EC-Council University’s

Cyber Journal

Industry Research and Analysis from ECCU’s Sharpest Minds

Welcome to the EC-Council University Cyber Journal

ECCU’s Cyber Journal presents a curated collection of original research and analysis focused on various cybersecurity disciplines. These scholarly contributions are the work of students who have demonstrated strong academic prowess throughout their cybersecurity education.
The journal is committed to publishing high-quality empirical findings grounded in real-world cybersecurity applications and trends. Each entry undergoes a rigorous editorial and plagiarism review to ensure compliance with our university’s editorial standards.

Editorial Panel

Dr. April D. Ray

Chief Academic Officer & Dean

Dr. Chandra Davis

Manager of Student Affairs & University Registrar

Shawn Joseph

Senior Executive, Content Management

Latest Cyber Journal Publications

Bug Bounties vs. Dark Web Markets: Are Companies Fueling the Hacker Economy?

This study analyzes the economic and ethical dimensions of vulnerability discovery through a comparative assessment of corporate bug bounty programs and underground exploit markets. This study examines whether companies, by offering bug bounty incentives, are unintentionally promoting or reducing the hacker economy by directing hackers toward ethical disclosure practices. Utilizing secondary data and literature, such as industry reports and academic studies, the project demonstrates that bug bounty programs have experienced significant growth, disbursing millions in rewards and involving thousands of hackers (Bugcrowd, 2024; HackerOne, n.d.).

Simultaneously, dark web markets and exploit brokers provide substantially greater financial rewards for exclusive zero-day exploits (Zetter, 2015; ZERODIUM, n.d.), thereby appealing to a distinct group of hackers. The analysis indicates a complex relationship: bug bounties enhance the professionalism of vulnerability discovery and diminish certain criminal incentives; however, substantial financial rewards in the black market persist, enticing individuals to pursue high-value exploits. The report examines the implications for policy and industry, concluding with recommendations to enhance ethical disclosure frameworks, align incentives, and ensure that corporate practices support cybersecurity while avoiding unintended contributions to illicit exploit trade.

A Layered Defense Framework Analysis of Threats To and From Agentic AI

By 2027, agentic AI systems are predicted to conduct more than 25% of business workflows. However, 80% of firms utilizing these agents have already experienced hazardous behaviors in operational settings. This study offers a comprehensive examination of the bidirectional danger landscape confronting agentic AI, differentiating between threats directed at agents (threats-TO) and threats emanating from agents towards organizations and users (threats-FROM). The research employs the MAESTRO seven-layer threat model as an analytical framework, enumerating 30 threat and control categories across both dimensions, systematically arranged by architectural layer from foundational models to human-agent interaction. The paper assesses three agentic-specific security frameworks—MAESTRO (Cloud Security Alliance), the OWASP Top 10 for Agentic Applications, and SHIELD—showing that no single framework provides comprehensive coverage on its own. However, when used together as an integrated defense stack, they provide more than 90% coverage across all threat categories. Governance research shows that current regulatory frameworks, including the NIST AI RMF and the EU AI Act, require agent-specific overlays to address the specific needs of autonomous systems. The article offers bidirectional threat categories, a comparative framework analysis featuring quantitative coverage metrics, sector-specific governance recommendations, and a proposed three-framework defense stack for safeguarding enterprise agentic AI implementations.

Cognitive Load and the "Urgency Trap" with Hybrid Work Environments

As a result of hybrid work arrangements, there has been a complete change in the relationship employees have with information systems and organizational assets. This change is more than just physical location changes; it has created a mental condition, Workplace Telepressure After Hours (WTA), in which an employee constantly thinks about how they must respond to work-related communications when they are not working (He et al., 2024). This constant mental engagement reduces the cognitive resources necessary for threat recognition and for behaving securely, creating an “urgency trap” in which time pressures and cognitive overload systematically combine to create vulnerabilities for threat actors to exploit (Cambier & Vlerick, 2022). With technology playing a bigger role in workplaces than ever before, there has been an increase in blending work and personal lives, as well as in where people work from. As research shows, employees are experiencing remarkably high levels of work overload, as seen in the mismatch between what they need to do (job demand) and the resources (personal resources) they must use to meet those demands (Kim et al., 2024). This overload influences cybersecurity behavior by decreasing an individual’s ability to recognize potential threats and comply with security protocols, as well as limiting the use of proactive security behaviors (Kim et al., 2024). The intersection of cognitive load theory, telepressure phenomenon, and cybersecurity behaviors demonstrates that, no matter how advanced the technical controls are, they cannot be effective when users are under cognitive overload.

Threat Intelligence and Its Relationship with IT Infrastructure

The research paper reaches out to our formal understanding of intelligence, per se. It begins with the psychological approach and the tenets that have been refined in the postwar era through nurturing and physiological development. Subsequently, we proceed to distinguish between preconceived notions and recent discoveries that eroded our largely inaccurate beliefs about intelligence. Further, we draw parallels with cybersecurity and threat intelligence, which are the crux of our paper, and the humble beginning of computation and networking, this extends to the pioneering technological corporations that are renowned for their contributions to information systems. The foundations of networking and internet access are mentioned briefly. Proceeding further, we dissect the resources inspected to create a platform for intelligence to operate. We examine the complications encountered by cybersecurity personnel, organizations, and key stakeholders in assembling information in a structured form. We also compare and contrast contingency models such as business continuity, incident response, and disaster recovery plans invoked during times of crisis. What all these plans and threat intelligence models could impart to us is considered in detail. In the end, our conclusion will be the culmination of all the information researched, providing recommendations to enhance the cybersecurity posture and creating pathways for further speculation.

The Social Engineering Resilience in Remote Work Environments

The rapid shift to remote work has dissolved traditional network perimeters, exposing employees to unprecedented volumes of social engineering attacks. Phishing, smishing, vishing, and deep fake voice scams now account for 30% of confirmed data breaches (Verizon DBIR 2025), making them the most lethal entry vector for organisations of any size.

This study asks three questions:
  1. Which social engineering techniques achieve the highest success rates in remote work environments?
  2. How effective are contemporary security awareness programmes—simulated phishing combined with interactive micro learning—in lowering click through rates?
  3. What low cost technical controls (DMARC, SPF, DKIM, MFA, URL rewriting proxies) provide the greatest incremental protection when layered with training?
A mixed methods approach was applied: (a) statistical analysis of 1.21 M phishing samples from PhishTank 2025 and OpenPhish 2025; (b) a quasi experimental examination of click through data from three open source phishing simulation platforms deployed at three partner SMEs (10 25 users each) over twelve months; and (c) a Qualitative Comparative Analysis (QCA) that scores eight mitigation techniques across effectiveness, cost, implementation effort, and scalability.
Results show that credential harvesting emails (42 %) and malicious attachment campaigns (31 %) dominate remote work attacks, that training alone trims click through from 23.5 % to 6.8 % ( 71 %), and that adding DMARC reject plus mandatory MFA yields an 84 % reduction in successful credential theft. A FAIR based cost benefit model estimates an annual loss expectancy (ALE) of $152 k for an average SME dropping to $28 k after deploying the recommended layered approach—an 81 % risk reduction for an estimated $12 k/year investment.

The paper proposes a “Human First” Resilience Framework that (i) institutionalises continuous security awareness, (ii) enforces lightweight technical safeguards, and (iii) integrates automated phishing simulation dashboards into existing SIEM workflows.
(Disclaimer: The views and opinions presented in Cyber Journal publications belong to the respective authors and do not reflect those of EC-Council University.)

Want to Know More About ECCU’s Cyber Journal?

Reach out to our Editorial Panel for more information

Cyber Journal Compliance Policy

The EC-Council University Cyber Journal is a scholarly publication that disseminates academic, professional, and creative works produced by faculty, students, and affiliated scholars. The journal is designed to publish content that falls outside the scope of Institutional Review Board (IRB) oversight as defined by applicable federal regulations and institutional policies governing human subject research.

All submissions accepted for publication in this journal must meet one or more of the following criteria:

  • The work does not involve “human subjects” as defined under 45 CFR 46 (i.e., it does not involve interaction or intervention with living individuals, nor access to identifiable private information).
  • The work relies exclusively on:

Publicly available, non-identifiable datasets, or

Fully de-identified data where individuals cannot be directly or indirectly identified.

Cyber Journal works consist of:

  • Theoretical, computational, or methodological scholarship
  • Literature reviews or meta-analyses that do not involve new human subject data collection
  • Archival, historical, or publicly available document analysis
  • Creative, artistic, or reflective works not involving human subject research
  • Laboratory, environmental, engineering, or other non-human subject research activities

Admission Inquiry

Admission Inquiry