istock-1279501051.jpeg

New faculty are experts on cyber security, privacy

Two new faculty members joining the W. P. Carey Department of Information Systems this fall will bring expertise in critical areas of information systems that have been making headlines. Roberto J. Mejias and Altaf Ahmad are the latest additions to a team of researchers probing the issues and attitudes surrounding cyber security and cyber privacy.

August 2, 2011 -- Two new faculty members joining the W. P. Carey Department of Information Systems this fall will bring expertise in critical areas of information systems that have been making headlines in recent months: cyber security and cyber privacy.

Roberto J. Mejias comes to the W. P. Carey School from the Eller College of Management at the University of Arizona, where he was a faculty fellow and associate director of the Information Assurance-Security Education Center. He was previously an assistant professor of MIS (management information systems) at Purdue University.

Altaf Ahmad most recently served as an instructor in information assurance, operations management and management science at Howard University in Washington, D.C. His research interests are online privacy and attitudes about technology use.

"Both of these men are dealing with some pretty cutting-edge topics. When we hire someone we look for the markers that would make them successful in our environment and these faculty members come in with those markers," said Michael Goul, chair of the Information Systems department.

About

Roberto J. Mejias 

Mejias' research focus is on cyber-security threats and cyber terrorism, and their effects on information security awareness, cyber-security risk assessments, information systems security risk management strategies, and information security countermeasures.

"I emphasize the empowering and beneficial aspects of IT, how truly awesome technology can be and how it can be harnessed to solve a wide range of simple to complex problems that can benefit mankind," he said. "But there is also a dark side to the use of IT. As with any good thing, technology can be turned around, and made to create and support a host of malicious cyber attacks and cyber crimes. And it is becoming increasingly difficult to protect organizational data resources, and deter and prosecute cyber criminals and cyber terrorists."

Experience at IBM: In addition to 10 years of corporate experience with IBM as an industrial engineer, Mejias brings with him 15 years of experience as a professor at the University of Oklahoma, Purdue, Indiana University and, most recently, the University of Arizona (UA). While at the UA, Mejias taught a course on information security, risk management and disaster recovery. He was instrumental in obtaining certification for the course from the National Security Agency and the Committee on National Security Systems.

Mejias' students learned about malicious cyber threats such as denial-of-service attacks, social engineering, Trojan horses, SCADA (industrial control systems) and botnet attacks, electromagnetic pulse bombs, steganography, and password cracking, and how they can wreak havoc on corporate and governmental data resources.

Work at Purdue: At Purdue, Mejias was an associate at the Homeland Security Institute and CERIAS (Center for Educational Research in Information Assurance and Security). "The current cyber-threat landscape is pretty scary stuff and I'm trying to create more information security awareness for students and professionals via my classes, my research and lectures," Mejias states. "The cyber-threat environment is like the mythical Greek hydra serpent: as you cut off one of its many heads, other cyber threats and system attacks appear. Additionally, cyber attackers are becoming more proficient in targeting and exploiting system vulnerabilities and avoiding detection, which has devastating effects on organizational operations and the confidentiality and integrity of their data."

Mejias said that students in his information security classes are shocked by the vulnerability of corporate and personal information. Mejias smiled and stated "I think one of the most interesting comments I received was, 'Dr. Mejias, after I took your Info Security class I started writing all my messages in crayon on cardboard!'"

Mejias' Awards: Mejias has also received more than a dozen teaching excellent awards, including the University of Oklahoma Student Association Outstanding Teacher of the Year award, Purdue's College of Management Outstanding Teacher of the Year award and recently the UA's Eller Award for Teaching Excellence (2010) and Eller Outstanding Undergraduate Teacher of the Year Award (2008) "I love teaching, I love the research, I love influencing young minds," he said. "Professors have a tremendous influence on our young people. You can enthusiastically interject ethics and honesty into every college course that you teach. I also advocate something called CSR -- corporate social responsibility." And Mejias emphasizes service.

"I encourage my students and their organizations to get involved with helping out in their communities," he said. "It's simply not enough to make money to buy a car or clothes or other material things. I challenge my students to become good corporate citizens and consider how they can use technology to improve our world in such areas as education, health and quality of life."

Altaf Ahmad

Ahmad will be adding another dimension to the IS department's existing cyber-privacy knowledge base, Goul pointed out. Professors Julie Smith David and Marilyn Prosch have ongoing research concerning security and privacy. "He will fit right into a cluster of strength that we're working to build in that privacy area," Goul said.

Research: Ahmad's dissertation looked at how perceived online privacy breaches affect the continued use of technology, including social media. "My research indicates that while people are concerned about online privacy, they don't actually plan to substantially change their behavior out of that concern," Ahmad said. "One explanation for this could be that people are more educated about privacy and security issues now and are concerned about them, but have already made adjustments and do not need to modify their behavior anymore. However, a plausible and more worrisome explanation is a 'privacy paradox,' which is the idea that while we are concerned about security issues, we also don't want to do anything about them. On the contrary, we actually like and want the very same applications that also expose us to risks."

Aim in ASU: Ahmad earned his Ph.D. in management information systems at Southern Illinois University Carbondale. His MBA in Enterprise Systems is from the University of Technology, Sydney Australia. Ahmad hopes to continue his research into cyber privacy while at ASU. He wants to explore in more depth how people cope psychologically with the privacy risks that come from using such applications as Facebook, Twitter, search engines and even shopping online.

In the wake of recent online hacking and security breaches, Ahmad will also be looking to measure perceptions of the severity of security breaches, and if those incidents are perceived to be significant enough to cause either a change in usage behavior or to affect a person's cognitive state.

Bringing to ASU

During his first semester at W. P. Carey, Mejias will be working on electives for the W. P. Carey MBA Evening program, while Ahmad will be taking on an undergraduate class that teaches students about database development and programming in business environments.

Additionally, Mejias and Ahmad will be connected with the Center for Advancing Business through Information Technology (CABIT), the department's community outreach research arm. "From an organizational perspective, we are training future managers and leaders of companies that will have to make the decisions about how much they are going to invest in order to protect their information assets against malicious attacks.Those are the type of decisions we have to prepare our students to be able to make," Goul said.

"Ahmad and Mejias are exactly what we needed, what we searched for and we recruited them very hard. We had a lot of applicants and these two really rose to the top." -- Photo credit Flickr, creative commons, taberandrew's photostream

Latest news