The search topic for the proposed research involves cyber-attacks on small businesses and why they are susceptible to these attacks.

Bibliography Thesis:

The research aims to identify what makes small businesses susceptible to cyber-attacks. Cyber-attacks are becoming a prominent way to steal online information and infiltrate businesses networks. The proposed research will identify the common vulnerabilities among small businesses by using a mix of qualitative and quantitative questions in an issued survey. Having employees and managers in the technology area of the business answer the questionnaire will give a different perspective that will produce mathematical and psychological results. After obtaining and evaluating the results, the research could suggest what businesses need to enact to protect their network. The results could also support implementing a cyber-security class as a required core class in college.

1^st Search:

Database: Computer Source

Search Term: “Security Breach”

Search Details:

When I entered “Security Breach” into the search bar, the number of articles that appeared was 1,142 journals. I then used the filter Full-text documents, Peer Reviewed Journal articles, and publication date from December 31, 2018, to December 31, 2021. The number of articles that resulted from this filter was 76 academic journals.

Usefulness:

I decided to use the search term “Security Breach” for the first search because I had not used the search term and wanted to see what type of journal articles would show in the results. I did find an article about insurance policies that businesses use when they encounter a cyber-attack (Romanosky et al., 2019). This article is appealing because I have seen information that most small businesses usually do not recover well when their networks are breached.

Annotated Bibliography 1:

Romanosky, S., Ablon, L., Kuehn, A., & Jones, T. (2019). Content analysis of cyber insurance policies: how do carriers price cyber risk? Journal of Cybersecurity, 5(1), 1b+. https://link.gale.com/apps/doc/A645314914/CDB?u=klnb_fhsuniv&sid=bookmark-CDB&xid=4b9d7fbf

I found this article in the Computer Source database, which addresses the financial aspect that businesses go through in the aftermath of a cyber-attack.  The article mentions that cyber insurance is becoming more popular due to cyber-warfare trends. However, the policies and the rates of the cyber insurance premiums are not transparent to most businesses. The qualitative research emphasizes the insurance commissioners and content analysis to examine what the insurance covers in the aftereffects of a cyber-attack. The researchers conducted their study using thematic analysis to identify common concepts to derive meaning across the collection of insurance policies.

 

2^nd Search:

Database: Computer Source

Search Term: “Spyware”

Search Details:

When I entered “Spyware” into the search bar, the number of articles that appeared was 590 journals. I then used the filter Full-text documents, Peer Reviewed Journal articles, and publication date from December 31, 2018, to April 16, 2022. The number of articles that resulted from this filter was 33 academic journals.

Usefulness:

I have not performed a search related to spyware for the second search, an important cyber-attack element. After searching through the results, I found the article below explaining how companies are beginning to adapt to the new advancements in technology. The researchers in the article explain the types of spyware and other concepts that businesses are susceptible to in cyber-attacks. Overall, the search was great for me to perform, and the article below will be a great addition to my proposal.

Annotated Bibliography 2:

Alharbi, F. S. (2020). Dealing with data breaches amidst changes in technology. International Journal of Computer Science and Security [IJCSS], 14(3), 108+. https://link.gale.com/apps/doc/A682507250/CDB?u=klnb_fhsuniv&sid=bookmark-CDB&xid=5b217e4d

The article above explains the types of cyber-attacks businesses encounter and the measures they are now taking to counter advanced technology. Alharbi covers a few well-known businesses that have been breached, including Adobe, Facebook, and Myspace. I thought it was interesting how these large corporations, who have the financial resources to have noteworthy network security, still get hacked. The types of cyber-attacks are thoroughly explained, and the information gives me more insurance to use in my proposal. For example. The article explains, “Employees are the primary security vulnerability for any organization,” which supports my methodology to include employees in my questionnaire.

3rd Search:

Database: Computer Source

Search Term: “Ransomware”

Search Details:

When I entered “Ransomware” into the search bar, the number of articles that appeared was 172 journals. I then used the filter Full-text documents, Peer Reviewed Journal articles, and publication date from December 31, 2018, to April 16, 2022. The number of articles that resulted from this filter was 74 academic journals.

Usefulness:

From the 2^nd search, I thought it would be useful to search the term “Ransomware” and see if there were any examples of businesses being denied their services due to an employee’s lack of knowledge in cyber-security. After searching through a few articles, I found the following article that explains how ransomware has been evolving throughout the years. A significant amount of other information is explained throughout the article, including the “spray and pray” method. This method is used to send as many malicious emails as possible to try to infect many machines as possible. In conclusion, the search was successful, and the article provides a unique insight into ransomware for businesses.

Annotated Bibliography 3:

Connolly, L. Y., Wall, D. S., Lang, M., & Oddson, B. (2020). An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability. Journal of Cybersecurity, 6(1), 1v+. https://link.gale.com/apps/doc/A687753853/CDB?u=klnb_fhsuniv&sid=bookmark-CDB&xid=b97d0dc1

The study evaluated the experiences of businesses that were victims of ransomware attacks ranging from the United Kingdom to North America. Fifty- five ransomware cases were examined in this study. A mixture of quantitative and qualitative data was collected to be processed to generate a conclusion. The study listed a few interesting ransomware cases, including GovSecA and EducInstFB. This study is different from the other articles I browsed because the researchers explained the types of ransomware attacks that occurred for each of the cases they mentioned. The researchers aimed to validate that several factors, including organizational sectors, security posture, and the type of attack, measure the ransomware attack’s severity.

 

4th Search:

Database: Computer Source

Search Term: “Malware”

Search Details:

When I entered “Malware” into the search bar, the number of articles that appeared was 1,196 journals. I then used the filter Full-text documents, Peer Reviewed Journal articles, and publication date from December 31, 2020, to April 16, 2022. The number of articles that resulted from this filter was 81 academic journals.

Usefulness:

The search Malware generated many results, and I had to use a few filters to limit the results. I eventually found the following article that is about intrusion detection. This source would be helpful to fill any holes or gaps that I may have in machine learning technologies like Network Penetration Testing. Also, reading how the researchers used confusion matrix and classification reports to finalize their supportive validation was interesting to understand how they use these validation methods. Overall, the search was helpful because it helped support my Network Penetration testing area in my research proposal.

Annotated Bibliography 4:

Agarwal, A., Sharma, P., Alshehri, M., Mohamed, A. A., & Alfarraj, O. (2021). Classification model for accuracy and intrusion detection using machine learning approach. PeerJ Computer Science, 7, e437. https://link.gale.com/apps/doc/A657637081/CDB?u=klnb_fhsuniv&sid=bookmark-CDB&xid=accd10e6

This article evaluates how network detection systems need to be improved and reexamined as technology becomes more advanced. The researchers collected data was used as an input to an Intrusion Detection System to see which algorithm listed in the research best detects suspicious activity. The three classification models’ performances are based on accuracy, classification report, and confusion matrix to determine which algorithm is superior. The researchers specifically mention that their motivation behind their study is to find the smartest algorithm to keep up with the trend of network intrusion. Overall, the article gives me insight into algorithms that can benefit businesses’ network intrusion detections.

5th Search:

Database: Computer Source

Search Term: “Network Protection”

Search Details:

When I entered “Network Protection” into the search bar, the number of articles that appeared was 612 journals. I then used the filter Full-text documents, Peer Reviewed Journal articles, and publication date from December 31, 2020, to April 16, 2022. The number of articles that resulted from this filter was 43 academic journals.

Usefulness:

What made me think of the term “Network Protection” was the previous article discussing how businesses should use certain algorithms to protect their networks from cyber-attacks. I found a few articles in this search helpful, but the following article seemed to benefit me the most.

Annotated Bibliography 5:

Montes, F., Bermejo, J., Sanchez, L. E., Bermejo, J. R., & Sicilia, J. A. (2021). Detecting malware in cyberphysical systems using machine learning: A survey. KSII Transactions on Internet and Information Systems, 15(3), 1119+. https://link.gale.com/apps/doc/A663596023/CDB?u=klnb_fhsuniv&sid=bookmark-CDB&xid=a795405d

The article above examines state-of-the-art, automated machine learning technology in malware detection. The researchers also mention the most common malware attacks in the cyber-physical systems and the most effective algorithms for intrusion detection. Cyber-physical systems have a direct relationship with the robotic and machinery industry, so the protection of the system is essential. This article would be great to implement into my research because I can compare how people protect cyber-physical systems to a common business network. A challenge identified when reviewing the scientific literature is what considers a cyber-physical system and “its relationship to the Internet of Things.”  In conclusion, the article gave an in-depth analysis of the characteristics and properties that a cyber-physical system should possess to defend against malware attacks.

Is Saturation Achieved?

Throughout the weeks, I have used a variety of subject terms and keywords while using multiple databases. Computer Source,  Information Science Collection, and Computer Science Collection were all databases that we used in my search for sources. The best database that was the most useful for me was the Computer Source database because it provided me with many sources that will be implemented in my research proposal. I know that I have reached saturation for my research and do not need any more sources for my proposal.