{"id":354,"date":"2025-08-31T15:00:41","date_gmt":"2025-08-31T15:00:41","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/akelavillegas\/?page_id=354"},"modified":"2025-12-03T11:18:05","modified_gmt":"2025-12-03T11:18:05","slug":"journal-entries","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/akelavillegas\/journal-entries\/","title":{"rendered":"Journal Entries"},"content":{"rendered":"\n

Entry 1<\/strong><\/p>\n\n\n\n

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas are most appealing to you and which are least appealing.<\/strong><\/p>\n\n\n\n

Workforce Framework for Cybersecurity (NICE Framework) | NICCS (cisa.gov)<\/a><\/p>\n\n\n\n

The NICE Workforce Framework breaks cybersecurity into seven categories, each with unique roles. I\u2019m most interested in the Protect and Defend and Investigate areas because they focus on hands-on work like detecting threats, responding to incidents, and performing digital forensics. I enjoy problem-solving and working directly with technology, so these roles feel exciting and challenging. On the other hand, the Oversee and Govern category is less appealing to me since it focuses more on compliance, policy, and management rather than technical work. While those roles are important, I prefer being on the front lines, actively identifying and responding to cybersecurity threats.<\/p>\n\n\n\n

\n\n\n\n

Entry 2<\/strong><\/p>\n\n\n\n

How does the principle of empiricism enhance the effectiveness of cybersecurity practices?<\/strong><\/p>\n\n\n\n

Reflect on how empirical data collection and analysis can help identify emerging threats, assess the effectiveness of current security measures, and guide the development of new strategies to protect information systems.<\/strong><\/p>\n\n\n\n

Empiricism makes cybersecurity more effective because it focuses on real evidence instead of assumptions. By collecting and analyzing data, security teams can spot patterns like unusual network traffic or suspicious login attempts that may point to new threats. Looking at this data also helps organizations see whether their current defenses are working\u2014for example, how quickly they respond to incidents or how often vulnerabilities are being exploited. These insights take the guesswork out of decision-making and encourage constant improvement. By learning from past attacks and tracking ongoing trends, teams can build smarter, more practical strategies to protect information systems. In short, empiricism keeps cybersecurity grounded in reality and adaptable to changing risks.<\/p>\n\n\n\n

\n\n\n\n

Entry 3<\/strong><\/p>\n\n\n\n

Visit PrivacyRights.org<\/a> to see the types of publicly available information about data breaches. How might researchers use this information to study breaches and forecast future data breach trends? <\/strong><\/p>\n\n\n\n

I visited PrivacyRights.org and explored the Data Breach Chronology, a powerful database compiling more than 75,000 publicly reported breach notifications across the U.S. since 2005. It offers rich detail, such as breach types (e.g., hacking, portable device loss), the kind of organizations affected (healthcare, financial services, education), the data exposed, when breaches occurred, and when they were reported. By converting fragmented government notifications into a standardized, searchable format, this resource empowers researchers to unravel patterns: temporal shifts in breach frequency, differences across sectors, reporting delays, and even the scale of individual breaches. Scholars could use this data to model trends like the prevailing dominance of hacking or rising incidents in healthcare, forecasting future risks, evaluating regulatory impact, or detecting emerging vulnerabilities. In short, the Data Breach Chronology turns scattered public disclosures into a consistent lens for understanding and anticipating threats, one that can inform strategic planning, policy development, and stronger privacy safeguards.<\/p>\n\n\n\n

\n\n\n\n

Entry 4<\/strong><\/p>\n\n\n\n

Review Maslow\u2019s Hierarchy of Needs and explain how each level relates to your experiences with technology.<\/strong><\/p>\n\n\n\n

Give specific examples of how your digital experiences relate to each level of need.<\/strong><\/p>\n\n\n\n

Maslow\u2019s Hierarchy of Needs really shows up in how I use technology every day. At the most basic level, my physiological needs are covered just by having electricity, Wi-Fi, and a working phone or laptop. For safety, I rely on things like two-factor authentication, strong passwords, and antivirus software to keep my information secure. My sense of belonging is met through group chats, social media, and online communities where I can stay close to friends and family. Esteem needs shows up when I earn online certifications or post accomplishments on LinkedIn, boosting my confidence. Finally, self-actualization happens when I use technology to learn new cybersecurity skills and push myself toward my career goals.<\/p>\n\n\n\n

\n\n\n\n

Entry 5<\/strong><\/p>\n\n\n\n

Review the articles linked with each individual motive in slide\/page #3.  Rank the motives from 1 to 8 as the motives that you think make the most sense (being 1) to the least sense (being 8).  Explain why you rank each motive the way you rank it.<\/strong><\/p>\n\n\n\n

After reviewing the articles on individual motives for cybercrime, I ranked money<\/strong> first because financial gain is one of the clearest and most common drivers of hacking activity. The examples from HP and BitMart show how hackers can quickly profit from illegal actions, which makes this motive especially powerful. I placed political motives<\/strong> second, since hacktivist groups often coordinate large-scale attacks to advance ideological goals, which can be just as motivating as money. I ranked revenge<\/strong> third because emotional retaliation is a strong and personal motivator, particularly in cases like revenge porn. Recognition<\/strong> came fourth, as some hackers seek prestige or validation from peers or even from organizations they breach. Curiosity<\/strong> was fifth because many young or new hackers act simply to see if they can. Entertainment<\/strong> and boredom<\/strong> followed, since these seem less intentional than financial or ideological reasons. Finally, I ranked multiple reasons<\/strong> last because it represents a mix of motives rather than a single clear driver, making it weaker as a standalone explanation.<\/p>\n\n\n\n

\n\n\n\n

Entry 6<\/strong><\/p>\n\n\n\n

Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source].<\/strong><\/p>\n\n\n\n

Compare the three fake websites to three real websites and highlight the features and similarities that identify each fake website as fraudulent.<\/strong><\/p>\n\n\n\n

Several well-documented fake websites demonstrate how fraudsters exploit trust online. For example, spoofed FBI complaint portals like icc3[.]live<\/em> and ic3a[.]com<\/em> mimic the legitimate FBI Internet Crime Complaint Center (ic3.gov<\/em>), while ABCnews.com.co<\/em> posed as the real ABCNews.com<\/em> and National Report<\/em> published fabricated news under the guise of a legitimate outlet. These fraudulent sites typically use deceptive domains, such as slight alterations or unfamiliar extensions, to appear authentic. They also copy the design, branding, and text of legitimate sites but may request sensitive personal information or payments, which genuine sites such as ic3.gov<\/em>, ABCNews.com<\/em>, and Snopes.com<\/em> never do. Another telltale sign is their short lifespan and lack of institutional history, in contrast to the longstanding credibility of official domains. Together, these comparisons highlight that checking URLs, domain history, and information requests are critical steps in distinguishing fake websites from real ones.<\/p>\n\n\n\n

\n\n\n\n

Entry 7<\/strong><\/p>\n\n\n\n

Review the following photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual\u2019s or individuals\u2019 mind(s).<\/strong><\/p>\n\n\n\n

Photo 1: Person using a VPN, most likely in a public place<\/a> <\/p>\n\n\n\n

Meme: <\/strong>\u201cWhen you\u2019re working at a caf\u00e9 and forget that \u2018free Wi-Fi\u2019 also means free data for hackers.\u201d<\/p>\n\n\n\n

Explanation (Human-Centered Cybersecurity):<\/strong>
This meme highlights a common behavior where convenience trumps caution. The individual\u2019s mindset is likely: \u201cI just need to check a few emails \u2014 it\u2019ll be fine.\u201d<\/em>
Human-centered cybersecurity examines how usability, environment, and human motivation (like convenience and productivity) influence security choices. Public Wi-Fi often feels harmless, but users underestimate the risks of unsecured networks. Designing more intuitive security prompts or automatic VPN connections could help align user goals with safer behavior.<\/p>\n\n\n\n

Photo 2<\/strong>: A group of people jumping mid-air <\/a><\/p>\n\n\n\n

Meme: <\/strong>\u201cWhen you post your vacation pics in real-time\u2026 and your burglar says, \u2018Perfect, they\u2019re not home.\u2019\u201d<\/p>\n\n\n\n

Explanation (Human-Centered Cybersecurity):<\/strong>
This represents oversharing on social media, a major privacy and security issue rooted in human emotion and social validation.
The people in the photo are likely thinking: \u201cThis is fun! Let\u2019s share it now!\u201d<\/em> rather than, \u201cThis might reveal my location.\u201d<\/em>
Human-centered cybersecurity stresses understanding these psychological motivations. Rather than shaming users, systems and policies should encourage safer sharing practices, such as delayed posting options or reminders about location tagging risks.<\/p>\n\n\n\n

Photo 3<\/strong>: Male programmer with multiple monitors <\/a><\/p>\n\n\n\n

Meme: <\/strong>\u201cThinks he\u2019s building the next big security app\u2026 forgets to lock his screen when he goes for coffee.\u201d<\/p>\n\n\n\n

Explanation (Human-Centered Cybersecurity):<\/strong>
Even cybersecurity professionals are human. The individual\u2019s mindset might be: \u201cI\u2019ll be right back, no one will touch it.\u201d<\/em>
This meme shows how even experts are prone to human lapses like overconfidence, time pressure, or habit, all of which affect real-world security posture. Human-centered cybersecurity acknowledges that secure systems must accommodate human error through design, for example, auto-lock features, reminders, or physical security training that fits into workflow habits.<\/p>\n\n\n\n

\n\n\n\n

Entry 8<\/strong><\/p>\n\n\n\n

Watch this video and pay attention to the way that movies distort hackers.Scientists Rate 65 Scenes from Movies and TV | How Real Is It? | Insider – YouTube Links to an external site.<\/a>https:\/\/www.youtube.com\/embed\/_ojA5OqOKYo?autoplay=1&rel=0&hl=en_US&fs=1<\/strong><\/p>\n\n\n\n

After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity<\/strong>. <\/p>\n\n\n\n

After watching the video, I thought about how much movies and TV shows have shaped the way people see hackers. I know now that most of what we see on screen isn\u2019t realistic, but at a younger age, I didn\u2019t. Back then, I really believed hacking was all about typing super fast, breaking into systems in seconds, and seeing flashy codes and screens like in the movies. It looked exciting and cool, almost like a superpower.<\/p>\n\n\n\n

As I got older and learned more about technology, I realized that cybersecurity is nothing like that. Real hacking takes time, patience, and skill. It\u2019s about research, problem-solving, and understanding how systems actually work, not just smashing a keyboard. The media often makes it look simple and glamorous, but in reality, it\u2019s a serious and complex field that requires a lot of knowledge and responsibility.<\/p>\n\n\n\n

I think those unrealistic portrayals can give people the wrong impression, especially younger audiences like I once was. Now I understand how dangerous cyberattacks can really be, and I have more respect for the people who work to stop them instead of how \u201ccool\u201d it looked in the movies.<\/p>\n\n\n\n

\n\n\n\n

Entry 9 <\/strong><\/p>\n\n\n\n

Watch this Video:<\/strong><\/p>\n\n\n\n

Social media and cybersecurityLinks to an external site.<\/a>https:\/\/www.youtube.com\/embed\/Zbqo7MGVElw?autoplay=1&rel=0&hl=en_US&fs=1<\/strong><\/p>\n\n\n\n

Complete the Social Media Disorder scale<\/a> Download Social Media Disorder scale<\/a><\/strong><\/p>\n\n\n\n

How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?<\/strong><\/p>\n\n\n\n

How did you score?<\/strong>
I answered \u201cYes\u201d to 4 out of the 9 questions, which places me in the risky usage<\/em> category. This means that while my social media habits are not necessarily a serious problem, they do have the potential to become unhealthy if I\u2019m not mindful about how much time I spend online or why I use it.<\/p>\n\n\n\n

What do you think about the items in the scale?<\/strong>
I think the items in the Social Media Disorder Scale are very accurate and relatable. They touch on some of the most common issues people face today, like losing time, neglecting responsibilities, or using social media as an emotional escape. The questions really make you think about your habits and the reasons behind them. I also appreciate that it\u2019s based on the DSM model, because it helps highlight how social media behaviors can parallel other forms of addiction or dependency, even though most people don\u2019t think of it that way.<\/p>\n\n\n\n

Why do you think that different patterns are found across the world?<\/strong>
Different patterns of social media use are found across the world because people\u2019s lifestyles, cultures, and access to technology vary so much. In some countries, social media is a main source of news, connection, and even income, while in others it\u2019s more of a casual form of entertainment. Cultural values also play a role. Some societies emphasize face-to-face relationships more, while others are more digitally connected. Economic factors, age demographics, and even government regulations can influence how people use social media and how dependent they become on it. Overall, social media habits reflect a mix of personal, cultural, and environmental influences that differ from place to place.<\/p>\n\n\n\n

\n\n\n\n

Entry 10<\/strong><\/p>\n\n\n\n

Read this and write a journal entry summarizing your response to the article on social cybersecurity<\/strong><\/p>\n\n\n\n

https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2451958825000831Links to an external site.<\/a><\/p>\n\n\n\n

After reading the article \u201cA Survey of Social Cybersecurity: Techniques for Attack Detection, Evaluations, Challenges, and Future Prospects\u201d<\/em> by Mulahuwaish et al. (2025), I gained a better understanding of how cybersecurity extends beyond technology to include human and social behavior. The authors explain that social cybersecurity focuses on protecting people and online communities from threats like misinformation, cyberbullying, and manipulation. What stood out to me most was how attackers now exploit emotions and trust rather than just technical flaws. I also found it interesting that the article highlights the importance of machine learning and data analysis in detecting these social attacks, though the lack of accessible data remains a major challenge. Overall, this article made me realize that true cybersecurity requires not only technical defenses but also awareness of human behavior and social influence. It\u2019s a field that combines technology, psychology, and ethics in a fascinating way.<\/p>\n\n\n\n

\n\n\n\n

Entry 11<\/strong><\/p>\n\n\n\n

Watch this video. As you watch the videohttps:\/\/www.youtube.com\/watch?v=iYtmuHbhmS0Links to an external site.<\/a><\/a>, think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.<\/strong><\/p>\n\n\n\n

After watching the video about what a cybersecurity analyst does, I noticed that the job isn\u2019t just about technology, it\u2019s deeply connected to social behavior. Cybersecurity analysts need strong communication and teamwork skills because they constantly interact with coworkers, managers, and clients to explain security threats in ways everyone can understand. Trust is another major theme; people rely on analysts to protect sensitive information, so their credibility and professionalism are essential. The video also highlights how collaboration and networking play big roles in the field, as staying connected helps analysts keep up with evolving threats. Finally, I realized that cybersecurity analysts often work under pressure, balancing technical tasks with human relationships. The social side of the job, how analysts communicate, build trust, and handle stress, can be just as important as the technical side.<\/p>\n\n\n\n

\n\n\n\n

Entry 12<\/strong><\/p>\n\n\n\n

Read this https:\/\/dojmt.gov\/wp-content\/uploads\/Glasswasherparts.com_.pdfLinks to an external site.<\/a> sample breach letter \u201cSAMPLE DATA BREACH NOTIFICATION\u201d and describe how two different economics theories and two different psychological social sciences theories relate to the letter.<\/strong><\/p>\n\n\n\n

The \u201cSample Data Breach Notification\u201d letter from GlassWasherParts.com shows how economics and psychology both play a huge role in cybersecurity decisions. From an economic perspective, one theory that connects here is the cost-benefit theory. The company likely weighed the costs of sending out the notification (like legal expenses and customer concern) against the potential costs of staying silent, such as losing customer trust or facing lawsuits. Notifying customers and being transparent was probably the most cost-effective way to protect their reputation and reduce future losses.<\/p>\n\n\n\n

Another relevant economic theory is information asymmetry. Before the company disclosed the breach, it had more information than the customers. That imbalance can harm consumers, especially if they\u2019re unaware their data might be at risk. By sending out this letter, the company reduced that gap and gave customers a fair chance to protect themselves.<\/p>\n\n\n\n

From a psychological and social science standpoint, trust and reputation theory definitely applies. A data breach damages trust between a company and its customers. This letter\u2019s tone is apologetic, reassuring, and informative which shows the company\u2019s effort to rebuild that relationship and maintain credibility.<\/p>\n\n\n\n

Finally, risk perception theory fits too. People react differently to threats depending on how serious they think the risk is. The company carefully worded the letter to reassure readers (\u201cwe are unaware of any actual misuse\u201d) while still encouraging them to stay alert. This helps control panic and shapes how customers respond to the situation.<\/p>\n\n\n\n

Overall, the letter isn\u2019t just a formality; it\u2019s a mix of smart economic reasoning and psychological understanding. The company\u2019s goal was to protect its bottom line and its relationship with customers.<\/p>\n\n\n\n

\n\n\n\n

Entry 13<\/strong><\/p>\n\n\n\n

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company\u2019s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost\/benefits principles.  Read this article https:\/\/academic.oup.com\/cybersecurity\/article\/7\/1\/tyab007\/6168453?login=trueLinks to an external site.<\/a>  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.<\/strong><\/p>\n\n\n\n

The article \u201cHacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties\u201d<\/em> by Sridhar and Ng (2021) explores how bug bounty programs (BBPs) work from both an economic and social science perspective. These programs invite ethical hackers to find vulnerabilities in exchange for rewards, creating a kind of open market for discovering and fixing security issues.<\/p>\n\n\n\n

In the literature review, the authors explain that BBPs are essentially a crowdsourcing tool for cybersecurity. Instead of relying only on in-house teams, companies can tap into a global community of ethical hackers. This not only increases the number of eyes searching for vulnerabilities but can also be more cost-effective. The review also highlights that researchers are motivated by more than just money, but recognition, community status, and curiosity play big roles too. Another key point is that while bug bounty programs are becoming more common, many organizations still don\u2019t have clear vulnerability disclosure policies, which can discourage participation from ethical hackers.<\/p>\n\n\n\n

In the discussion of findings, the authors used real data from the HackerOne platform to understand how these programs actually perform. They found that increasing monetary rewards doesn\u2019t necessarily lead to a huge increase in valid vulnerability reports, meaning most ethical hackers aren\u2019t just chasing the biggest payouts. The study also showed that program effectiveness tends to decline over time as the easiest bugs get fixed, but expanding the program\u2019s scope can help keep results strong. Interestingly, company size or reputation didn\u2019t significantly affect how many vulnerabilities were found, suggesting that even smaller organizations can benefit from running bug bounty programs.<\/p>\n\n\n\n

My Reaction:<\/strong>
What stood out to me most was how the study blends economics and human behavior. The idea that money isn\u2019t the only motivator really aligns with what I\u2019ve seen in cybersecurity communities. Many ethical hackers genuinely enjoy the challenge and take pride in helping secure systems. I also liked that the authors pointed out the \u201cage effect,\u201d meaning that bug bounty programs can lose effectiveness over time unless they\u2019re actively maintained and expanded. That\u2019s a good reminder that cybersecurity policies can\u2019t just be one-time fixes; they have to evolve.<\/p>\n\n\n\n

Overall, this article made me think about how bug bounty programs are more than just financial incentives; they represent a balance between economics, trust, and collaboration. They show how social and psychological factors, like recognition and curiosity, can be just as powerful as financial ones when it comes to keeping systems secure.<\/p>\n\n\n\n

\n\n\n\n

Entry 14<\/strong><\/p>\n\n\n\n

Andriy Slynchuk<\/a> has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.<\/strong><\/p>\n\n\n\n

After reading Andriy Slynchuk\u2019s list of eleven common online mis-steps, I believe the five most serious violations are: sharing someone else\u2019s passwords\/addresses\/photos without consent, bullying and trolling, faking your identity online, collecting information about kids under 13, and conducting illegal searches or accessing illegal content. These jump out because they can have immediate and lasting impacts on people. Sharing another person\u2019s data can expose them to stalking or identity theft, while cyberbullying leaves emotional scars that may not fade with time. Impersonating someone else online often leads to fraud or manipulation. Gathering data on children breaches laws designed to protect them and puts them at real risk. And illegal searches may seem harmless, but they can lead to criminal investigations or serious consequences. It\u2019s not about being perfect online, it\u2019s about being aware of how quickly a seemingly small click or share can cross a legal or ethical line.<\/p>\n\n\n\n

\n\n\n\n

Entry 15<\/strong><\/p>\n\n\n\n

https:\/\/www.youtube.com\/watch?v=YWGZ12ohMJU Watch this video and describe, What ethical questions did the presentation raise for you? How do you think society should address these ethical concerns?<\/strong><\/p>\n\n\n\n

After watching the presentation, the biggest ethical concern that stood out to me was how easily AI can now distort reality. It\u2019s unsettling to realize that audio or video of someone, even of ourselves, can be fabricated well enough to fool friends, family, employers, or even courts. This raises serious questions about privacy, consent, and trust. If anyone can be impersonated, what does \u201ctruth\u201d even mean anymore? I also worry about how criminals can misuse these tools to scam vulnerable people. I think society needs stronger regulations, better verification tools, and more public education so people understand how to protect themselves. Most importantly, we need ethical guidelines and accountability for the companies building these technologies, because without guardrails, the harm could easily outweigh the benefits.<\/p>\n\n\n\n

\n","protected":false},"excerpt":{"rendered":"

Entry 1 Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas are most appealing to you and which are least appealing. Workforce Framework for Cybersecurity (NICE Framework) | NICCS (cisa.gov) The NICE Workforce Framework breaks cybersecurity into seven categories, each with unique roles. I\u2019m most… <\/p>\n

Read More<\/a><\/div>\n","protected":false},"author":30335,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/pages\/354"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/users\/30335"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/comments?post=354"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/pages\/354\/revisions"}],"predecessor-version":[{"id":527,"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/pages\/354\/revisions\/527"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/akelavillegas\/wp-json\/wp\/v2\/media?parent=354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}