, 2nd Edition

by Andrew Green and Michael Whitman

Guide to Firewalls & VPNs, Third Edition

ISA 4805 - Penetration Testing

ISA 4330 - Incident Response and Contingency Planning

ISA 4220 - Server Systems Security

ISA 4200 - Perimeter Defense

ISA 3210 - Client Systems Security

ISA 3200 - Network Security

ISA 3100 - Principles of Information Security

ISA 2100 - Principles of Information Security

ISA 4700 - Emerging Issues In Information Security and Assurance

ISA 4810 - Cyber Defense

IS 2101 - Computers and Your World

IS 2040 & IT 3300- Web Development I

IS 2080 - Data Management

Towards a Taxonomy of Information Spillage and Leakage

by Andrew Green and Tyler Pieron

Download

Management of Security Policies for Mobile Devices

Download

Addressing Emerging Information Security Personnel Needs. A Look at Competitions in Academia: Do Cyber Defense Competitions Work?

Download

SNS Use, Risk, and Executive Behavior

Organizations can suffer attacks designed to take advantage of employee vulnerabilities. Success... more Organizations can suffer attacks designed to take advantage of employee vulnerabilities. Successful attacks cause firms to suffer financial damage ranging from minor information breaches to severe financial losses. Cybercriminals focus on organization executives, because the power and influence they wield affords access to more sensitive data and financial resources. The purpose of this research in progress submission is to identify the types of executive behaviors that information security professionals believe introduce risk to an organization, as well as to explore the degree of risk organizations face as a result of these behaviors.

Download

Social Networking Continuance and Success: A Replication Study

Journal of Computer Information Systems, 2022

The success of social networking sites relies on members’ continuous use. We replicate a study ev... more The success of social networking sites relies on members’ continuous use. We replicate a study evaluating the relationship of continued-use intention to the success of social networking sites to determine whether the results obtained with a US sample can be generalized to the South Korean context. Using two culturally distinct samples, we demonstrate limitations to the generalizability of the original study’s findings and important constructs influencing continued-use intention across cultural boundaries.

Zombies, Sirens, and Lady Gaga – Oh My! Developing a Framework for Coordinated Vulnerability Disclosure for U.S. Emergency Alert Systems

by Andrew Green, Kelly Dodson, and Peter Easton

Government Information Quarterly, 2019

U.S. emergency alert systems (EAS) run on legacy software with aging hardware and limited cyberse... more U.S. emergency alert systems (EAS) run on legacy software with aging hardware and limited cybersecurity. While EASs are an essential component of the U.S. critical infrastructure, they are often under-funded, and workers frequently lack the knowledge to protect these systems adequately. Recent compromises of various EASs have not inspired public confidence. We present a method for EAS authorities to engage with external cybersecurity researchers to find, recover from, and disclose vulnerabilities using coordinated vulnerability disclosure (CVD) policies. Clearly written CVD policies set guidelines and legal bounds for cybersecurity research, taking advantage of researcher expertise while working to strengthen the cybersecurity of the patchwork public-private-government networks comprising EASs. We intended to investigate the CVD policies of EASs in seven southeastern states; however, we could find no CVD policies through the entire supply chain. Instead, we investigated the CVD policies of the top 10 technology firms on the Fortune 500 list, analyzing best practices in terms of publication of a CVD policy, as well as: setting eligibility requirements, describing the submission process, delineating researcher restrictions, outlining agreements on sharing credit, and explaining bounties (if relevant). We recommend that EAS authorities develop CVD policies in line with suggested criteria, using policies from top technology organizations combined with the proposed framework, and using cybersecurity researchers as a valuable component of the EAS supply chain.

Download

Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems

by Andrew Green, Kelly Dodson, and Peter Easton

Communications of the AIS, 2019

U.S. emergency alert systems (EASs) are part of the nation's critical infrastructure. These syste... more U.S. emergency alert systems (EASs) are part of the nation's critical infrastructure. These systems are built on aging platforms and suffer from a fragmented interconnected network of partnerships. Some EASs have an easily identifiable vulnerability - their management website is available via the Internet. Authorities must secure these systems quickly. Other concerns exist, primarily the lack of policies for reporting vulnerabilities. To begin an assessment of U.S. EASs, we used Shodan to evaluate the availability of these websites in six southeastern states. We found 18 such websites that were accessible via the Internet, only requiring user credentials to login to the system. Next, we searched for published policies on the reporting of vulnerabilities; we found no vulnerability disclosure policies for any of the systems identified. To identify, prioritize, and address EAS vulnerabilities, we present a list of technical and management strategies to reduce cybersecurity threats. We recommend integrated policies and procedures at all levels of the public-private-government partnerships, along with system resilience, as lines of defense against cybersecurity threats. By implementing these strategies, U.S. EASs will be positioned to update critical infrastructure, notify groups of emergencies, and ensure the distribution of valid and reliable information to the populations at risk.

Learning Outcomes for Cyber Defense Competitions

by Andrew Green and Amy Woszczynski

Journal of Information Systems Education (JISE), 2017

Cyber defense competitions (CDCs) simulate a real-world environment, where the competitors must p... more Cyber defense competitions (CDCs) simulate a real-world environment, where the competitors must protect the information assets of a fictional organization. These competitions are becoming popular at the high school and college levels, as well as in industry and governmental settings. However, there is little research to date on the learning outcomes associated with CDCs or the long-term benefits to the participants as they pursue future educational, employment or military goals. For this exploratory research project, we surveyed 11 judges and mentors participating in a well-established high school CDC held in the southeastern United States. Then we developed a set of recommended learning outcomes for CDCs, based on importance of the topic and participant preparedness for future information-security related endeavors. While most previous research has focused on technology issues, we analyzed technological, human, and social topics, to develop a comprehensive set of recommendations for future CDCs.

Download

Andrew Green

Uploads

Books by Andrew Green

Teaching Documents by Andrew Green

Conference Presentations by Andrew Green

Log In