Scientific Principles
Understanding the Scientific Principles of relativism, objectivity, parsimony, skepticism, ethical neutrality, and determinism, I realize that cyber security is much more than ones and zeros. Cyber security is deeply rooted in scientific thinking. These principles shape the cyber security community when it comes to analyzing threats, coding defenses, and emergency responses to cyber incidents.
Relativism in science means that knowledge is evaluated in comparison to other evidence. This relates to cyber security because threats and vulnerabilities are constantly changing, and new ones will always be found. What is a secure patch to an issue one day may not be that way the next. The security measures put in place relative to the current attack that is trying to be stopped. This is also true for new technologies and the risk environment the technology is at physically.
Objectivity is essential in cyber security. Cyber analysts must rely on many different forms of evidence such as logs on the systems and network traffic, rather than assumptions. When investigating, they cannot rely on past experiences alone or what they think might be an issue. Objectivity ensures that bias from any influence is not considered.
Parsimony is the idea that the easiest answer is usually the best. When a network or system is not operating to optimal efficiency, it is often something straightforward to be troubleshot and fixed. When it comes to vulnerabilities, it is the cyber expert’s job to fix the issue quickly and the easiest way possible. This saves the company’s resources.
Skepticism is something I would argue is the most important one. As the cyber professional, it is their job to question everything. Questing every email, links, and update can be a pivotal part of security measure for that company. Security teams constant testing of systems and questioning attitudes will help uncover hidden risks and mitigate successful attacks.
Ethical neutrality reminds the cyber professionals to be apart from their work and do all work from the base of professional responsibility. Whether investigating a suspect, insider threats, or enforcing policies, the cyber professional must be neutral in all endeavors.
Determinism shows that events do not happen randomly. Every action has an equal and opposite reaction. When it comes to cyber space, the level of knowledge needed requires some type of determination to get the knowledge and attempt the attacks. Understanding that systems have a root cause. This will assist in the analysis of the incident and attempting to find the cause.
Overall these scientific principles guide the mindsets of a cyber security professional. They promote evidence-based problem-solving skills through analysis. Viewing cyber security through a scientific lens shows that it is not just about technology. A cyber security professional’s job is to be critical thinking and use sound reasoning to be a continuous learner in this field.
Data Breaches
Reading the content on data-breaches is suitable for analytical purposes by researchers. There are many demographics that can be used to categorize individuals with data that have been leaked. Data leaks expose an individual’s information, sometimes small amounts of public information like emails and phone numbers. Sometimes it could be more detrimental with personal information such as social security numbers and date of birth and locations. These data breaches can help research identify patterns in the data and ways the data was leaked to attempt to prevent these things from happening again. Whether data is moved to use to find solutions or mitigate the loss of data. Researchers can use these to try and solve the seemingly never-ending issue in the day of technology we live in.
Individual Motive
I ranked “For money” as my number one because financial gain is one of the most common and powerful motivators. Ransomware attacks, phishing schemes, identity theft, and data breaches are a few of the most common examples we see that are for financial gain. Cyber attacker groups operate like a business and financial gain is a necessity to continue the operation. Political motives is my number two. Many attackers use their knowledge to promote ideologies to influence the public. Due to the global impact this ranks high. Revenge motives is my number three. Disgruntles employees or any individual seeking to launch attacks that cause harm is in a revenge state of mind. Recognition is my fourth ranked motive. Some attackers strictly want attention from the public. This feeds into to a status or respect ego the attacker may have. This is seen to be common amongst young attackers. My fifth ranked motive is entertainment. Some attackers have a for fun attitude to something that is easy to do or access to them. these types of cyber attacks tend to be less harmful and intrusive as money motive attackers. My sixth ranked motive is boredom. Boredom can lead to curiosity driven attacks. This is similar to entertainment for the amount of harm it causes. This is never a long time attack like some political motive attacks. Multiple reasons is my final ranked motive. This is ranked last because it lacks any specific reason. While many attackers involve more than one of these motives, not having a single cause does not give a effective base. Attempting to use multiple motives in this list can lead down hard end states and not completing the tasks the attacker has set.
Fake Websites
Fake websites plague the internet. They are designed to trick individuals by making them think it is the real website they are after. This is then followed by attempts in gaining information or money from them. By looking at he differences of real websites and fake ones it becomes easier to identify fake websites. Another website tip is looking to make sure it is HTTPS and not HTTP. The encryption is another from of security for your browsing needs. The first fake website I researches was Carsaledeals.com when the real one is cars.com or autotrader.com. carsaledeals.com is an easy click for the user but not what they are truly after. The website is close to cars.com and the added words may even make it more suitable for the buyer to click on. The next website I researched was bestgymdealsnow.net. This may see like a great website that has deals now but more reputable website is roguefitness.com or nike.com. The .net is also something that stands out as abnormal. The third website I researched was discountautopartswarehouse.com. This is misleading due to the illusion that there is an endless auto part warehouse. Real companies such as AutoZone or Advanced Auto Parts are more credible. By looking at real websites it becomes easier to identify the fakes. Fake websites often have to advocate large quantities that equal to large discounted prices. Real websites focus on brand reputation and customer support. These are what make websites trustworthy.