Journal Entries
CYSE 201: Week 1 Journal Entry
Benjamin Frankart
9/4/2024
The NICE Framework is a framework devised for businesses and employers seeking guidance in structuring their Cybersecurity departments in a secure and effective way. To be more precise, it adds additional roles and responsibilities within the cybersecurity department, in total hosting 52 work roles, 7 role categories, 11 competency areas, and well over 2,000 TKS statements. These roles are organized into the following categories, Oversight and Governance (OG) (concerned with leadership roles primarily), Design and Development (DD) (science and ingenuity based, involves designing and testing new methods, etc.), Implementation and Operation (IO) (complementary with DD, not only implementing new ideas but ensuring the upkeep of systems and operations), Protection and Defense (PD) (analyzes and understands cyber threats and risks, deals with risks at hand, investigations, etc.), Investigation (IN) (on a national level, investigates cybercrimes, acts as detectives, collects and analyzes evidence, etc.), Cyberspace Intelligence (CI) (stays informed and deduces all details of foreign cyber programs, national and global security), Cyberspace Effects (CE) (works to actively engage and prevent cyber threats and risks in real time from global threats).
Although each of these fields is vastly important in ensuring the cybersecurity of not only companies, but to nations and individuals who depend on information security to maintain the core functions of society, I personally would like to focus my career on the Protection and Defense role. This field, to me, seems to encourage an engaging environment as the stakes are higher in regards to pending or ongoing attacks. Having a career dedicated to detecting, stopping, and ensuring effective end to cyber criminal activities affecting a certain company, agency, individual etc. Specifically, I would enjoy working as a Threat Analysis specialist, or as an Incident Response specialist. I would enjoy analyzing and deducing the nature and damage attacks that had occurred, as well as helping to ensure an end to any notable or specific attack patterns from cybercriminals. Furthermore, working with an Incident Response role would allow me to provide insight on the spot, as well as engage ongoing threats in a timely manner, something that I would find exhilarating.
Areas that I find the least appealing in the NICE Framework would most likely be the OG and DD roles. An Oversight position would most likely stress me out, as the work hours are demanding and you are certain never to be in high standing with everyone. It requires emotional and physical sacrifices, as well as time, and I feel these burdens would not aid me in being a sufficient manager. However, aiding managers and working within an OG department without intense oversight stipulations, could be a favorable career path for me. Although I see myself as creative in my own way, I believe a Design and Development career would not suit me well, as I find it hard sometimes to generate new ideas regarding certain tasks and systems. However, helping to produce the product of an idea would interest me in this field, as I can examine something for what it is and suggest notable changes, or simply do my part in producing and programming new systems/protocols etc.
CYSE 201: Journal Entry 2
Benjamin Frankart
9/9/2024
In many ways, the field of cybersecurity can relate to many of the other fields of science, one of the major reasons being the applicability of the seven principles of science to the field. Determinism, relativism, objectivity, ethical neutrality, skepticism, empiricism, and parsimony can all in some way describe the scientific approaches to the cybersecurity profession.
The principle of relativism relays the idea that all actions or events have unprecedented consequences and are all related in some ways, as there are also many other underlying factors. Relativism is often displayed through Cybersecurity in regards to computer hackers and other cybercriminal activities setting off a chain of further and more complicated hacking techniques. Every cybercriminal/hacking activity in cyberspace hosts unprecedented future consequences.
Determinism is the principle that most behaviors and human actions are predetermined, which helps to make certain decisions predictable in the light of other factors. In regards to Cybersecurity, it can be safe to assume that a system/device will eventually be the victim of a hack, simply because that device exists, has an internet connection, and contains valuable information at the interest of cybercriminals. This is why it is important to regularly update and maintain devices and systems to ensure the most possible security and to best prevent the inevitable.
Objectivity is one of the most important principles of modern science, as it ensures that science is only concerned with what is completely true, rather than holding an opinion or pushing an agenda. Given the role within the cybersecurity discipline in maintaining order and preventing cybercrimes, it can make it difficult to refrain from intertwining one’s own personal morals with their work. Especially cybercrimes of a graphic nature, which will be encountered often depending on one’s specialization, can often test a cybersecurity specialist in refraining from allowing their feelings and and strongly held beliefs to interfere with their task, which makes it just as important in cybersecurity, as it is with other science disciplines, to remain partial and objective.
The principle of parsimony is the concept that those of scientific professions should keep their explanations as simple as possible. In a field that speaks in code and programming such as cybersecurity, this is all the more important when communicating with those unfamiliar with the terminology. It is important to practice parsimony when relaying information to stakeholders of companies, or other individuals you may be assisting in the field, as a way of allowing them to understand what happened, what you have to do, what is at stake, etc. It is also important when relaying cybercrime studies in both a cyber and legal perspective.
Empiricism is the principle that those in the practices of social science will only base their studies on phenomena observable to our senses, as in they can be seen, heard, felt, etc. More importantly, the principle requires those working in these fields to rely only on empirical data, and never on guesses or personal estimations. Given that cybersecurity is studied as a social science, it applies these rules of empirical study by only using proven facts and evidence to connect, understand, and solve cases.
Ethical neutrality is the scientific principle ensuring that methods utilized when conducting social science research adheres to both commonly accepted and job specific moral standards, making certain that civilians and scientists involved are not subject to scientific malpractice or harmed in any way by the experiments. This principle also includes fairly and empirically studying a topic. In a discipline that deals extensively with privacy and information, it is important for cybersecurity professionals to execute this principle and handle all personal private data with care when conducting operations or research.
One of the most important baseline scientific principles is skepticism, as it fosters the very purpose for science and continuing scientific discovery. Being skeptical is questioning all claims made with scientific value, even claims that appear to be correct, as it reinforces the validity of the claims and desires rigorous testing to prove without a doubt that something is true. In a field such as cybersecurity, a field constituted by data and claims, one needs to remain skeptical of all information uncovered whilst conducting research. Rather than going with a hunch, it is better to test certain methods in practice against certain bugs or malware to ensure if they really will be effective, or ensure that certain telltale signs are of that particular virus and not a different attack altogether. Remaining skeptical will ensure you do your best work and stay prepared when engaging cyberthreats, as opposed to giving into incorrect and untested information and hypotheses that could lead to bigger problems.
CYSE 201: Week 3 Journal Entry
Benjamin Frankart
9/17/2024
The website PrivacyRights.org is a website run by an organization of the same name that promotes and advocates for consumer privacy rights on the web. Within the site are numerous advocacy articles, data reports, and educational pieces regarding privacy breaches affecting daily consumers in the U.S. One of the most useful assets of the site is the fact that it contains breach data and statistics, as well as useful information in general regarding common breaches, methods, etc., which can be useful for researchers seeking reputable sources on what makes breaches so common. Using the available data, researchers can observe trends of all categories, such as susceptible victim demographics, locations, targeted professions, and more, as well as information on pending federal action, lawsuits, and other legal happenings that may also be affecting the world of cybercrime.
CYSE 201: Week 4 Journal Entry
Benjamin Frankart
9/23/2024
Abraham Maslow’s Hierarchy of Needs is a conceptual hierarchy that categorizes and ranks human needs, from low-level needs of basic necessities to high level needs of psychological self fulfillment. The five levels are as follows: physiological needs (nourishment, rest, hydration), safety needs (security and shelter), belongingness/love needs (intimate companionship, friends), esteem needs (feeling of accomplishment, respect), and self-fulfilment needs (satisfaction with achieving one’s goals, fulfilling personal goals, art/recreation/etc.).
In my personal experience, I am able to relate each level of the Hierarchy of Needs with my own experiences in technology. Physiological needs are important, and when I was a child, I would make sacrifices with these needs so I could enjoy more recreational time with technology, video games in particular. However, as I matured, I realized that eating substantial meals and getting a good rest was more important than an extra hour or so on the game, and began to change my life practices accordingly.
Safety is important to maintain when using technology and IT related systems. Especially in recent years, the internet has infiltrated many areas of our lives, and thus contains much of our personal information. It is important for me to ensure all of my personal information contains safety procedures to access, all of my passwords are secure, and that I use caution when interacting with strangers on the internet.
In regards to belongingness, I often use technology to interact with loved ones and friends. Being able to communicate effectively even at long distances helps to strengthen our connection and maintain a decent relationship.
I have used technology in the past to increase my self esteem, as being able to learn and accomplish more with my computer increased my self esteem and me feel more capable and comfortable with technology. I also have used technology to share my musical achievements with family and friends, which allowed them as well as others to support me in one of my goals.
CYSE 201: Journal #5
Benjamin Frankart
10/1/2024
When trying to understand the “why” of cybercrimes, it is obvious for most to observe the individual motives of cybercriminals and why they choose to abuse their felonious programming skills/knowledge. There are seven individual motives discussed in relation to cybercrimes, including: entertainment, political/activism, revenge, boredom, recognition/infamy, financial purposes, and multiple/various reasons. Although each of these motives are relevant to the discussion, I believe that some motives are much more comprehensive than others.
I feel that the motive that makes the most sense out of the seven would be financial gain, as the most common cybercriminal activities typically involve theft, scamming, or other illegitimate and illegal ways to other’s wealth online. Therefore, I rank the motive of financial gain at number one.
In second, I would place activism, as I feel that to be not only the second most common motive for all notorious cyber attacks, but it is an effective way for a party or ideology to get their message across in an age so reliant on the internet.
In third place, I would place revenge, as although not extremely common in the world of cybercrimes, it can often be employed by immature or highly upset individuals with vast IT knowledge and capabilities. From my own personal experience, I have witnessed individuals illegally finding and leaking information of other players on an online game out of frustration and revenge for their actions towards them on a game.
For fourth place, I would rank the motive of recognition and popularity. I feel that this motive for a crime pertains especially to renowned hackers who have already committed several previous cybercrimes for other common motivations, such as for financial gain or for political/party motivation. These criminals are repeat offenders and are most likely trying to appeal to a kingpin or to other niche communities of hackers. Even with this motive, the actual motive may vary as to whether or not the criminal is trying to impress an organization in order to advance their cybercriminal career or to stroke their own ego by gaining the respect or acknowledgment of a large number of people.
I feel that fifth place belongs to various motives or reasons, which encompasses several categories and motives that have been previously mentioned. Although it could be argued that this motive belonged in first place, given the sole fact that most accomplished cybercriminals are most likely complex individuals who likely commit these crimes for a combination of these motives (particularly financial gain, ego/fame, revenge), I feel that even then, one of these motives tends to overwhelm the others in regards to why one would commit a cybercrime and as well as which crimes they commit. Therefore, due to this motive’s broad nature, it belongs further down on the list.
In sixth place, I rank the motive of entertainment. I feel that out of all the motives (exempt from the last one), this would be the least common motive of all criminals and the one that I feel makes the least sense, except for an accomplished and extraordinary talented cybercriminal who simply sees committing cyber crimes as a game or a way to pass the time. Given the stakes involved if caught, I feel that most cybercriminals only do so for highly rewarding motivators, such as money or for an organization that they are deeply tied to and passionate about. Doing something so illegal and risky for the sake of pleasure is arguably the least sensible and logical reason, in my opinion.
For last place, I give the motive of boredom the seventh rank. While not only do I see it as illogical as entertainment, I feel the motive of entertainment easily encompasses the concept of boredom as well. I feel that one would seek to commit cybercrimes as a thrill and not for money or some sort of power is typically because they were bored in the first place. Therefore, I feel the inclusion of boredom as a motive is somewhat irrelevant.
CYSE 201: Journal Entry 6
Benjamin Frankart
10/9/2024
Given that cybercriminals commonly use scam sites to collect the information and credentials of unaware online shoppers, it is important to give examples of scam sites as well as real sites to contrast the two so that online shoppers remain aware and educated about what sites to avoid.
- TiffanyCoShop.com(fake)/ tiffany.com(real)
Listed above are both (seemingly) websites for the acclaimed American jewelry company Tiffany & Co. However, one of these sites (TiffanyCoShop.com) is obviously a fake scam site that seeks to steal the information of any who attempts to make a purchase on the site. This is evident for several reasons: the real Tiffany & Co website (tiffany.com)contains an About Us section that is absent in the fake site, the real site also states that it only sells its products from licensed and reputable online platforms, the fake site includes non-functioning social media links, and the fake site also features unusually low prices from the company.
- SheinGivesBack.com/ shein.com
Although both aforementioned sites claim to be products of the famed clothing brand, one is a scam site that promises its unaware users gift cards for being dedicated shoppers to the brand. SheinGivesBack.com gives way as a scam site for the simple reason of hosting a fake program (SheinGivesBack) that offers fake vouchers and store currency in exchange for the user’s email address and participation in other shady online programs and deals, allowing them the promised store currency as an award. The real website for the company, shein.com, offers no such service, instead offering its in-store reward program for dedicated shoppers who enroll online.
- BedBathClose.com(fake)/ bedbathbeyond.com
Another common tactic in the underworld of cybercrime is taking advantage of certain companies in the unfortunate event that they declare bankruptcy by masquerading as that very company and offering impressive details to unfortunate shoppers who can’t detect the scam. BedBathClose.com does just that, in light of the recent bankruptcy and massive store closures of BedBathBeyond, this scam site offers unrealistic discounts not offered by the company online or in any of its stores, fake scores proclaiming the trustworthiness of the site, and overall boasting a poorly designed webpage uncharacteristic of a professional business. Despite the foreclosure, bedbathbeyond.com features a polished website design and contains legitimate deals offered by the company, ranging from 30%-65%.
CYSE 201: Journal Entry 8
Benjamin Frankart
10/23/2024
Portrayals of hacking and cybersecurity culture in films, particularly Hollywood films, typically tends to depict hacking techniques in slightly accurate, yet exaggerated detail. Other than Hollywood films, most mass media in general tends to rarely go highly into detail regarding the technique and specifications of what is involved in cybersecurity, typically utilizing its most basic aspects for the sole purpose of entertainment. However, I find these simplified representations in media relatively harmless, as many viewers understand that much more goes into cybersecurity work. At worst, the media portrays someone spamming random keys on a keyboard and somehow bypassing high-level security measures to access highly protected information, which is done more so out of humor and with a lack of seriousness. I also believe that more detailed portrayals of cybersecurity in film and other media can depict the field as exciting, demonstrating hackers pulling off epic cyber operations, which can impress the average viewer with the possibilities of programming knowledge.
CYSE 201: Journal Entry 9
Benjamin Frankart
10/30/2024
When I participated in the Social Media Disorder Scale, I did not score particularly high, which classifies me as someone without Social Media Disorder according to the experiment. Out of the nine items in the survey, I only answered two (Tried to use social media less, but failed?, Often used social media to escape from negative feelings?) with the answer ‘Yes’ and the rest with ‘No’, which categorizes me as someone without the disorder, as those suffering the disorder score a 5 or higher, according to the parameters of the experiment. I felt that the items in the scale were fair and decisive ways in understanding the impact daily social media use may have on an individual, with important questions understanding whether or not people deliberately make time to access social media while ignoring other hobbies or responsibilities, or whether or not their relationships with friends and family have deteriorated over social media use. These items seek to deduce whether or not the participant has addiction-like behaviors pertaining to their social media use.
I feel that different patterns are found across the world because many nations differ on not only internet access, but on regulations in regards to what can be accessed and when. Several countries, such as Iran and North Korea, have banned social media, making it difficult for residents of these nations to even access these platforms. Other countries such as China and Vietnam, heavily regulate social media to control the spread of information deemed harmful by the state, which in turn affects how often people in these countries would want to use these sites.
CYSE 201: Journal Entry 10
Benjamin Frankart
11/6/2024
Social cybersecurity, according to Military Review article Social Cybersecurity,An Emerging National Security Requirement, is quickly becoming one of the most desired and important areas of military and national defense within the coming decade. Penned by Lt. Col. David M. Beskow of the U.S. Army and Kathleen M. Carley, the article examines the rise of information warfare and its impending scale of damage in the coming future. The article examines the current landscape of national cyberwarfare and hybrid warfare, coming to the conclusion that information warfare is becoming the new national security threat, as it can be persist without the need of a declaration or formal attack on a country, but rather an act of sabotage within a country by misinforming citizens and weakening the relationship between the people and those in power. Doing this can weaken a nation’s government and manipulate the population, which can hold devastating effects that the author’s believe will be on par with the damage of Wermatacht’s Blitzkrieg attacks early on in World War 2. (Beskow, David, Carly, Kathleen. 2019) It does not help that information warfare is naturally discreet and hard to initially detect, which aids in its efficiency in bypassing federal concern. The nature or information warfare warrant urgency, according to the authors, for the U.S. to establish an efficient social cybersecurity sector. Social cybersecurity concerns itself with the societal impact of IoT and cybersecurity in general on human behavior, politics, culture, etc. Work in this field often includes utilizing the maneuvers of those manipulating current information at the behest of a population to undo damage done from outside sources attempting to influence a population, as well as detecting these attacks before they grow out of control. The growing trend of information warfare, particularly enacted by Russia against the U.S. in recent years, is a great cause of concern and requires an efficient response on a national level. Given that information warfare will most definitely be the prevailing method of warfare for the foreseeable future, it is important to engage these issues head on by establishing a relevant discipline and defense factor through building a national social cybersecurity field in this country.
CYSE 201: Journal Entry 11
Benjamin Frankart
11/6/2024
A cybersecurity analyst job is an entry level position for most beginners in the field. The position offers a competitive salary and long hours, with a basis on entry level communication and desk work. Many cybersecurity analysts work as initial contacts for stakeholders trying to reach a cybersecurity organization. Their work includes basic cybersecurity and IT tasks such as running threat analysis, communicating findings with stakeholders, running penetration tests, and overall maintaing the security of stakeholders’ systems. For the most part, the occupation is varied and not always social. According to the presentation, the social aspect varies according to where exactly you work and the nature of the company that you work for. Adequate communication skills are required for the occupation, but the position also serves the purpose of improving professional communication skills within the cybersecurity discipline. Overall, it is important to conduct oneself in a professional manner and retain the ability to effectively relay information to clients.
Article Reviews
Benjamin Frankart
10/2/2024
Article Review #1: Tackling the Jordanian Cybercriminal Threat
Cybercrime Laws in Jordan and Freedom of Expression :A Critical Examination Of the
Electronic Crimes Act 2023
Brief Synopsis:
In recent years, cybercriminal activity has become a growing problem to the west-African nation of Jordan. To combat the alarming rates of cyber crimes, the government recently approved the Electronic Crimes Act 2023, the first of its nature since 2015. However, certain stipulations of this act have drawn public concern as attempts to stifle free speech on the internet, as the law criminalizes spreading false information, defamation, and hate speech. Although it is vital for a nation to have adequate cybercrime policies, some in the international community fear that the ECA violates human rights and universally recognized privacy standards. In this study, Alaeldin Mansour Maghaireh studies the totality of Jordanian cyber legislation and how the laws have impacted the freedoms of speech and expression for people in the country.
Social Science Principles
The nature and data of this scientific article display several of the fundamental principles of the social sciences, such as relativism and empiricism. The article demonstrates relativism by examining the relationship between the ECA and how it impacts cybercrime, as well as including recommendations for societal changes that would need to take place for the ECA to work efficiently by utilizing the language provided in the law. (Maghaireh, 2024, pgs 33-34) Empiricism is demonstrated by the use of statistics and the legal documents constituting the Electronic Crimes Act 2023. The article also employs ethical neutrality by excluding author bias, simply including data and data-backed, study-based proposed solutions.
Hypothesis
Maghaireh’s thesis for the article is to assess how the Electronic Crimes Act 2023 impacts freedoms through its attempts to limit cybercrime. It also seeks to detail the “intricate interplay” of freedoms and security concerns as they are impacted by Jordanian cybersecurity laws. (Maghaireh, 2024, pg. 17) He plans on doing so by examining the aspects of the law that have drawn attention from activists and organizations concerned with human freedom and expression.
Research Methods
The methods of research used in this paper is of “analytical and qualitative design”. (Maghaireh, 2024, pg. 17) The author analyzes and compares the content of Jordanian legal documents for the purpose of analyzing the impact of the laws on social freedoms.
Data/Analysis
The research data is gathered from both previous and current laws in Jordan relating to cybercrime, primarily the Electronic Crime Act 2015 and the Electronic Crime Act 2023. Other scholarly references and statistics are infused throughout. There are four sections, the first deducing the stipulations and implications of the ECA of 2015, the second section inspects the data, the third analyzes the ECA of 2023, and the final section compares the impact each had/has on freedom of expression laws.
Relation to Course Material
As of now, there aren’t any notable concepts featured in the article that are comparable from class material, aside from the social scientific principles included in the paper.
Relation to Marginalized Groups
Although the article does not address certain groups particularly, as the focus is on the public of Jordan, the article is concerned with analyzing the freedoms being restricted by these laws, particularly as far as social media and other internet communication is concerned. However, the restrictions in the laws can have more crucial effects on political minorities and other ideologies who disagree with the current government, as they could be attacked for hate speech under the ECA.
Overall Purpose/Benefit for Society
All in all, Cybercrime Laws in Jordan and Freedom of Expression: A Critical Examination Of the Electronic Crimes Act 2023 seeks to understand the impact of the internet and legislation in regards to the internet on social freedoms. Given that the freedom of speech on the internet as well as cybersecurity concerns have remained a consistent issue, it is important to analyze a real scenario where a government seeks to restrict freedom of speech and expression through legislation attempting to combat common cyber crimes such as impersonating, cyber-bullying and cyberstalking. This study is useful for those in the fields of sociology, criminal justice, and cybersecurity as it helps to portray possibilities of future legislations that are intent on handling cybercrimes of all fashion, as well as the language and exact details of wording these laws.
Reference:
Maghaireh, A. M. (2024) Cybercrime Laws in Jordan and Freedom of Expression: A Critical Examination Of the Electronic Crimes Act 2023. International Journal of Cyber Criminology.
Benjamin Frankart
11/17/2024
Article Review #2: How University Students Handle Personal Security Measures
Factors Influencing the Formation of Intellectual Security among University Students: A Field Study
Brief Synopsis:
Recent studies have shown college students to be among the most malleable in society in regards to embracing new ideas, either through peers, professors, or the internet. Because of this, it is important for college students to engage in intellectual security by questioning the validity of information from unknown or respected sources. However, many have still been shown to lack a strong sense of intellectual security, depending on their major of choice, grades, and a variety of other factors that can shape a student’s mindset. A variety of professors and specialists respected within their disciplines, primarily from Middle Eastern and African nations, seek to discover the primary causes of a declining rate of intellectual security among college students in the surrounding nations through experimentation in order to provide the best possible insight on how college students can better enhance their critical thinking and judgment skills when analyzing new information or adopting new ideas.
Social Science Principles:
Given the intrinsic social nature of this study, it embraces several of the social science principles. Objectivity is demonstrated ostensibly throughout the study, as those conducting the research assert only to examine the factors of those being surveyed as they align with the definition of intellectual security. (Al-Halalat, et al., pg. 115, 2024) The crux of the research included for this study demonstrates empiricism, as the authors based their definitions and further knowledge of intellectual security phenomenon among students according to reliable studies.
Hypothesis:
The purpose of this multi-authored study is to examine the key factors in a student’s life that influences their critical thinking abilities and intellectual security, as well as examining the trends between male and female students, and examining statistical differences between academically successful and struggling students. By understanding the commonalities of students with low intellectual security awareness between different relevant disciplines, it can be better understood what can be done to combat the negative effects on intellectual security from a multitude of perspectives. (Al-Halalat, et al., pg 109)
Research Methods/Data:
The answer will be achieved through quantitative research and surveying. Information was collected during the 2023-2024 academic year between a handful of Algerian colleges and the University of Jordan from students between the ages of 18-25 years old. (Al-Halalat, et al., pg. 115, 2024)
Relation to Course Material:
The information in this study does not particularly pertain to information learned in our class. However, the concept of a “human firewall” as discussed in Module 6, as well as the overall idea of personal information security practices can apply to how this study explores what can be done to prevent an unhealthy influence of opinions from social media.
Relation to Marginalized Groups:
One of the key research questions addressed in the study was the difference in impact between male and female students of the surveyed colleges. However, the studies yielded no notable difference between the intellectual intelligence of male and female students as affected by factors presented in the survey. (Al-Halalat, et al., pg. 121, 2024)
Overall Purpose:
The purpose of this research was to determine how college students were affected by social media in regards to their intellectual intelligence, as well as what factors made certain students more susceptible. By examining the root causes of low intellectual intelligence in certain categories of students, particularly students influenced by family roles and internalized thought processes along with a high presence in social media, policy makers in federal and educational positions can work to address the intellectual stability and intelligence of students, ensuring a future of students that possess healthy critical thinking abilities and a worldview established by facts and reason.
ReferenceAl-Halalat, K. I., Beichi, A., Al-Barakat, A. A., AlAli, R. M., Al-Saud, K. M., & Aboud, Y. Z. (2024). Factors influencing the formation of intellectual security among university students: A field study. International Journal of Cyber Criminology. Retrieved from https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/344/100
Career Paper
CYSE 201: Career Paper
Benjamin Frankart
11/24/2024
Introduction:
A cybersecurity career of which I am particularly interested is the position of an information security analyst. Either contracted or full-time for a corporation, an information security analyst is essential to the cybersecurity framework of a company, primarily investing in a company’s security measures, as well as performing tests on a company’s security and training employees on security features and procedures. As discussed prior in this course, one commonality of many cyber attacks against businesses is human error, which can translate into the lack of knowledge of threat foresight and how to conduct security measures while using IoT, primarily from the perspective of an employee.
However, social science, in addition to other cybersecurity careers, plays a large part in the role of information security analysis. In identifying and mitigating cyberthreats through the role of an information security analyst, it is vital to have an understanding of human behavior and social dynamics, as it plays a large role in understanding the mind of cybercriminals as to prevent their potential felonius cyber activities against a company, as well as communicating one’s findings to management staff. It is also important to understand the potential mental leeway into human error that an employee may unknowingly conduct while on the job that can give way to a devastating cyber attack from a criminal or criminal organization.
Principles/Social Issues:
To better tie in the importance of social science in the information security analyst occupation, one must come to understand the relationship between the principles of social science and being an analyst. In regards to the human error aspect causing cyber attacks, one can look at the principle of relativism. Relativism allows an analyst to relate human lack of knowledge to a common occurrence in these attacks. Employees unaware of the tactics of a social engineer attempt, for example, are more likely to fall for these attacks and give way to critical company information. (Almutairi B. S., Alghamdi A. 2022) Parsimony, the art of keeping explanations as simple as possible, is also a critical skill in this role. As many employees would fail to understand complex cybersecurity terms and concepts, it is better to simply language when relaying findings to management or to common employees. It is also important for analysts to exercise objectivity when conducting their work. Although one should exercise appropriate judgement and can make the choice whether or not to work for a company they find unethical, it is important to leave one’s feelings at the door in regards to specific circumstances of cyber threats and focus instead on the task at hand and how best to deal with it. Determinism is also relevant to this role, and relates greatly to the principle of relativism. Understanding the flaws in a company’s cybersecurity can greatly improve one’s job performance and better communicate what a company must do to mitigate potential losses.
Although my discipline seeks to make a difference by ensuring the protection of valuable information from all-too-common cyber attacks, marginalized groups within the field can suffer due to social and societal strains within the field. Those who typically occupy this field are men with bachelor’s degrees, with women, particularly women of color, making a significant minority within the field. (U.S. BUREAU OF LABOR STATISTICS. 2018) Due to their limited acceptance in the field, it is hard for marginalized groups to gain adequate experience in the field, which can limit their career opportunities. This is also spearheaded by their overall lack of experimentation in the field and overall systemic biases within the industry. The industry also tends to isolate those who have the inability to access the college-level education required to pursue even entry level positions within the field, furthering the barrier between the marginalized and the non-marginalized. This can be overcome by promoting equity and diversity within the field, as well as providing mentorship for those who may be unable to earn entry into the field through the current educational standards, ensuring that all who are interested in pursuing the field of information security analysis have an equal chance, regardless of socioeconomic status, race, or gender.
Conclusion:
As demonstrated, social science is a relevant discipline within many of the cybersecurity careers, including my personal career choice, an information security analyst. All in all, my selected career of choice plays a role in society, as well as marginalized groups in general, by working to protect the information of those susceptible to attacks by safeguarding their privacy and other important information online from cyber threats. Given that cybercriminals target those who are often considered to be lacking in digital literacy regardless of their individual motive, particularly those who are elderly, my career serves an important purpose in ensuring the data security of these individuals by protecting the organizations that store their information. (Wang, et al., 2021) The context provided within the realm of social science will allow me to better my craft in aiding corporations or agencies in ensuring the protection of valuable information over the internet and ensuring better cybersecurity practices within an organization, from management down to entry level positions.
Sources:
Wang, Z., Zhu, H., Liu, P. et al. Social engineering in cybersecurity: a domain ontology and knowledge graph application examples. Cybersecur 4, 31 (2021). https://doi.org/10.1186/s42400-021-00094-
Almutairi B. S., Alghamdi A. (2022) The Role of Social Engineering in Cybersecurity and Its Impact. Journal of Information Security Vol.13 No.4. https://www.scirp.org/journal/paperinformation?paperid=120763
U.S. BUREAU OF LABOR STATISTICS. (2018, April 13). Information Security Analysts: Occupational Outlook Handbook: U.S. Bureau of Labor Statistics. Bls.gov; U.S. BUREAU OF LABOR STATISTICS. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm