At different times during the semester, the professor will ask students to answer general questions related to cybersecurity through a social science lens. Students will answer the questions and then enter them in their ePortfolio. For instance, when discussing cybersecurity through a criminological lens, students might be asked to review articles linked with each individual motive. The student might be asked to rank the motives and explain the rationale. Or when discussing cybersecurity and psychology, students might be asked to watch an assigned video and then write a journal entry about how they think the media influences societal understanding about cybersecurity. The journal entries are meant to be opinion-type assignments, though the opinions should be supported with social science evidence. The table below shows the types of journal questions students will be asked to respond to throughout the semester and how they relate to the course learning outcomes.
Journal Entry 1
After reviewing the NICE Workforce Framework, the areas that I found most appealing is the Insider Threat Analysis. Since it requires an objective and goal I find it pretty easy to get tasks done if there’s a given assignment.
This career involves cybersecurity and law which calls for a lot of collaboration and is great for networking.
Growing up my father had installed an antivirus program called “Webroot” which is to protect today’s and tomorrow’s cyber threats. I am fairly familiar with identifying and taking out any threat.
The career that is least appealing to me is Secure Software Development because I lack the knowledge and skills of creating, modifying, and developing applications or softwares.
Journal Entry 2
Observation, experimentation, and research are the backbone of the principle of science. These become especially important in cybersecurity. Observations observe the threats and vulnerabilities whereas experimentation does the same for the efficiency of various security measures such as firewalls and patches. Accidents are investigated through a systematic analysis to make an educated guess on potential future risks. This will make cybersecurity fact-based and flexible, providing protection for systems and users against ever-changing risks. The scientific method shall be used to strengthen defenses and find smarter ways of fighting cybercrime.
Journal Entry 3
After visiting PrivacyRights.Org, I noticed researchers have a lot of information regarding public information about data breaches. The site provides researchers with information that is collected and reported to the government body. The information consists of different types of breaches like hacking, lost devices, and insider theft. Affected organizations such as healthcare, financial services, and educational institutions are also on the site for researchers to see. PrivacyRights also displays different types of graphics such as bar graphs, timelines, and numbers like historical data for researchers to find patterns, such as the most typical breach types and the most often targeted industries.
Journal Entry 4
Maslow’s Hierarchy of Needs can be applied to technology in several ways. Platforms that deliver basic needs like food or monitor health concentrate on physiological needs. For example, the Fitbit is a watch that measures the health of the human body using the pulse. Digital security measures, such as antivirus software, or home security systems, such as Ring and their surveillance cameras ensure the user’s safety with safety concerns. Love and belonging are supported by social media and communication platforms such as Facebook and Instagram, which keep us in touch. Platforms such as LinkedIn and social media, which enable the achievements of the user to be recognized, fulfill self-esteem needs. Finally, self-actualization can be assisted by online learning platforms and creative outlets such as YouTube, which promote personal growth and creativity.
Journal Entry 5
1. Multiple Reasons: The motives of cybercriminals are usually combined, including financial, personal grievances, and ideology, which makes this the most logical reason.
2. Money: Financial benefit is a very serious motive of cybercrime, from ransomware attacks to theft; it’s plain and simple.
3. Entertainment: Attackers seek thrill or enjoyment, above all younger and less experienced hackers who see this as some sort of challenge.
4. Revenge: Personal grudges can be the motive for the attack, especially insider threats or targeted breaches.
5. Boredom: Lazy ones, out of idle reasons, especially when hacking tools are easily accessible.
6. Political: Politically motivated attacks are more important but less frequent compared to the above broad reasons.
7. Recognition: Fame or recognition for their actions is less common because cybercriminals usually wish to remain anonymous.
Journal Entry 6
Yes, I can identify the difference between fake and real websites. It is very easy for users online to fall victim to the bait of fake websites, and potentially get their information stolen from accessing those links. When accessing the internet it is important to look out for domain names, poor design/low-quality graphics, and fake login pages.
Example #1: Domain name
FAKE: amaz0n-shopping.com
REAL: amazon.com
Fake websites may have slight changes such as misspelling or replacing letters with numbers. They also may change the domain extension from “.com” to “.shop”
Example #2: Poor Design and Low-Quality Graphics
The imagery on fake websites may look similar to what the real website may advertise but not in all cases. Look out for certain elements in an advertisement such as different colors or fonts, and sometimes the ad can be blurry, stretched, or misaligned. Grammatical errors will never be an issue for the real website because it will be professional versus the fake one.
Example #3: Fake Login Pages
Fake websites for example “netflix-verify-account.com” can/will for credentials, so carefully look out for the URL links. A real website with a security certificate such as an SSL certificate will have HTTP in the URL. After logging in the fake website may ask for sensitive information which can be stolen.
Journal Entry 7
Meme #1 https://unsplash.com/photos/woman-in-white-button-up-shirt-holding-silver-iphone-6-R6dSBkz32B8 :
POV: When you receive a PayPal ad saying “LUCKY WINNER, YOU WIN $500 🤑!”
Explanation: When people are emotionally neutral, their defenses may be weaker because they think the situation or environment is “normal” and are less likely to notice URL links or grammar in phishing emails that have been slightly changed or poorly written.
Meme #2 https://commons.wikimedia.org/wiki/File:CellPhone_(16491636068).jpg :
POV: When you gotta take a pic for bae for her Instagram
Explanation: The thought about being monitored and the accidental exposure to sensitive information are high-risk behavior in public spaces.
Meme #3
When your phone is just lying there…
.jpg){kind=link}
…waiting for the next phishing attempt to strike. 🔥
Explanation: This meme is about the inactive security risks that come with leaving devices alone and idling, even in private areas. You should know that hacking and security breaches can occur when you’re not active.
Journal Entry 8
The YouTube video, “Hacker Rates 12 Hacking Scenes In Movies And TV” by Insider goes into detail about the movie Capture the Flag, or CTF, which is a cybersecurity challenge in which participants perform hacking related riddles or tasks such as decrypting code or breaking into systems. The competition can copy real-world hacking scenarios such as reverse engineering, and CTFs are typically tough to participate in, necessitating a high degree of ability and understanding. The sequence also summarizes the realistic but can exaggerate the nature of hacking. The “Hack ‘Em All” scene mentioned in the video as indicated is inspired by a real-world attack performed in 2015 in which researchers remotely hacked a car system. Particularly the ease with which various cars may be remotely controlled. It does highlight potential future vulnerabilities as vehicles become more networked. The film also mentions real hacking strategies such as “credential stuffing”.
Journal Entry 9
On the Social Media Disorder (SMD) Scale I said yes to one out of nine questions. Which means I do not have SMD. The questions asked were questions I feel like that could show symptoms rather than identifying the disorder. The questions asked are probably more common to say yes to if living in a more modern society where technology is everywhere and more exposure to technology will lead to access to social media, but if this was in places with less access to digital culture they wouldn’t have a problem saying no to the questions.
Journal Entry 10
The article on social cybersecurity investigates how social media and online narratives affect modern conflicts and national security. It focuses on how enemies utilize cyber and psychological methods to influence public opinion and destabilize societies. The article highlights the necessity for military and government institutions to improve their understanding of these strategies in order to counter disinformation effectively. It also explores how to educate the public about spotting manipulation and disinformation. The need for social cybersecurity as part of an overall cybersecurity strategy is also emphasized.
Journal Entry 11
The video discusses cybersecurity analyst-related social issues such as company culture, employment accessibility, and professional networking. Community and mentorship are crucial to job success, especially as this field has several entry options. Through internships, volunteering, or local organizations, networking and creating relationships is important to obtaining experience and a career. Social habits can affect a cybersecurity analyst’s success in user awareness training and cybersecurity best practices. Graveyard shifts may be beneficial for early careerists without families which also affects social factors. The video shows that becoming a cybersecurity analyst requires both technical skills and good social relationships.
Journal Entry 12
The sample data breach notification letter is about economic and social ideas concerning company responsibility and consumer connections. Economically the cost-benefit analysis demonstrates the company’s decision to tell customers to lower future costs associated with reputational damage while information asymmetry discusses the original information imbalance which is corrected by disclosure to empower customers. Social contract theory highlights the company’s responsibility to protect and notify customers about hazards to their data. According to social identity theory, customers who are unified by a common vulnerability may collectively respond to the breach potentially altering brand trust depending on the company’s transparency and response.
Journal Entry 13
The article about bug bounty policies looks at how they can improve cybersecurity by giving ethical hackers a reason to find vulnerabilities in company systems. The literature review talks about how bug payments can help the economy and benefits of bug bounties especially those that have trouble hiring good cybersecurity professionals. The results show that hackers are most motivated by things other than money since the supply of security researchers doesn’t change much when payment changes. Additionally, the number of valid reports a business gets is mostly determined by its brand profile and revenue while the type of industry and the age of the program affect the amount of reports the receives.
Journal Entry 14
This article by Andriy Slynchuk, the Senior Manager at Clairo speaks on certain activities that do not appear to be illegal but are illegal when carried out online. It is illegal for torrent sites to download material as it is a violation of intellectual property rights and causes damage to the business of the creators. Engaging in dark web activities which are selling stolen data and other illegal activities. It therefore becomes organized crime and a threat to public safety. It is extremely rude to make someone’s information public without asking for their permission, a practice known as doxxing. It invites harassment or identity theft. On the other hand, phishing and hacking are methods of invading one’s digital protection to steal data that makes people and businesses lose money. Lastly, streaming content without permission may appear minute, but it is actually a violation of copyright and encourages further piracy. Each of these acts runs against the legal and moral rules that protect privacy, creativity, and safety, and which people, companies, and society altogether are supposed to uphold.
Journal Entry 15
The TEDx presentation from David Teo spoke on digital forensics, and immediately my thoughts shifted to how his work correlates to social sciences. Teo was schooled in law and technology. Of course, it is there that the education landed him into the job, the cognizance of people acting would be just as huge as the ability to understand how to work a piece of technology. As a detective in digital forensics, he has to look both into data and at the history of what people did that left digital traces. Criminology, psychology, and sociology are just some of the other areas you’d want to know for this.
Teo’s case shows that digital forensics is not only about technical areas; it’s also a platform where law, human behavior, and technology meet. The investigators need to understand the motives of cybercriminals, who their victims are, and how their crimes influence society as a whole. You can well understand from Teo’s work that digital forensics has emerged as an area bringing together technical and social sciences these days. It will be interesting to see the combination of these fields while searching for the truth and attempting to make digital places more fair.