Publications | Andrew William Green, Ph.D.

2025

Journal Articles

JIT
Unpacking digital transformation – Constructing a framework based on industry use cases

Khawaja Asjad Saeed, Andrew William Green, and Alison Brooke Hedrick

Journal of Innovation & Knowledge, Jul 2025

Abs DOI Bib HTML PDF

Based on industry use cases, we identify six distinct types of digital transformation (DT), each grounded in a specific concept or enabling technology. These DT types can be implemented individually or combined to drive transformation initiatives. While deploying a single DT type often focuses on improving operational efficiency or streamlining existing workflows, initiatives that combine multiple DT types tend to pursue more ambitious goals, such as the creation of new products, services, or business models. However, the complexity increases signifi cantly with the integration of multiple DT types, as organizations must not only address behavioral changes but also overcome technical challenges involving systems integration, data architecture, and interoperability.
@article{2025digitaltransformation, title = {Unpacking digital transformation – Constructing a framework based on industry use cases}, author = {Saeed, Khawaja Asjad and Green, Andrew William and Hedrick, Alison Brooke}, journal = {Journal of Innovation & Knowledge}, volume = {10}, issue = {5}, pages = {1-12}, year = {2025}, month = jul, day = {25}, doi = {10.1016/j.jik.2025.100759}, publisher = {Elsevier}, issn = {2444-569X}, url = {https://doi.org/10.1016/j.jik.2025.100759}, dimensions = {true}, }
CAIS
What does ChatGPT Know about Information Systems?

Daniel E. O’Leary, Aaron M. French, Veda C. Storey, and 8 more authors

Communications of the Association for Information Systems, Apr 2025

Abs DOI Bib HTML

Large language models such as ChatGPT provide efficient access to a wealth of information. However, there are significant questions regarding the depth and quality of knowledge in any one domain. This paper focuses specifically on the information systems (IS) field and assesses ChatGPT’s knowledge. To analyze the extent and quality of information systems knowledge derived from queries to ChatGPT, we used over 3,000 queries from a broad range of exam and quiz questions. These queries were obtained from university courses and professional information system certification exams. The query topics are based on a framework for information systems education, with queries gathered from multiple faculty members at different universities. The results of querying ChatGPT with these questions find that ChatGPT can answer 65% to 85% of information systems queries successfully, across each of the areas of the framework. ChatGPT performed well on essay, true/false and multiple choice questions, with no statistical difference between its success rate on multiple choice and true/false questions. We conclude that ChatGPT tends to perform approximately at the level of an average student, but may not perform at a level sufficient to pass certain professional exams. ChatGPT’s knowledge is very broad, covering virtually all areas of the information systems knowledge we identified, but not at an expert level.
@article{2025chatgpt, title = {What does ChatGPT Know about Information Systems?}, author = {O'Leary, Daniel E. and French, Aaron M. and Storey, Veda C. and Buckman, Joseph. R. and Chua, Cecil and Green, Andrew William and Gu, Grace and Niederman, Fred and Pereira, Francis and Templeton, Gary and Wallace, Linda}, journal = {Communications of the Association for Information Systems}, volume = {56}, number = {19}, pages = {461-482}, year = {2025}, month = apr, doi = {10.17705/1CAIS.05619}, publisher = {Association for Information Systems}, issn = {1529-3181}, url = {https://doi.org/10.17705/1CAIS.05619}, dimensions = {true} }

2024

Textbooks

Principles of Network Security

Andrew William Green, Michael E. Whitman, and Herbert Mattord

Apr 2024

Abs Bib HTML

Principles of Network Security offers a comprehensive, approachable, and up-to-date foundation for teaching network security to students in high school, trade school, or college-level courses. This textbook introduces core concepts in network security, cryptography, secure architecture, threat analysis, and monitoring while addressing modern challenges like IoT, cloud security, AI, and Zero Trust frameworks. Each chapter combines foundational theory with real-world examples and current best practices. The book emphasizes practical knowledge across layered topics, from the OSI and TCP/IP models and data communication protocols to firewall configuration, VPN deployments, wireless network protections, and access control models. It includes coverage of leading standards and frameworks from NIST, CIS, and ISO. Rich pedagogical features - such as learning objectives, review questions, hands-on exercises, and short projects - help reinforce key skills and prepare students for further study or entry into cybersecurity roles. Whether used in a semester-long survey or as a base for certification pathways, this textbook equips students with the knowledge they need to navigate the complexities of modern network security.
@textbook{2024networksecurity, title = {Principles of Network Security}, author = {Green, Andrew William and Whitman, Michael E. and Mattord, Herbert}, year = {2024}, publisher = {Kendall Hunt Publishing}, isbn = {979-8-3851-3043-6}, url = {https://he.kendallhunt.com/product/principles-network-security}, dimensions = {true} }

Journal Articles

C&S
To report or not to report? Extending Protection Motivation Theory to Vulnerability Discovery and Disclosure

Andrew William Green, DeJarvis Oliver, and Amy B. Woszczynski

Computers & Security, Jul 2024

Abs DOI Bib HTML

Vulnerability researchers face difficult choices when considering whether to reporting a finding to an organization with which they are unaffiliated. We used components of Protection Motivation Theory (PMT) to create the Vulnerability Discovery and Disclosure (VDD) model to understand the decision-making processes of vulnerability researchers. PMT uses high fear appeals, threat appraisals, and coping appraisals to encourage employee prosocial behaviors while VDD proposes low fear and threat with high coping, to encourage reporting. In this exploratory study, we surveyed active vulnerability researchers to gain insight into their concerns when deciding to report to an organization. Using principal components analysis, we developed and refined the VDD survey, which may be tested by future researchers. We also discovered a higher-order efficacy construct, comprised of response and self-efficacy. We theorize that well-developed vulnerability disclosure policies, in line with a low-fear, low-threat appraisal and high efficacy may establish a culture of trust between organizations and vulnerability researchers, encouraging more reports.
@article{2024toreport, title = {To report or not to report? Extending Protection Motivation Theory to Vulnerability Discovery and Disclosure}, author = {Green, Andrew William and Oliver, DeJarvis and Woszczynski, Amy B.}, journal = {Computers & Security}, volume = {142}, pages = {1-18}, year = {2024}, month = jul, doi = {10.1016/j.cose.2024.103880}, publisher = {Elsevier}, issn = {0167-4048}, url = {https://doi.org/10.1016/j.cose.2024.103880}, dimensions = {true} }

2023

Conferences

KSUSymposium
Analysis of Honeypots in detecting Tactics, Techniques, and Procedures changes based on IP Address

Carson Reynolds and Andy Green

Apr 2023

Abs Bib HTML

The financial and national security impacts of cybercrime globally are well documented. According to the 2020 FBI Internet Crime Report, financially motivated threat actors committed 86% of reported breaches, resulting in a total loss of approximately $4.1 billion in the United States alone (Federal Bureau of Investigation, 2022). In order to combat this, our research seeks to determine if threat actors change their tactics, techniques, and procedures (TTPs) based on the geolocation of their target’s IP address. To answer this research question, we will construct a honeypot network distributed across multiple continents to collect attack data from geographically separate locations concurrently. We will configure the honeypots to offer vulnerable services and collect log data from the services for analysis. This approach will allow us to aggregate log data about attacks against specific services commonly targeted by threat actors. After we complete data collection, we will analyze the data to gain insight into the TTPs used by the threat actors. The analysis will use collected attack data attributes such as IP origin, service type, and executables delivered along with other transport layer analysis techniques to provide metadata on threat actor TTPs. Once the analysis is complete, we will have a greater insight into threat actor activities and produce a list of items that firms can use to monitor, protect, and maintain their environments and to detect attacks earlier, along with taking appropriate defensive action to lessen or eliminate the risk associated with these attacks.
@conference{2023ksuhoneypots, title = {Analysis of Honeypots in detecting Tactics, Techniques, and Procedures changes based on IP Address}, author = {Reynolds, Carson and Green, Andy}, year = {2023}, month = apr, publisher = {Kennesaw State University}, address = {Kennesaw, Georgia, USA}, url = {https://digitalcommons.kennesaw.edu/undergradsymposiumksu/spring2023/presentations/341/}, dimensions = {false} }
AMCIS
Analysis of Honeypots in detecting Tactics, Techniques, and Procedures changes based on IP Address

Carson Reynolds and Andrew William Green

Aug 2023

Abs Bib HTML

The financial and national security impacts of cybercrime globally are well documented. According to the 2020 FBI Internet Crime Report, financially motivated threat actors committed 86% of reported breaches, resulting in a total loss of approximately $4.1 billion in the United States alone (Federal Bureau of Investigation, 2022). In order to combat this, our research seeks to determine if threat actors change their tactics, techniques, and procedures (TTPs) based on the geolocation of their target’s IP address. To answer this research question, we will construct a honeypot network distributed across multiple continents to collect attack data from geographically separate locations concurrently. We will configure the honeypots to offer vulnerable services and collect log data from the services for analysis. This approach will allow us to aggregate log data about attacks against specific services commonly targeted by threat actors. After we complete data collection, we will analyze the data to gain insight into the TTPs used by the threat actors. The analysis will use collected attack data attributes such as IP origin, service type, and executables delivered along with other transport layer analysis techniques to provide metadata on threat actor TTPs. Once the analysis is complete, we will have a greater insight into threat actor activities and produce a list of items that firms can use to monitor, protect, and maintain their environments and to detect attacks earlier, along with taking appropriate defensive action to lessen or eliminate the risk associated with these attacks.
@conference{2023amcishoneypots, title = {Analysis of Honeypots in detecting Tactics, Techniques, and Procedures changes based on IP Address}, author = {Reynolds, Carson and Green, Andrew William}, year = {2023}, month = aug, publisher = {AIS}, address = {Panama City, Panama}, url = {https://aisel.aisnet.org/treos_amcis2023/1/}, dimensions = {false} }

2022

Journal Articles

JCIS
Social Networking Continuance and Success: A Replication Study

Aaron M. French and Andrew William Green

Journal of Computer Information Systems, Sep 2022

Abs DOI Bib HTML

The success of social networking sites relies on members’ continuous use. We replicate a study evaluating the relationship of continued-use intention to the success of social networking sites to determine whether the results obtained with a US sample can be generalized to the South Korean context. Using two culturally distinct samples, we demonstrate limitations to the generalizability of the original study’s findings and important constructs influencing continued-use intention across cultural boundaries.
@article{2022replication, title = {Social Networking Continuance and Success: A Replication Study}, author = {French, Aaron M. and Green, Andrew William}, journal = {Journal of Computer Information Systems}, volume = {63}, issue = {4}, pages = {988-997}, year = {2022}, month = sep, doi = {10.1080/08874417.2022.2119443}, publisher = {Taylor & Francis}, issn = {0887-4417, 2380-2057}, url = {https://doi.org/10.1080/08874417.2022.2119443}, dimensions = {true} }

2020

Journal Articles

GIQ
Zombies, Sirens, and Lady Gaga – Oh My! Developing a Framework for Coordinated Vulnerability Disclosure for U.S. Emergency Alert Systems

Amy Woszczynski, Andrew Green, Kelly Dodson, and 1 more author

Government Information Quarterly, Sep 2020

Abs DOI Bib HTML

U.S. emergency alert systems (EAS) run on legacy software with aging hardware and limited cybersecurity. While EASs are an essential component of the U.S. critical infrastructure, they are often under-funded, and workers frequently lack the knowledge to protect these systems adequately. Recent compromises of various EASs have not inspired public conﬁdence. We present a method for EAS authorities to engage with external cybersecurity researchers to ﬁnd, recover from, and disclose vulnerabilities using coordinated vulnerability disclosure (CVD) policies. Clearly written CVD policies set guidelines and legal bounds for cybersecurity research, taking advantage of researcher expertise while working to strengthen the cybersecurity of the patchwork public-private-government networks comprising EASs. We intended to investigate the CVD policies of EASs in seven southeastern states; however, we could ﬁnd no CVD policies through the entire supply chain. Instead, we investigated the CVD policies of the top 10 technology ﬁrms on the Fortune 500 list, analyzing best practices in terms of publication of a CVD policy, as well as: setting eligibility requirements, describing the submission process, delineating researcher restrictions, outlining agreements on sharing credit, and explaining bounties (if relevant). We recommend that EAS authorities develop CVD policies in line with suggested criteria, using policies from top technology organizations combined with the proposed framework, and using cybersecurity researchers as a valuable component of the EAS supply chain.
@article{2020zombies, title = {Zombies, Sirens, and Lady Gaga – Oh My! Developing a Framework for Coordinated Vulnerability Disclosure for U.S. Emergency Alert Systems}, author = {Woszczynski, Amy and Green, Andrew and Dodson, Kelly and Easton, Peter}, journal = {Government Information Quarterly}, volume = {37}, issue = {1}, pages = {1-15}, year = {2020}, doi = {10.1016/j.giq.2019.101418}, publisher = {Elsevier}, issn = {0740-624X}, url = {https://doi.org/10.1016/j.giq.2019.101418}, dimensions = {true} }
CAIS
Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems

Andrew Green, Amy B. Woszczynski, Kelly Dodson, and 1 more author

Communications of the Association for Information Systems, Sep 2020

Abs DOI Bib HTML

U.S. emergency alert systems (EASs) are part of the nation’s critical infrastructure. These systems are built on aging platforms and suffer from a fragmented interconnected network of partnerships. Some EASs have an easily identifiable vulnerability - their management website is available via the Internet. Authorities must secure these systems quickly. Other concerns exist, primarily the lack of policies for reporting vulnerabilities. To begin an assessment of U.S. EASs, we used Shodan to evaluate the availability of these websites in six southeastern states. We found 18 such websites that were accessible via the Internet, only requiring user credentials to login to the system. Next, we searched for published policies on the reporting of vulnerabilities; we found no vulnerability disclosure policies for any of the systems identified. To identify, prioritize, and address EAS vulnerabilities, we present a list of technical and management strategies to reduce cybersecurity threats. We recommend integrated policies and procedures at all levels of the public-private-government partnerships, along with system resilience, as lines of defense against cybersecurity threats. By implementing these strategies, U.S. EASs will be positioned to update critical infrastructure, notify groups of emergencies, and ensure the distribution of valid and reliable information to the populations at risk.
@article{2020cais, title = {Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems}, author = {Green, Andrew and and Woszczynski, Amy B. and Dodson, Kelly and Easton, Peter}, journal = {Communications of the Association for Information Systems}, volume = {46}, issue = {1}, pages = {187-208}, year = {2020}, doi = {10.17705/1CAIS.04608}, publisher = {Association for Information Systems}, issn = {1529-3181}, url = {https://doi.org/10.17705/1CAIS.04608}, dimensions = {true} }

2017

Journal Articles

JISE
Learning Outcomes for Cyber Defense Competitions

Amy B. Woszczynski and Andrew Green

Journal of Information Systems Education, Nov 2017

Abs Bib HTML PDF

Cyber defense competitions (CDCs) simulate a real-world environment, where the competitors must protect the information assets of a fictional organization. These competitions are becoming popular at the high school and college levels, as well as in industry and governmental settings. However, there is little research to date on the learning outcomes associated with CDCs or the long-term benefits to the participants as they pursue future educational, employment or military goals. For this exploratory research project, we surveyed 11 judges and mentors participating in a well-established high school CDC held in the southeastern United States. Then we developed a set of recommended learning outcomes for CDCs, based on importance of the topic and participant preparedness for future information-security related endeavors. While most previous research has focused on technology issues, we analyzed technological, human, and social topics, to develop a comprehensive set of recommendations for future CDCs.
@article{2017outcomes, title = {Learning Outcomes for Cyber Defense Competitions}, author = {Woszczynski, Amy B. and Green, Andrew}, journal = {Journal of Information Systems Education}, volume = {28}, issue = {1}, pages = {21-42}, year = {2017}, month = nov, publisher = {Information Systems and Computing Academic Professionals (ISCAP)}, issn = {2574-3872, 1055-3096}, url = {https://www.jise.org/Volume28/n1/JISEv28n1p21.html}, dimensions = {true} }

2014

Textbooks

Principles of Incident Response and Disaster Recovery

Michael E. Whitman, Herbert J. Mattord, and Andrew Green

Nov 2014

Abs Bib HTML

PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 2nd Edition presents methods to identify vulnerabilities within computer networks and the countermeasures that mitigate risks and damage. From market-leading content on contingency planning, to effective techniques that minimize downtime in an emergency, to curbing losses after a breach, this text is the resource needed in case of a network intrusion.
@textbook{2014incidentresponse, title = {Principles of Incident Response and Disaster Recovery}, author = {Whitman, Michael E. and Mattord, Herbert J. and Green, Andrew}, year = {2014}, publisher = {Cengage Learning}, isbn = {978-1-111-13805-9}, url = {https://www.cengage.com/c/principles-of-incident-response-and-disaster-recovery-2e-whitman/9781111138059}, dimensions = {true} }

2013

Conferences

AMCIS
Addressing Emerging Information Security Personnel Needs. A Look at Competitions in Academia: Do Cyber Defense Competitions Work?

Andrew Green and Humayun Zafar

Aug 2013

Abs Bib HTML

This paper is part of a proposed study that looks at the emerging information security personnel needs of organizations. We are attempting to explore the correlation between components of a regional cyber defense competition and an organization’s needs in terms of employing adequately trained information security personnel. We look to identify some unique characteristics of a regional academic cyber defense competition via the critical success factors method.
@conference{2013amciscyberdefense, title = {Addressing Emerging Information Security Personnel Needs. A Look at Competitions in Academia: Do Cyber Defense Competitions Work?}, author = {Green, Andrew and Zafar, Humayun}, year = {2013}, month = aug, publisher = {AIS}, address = {Chicago, Illinois, USA}, pages = {1-5}, url = {https://aisel.aisnet.org/amcis2013/ISSecurity/RoundTablePresentations/5/}, dimensions = {false} }

Textbooks

Hands-on Information Security Lab Manual

Michael E. Whitman, Herbert J. Mattord, and Andrew Green

Aug 2013

Abs Bib HTML

HANDS-ON INFORMATION SECURITY LAB MANUAL, Fourth Edition, helps you hone essential information security skills by applying your knowledge to detailed, realistic exercises using Microsoft Windows 2000, Windows XP, Windows 7, and Linux. This wide-ranging, non-certification-based lab manual includes coverage of scanning, OS vulnerability analysis and resolution, firewalls, security maintenance, forensics, and more. The Fourth Edition includes new introductory labs focused on virtualization techniques and images, giving you valuable experience with some of the most important trends and practices in information security and networking today. All software necessary to complete the labs are either available online as a free download or included in the accompanying CD, making it easy to plan and complete lab work. An ideal resource for introductory, technical, and managerial courses or self-study, this versatile manual is a perfect supplement to the PRINCIPLES OF INFORMATION SECURITY, SECURITY FUNDAMENTALS, and MANAGEMENT OF INFORMATION SECURITY books.
@textbook{2013labmanual, title = {Hands-on Information Security Lab Manual}, author = {Whitman, Michael E. and Mattord, Herbert J. and Green, Andrew}, year = {2013}, publisher = {Cengage Learning}, isbn = {978-1285167572}, url = {https://www.cengage.com/c/guide-to-network-security-1e-whitman}, dimensions = {true} }
Guide to Network Security

Michael E. Whitman, Herbert J. Mattord, David Mackey, and 1 more author

Aug 2013

Abs Bib HTML

GUIDE TO NETWORK SECURITY is a wide-ranging new text that provides a detailed review of the network security field, including essential terminology, the history of the discipline, and practical techniques to manage implementation of network security solutions. It begins with an overview of information, network, and web security, emphasizing the role of data communications and encryption. The authors then explore network perimeter defense technologies and methods, including access controls, firewalls, VPNs, and intrusion detection systems, as well as applied cryptography in public key infrastructure, wireless security, and web commerce. The final section covers additional topics relevant for information security practitioners, such as assessing network security, professional careers in the field, and contingency planning. Perfect for both aspiring and active IT professionals, GUIDE TO NETWORK SECURITY is an ideal resource for students who want to help organizations protect critical information assets and secure their systems and networks, both by recognizing current threats and vulnerabilities, and by designing and developing the secure systems of the future.
@textbook{2013networksecurity, title = {Guide to Network Security}, author = {Whitman, Michael E. and Mattord, Herbert J. and Mackey, David and Green, Andrew}, year = {2013}, publisher = {Cengage Learning}, isbn = {978-0-8400-2422-0}, url = {https://www.cengage.com/c/guide-to-network-security-1e-whitman}, dimensions = {true} }

2012

Textbooks

Guide to Firewalls and VPNs

Michael E. Whitman, Herbert J. Mattord, and Andrew Green

Aug 2012

Abs Bib HTML

Firewalls are among the best-known network security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when backed by thoughtful security planning, well-designed security policies, and integrated support from anti-virus software, intrusion detection systems, and related tools. GUIDE TO FIREWALLS AND VPNs, THIRD EDITION explores firewalls in the context of these critical elements, providing an in-depth guide that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The text also features an abundant selection of realistic projects and cases incorporating cutting-edge technology and current trends, giving students the opportunity to hone and apply the knowledge and skills they will need as working professionals. GUIDE TO FIREWALLS AND VPNs includes new and updated cases and projects, enhanced coverage of network security and VPNs, and information on relevant National Institute of Standards and Technology guidelines used by businesses and information technology professionals.
@textbook{2012gfwvpn, title = {Guide to Firewalls and VPNs}, author = {Whitman, Michael E. and Mattord, Herbert J. and Green, Andrew}, year = {2012}, publisher = {Cengage Learning}, isbn = {978-1-111-13539-3}, url = {https://www.cengage.com/c/guide-to-firewalls-and-vpns-3e-whitman/9781111135393}, dimensions = {true} }

2007

Conferences

InfoSecCD
Management of Security Policies for Mobile Devices

Andy Green

Aug 2007

Abs DOI Bib HTML PDF

This paper is part of a proposed study that looks at the emerging information security personnel needs of organizations. We are attempting to explore the correlation between components of a regional cyber defense competition and an organization’s needs in terms of employing adequately trained information security personnel. We look to identify some unique characteristics of a regional academic cyber defense competition via the critical success factors method.
@conference{2007infoseccdmobile, title = {Management of Security Policies for Mobile Devices}, author = {Green, Andy}, year = {2007}, month = aug, publisher = {ACM}, address = {Kennesaw, Georgia, USA}, pages = {1-4}, doi = {10.1145/1409908.1409933}, url = {https://doi.org/10.1145/1409908.1409933}, dimensions = {false} }