Cybersecurity & Social Science
This course uses a comprehensive social science framework to examine the various aspects of cybersecurity methodically. A human-factors approach is presented to the students, with an emphasis on a sophisticated comprehension of cybersecurity concerns. The curriculum places particular focus on the social aspects that impact cyber events. It also includes a review of the political and legal procedures that aim to control the behavior of individuals who pose a risk to cybersecurity. In addition, the course explores the methods used by social scientists in the study of cybersecurity in fields such as psychology, political science, criminology, economics, sociology, and international studies. This course gives students a profound grasp of the interwoven social, political, and economic components of cybersecurity by promoting a holistic viewpoint. This helps students traverse this vital topic with a well-rounded and informed approach.
Journal Entries
Module 1
Q: Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.
A: After looking into the NICE Work Framework, there are two key areas I would like to focus my career on based on their relevance in the current cyber security and focus on human roles in cybercrime. The first such key area is exploitation analysis, which represents professionals who analyze and identify areas of vulnerability in digital networks and systems (National Initiative for Cyber Security Careers and Studies, 2024). Even though various safety protocols have been implemented, perpetrators of cybercrime tend to exploit vulnerabilities that may not have been addressed. As a result, I would like my area of focus to be that of an exploitation analyst, as this area of specialization would enable me to collect certain data that will be beneficial in analyzing and addressing the vulnerabilities in a system that might make it vulnerable to cybercrime. Additionally, this would appeal to me since, with the analysis of the data, a robust risk assessment can be carried out, thus helping an organization to mitigate a potential cybercrime.
The second key area I would like to focus my career on is threat analysis because of its relevance in the corporate and law enforcement sectors in a society that is fast adopting digital technologies. Threat analysis entails analyzing and assessing the current and future capabilities of perpetrators of cybercrime to furnish law enforcement, corporate, and counterintelligence organizations with unsurpassed cybersecurity capabilities (National Initiative for Cyber Security Careers and Studies, 2024). A threat or warning analyst is an appealing, professional role in cyber security because of the constant learning and self-development potential while identifying, collecting, analyzing, and assessing potential and actual cyber threats. In addition, the warning analyst works closely with counterintelligence, law enforcement, and corporate cybersecurity teams, providing numerous professional development opportunities.
However, the least appealing key area I would consider for a career option is the all-source analysis specialization. All-source analysis involves a more generalized effort to analyze various digital information sources in industry, academia, law enforcement, and security agencies to identify possible threat information on which to act (National Initiative for Cyber Security Careers and Studies, 2024). An all-source analyst has too much information and may not benefit from technical and professional specialization.
References
National Initiative for Cybersecurity Careers and Studies. (2024). All-source analysis. National Initiative for Cybersecurity Careers and Studies. Retrieved April 16, 2024, from https://niccs.cisa.gov/workforce-development/nice-framework/specialty-areas/all-source-analysis
National Initiative for Cybersecurity Careers and Studies. (2024). Exploitation analysis. National Initiative for Cybersecurity Careers and Studies. Retrieved April 16, 2024, from https://niccs.cisa.gov/workforce-development/nice-framework/specialty-areas/exploitation-analysis National Initiative for Cybersecurity Careers and Studies. (2024). Threat analysis. National Initiative for Cybersecurity Careers and Studies. Retrieved April 16, 2024, from https://niccs.cisa.gov/workforce-development/nice-framework/specialty-areas/threat-analysis
Module 2
Q: Explain how the principles of science relate to cybersecurity.
A: Examining the principles of science as they relate to cybersecurity relies on the 1970 sociology publication by Robert Bierstedt, who reported that both social and natural sciences adhere to the same principles (Principles of Social Sciences and Cybersecurity). These principles were relativism, objectivity, parsimony, and empiricism. Consequently, these scientific principles relate to cybercrime because, for instance, in empiricism, both science and cybersecurity rely on studying behavior and phenomena that the human senses can relate with and process (Principles of Social Sciences and Cybersecurity). Therefore, science and cyber security do not rely on opinions and feelings during analysis or professional processes.
Relativism also demonstrates how the principles of science relate to cyber security because it investigates changes in an interconnected system. One change in a single part of the interconnected system causes changes in other parts (Principles of Social Sciences and Cybersecurity). For example, technological developments in digital electronics led to the emergence of cybercrime and cyber security.
In much the same way science exists to advance knowledge objectively, cyber security exists to advance knowledge of cyber threats and promote a safer and more productive online experience (Principles of Social Sciences and Cybersecurity). This relationship demonstrates how science’s objectivity principle relates to cyber security. In addition, it demonstrates why difficult ethical questions related to hacking emerge in cyber security.
Reference
Principles of Social Sciences and Cybersecurity [PDF Document]. Old Dominion University.
Module 3
Q: Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?
A: The publicly available information on privacyrights.org details different types of data on breaches, ranging from where the most data breaches occurred in the United States to the statistics of various types of breaches. Notably, the states of California and Texas witnessed the majority of data breaches as of September 2023 (Privacyrights.org, 2024). Concurrently, hacking is one of the most common data breach processes. At the same time, physical loss of documents or records, the physical loss of computer terminals, and credit/debit card fraud led to the least number of data breaches (Privacyrights.org, 2024). Such information could provide researchers with ample data into the numerous data breaches and as a result, they would be able to analyze the breaches and get to know how they can address such cases to stop them from occurring again (Strategies to Study Cybersecurity through an Interdisciplinary Social Sciences Lens).
References
Privacyrights.org. (2024). Data breach chronology. PrivacyRights.org | Privacy Rights Clearinghouse. Retrieved April 16, 2024, from https://privacyrights.org/data-breachesStrategies to Study Cybersecurity through an Interdisciplinary Social Sciences Lens [PDF Document]. Old Dominion University.
Module 4
Q: Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.
A:
There are three main categories of human needs outlined in Maslow’s hierarchy of needs. The first category of these needs is basic needs like food, shelter, physical security, and rest (Cybersecurity and Human Factors). This category illustrates the basic necessities for a human to survive, and as such, in regards to technology, the availability of the internet is imperative owing to the major resources that I require for learning and acquiring information quickly. The second category involves psychological needs like intimate relationships and feelings of accomplishment (Cybersecurity and Human Factors). These psychological needs relate strongly to my experience with technology because the advent of social media and technology has become a hub where most social interactions occur. In other words, social media fosters connection and, as such, has enabled me to develop new friendships with a diverse set of individuals, which has enabled me to feel accomplished since I have learned quite a lot about other ethnic groups. Additionally, technology enables me to stay in touch with friends and family who live far away. The internet also lets me share my academic and professional accomplishments, which expedites my self-esteem. The third category of human needs is self-actualization and fulfillment, which is also significantly related to my relationship with technology (Cybersecurity and Human Factors). I have engaged in online studies using digital technology to advance my academic skills and pursue other interests as I get to know my potential.
ReferenceCybersecurity and Human Factors [PDF Document]. Old Dominion University.
Module 5
Q: Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
A: While looking into Carole’s (2018) article, I think the potential for monetary gain from hacking makes the most sense for an individual to commit a cybercrime and I would rank it 1 out of 7 since it is an avenue through which the perpetrators of cybercrime can invest the money, spend on the basic needs, purchase luxurious items and indulge in sexual activities like paying prostitutes for pleasure, and purchasing more sophisticated equipment to continue committing the crime.
According to Corfield’s (2021) article, I would rank the need for recognition as 6th out of 7 owing to the fact that it is not an incentive to commit cybercrime as the outcome is negative as seen in the article.
The need to make a political ideology heard or seen is a motive for cybercrime to occur and I would rank this at 2 out of 7 since it helps to propel the notions that the cybercriminal is attempting to portray even though the approach used is not ethical (Applying Psychological Principles of Cyber Offending, Victimization, and Professionals).
The motive of multiple reasons does not make sense entirely since this motive is a rare element that would drive one to participate in cybercrime. Therefore, I would rank this at 7 out of 7.
A person undertaking cybercrime to effect revenge makes sense but not to everyone since this act is mostly driven by the pursuit of justice for an injustice that they experienced. As such, I would rank this at 5 out of 7.
The undertaking of cybercrime for fun or entertainment makes no sense since the repercussions simply outweigh the benefits that one is receiving, as such, I would rank this motive 7 out of 7.
Participating in cybercrime due to boredom is not motive enough since it lacks a bit of sophistication even though the outcomes are often damning. Thus, I would rank this at 6 out of 7.
References
Applying Psychological Principles of Cyber Offending, Victimization, and Professionals [PDF Document]. Old Dominion University.
Carole, J. (2018, April 11). Sex, Drugs and Toilet Rolls: How Cybercriminals Spend Their Money. HP Wolf Security Blog | Cyber Threat Insights and Reports. Retrieved April 16, 2024, from https://threatresearch.ext.hp.com/sex-drugs-and-toilet-rolls-how-cybercriminals-spend-their-money-infographic/
Corfield, G. (2021, June 30). 8-month suspended sentence for script Kiddie who DDoS’d labour candidate in runup to 2019 UK general election. The Register: Enterprise Technology News and Analysis. Retrieved April 16, 2024, from https://www.theregister.com/2021/06/30/bradley_niblock_election_ddos/
Module 6
Q: How can you spot fake websites? Compare three fake websites (don’t access those sites, of course) to three real websites. What makes the fake websites fake?
A: The proliferation of the internet has led to the increase of fake websites mimicking legitimate sites and thus unsuspecting customers end up being victims of cybercrimes. Most of the fake websites can be identified by the first look. A user can easily identify a fake website by checking its domain name since there is always a slight discrepancy between the original domain name and fake domain name. A fake site can also be identified by observing the grammar of the site since poor grammar or word choice is a key identifier of a fake website. Wrong contact information can also suggest an illegitimate company. A user can also identify a fake website by checking the site padlock symbol which is usually beside the URL (Editorial Team, 2024). Besides, warnings from parent sites can also point to an illegitimate site.
I compared three fake sites including amaz0n-sale.com, www.alibbaba-inc.org, and change.org.net to their parent companies namely Amazon, Alibaba, and Change.org. I noted that the sites had different domain names from their legitimate sites, with a slight variation in the name which is meant to confuse unsuspecting customers. Additionally, there is a lack of the HTTPS encryption meaning that the connection to the site is not secure. Additional elements that proved they were fake is the requesting of sensitive payment information. The fake sites failed to provide secure payment options and the contact details seemed flawed.
Reference Editorial Team (2024, Mar 26). How to spot a fake, fraudulent or scam website. Which? https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-fake-fraudulent-or-scam-website-aUBir8j8C3kZ
Module 7
Q: Review the following ten photos through a human-centered cybersecurity framework. Create a
meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s).
• https://unsplash.com/photos/mfB1B1s4sMc
• https://unsplash.com/photos/gySMaocSdqs
• https://unsplash.com/photos/ICTKcvnXx_8
• https://unsplash.com/photos/Z3ownETsdNQ
• https://unsplash.com/photos/5QgIuuBxKwM
• https://unsplash.com/photos/R6dSBkz32B8
• https://unsplash.com/photos/BXiLSwwvqrY
• https://commons.wikimedia.org/wiki/File:Computer_user_icon.svg
• https://commons.wikimedia.org/wiki/File:Summer_school_GLAM_giorno_1_1.jpg
• https://commons.wikimedia.org/wiki/File:CellPhone_(16491636068).jpg • Explain how your memes relate to Human-centered cybersecurity.
A:
Meme: 8-year-old me clicking every “remove viruses- your computer is infected” ad.
Meme: When the top roof has the strongest Wi-Fi signal.
Me: Every time I find the café Wi-Fi without a password.
The three images depict conventional human behavior with the use of the internet. In other words, the user behaviors portrayed in the images demonstrate characteristic predispositions to the use of cybersecurity systems. According to Grobler et al. (2021), the human-centered cyber security principle is instrumental in driving risks or safety with cyber security instruments. It also reflects on the differences in knowledge, experience, or perception about security risks on the internet. Failure of designers and users to consider the risks contributes to shared responsibility in the outcomes of the cyber security threats. For instance, in the images, the eight-year-old is not aware of the risks of clicking the pop-up ads claiming that the computer is infected. This exposes the user to a myriad of security complications. Another element of human behavior presented in the memes is the exploitation of open or free Wi-Fi spots without considering the potential cyber security vulnerabilities. In this context, humans are presented as key players in increasing or preventing cyber security risks.
References Grobler, M., Gaire, R., & Nepal, S. (2021). User, usage and usability: Redefining human centric cyber security. Frontiers in big Data, 4, 583723. https://doi.org/10.3389/fdata.2021.583723
Module 8
Q: Watch this video and pay attention to the way that movies distort hackers. Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It? – YouTube
After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.
A: The Insider (2021) film “Hacker Rates 12 Hacking Scenes in Movies and TV | How Real Is It? | Insider” on YouTube narrates movies presentation of hacking episodes in movies. Even though the films presented in the YouTube video analysis present cybersecurity as a threat that should be taken into serious consideration, the depiction of hacking in films is often illustrated as an effortless endeavor. However, in real life, hacking is not unproblematic and easy as it takes a lot of equipment and tools to bypass some of the security protocols that a certain establishment has set in place. The media often exaggerates on what hacking looks like on a screen by illustrating an animated 3d model of the hacking action taking place, while in real life, there is not technological advancement that actually shows how a file behaves while a person is hacking into it and the other person on the other end is attempting to thwart the hacking attempt.
Reference
Insider (2021 Mar 16). Hacker Rates 12 Hacking Scenes in Movies and TV | How Real Is It? | Insider. YouTube. https://www.youtube.com/watch?v=6BqpU4V0Ypk&t=300s
Module 9
Q: Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?
A: I scored 6 on the Social Media Disorder scale, suggesting that I have a problematic social media usage pattern. The items on the scale portray standard behaviors and responses that can be attributed to social media usage. The duration of social media usage determines an individual’s responses to withdrawal from social media. In this regard, the items utilized in the scale portray actual behaviors and responses to social media usage or withdrawal for different people. Additionally, spending too much time on social media can have adverse implications on user behaviors. Different global social media usage patterns can be attributed to different cultural practices. Furthermore, since technological advancements are not available everywhere, this discrepancy creates a variation in social media usage patterns globally.
Module 10
Q1: Read this and write a journal entry summarizing your response to the article on social cybersecurity
https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/
A1: Beskow and Carley’s (2019) article on social cybersecurity presents the changing domain of cybersecurity characterized by the rapid flow of information. The authors ascertain that those individuals with the capability to attain certain information have the ability to shape the attitudes and philosophies of the masses. The modern state must understand how to best utilize information to reform warfare and connection to the rest of the community. The ideas presented in the article reflect on actual processes and changes in society. Ideally, the current social landscape is affected by the flow of information. Organizations, countries, or individuals with access to information will benefit from the resources as they will be able to control narratives since information is becoming a strategic resource for shaping public opinions and controlling the masses. As technology advances, different players must create measures for regulating or exploiting information flows. The internet is becoming a suitable source of information as it does not require the traditional physical location or manpower. Consequently, developing social cybersecurity skills will support the survival of key information-based institutions or powers.
Reference
Beskow, D. M., & Carley, K. M. (2019). Social cybersecurity: an emerging national security requirement. Military Review, 99(2), 117-127. https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/
Q2:
Watch this video. As you watch the video
https://www.youtube.com/watch?v=iYtmuHbhmS0, think about how
the description of the cybersecurity analyst job relates to social
behaviors. Write a paragraph describing social themes that arise in the
presentation.
A2:
The cybersecurity analyst career is one of the most attractive in the internet era since their job description encompasses the identification of flaws in a security system such as intrusions or phishing attacks and monitors network vulnerabilities (Enesse, 2021). The job relates to social behaviors as it addresses vulnerabilities emanating from people’s use of internet resources. The job creates safeguards for users with the rising complexities in cyberspace socialization. There are several social themes arising in the presentation. First, the role of teamwork is an important skill that is a requirement for working as a cybersecurity professional. It allows interaction between different individuals with vast skill sets in the area. Besides, the nature of threats requires active collaboration to enhance the process of identification of cyber threats. The theme of teamwork is supported by the significance of networking since a cybersecurity analysts need to create relevant connections with other players or employees to improve their chances of securing employment. Another significant theme that arises is communications as this procedure pertains to the identification of cybersecurity threats and working in teams requires the individual to develop their communication skills to in order to work well with others and also to improve the manner in which information is relayed to others. Overall, the job presents the theme of social change and adaptation to the evolving social environment. The need for cybersecurity analysts develops from specific human behavioral practices affecting security perception.
Reference Enesse, N. (2021, May 7). What does a Cybersecurity Analyst Do? Salaries, Skills & Job Outlook. YouTube. https://www.youtube.com/watch?v=iYtmuHbhmS0
Module 11
Q1: Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.
A1: The letter notifies customers about a breach that occurred on the company website, www.glasswasherparts.com, which led to the unauthorized access of customer payment and personal details. The company reports that attackers likely have access to the customers’ names, credit card information, and purchase histories. The breach can be explained using economic and social sciences theories. The rational choice theory in economics is one of the main theories explaining the breach. The theory expresses businesses’ decision-making in their best interest. It is applicable to the case in that the company delayed notifying consumers about the breach as it was in their best interest to safeguard the customers’ perceptions about the business. On the other hand, the Marxian economic theory elucidates that the weak are taken advantage of by the powerful. This ideology can be related to the letter as the cybercriminals with the most powerful and sophisticated technological mechanisms exploit the security systems of the company which are weak and with vulnerabilities thus making them susceptible to attacks.
Social sciences theories applicable in the case include the social networks theory and the systems theory. The social network theory explains the social interactions in an organization constraining or enabling human action in the system (Nimmon et al., 2019). On the other hand, the systems theory further develops the interconnection between the different processes or phenomena in an organization. It seeks to understand the various factors contributing to a particular outcome or incident. The theories are applicable in the case in that they can be used to define core processes contributing to the vulnerability and develop measures to remedy the threat.
Reference
Nimmon, L., Artino Jr, A. R., & Varpio, L. (2019). Social network theory in interprofessional education: revealing hidden power. Journal of Graduate Medical Education, 11(3), 247-250. https://doi.org/10.4300%2FJGME-D-19-00253.1
Q2: A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
A2: The bug bounty policy is a bug identification program through which companies pay programmers or hackers to identify vulnerabilities in their systems. Sridhar and Ng (2021) note that allowing hackers to identify vulnerabilities increases the number of bugs identified. Moreover, the monetary incentive from the exercise is also important for building resilience to cybersecurity risks. Findings from the study suggest that the bug bounty program is expensive, especially when hiring the best hackers. The programs are also beneficial to companies of all sizes and revenue levels. However, hackers can exploit the bounty program services by targeting financial institutions thus contributing to further vulnerabilities.
Exploring the application of the bug bounty program in reviewing cybersecurity systems shows positive aspects of its outcomes. The program has significant potential to help organizations become more resilient to cyber-attacks. Hackers offering the services benefit from increased exposure and creating brand value. On the contrary, reliance on the practice can be risky for organizations, especially financial institutions as the hackers have full access to the systems and information. This creates opportunities for exploitation thus requires control of the programs to protect customer information and the integrity of the systems.
Reference
Sridhar, K., & Ng, M. (2021). Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties. Journal of Cybersecurity, 7(1), tyab007. https://doi.org/10.1093/cybsec/tyab007
Module 12
Q: Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.
A: Slynchuk (2021) presents some insight on internet usage, particularly the illegal things that one may be doing unknowingly. One of the most serious violation is the sharing of passwords, photos and home addresses. This is a serious violation owing to the fact that a cybercriminal may use the photo that is uploaded to commit and crime. Additionally, the sharing of passwords will enable a cybercriminal to gain access into someone’s personal space and steal information which will then be used to commit a crime.Sharing a person’s address on the internet increases the risk of stalkers or home intrusion thus contravening the individual’s sense of security.The use of another person’s identity to perform certain activities online is a serious offense as this is considered as fraud and identity theft. This action is a grave transgression as it will have serious repercussions on the person’s identity. Other people are also involved in collecting information about children which violates the Children’s Online Protection Act. This information collection poses serious risks to the unknowing children. Such risks may include identity theft or the children may be exposed to content that is unsuitable.Bullying and trolling are other common behaviors that could result in serious criminal prosecution. It similarly has serious implications on the victims as they are predisposed to the harsh words or intimidations by cyberbullies which cause serious psychological and emotional turmoil. The use of copyrighted images is a serious violation since it deprives the owner of the recognition that comes with the images and the potential earnings associated with the image.
Reference Slynchuk, A. (2021, Jun 01). 11 illegal things you unknowingly do on the internet. Clario. https://clario.co/blog/illegal-things-you-do-online/
Module 14
Q: Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.
A: Davin Teo discusses his career as a digital forensics’ expert. He describes the career as related to the collection, analysis, and reporting of electronic data to present in a court of law (TEDX Talks, 2015). The career can be likened to a social sciences field research on collecting data to develop conclusions about a phenomenon. The professional participates in research-like experience of collecting, analyzing, and reporting data from the field. Digital forensics also connects to social sciences in that it uses the social science components such as sociology to study the various group behavior to help in analyzing the data that has been collected. Additionally, digital forensics incorporates another social science element referred to as psychology to better understand the psychological motives that could have expedited a certain crime.
Digital forensics initially did not have specific courses. Individuals were put into it to tackle computer-related issues. Mr. Teo points out that he did not receive training in the field and began by exploring career opportunities in the digital space. He has transitioned in his career witnessing the technological changes in the period to date. Listening to his career transition indicates a willingness to exploit opportunities and also leverage unexplored fields. In addition, the experience shows resilience and preparedness for change as he adapts to the fast-changing technology. His career path encourages people to invest in technology-related careers owing to the endless opportunities in the field.
Reference
TEDx Talks (2015, Dec 9). Digital Forensics | Davin Teo | TEDxHongKongSalon. YouTube. https://youtu.be/Pf-JnQfAEew