CYSE201S
Cybersecurity and the Social Sciences
Within a social science framework, this course explores the social, political, legal, criminological, and economic aspects of cybersecurity. Students are introduced to a human-factors perspective concerning cybersecurity threats. It shines a light on all those social factors that contribute to cyber attacks as well as legal and political systems developed to manage the actions of those who create risks and incidents. Moreover, this course looks into the different social science fields and their approach in cybersecurity.
Journal Entries
Module 14 Journal Entry – Watch the video about a Digital Forensic Investigator giving a TedTalk and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.
The career of a digital forensics investigator is related to the world of forensic science and social science. As a matter of fact, it focuses on the process of the collection, analysis, and reporting of different electronic data that can be used for law enforcement, thus being presented in courtrooms, for example. The career of a digital forensics investigator is also strictly conveyed through social science. Digital forensics involves the handling of sensitive information. For this reason, it is crucial for them to understand the ethical implications, such as data privacy and ethical treatment. To add to this, investigators need to familiarize themselves with the societal impacts cybercrime has on society as a whole and on individuals. Another reason for its connection with social science is the understanding of criminal behavior, which is a branch of social science. Knowing the factors that push individuals to commit criminal activity is key to their investigations. Moreover, a digital forensics investigator also needs to adhere to some, if not all, social science principles such as skepticism, relativism, ethical neutrality (briefly mentioned above), objectivity, etc. All these social science principles are key social science factors that can significantly impact the outcome and process of an investigation. Investigators need to be objective and ethically neutral in order to conduct a non–biased investigation and must only stick to the data found, leaving aside personal beliefs. Relativism is a principle that proposes the following statement: all things are related. What this means is that in an investigation, the social context and how it impacts behavioral dynamics are very important. Investigators must also be skeptical about their abilities and investigations. This skepticism is another important aspect. This principle enables investigators to question the validity of the information found, providing a more detailed investigation and therefore avoiding hasty conclusions. Davin Teo, a digital forensic investigator, gave a TedTalk talking about how he was introduced to the world of digital forensics. Davin Teo started his career in the accounting field. However, the company Teo worked for was looking for an IT person to help with their networks. That’s when Davin decided to take his chances and delve into the world of IT. With time, Davin became more familiar with and interested in IT (information technology), reviewing many opportunities. One of the biggest opportunities Davin received was one from a company in Australia, the first national digital forensic practice, which was starting a new team. During his TedTalk, Davin points out how the advancements in technology have changed the efficiency of his work as a digital forensics investigator. In the past, a simple job like the one we would define now, like collecting data, for example, would take a very long time. Whereas now, with the new technologies, this process takes less time, increasing the efficiency of investigations. A very interesting aspect of his TedTalk is the incorporation of one of his case studies, which, even if anonymized for obvious reasons, gives a general sense of what a digital forensics investigator does. I think that Davin Teo’s career pathway is truly fascinating. He started his career as a simple, respected accountant only to risk his future and satisfy his desire to grow professionally and understand the realm of IT. This, like he says, turned out to be one of his best decisions, allowing him to make out of digital forensics a successful career in the field of cybersecurity. This, in my opinion, shows the immense opportunities within the cybersecurity realm and the importance of taking risks. His path is truly inspirational. The way he talks about his work shows the passion and dedication he has for his profession and the value of commitment, which enhances professional performance. All extremely valuable things. Throughout the course, we’ve looked at different modules about cybersecurity and its relationship with the social sciences. One module that particularly helped me understand the type of cybersecurity career I want to pursue was the one talking about the different cybersecurity careers. One specific career that I found captivating was that of a digital forensics investigator. Like Davin says, there are many responsibilities and duties a digital forensics investigator must comply with, and their skills are in high demand. In fact, Davin was able to make the most of them and work in the field for almost 20 years. Lastly, the pathway to his career shows how important having certain skills is since it allowed him to completely change his work path. Personally, I think that learning about his experience can be of great help for all those cybersecurity students like myself who want to pursue a career in the field, and that sometimes taking risks can be very rewarding.
The career of a digital forensics investigator is related to the world of forensic science and social science. As a matter of fact, it focuses on the process of the collection, analysis, and reporting of different electronic data that can be used for law enforcement, thus being presented in courtrooms, for example. The career of a digital forensics investigator is also strictly conveyed through social science. Digital forensics involves the handling of sensitive information. For this reason, it is crucial for them to understand the ethical implications, such as data privacy and ethical treatment. To add to this, investigators need to familiarize themselves with the societal impacts cybercrime has on society as a whole and on individuals. Another reason for its connection with social science is the understanding of criminal behavior, which is a branch of social science. Knowing the factors that push individuals to commit criminal activity is key to their investigations. Moreover, a digital forensics investigator also needs to adhere to some, if not all, social science principles such as skepticism, relativism, ethical neutrality (briefly mentioned above), objectivity, etc. All these social science principles are key social science factors that can significantly impact the outcome and process of an investigation. Investigators need to be objective and ethically neutral in order to conduct a non–biased investigation and must only stick to the data found, leaving aside personal beliefs. Relativism is a principle that proposes the following statement: all things are related. What this means is that in an investigation, the social context and how it impacts behavioral dynamics are very important. Investigators must also be skeptical about their abilities and investigations. This skepticism is another important aspect. This principle enables investigators to question the validity of the information found, providing a more detailed investigation and therefore avoiding hasty conclusions. Davin Teo, a digital forensic investigator, gave a TedTalk talking about how he was introduced to the world of digital forensics. Davin Teo started his career in the accounting field. However, the company Teo worked for was looking for an IT person to help with their networks. That’s when Davin decided to take his chances and delve into the world of IT. With time, Davin became more familiar with and interested in IT (information technology), reviewing many opportunities. One of the biggest opportunities Davin received was one from a company in Australia, the first national digital forensic practice, which was starting a new team. During his TedTalk, Davin points out how the advancements in technology have changed the efficiency of his work as a digital forensics investigator. In the past, a simple job like the one we would define now, like collecting data, for example, would take a very long time. Whereas now, with the new technologies, this process takes less time, increasing the efficiency of investigations. A very interesting aspect of his TedTalk is the incorporation of one of his case studies, which, even if anonymized for obvious reasons, gives a general sense of what a digital forensics investigator does. I think that Davin Teo’s career pathway is truly fascinating. He started his career as a simple, respected accountant only to risk his future and satisfy his desire to grow professionally and understand the realm of IT. This, like he says, turned out to be one of his best decisions, allowing him to make out of digital forensics a successful career in the field of cybersecurity. This, in my opinion, shows the immense opportunities within the cybersecurity realm and the importance of taking risks. His path is truly inspirational. The way he talks about his work shows the passion and dedication he has for his profession and the value of commitment, which enhances professional performance. All extremely valuable things. Throughout the course, we’ve looked at different modules about cybersecurity and its relationship with the social sciences. One module that particularly helped me understand the type of cybersecurity career I want to pursue was the one talking about the different cybersecurity careers. One specific career that I found captivating was that of a digital forensics investigator. Like Davin says, there are many responsibilities and duties a digital forensics investigator must comply with, and their skills are in high demand. In fact, Davin was able to make the most of them and work in the field for almost 20 years. Lastly, the pathway to his career shows how important having certain skills is since it allowed him to completely change his work path. Personally, I think that learning about his experience can be of great help for all those cybersecurity students like myself who want to pursue a career in the field, and that sometimes taking risks can be very rewarding.
Module 12 Journal Entry – Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a journal entry describing the five most serious violations and why you think those offenses are serious.
In the article “11 Illegal Things You Unknowingly Do Online,” Andriy Slynchuk describes eleven things that internet users do that may be illegal:
In the article “11 Illegal Things You Unknowingly Do Online,” Andriy Slynchuk describes eleven things that internet users do that may be illegal:
1. Using unofficial streaming services
2. Using Torret Services
3. Using copyrighted image
4. Sharing passwords, photos, or addresses of others
5. Bullying and trolling
6. Recording a VoIP call without consent
7. Faking your identity online
8. Using other people’s internet networks
9. Collecting information about children
10. Extracting audio from YouTube
11. Illegal searches on the internet
All these are illegal actions that should be completely avoided, and most importantly, there should be a very clear explanation for their avoidance. Knowing what is allowed and prohibited is crucial to preventing issues of any type. While some of the eleven things may not be as serious as others, none should be taken lightly.
For example, viewing free online content is very risky since most of the time these websites lack protection, making it easy for our identities to be stolen within seconds. In addition, searching for movies online is considered a copyright violation, which one can face legal action for. In fact, using torrent services and accessing copyrighted material for free is against the law. Furthermore, sharing passwords, addresses, or photos without the owner’s permission is illegal; these types of information belong to their owner and can’t be used or shared without their consent. A huge phenomenon is bullying and trolling. Bullying people online and taking advantage of them is very easy. Anyone can hide their true identity behind a fake profile and say or do whatever they want. This, in my opinion, is a very dangerous act that could lead to severe repercussions, like jail time,for example. Faking identity online is another huge issue. One can pretend to have a different name, age, gender, interests, etc. just to get inside the minds of vulnerable individuals and deceive them.
I would say that the following five are the worst violations out of the eleven:
1. Sharing passwords, addresses, or photos of others
2. Bullying and trolling
3. Recording a VoIP call without their consent
4. Faking Identity
5. Collecting information about people younger than 13.
The five most serious violations I chose, in my opinion, could all fall under the category of cyber victimization. I believe that targeting innocent people online by sharing their private information and photos, bullying them, recording them without their consent, faking identities to deceive individuals, and collecting information about children should all be considered very seriously. I can’t even count the number of stories I’ve heard about young children or women who take their lives because of other people’s actions—deciding to post intimate photos, for example, or bullying individuals because of their appearance. The most horrendous thing about all this, however, is collecting information about children. They are unaware of the things that can happen to them and aren’t mature enough to understand the dangers and protect themselves. Moreover, recording people without their consent is truly crazy. How would these criminals feel if every aspect of their personal lives was shared with millions and millions of people? To answer that question, they wouldn’t like it at all. Recording people without consent is a horrible thing. The victims of such illegalities might see photos of themselves online in compromising situations, negatively impacting the way family, friends, and colleagues view their lives.
Lastly, I think that the article provides valuable information on how to stay safe online. Limiting the information we share, creating strong passwords, and browsing incognito are all good methods to prevent unwanted situations. The article gives solid, straight-forward information about what is illegal and raises awareness among people while also providing advice.
Module 11 Journal Entry 2 – Read this article
https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The article “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” discusses BugBounty programs (programs where organizations, software developers, and websites offer compensation for identifying bugs) and their effectiveness in strengthening cybersecurity. It also discusses the significant role Big Bounties have in exposing vulnerabilities missed by internal teams, as well as the role economic incentives have in motivating white-hat hackers to design efficient security measures.
https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The article “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” discusses BugBounty programs (programs where organizations, software developers, and websites offer compensation for identifying bugs) and their effectiveness in strengthening cybersecurity. It also discusses the significant role Big Bounties have in exposing vulnerabilities missed by internal teams, as well as the role economic incentives have in motivating white-hat hackers to design efficient security measures.
The article focuses on the discussion of the findings, going through all the dynamics of the policies as well as discussing the factors that influence the participation of white-hat hackers. The program age is a crucial aspect impacting future developments and the simplicity of finding weaknesses. It also focuses on the role industries play. Some sectors encounter more vulnerabilities than others, becoming more prone to risks. This is also due to the difficulty in finding the right people who are educated and have adequate skills in the field of cybersecurity. In addition, the credibility of the findings is provided thanks to the use of strategies that enhance big-bounty approaches. These studies propose different methods for the future while looking at long-term sustainability and refining models to predict program configurations.
From a literary point of view, the article focuses on literary aspects by highlighting the misguidence of preceding research and by providing a greater understanding of bugs. Moreover, it discusses the importance of using traditional security measures and highlights the role of economic incentives to show how bug bounty draws attention and clings onto qualified researchers.
Overall, thanks to the data provided by HackerOne, the article provides a great insight into BugBounties in order to look at the impact it has on information security. Through the analysis of factors like Bounty amounts, program age, and private and public program dynamics, the article clarifies the difficulties of Bounty systems. Furthermore, it considers solid techniques to establish casual relationships and calculate the effects the program has on vulnerabilities.
Lastly, I found this article very informative. HackerOne data provides a valuable explanation of the dynamics of bug bounty. With the evolution of the cyber world, our security and combat methods must evolve with them. The economic model developed underscores the successes of bug bounty for improving cybersecurity and points out the importance of investments in the field.
Module 11 Journal Entry 1 – Read the sample breach letter “SAMPLE DATA BREACH
NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.
The sample data breach notification letter is a letter sent out by a business that has an online website, www.glasswasherparts.com, to inform a customer regarding their identity theft. Some intruders placed malware on the platform’s provider’s servers and managed to gain access to customers’s payment card data. Information like their first and last name, address, phone number, and credit card numbers were involved. In addition, out of all the different economic and social theories, I would say that the ones that best relate to the letter are the laissez-faire theory and the Marxian theory. Laissez-faire economic theory suggests that governments should not intervene in the economy except to protect individuals’s inalienable rights. This is very relatable to the sample data breach notification letter. What makes the theory relatable is the fact that the customer, the victim of the attack, was informed with extreme delay about the occurrence due to the ongoing investigation. This perfectly describes the theory since it allowed for the investigation to proceed without immediate public announcements. The other economic theory that relates to the letter is the Marxian theory. According to Marxian theory, those with power exploit those without power for economic gain. Moreover, the theory also highlights the fact that these individuals are more in danger than the ones who have the power. The individual in this case is completely powerless. There is nothing the individual could have done to prevent this. The customer, in situations like this, is impotent, making him an easier target. Moving onto social science, I would relate the letter to objectivity and ethical neutrality. Objectivity refers to the study of topics in a value-free manner. In this case, the customer is being informed about the breach in a clear and detailed way,without bias or influence. It sticks to proven information and is free from suppositional language. Lastly, it also reinforces ethical neutrality. When conducting research, it is important to adhere to ethical standards. The letter relates to ethical neutrality because its aim is to inform the victim about the incident and advise the victim on how to stay safe. The letter doesn’t blame anyone for the breach; it’s only informative.
NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.
The sample data breach notification letter is a letter sent out by a business that has an online website, www.glasswasherparts.com, to inform a customer regarding their identity theft. Some intruders placed malware on the platform’s provider’s servers and managed to gain access to customers’s payment card data. Information like their first and last name, address, phone number, and credit card numbers were involved. In addition, out of all the different economic and social theories, I would say that the ones that best relate to the letter are the laissez-faire theory and the Marxian theory. Laissez-faire economic theory suggests that governments should not intervene in the economy except to protect individuals’s inalienable rights. This is very relatable to the sample data breach notification letter. What makes the theory relatable is the fact that the customer, the victim of the attack, was informed with extreme delay about the occurrence due to the ongoing investigation. This perfectly describes the theory since it allowed for the investigation to proceed without immediate public announcements. The other economic theory that relates to the letter is the Marxian theory. According to Marxian theory, those with power exploit those without power for economic gain. Moreover, the theory also highlights the fact that these individuals are more in danger than the ones who have the power. The individual in this case is completely powerless. There is nothing the individual could have done to prevent this. The customer, in situations like this, is impotent, making him an easier target. Moving onto social science, I would relate the letter to objectivity and ethical neutrality. Objectivity refers to the study of topics in a value-free manner. In this case, the customer is being informed about the breach in a clear and detailed way,without bias or influence. It sticks to proven information and is free from suppositional language. Lastly, it also reinforces ethical neutrality. When conducting research, it is important to adhere to ethical standards. The letter relates to ethical neutrality because its aim is to inform the victim about the incident and advise the victim on how to stay safe. The letter doesn’t blame anyone for the breach; it’s only informative.
Module 10 Journal Entry 2 – Read the following and write a journal entry summarizing your response to the article on social cybersecurity.
‘Social Cybersecurity: An Emerging National Requirement’ is an article written by Kathleen Carley and David Beskow. It examines the new emerging field of social cybersecurity as well as its impacts and how it differentiates itself from ‘traditional’ cybersecurity. Social cybersecurity is defined as a subdomain of national security. A subdomain that will bring major changes in the future, especially in future conflicts. Moreover, this discipline focuses on the scientific study and analysis of cyber changes and the way they affect social, political, cultural, and behavioral human aspects. The article also mentions some prominent personalities, like Dmitry Kiselev, coordinator at the Russian State Agency for International News, who said that in this day and age, the main types of wars are information wars. As a matter of fact, all the power can be applied to the divulgence of information; however, the outcome might be similar to the famous Blitzkrieg of WWII. Like I previously mentioned, social cybersecurity is very different in comparison to the traditional one. In fact, in opposition to this last one, which uses technology to hack other technology, it uses individuals to ‘hack’ other individuals. Information warfare is a great ally since it can be used against opponents to make them weaker and create conflicts between NATO allies, for example. Moreover, despite the fact that geography had a very important role in the past, that doesn’t mean that now it doesn’t (think about the Pacific and Atlantic Ocean for America, for example). However, the importance is now moving towards the human domain. The article also mentions BEND, a framework that describes different methods and research areas to address threats in the social domain. By following this framework, organizations can improve their defensive measures and respond to complications in the social domain.
‘Social Cybersecurity: An Emerging National Requirement’ is an article written by Kathleen Carley and David Beskow. It examines the new emerging field of social cybersecurity as well as its impacts and how it differentiates itself from ‘traditional’ cybersecurity. Social cybersecurity is defined as a subdomain of national security. A subdomain that will bring major changes in the future, especially in future conflicts. Moreover, this discipline focuses on the scientific study and analysis of cyber changes and the way they affect social, political, cultural, and behavioral human aspects. The article also mentions some prominent personalities, like Dmitry Kiselev, coordinator at the Russian State Agency for International News, who said that in this day and age, the main types of wars are information wars. As a matter of fact, all the power can be applied to the divulgence of information; however, the outcome might be similar to the famous Blitzkrieg of WWII. Like I previously mentioned, social cybersecurity is very different in comparison to the traditional one. In fact, in opposition to this last one, which uses technology to hack other technology, it uses individuals to ‘hack’ other individuals. Information warfare is a great ally since it can be used against opponents to make them weaker and create conflicts between NATO allies, for example. Moreover, despite the fact that geography had a very important role in the past, that doesn’t mean that now it doesn’t (think about the Pacific and Atlantic Ocean for America, for example). However, the importance is now moving towards the human domain. The article also mentions BEND, a framework that describes different methods and research areas to address threats in the social domain. By following this framework, organizations can improve their defensive measures and respond to complications in the social domain.
To conclude, as I reflect on this article, I understand even more the impact social cybersecurity has on our society. Seeing the power it has acquired and the one it continues to acquire is mind-blowing, especially since it is also an important part of the political world. So much so that it is being described like the Blitzkrieg. It’s so potent that it’s even becoming a bigger threat to all those relationships established between countries.
Module 10 Journal Entry 1 – Watch this video. As you watch the video, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a journal entry describing social themes that arise in the presentation.
In the video ‘What Does a Cybersecurity Analyst Do? Salaries, Skills, and Job Outlook’, Nicole Enesse explains the duties and responsibilities of cybersecurity analysts as well as the places one can work in, how much one can earn, the path to take to become one, and future predictions. Essentially, the duties a cybersecurity analyst has are the responsibility to monitor, respond, and defend a network from any kind of cyber attack. In addition, their role is to also provide individuals with advice and training to enhance user awareness. Despite that, the role of a cybersecurity analyst can vary from company to company. The great thing about working as an analyst is the fact that there are plenty of opportunities. Every organization, whether it’s strictly connected with the field of cybersecurity or not, needs someone as skilled as a cybersecurity specialist being an essential part of the company. As concerns salaries, like Nicole suggests, places such as Dallas, Washington, DC, Boston, Atlanta, and New York pay the highest. In Washington, D.C., for example, it is possible to earn around $117.000. That being said, for all those in the cybersecurity field who are considering pursuing a career as a cybersecurity analysts, the cost of living is something to take into consideration. Furthermore, when it comes to certifications, CYSA+, for example, is a good recognition of the skills one has as well as a degree in IT or computer science. Internships, immersing oneself in the more technical aspects of cybersecurity, and making as many experiences as possible are great ways to grow personally and career-wise. Moreover, having a solid and well-organized resume is the key to making an outstanding impression on employers. The field of cybersecurity, more specifically, cyber analysts in this case, has great predictions for the future, with a growth rate of 31%. Finally, yet importantly, I found the video very interesting because not only does it provide all the information one needs to embark on the cyber journey, but there are also social themes that arise in the presentation. Diversity and inclusivity is a very important social theme, in my opinion, because it encourages individuals to believe in their abilities and pursue careers in the field without fear of being rejected. Another theme is the social and economic aspects. The job of a cybersecurity analyst has a good salary, but individuals must take into consideration things like the cost of living. Earning a lot of money and spending it all on rent, for example, wouldn’t be ideal. Overall, I really enjoyed watching this video because it gave me some more information on the topic, and I appreciated the fact that Nicole Enesse gave us advice on things to consider beside degrees and certifications.
Module 9 Journal Entry – Watch the Following Video. Then, complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?
I would describe Dave as obsessed with social media. In fact, I don’t like when people around me post every single bit about their day because I think, What’s the point? Is it really worth it? Why would someone risk being targeted or having someone close to them targeted due to the lack of privacy? The more we share online about our lives, the higher the chance of being a victim of a cyberattack. When we do that, we are making it 10 times easier for a hacker to do whatever they wish with our data, and that is far from being okay. Like the video shows us, Dave is the kind of person who, with his carelessness and lack of thinking, puts at risk not only himself but an entire organization. Looking at the ‘Social Media Disorder Scale’, I’ve realized even more the power social media has on us. Although I use social media, I wouldn’t describe myself as someone who’s addicted to it.
Here are my scores:
1) NO
2) NO
3) YES
4) YES
5) NO
6) NO
7) NO
8) YES
9) YES
In all honesty, I was expecting more yes’s, but luckily, with time, I’ve learned to prioritize things like going out with friends, family, or practicing my hobbies. At the end of the day, social media won’t go anywhere and is available at all times, whereas spending time with the people you love and doing what makes you happy isn’t something we’ll always be able to experience. In addition, the items on the scale show different problems caused by social media, which, in my opinion, are very dangerous. The fact that we are letting social media take up so much of our lives isn’t good, and what makes it even more disappointing is the fact that we are the first ones responsible for this. We shouldn’t give social media the importance we are currently giving it because it’s destroying our mental health and the relationships we have with our loved ones. Lastly, to answer the final question, I believe that different patterns are found across the world for several reasons, such as cultural differences (not all countries have the same awareness when it comes to cybersecurity), different laws and regulations that influence cybersecurity, political reasons, and economic conditions.
Here are my scores:
1) NO
2) NO
3) YES
4) YES
5) NO
6) NO
7) NO
8) YES
9) YES
In all honesty, I was expecting more yes’s, but luckily, with time, I’ve learned to prioritize things like going out with friends, family, or practicing my hobbies. At the end of the day, social media won’t go anywhere and is available at all times, whereas spending time with the people you love and doing what makes you happy isn’t something we’ll always be able to experience. In addition, the items on the scale show different problems caused by social media, which, in my opinion, are very dangerous. The fact that we are letting social media take up so much of our lives isn’t good, and what makes it even more disappointing is the fact that we are the first ones responsible for this. We shouldn’t give social media the importance we are currently giving it because it’s destroying our mental health and the relationships we have with our loved ones. Lastly, to answer the final question, I believe that different patterns are found across the world for several reasons, such as cultural differences (not all countries have the same awareness when it comes to cybersecurity), different laws and regulations that influence cybersecurity, political reasons, and economic conditions.
Module 8 Journal Entry – Watch these videos and pay attention to the way that movies distort hackers. After watching these videos, write a journal entry about how you think the media influences our understanding about cybersecurity. Has this understanding changed over time? What is different in the older pieces of media vs more current media?
In the first video, we can see how an internationally recognized security analyst, author, researcher, and speaker named Keren Elazari goes through some movie hacking scenes and gives her experienced opinion on them. In most of the hacking scenes, we can see how, due to the lack of experience in the cybersecurity field, they show an altered and unreal reality of how hackers work. Most of the time, they show bad OPSEC (operational security), invented words to make something sound “cooler” mixed with realistic cybersecurity terms, mapping tools, and protocols such as SSH NUKE, credential stuffing, Wi-Fi pineapple, etc. In the second video, Samy Kamkar, a computer hacker and co-founder of Open Path Security, talks about other hacking scenes. In the movie X-Files, for example, they print out an encrypted code. In the real cybersecurity world, this is pointless because most of the characters present in a file wouldn’t be visible. In another movie scene, they try to destroy a hard drive by using magnets and a microwave, which could be “good” ways to destroy a hard drive. Other scenes show a denial-of-service attack. Usually, this type of attack doesn’t use manipulative methods like altering a web browser; instead, it brings down a system that isn’t shown in the movie clip. In another clip, we can see the use of a device called MagSpoof, which is a very efficient and real cybersecurity method (an electromagnet that creates a magnetic field). The third and final video shows movie clips that use 3D images when, in reality, that doesn’t occur. As a matter of fact, we can see a lot of codes and text, but never 3D images. A movie called ‘The Italian Job’, for example, shows the process of traffic light hacking. This is a very possible thing since most traffic light systems are internet-controlled. Furthermore, in another clip, we can see a program called XKEYSCORE. This allows the surveillance, search, and analysis of global data. All these movie clips have proven the power media has in influencing people, making them believe things that don’t necessarily correspond to reality. Like we’ve seen, many movies, both older and newer ones, show false methods and hacking mechanisms to make a certain scene look more intriguing and thought-provoking, only for the sake of the movie. However, these fake scenes can be easily spotted by a more experienced eye. Despite the fact that to this day many movies show a distorted hacking reality, I think that there is a lot more awareness and understanding of what should be considered real and fake, especially because with the non-stop advances in technology, people are learning new ways to keep themselves safe and, therefore, are more informed on the topic. In short, nowadays, there is more awareness in the cybersecurity field. As a matter of fact, the main difference I’ve encountered between the older pieces of media and the newer ones is the increasing threats in cybersecurity that are pushing individuals to learn more about online security. Also, newer media shows different tools that help combat threats and advises people to use several methods to prevent cyberattacks. To conclude, I think that overall, the media is much more informed and acts as a tool to raise cyberawareness amongst people.
Module 6 Journal Entry – We have many misconceptions about cybersecurity. Here, hackers tell you about some of our misconceptions. What personal misconceptions did you have before you started to study cybersecurity? Have those been proven right or wrong?
Before I started studying cybersecurity, I had many misconceptions regarding this field. In fact, I wasn’t as familiar as I am now with all the different types of risks involving cybercrime, and therefore, I never thought of the idea of a random individual being a target. As a result, I always thought that an individual with a low profile wouldn’t be at risk, that being safe online is not our responsibility, and that using public Wi-Fi anywhere is risk-free. In reality, diving into the world of cybersecurity, I’ve learned that all those misconceptions I once had don’t correspond to the reality of cybersecurity. According to an article titled ‘Research Shows 25% of Travelers Hacked Via Public Wi-Fi While Abroad’, it is in fact possible to be a victim of cybercrime even for doing things that may seem “small” and “innocuous,” like using a public Wi-Fi, for example. This article talks about research conducted by NordVPN, a cybersecurity company, which revealed that one in four travelers has been hacked while using public Wi-Fi. This event shouldn’t be underestimated. Using public Wi-Fi in public places like airports, for example, is a very common mistake because of the lack of information amongst people on things like cybercrime. Hackers can set up Wi-Fi spots wherever they wish, and as soon as someone connects to them, hackers can access all types of personal data about you. In my opinion, this is a huge problem because not only can they handle our own sensitive information, but they can also threaten us with it, leading to even worse scenarios. In addition, I realized that most of the time, our activity online is a factor that could contribute to and push hackers to target a certain individual instead of another. This is explained in an article titled ‘Don’t click that link! How criminals access your digital devices and what happens when they do’. Even though a lot of times we don’t do anything to deserve an attack, some people misbehave online, meaning that they don’t pay attention to click-bait titles, sketchy links, or accepting famous cookie pop-ups. Believe it or not, a hacker can swipe all of your information in a matter of seconds. For this reason, it is crucial that we examine our actions very carefully. One wrong click can lead to serious consequences! Thankfully, studying cybersecurity and getting to know all the possible ways of attacking and defending oneself has helped me incredibly, and all the misconceptions I had proved me wrong. To conclude, I believe that we should all be more cautious with our actions, learn how to avoid unwanted situations, use firewalls, and be responsible about what kind of information we decide to make public.
Module 5 Journal Entry – Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
Unfortunately, the motives that push individuals to make unethical choices on the internet are several. As a matter of fact, many people commit cybercrime for reasons like:
Entertainment
Boredom
Political
Revenge
Recognition
Money
Multiple Reasons
All these motives have been presented to us in several different articles. According to the “Man Behind
LinedIn Scraping” article, 700 million users saw all their data being out in the open. After some
investigations, authorities found the culprit to be a man who stated that he had committed this crime for
pure fun. Despite that, the data he stole from those 700 million users was being sold.
The “New generation of angry and youthful hackers joins the ‘hacktivism’ wave” article addresses the use of cybercrime for political reasons. This article talks about the emergence of new-generation hackers who are joining the hacktivism wave to raise awareness about political issues, encourage change, expose politicians, etc.
Another article, “Revenge Porn Victims in Wales,” addresses the third motive, revenge. Revenge porn has always been a big case, a crime often committed by ex-partners or complete strangers with the intent of extortion or as a form of trolling. In Northern Wales, there have been 21 cases of image-based sexual abuse. Moreover, the scary thing about this is that with the help of AI, criminals can fake pornography, making these cases even bigger.
The fourth motive, boredom, is also another reason that pushes individuals to commit cybercrime. Young
children interact online without being supervised, increasing their risk of being exposed to cybercriminals. In addition, they find ways to entertain themselves and interact with people online, making them easy targets for cyberbullying, grooming, etc.
Recognition, the fifth motive, is another reason for cybercrime. The “8-month suspended sentence for script kiddie” article talks about the case of Bradley Niblock, a man who launched a distributed denial of service (DDoS) against the website of the Labor Party days before elections.
“Sex, drugs, and toilet rolls” is the title of an article that talks about money and how cybercriminals feel the need to commit crimes and earn as much as possible. As a result, entry-level hackers can make up to $42,000, mid-level hackers up to $900.000, and high-earning hackers up to $2 million a year.
As well as recognition, money, boredom, entertainment, politics, and revenge, there are also other reasons that incite cybercriminals to commit crimes. Just like the “What drives hackers to a life of cybercrime?” article suggests, psychological factors and technical skills drive hackers to act unthically and unlawfully.
Personally, after having read all the different articles talking about the several motives that incite hackers to commit cybercrime, I’ve made my own list, ranking each motive from 1 to 7 as the motives that I think make the most sense.
1. Money
Like we’ve learned, even an amateur hakcer can earn a very good amount of money by simply doing what they know best. This allows them to have a very good lifestyle and be more drawn to committing crimes, bigger each time, so that they can keep on living a great lifestyle and earn an absurd amount of money.
Like we’ve learned, even an amateur hakcer can earn a very good amount of money by simply doing what they know best. This allows them to have a very good lifestyle and be more drawn to committing crimes, bigger each time, so that they can keep on living a great lifestyle and earn an absurd amount of money.
2. Political
Everyone has different beliefs, and when they don’t match with the rest of the people, the need to “open” people’s eyes and show them a different perspective is very tempting. Not only that, it is also a way to make people more aware of a potential corrupt figure in the political world.
3. Revenge
This is a very common motive since people online, like ex-partners, might want to expose you on the internet to get revenge. In addition, it is also a very serious matter when one’s identity and intimacy get out in the open. This could scar someone for life and produce severe problems.
4. Recognition
Some people lack recognition in their real lives from relatives or friends, and being able to show the world their skills and capabilities is a way of making them feel recognized for something they’ve accomplished.
Some people lack recognition in their real lives from relatives or friends, and being able to show the world their skills and capabilities is a way of making them feel recognized for something they’ve accomplished.
5. Entertainment
Some individuals are just in search of a way to have fun and get involved in illicit online activities that allow them to feel entertained.
6. Boredom
I would rank boredom sixth since it’s a motive that goes hand-in-hand with entertainment. The lack of direction in people’s lives leads them to look for diversion elsewhere. In this case, the internet.
7. Multiple Reasons
Although there are many possible reasons for individuals to engage in illicit online behavior, I would rank this motive last simply because it lacks specificity. On top of that, I think that the motives ranked above are more accurate and based on concrete events.
To conclude, I consider these motives to be very severe because many people could get badly hurt due to their poor actions or other people’s ones. We must find a way to avoid all these problems and, therefore, protect ourselves against any dangerous situations.
Module 4 Journal Entry – Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.
Maslow’s Hierarchy of Needs is a theory that puts human needs into five categories, from basic needs to psychological needs and self-fulfillment needs such as food, water, warmth, rest, safety, intimate relationships, feeling accomplishments, and achieving one’s full potential. According to Maslow’s Hierarchy, our behavior is determined by our needs, and our needs can change over time.
I think that nowadays, this psychological theory is applicable in the cyber world since technology has majorly evolved and nearly everything that surrounds us is strictly connected to technology. In the case of technology, I think that the basic needs like food, water, warmth, and rest can be associated with a good internet connection and all-time access to any online source since these are the main steps to navigate online. I consider this need to be very important because if we want to feel like part of something without being afraid of “staying behind,” we need to have a good internet connection and all-time access.
Safety is another basic need. As I previously mentioned, whether we like it or not, the internet is taking over a big part of our lives, and the only thing we can do is adapt. Moreover, as people working or studying in the cybersecurity world, we must find improved safety measures. When I was younger and wasn’t as familiar as I am now with technology, I made a few mistakes that led to my computer being infected, and that is due to the lack of safety. In fact, to avoid these kinds of security problems, we must be more cautious and find more suitable solutions.
Maslow’s Hierarchy also mentions the need for belongingness and love. Just like it happens in the real world, humans feel the need to love, feel loved, and belong to someone, which are things that can be easily achieved with technology. As a result, many people install apps in the hopes of finding a friend or a partner, and social media is a way of connecting with people and growing relationships that satisfy their needs. The internet has helped me reconnect with some childhood friends, giving me the possibility to reinstall a good relationship with them.
Esteem is the fourth need mentioned in Maslow’s hierarchy. I consider this need to be very connected with the cyberworld. This is because we can post our achievements and announce them publicly. By doing so, we encourage people to interact with our posts, compliment each other, and give words of encouragement. Although I can see why many people post certain accomplishments, this need doesn’t resonate with me because I’m of the idea that keeping things to oneself is better most of the time.
The last need in the hierarchy is self-actualization, which stands at the top of the pyramid. Being able to grow personally or career-wise is one of the most fulfilling things. Realizing our potential, pushing ourselves to experience new things, and growing is extremely important. This can help us perceive ourselves in better ways and believe in our potential. Social media plays a huge role in this. We can find videos about history that improve our general knowledge, videos of people exercising that push us to live a healthier life, quotes that motivate us, tutorials that teach us different skills, etc. Thanks to technology and social media, I was able to learn a third language because of some videos that taught grammatical rules, which aroused my curiosity. This has helped me not only to grow personally, but it has also given me the possibility to have more open doors in the world of work.
Lastly, I think that Marlow’s Hierarchy of Needs plays a significant role even in the cyber world because it provides different ways of fulfillment.
Module 3 Journal Entry – How might researchers use this information to study breaches? What branch or branches of Social Science do you think would beenfit the most from a site hosting this information?
June 2, 2024
First of all, we need to know what a data breach is—more specifically, what is a data breach chronology? When we talk about data breaches in cybersecurity, we mean all those malicious acts one commits when unauthorized people access confidential information. For this reason, in 2005, the Data Breach Chronology was launched with the intention of avoiding data breaches and helping researchers understand such breaches in the US.
I think that the information provided by the article could be very useful. In fact, researchers could use this information to understand the nature of data breaches, the problems they cause, the organizations that are being compromised, the types of breaches, etc. Thanks to all this information, researchers can create new measures that help diminish and prevent such breaches. In addition, I think that branches of social science such as criminology, sociology, and psychology would benefit the most from this site.
This is because, with criminology, for example, we can investigate and learn about the involvement that data breaches have in not adhering to the law, and therefore, criminologists can find adequate reasons to incriminate cybercriminals for their unethical behavior.
Another social science that can benefit a lot from this site is sociology. Sociologists can study human social behavior, patterns of social relationships and interactions, and society as a whole and see how these breaches impact them, as well as the change in trust people put in organizations after incidents like these.
Psychology is another social science that could benefit as well. Psychology allows us to explore and study human behavior, understand why some people feel the need to commit cybercrimes, what brings them to act in certain ways, and also understand how the person or organization that has been a victim of a breach feels afterward.
To conclude, I consider this site to be very helpful, not just for researchers in the field of social sciences but also for people who like to keep themselves informed and safe when using any kind of site, search engine, or app. Sites like PrivacyRights.org are useful since they provide valuable information that allows one to understand the intricacies of cybersecurity.
Module 2 Journal Entry – Define each of the principles of science in your own words. Then, give examples of how each of the principles relates to cybersecurity.
Sunday 26, 2024
According to Robert Bierstedt, the social sciences follow the same principles as the natural sciences. As a matter of fact, the social sciences are considered to be as scientific as the natural ones, and they can be related to the study of cybersecurity. The social sciences are six: relativism, objectivity, parsimony, empiricism, ethical neutrality, and determinism. Each of these sciences allows for the understanding of cybersecurity.
Relativism: Relativism is a philosophical concept promoted by sophists. Relativism claims that values and truths depend on and vary based on the individual, cultural, and historical context. Moreover, with relativism, everything is related. When it comes to cybersecurity and its technological advances, we can see how everything is related, from the educational system to the political system. In addition, with this science, it is important to view behavioral dynamics, social processes, economic decisions, and policy making because, by doing this, we can study and develop adequate cybersecurity strategies that promote an inclusive approach to diversity and security.
Objectivity: When it comes to cybersecurity, being objective is extremely important. What this means is that scientists must have a neutral, impartial, and detached point of view when addressing potential risks and threats. In fact, scientists must be as objective as possible and successfully respond to and analyze potential attacks without being influenced. Everyone has a different opinion regarding different topics, but when it comes to finding security measures, it is pivotal to put our opinions and beliefs aside and find the most suitable cybersecurity measures, overcome any risks, and protect systems.
Parsimony: The term parsimony comes from the Latin parsimonia, which refers to the unwillingness to spend money. In science, however, this term refers to being able to choose the most simple scientific explanation. This way, cybersecurity measures can be easier to understand and, therefore, more practicable. Also, approaching things with parsimony in cybersecurity can help to diminish difficulties and target the problem more efficiently and quickly.
Empiricism: Empiricism is another philosophical term that refers to a belief in which our knowledge is based on our experiences, and more importantly, our sensory experiences. In cybersecurity, we want to depend on empirical affirmations that help us analyze threats and defend ourselves from them. Furthermore, using empiricism is a way of making sure organizations base themselves on real information and avoid deduction. This, in my opinion, is very effective because it avoids drawing inaccurate conclusions.
Ethical Neutrality: Ethical neutrality is a term that, in my opinion, is strictly connected with objectivity. In cybersecurity, when we address a problem, we must be objective and make sure that cybersecurity measures and policies respect ethical principles. Questions like ‘Can professors monitor students’ online coursework to make sure they’re really actually doing their work?’ or ‘Should the police use digital technologies to track human behaviors?’ are important questions one needs to consider. We must respect the confidentiality, integrity, and privacy of individuals and apply effective measures that also respect those principles.
Determinism: Determinism refers to those behaviors caused or influenced by preceding events. As a matter of fact, determinism is important in cybersecurity since it can greatly help to understand threats, manage them, and prevent them.
To conclude, like Robert Bierstedt says, I think that these social sciences can be related to the study of cybersecurity. Moreover, I find them very helpful since they can prevent attacks, give simple but effective scientific explanations, give unbiased solutions to find the most efficient cybersecurity measures, etc.
Module 1 Journal Entry – Review the NICE Workforce Framework
May 19, 2024
The National Institute for Cybersecurity Education, also known as the NICE Framework, is a
resource used by employers to help them better understand cybersecurity. In short, this framework determines a “universal” language in order to describe the work of cybersecurity and its workers. By doing this, employers and organizations have a clear understanding of the skills, tasks, and capabilities needed to succeed.
The NICE Framework is made up of seven categories:
Analyze
Collect & Operate
Investigate
Operate & Maintain
Oversee & Govern
Protect & Defend
Securely Provision
Based on my personal ideas and interests, I would rank these seven categories as follows:
1. Protect & Defend
In cybersecurity, the most important thing is to prevent a problem. In fact, with this step, we are able to come up with defensive measures, assess the level of risks, monitor unauthorized activities, and therefore respond to threats. In my opinion, this step is interesting because it allows you to work very closely with the cyberworld. Moreover, I consider it a very fundamental step.
2. Analyze
This, in my eyes, is also a very crucial step because if we want to overcome a situation in an effective way, the first thing we must do is analyze it carefully and weigh out the different possibilities. As a result, we are able to identify the problem and look for the most adequate and effective methods. With this step, the goal is to identify the capabilities and intentions of cybercriminals and look for a solution that is aimed at a specific problem or threat.
3. Investigate
I would put this step in third place since, without cyber investigation, we wouldn’t be able to upgrade to better tactics and techniques and improve an organization’s security measures. In addition, I find the investigation process to be one of the most interesting ones because, due to the advances in technology, the world of cybercrime is becoming more and more powerful. For this reason, the investigation process will always be different, meaning that one will never get tired of applying the same security measures. Instead, they will be different each time.
4. Collect & Operate
This category collects information and handles data to then develop operational plans.
This category collects information and handles data to then develop operational plans.
5. Operate & Maintain
This category, in my opinion, is strictly connected with ‘Collect & Operate’ and, like the fourth-ranked category, I find it intriguing. In fact, it takes care of everyday security measures by installing, maintaining, and managing software, hardware, and firewalls. Therefore, it ensures that the systems work effectively and safely, and it also ensures the CIA Triad (confidentiality, integrity, and availability).
6. Oversee & Govern
Oversee & Govern, just like the word itself suggests, provides supervision and governance. Also, it provides the staff with advice, develops policies that support cyber enhancement, and provides personnel training.
7. Securely Provision
Lastly, based on my interests, I would put securely provision last. This is because, despite being very important, it’s a basic step. As a matter of fact, in order to develop systems, write codes, and ensure appropriate risk treatment, it is pivotal to protect and defend, analyze, investigate, collect and operate, operate and maintain, and oversee and govern first. Without these initial steps, Securely Provision would be totally useless.
To conclude, I consider protecting and defending, analyzing, investigating, and operating and maintaining to be very interesting steps because they allow you to learn new skills each time, making the whole process intriguing and leaving no room for boredom. Furthermore, they are also essential steps to overcome cyberattacks and prevent threats. That being said, I believe that thelast three steps are also important, but, in my opinion, they’re less complex and ask for fewer skills.