Journal Entries 1-13

Posted by clamb009 on

Curtis Lambert

Entry #1

            To be one hundred percent honest, as a Marine Biology major, my main motivation for taking this course was to receive a credit. Growing up in Norfolk I have always been drawn to the many forms of life that the rivers, bay and ocean had to display, so I gravitated toward absorbing knowledge about these organisms and oceanography. This, however, does not translate to a disinterest in Cybersecurity. From the beginning of the modules, I can tell that I will enjoy learning the contents of this course. This, in my opinion, is much more fulfilling than receiving a credit will ever be. I was born in 1998, so like most members of my generation, I spend perhaps too much time on electronic devices. Most of them are capable of connecting to the internet. I play games, watch movies, work, attend school, talk to loved ones, manage my finances and do many more important things on computers. I believe that I enjoy learning about the different technologies and aspects of Cybersecurity because computers are so integrated into my everyday life, I just had never made any significant steps towards studying Cybersecurity before. I will admit that my prior information on Cybersecurity is greatly limited. The extent of my knowledge on Cybersecurity technologies are VPNs and private browsers, but as I stated, I am enthusiastic about learning more. Learning about frameworks was especially engaging because it opened me up to part of the legislation behind Cybersecurity. It also introduced me to important concepts like the role that frameworks play in risk assessment and how they are important to the reliable functioning of critical infrastructure, which I had never considered before. Even though my initial motivation for attending this course was to receive a credit, I can say that it has definitely evolved into a point of intrigue. I was always going to give this course one hundred percent of my effort because that is just who I am, but I am certainly glad to discover that I will now have a genuine curiosity to drive my work in this class.

Entry #2

            In the digital age, or the “Age of Information” Industries and individuals have intertwined both their personal and business lives with technology and cyberspace. Since professionals in the line of Cybersecurity work closely with devices that connect to the internet regularly, it can be expected that the field relates to other professions and practices. Political & Legal Studies, like Criminal Justice, have lent a wealth of knowledge to investigators of cybercrimes. There are many theories about intent and crime established outside the realm of cyberspace. It was just a matter of time after the invention and adoption of the modern computer in households all over the world, that those theories would needed to be applied to criminals who have taken to the internet to commit their crimes. Crimes like Stalking, Harassment, Theft, Fraud and corporate espionage are just the tip of the iceberg that is cybercrime. Through this defining value of preventing cybercrime, the involvement of many other professions with Cybersecurity is apparent. Art Historians rely on online databases to view many artifacts and ancient writings that they would otherwise have to traverse the globe and get special clearance to see in person. Someone must ensure the security and maintenance of the online databases that hold so much valuable history. Banks often conduct much of their business electronically, their websites and apps, as well as their entire presence in cyberspace, needs a specialist to ensure their customers safety while banking. Engineers often store blueprints electronically; a cybersecurity expert would be best fit for the job to ensure that the engineer’s online assets are protected by a successfully implemented Cybersecurity framework. Any corporation with an online presence, and little focus on cybersecurity, will be sorely lacking an expert’s advice and aid in the event of a security breech. It becomes apparent that Cybersecurity has become an integral part of many practices.

Entry #3

            Before electronic and digital storage, physical space defined the type and quantity of information one could gather then store. Film and Photographs take up physical space, so do paper documents. With the implementation of electronic storage technology, the amount of space required to store and maintain information increase more and more. While having access to digital and online storage has revolutionized the way we conduct business and carry out our lives, it also allows companies and individuals to easily store information about individuals on a massive scale. This is great for tasks such as logging employees and keeping track of personal statistics, unfortunately it also gives individuals another aspect of their personal lives to consider. Information that is online can ideally be accessed only with proper user authorization but cyberattacks that aim to steal data that can be obtain online do occur. One must consider that personal information, no matter how sensitive, may be accessed by others online. With this in mind, there are many ethical matters that arise when dealing with storing electronic information about individuals. Medical Records of almost everyone (at least in the U.S.) are currently documented electronically and some can be accessed online. Many people consider medical information personal, at the very least, they would like some degree of control over the flow of that information. If these documents can be accessed in the event of a cyberattack, then the confidentiality barrier is destroyed. The same can be said about court proceedings that are often documented electronically and can actually be accessed online legally in some cases. If someone can gain enough information about an individual, they could potentially assume their identity, especially online where most interactions are not face to face. One could also see that information online can tend to last longer than a physical counterpart. Electronic storage that is detached from the web lasts moderately long yes, but many find that information can exist a very long time if dispersed to the internet. This adds another aspect to list of ethical issues.

Entry #4

            Cybersecurity serves to fill the need of providing safer and more reliable interactions involving cyberspace. This fact highlights a key feature of cybersecurity, which is that it exists in an evolving relationship with cybersecurity risks. What the risks may be depends on many factors. The type of technology and the nature of information are among many things that play a role in determining the kind of cybercrime that will be of highest risk. When examining this dynamic on a large scale, one must account for the kind of cybersecurity needs that different nations will need to prioritize. The citizens of each Country are subjected to the laws of that nation, as well as the culture and economy. Nations differ vastly in many aspects, so it should be of no surprise that some cybercrime is more prevalent in certain nations than others. One major factor that usually comes to mind first, is the availability of access to the internet by the average citizen. Obviously, one should expect that a country with generally little internet access will have different levels and natures of cybercrime as a country with strong a cyberspace infrastructure and userbase. The nature of crime is especially varied among the different countries across the globe. Take for example the practice of pirating online data. Pirating is essentially stealing online data such as software and entertainment media (songs, videos). The severity of piracy, while not victimless, is relatively low compared to other cybercrimes. Wealthy consumer-based nations, like the Untied States and Japan, tend to have a high rate of piracy due to these factors. They also host a generally wealthier population, leading to them being targets of cybercrime for direct financial gain. It also helps that a lot of people have access to the internet in wealthy countries, giving rise to more opportunity for cybercrime all together. Countries that are less economically developed have fewer people connected to cyberspace, but it would also mean that the ones who are accessing the internet in those countries are more incentivized to obtain money with their access. Countries like Nigeria see a relatively high rate of fraud and scams for this reason. While elementary in nature, the frauds have robbed people out of money and occasionally do work, further incentivizing criminals and perpetuating cybercrime where it does happen to occur.

Entry #5

            Legal ways to make money in cybersecurity are listed out in the following word:

Creating security software, like a firewall program, and selling your product.

YouTube and other media platforms like Netflix need experts to maintain safe online operations.

Bring knowledge to the table, having a good grasp of the practice will increase one’s value.

Entrepreneurial practices, like marketing security hardware and software.

Recover data or information that has been lost by corporations or government.

Security of physical technology, guarding server sites and other protective hardware.

Educating others on cybersecurity practices, becoming a teacher or Professor.

Concern oneself in cybersecurity policy and being active in politics.

Uncover data that is hard to obtain, utilizing cybersecurity info to aid intelligence agencies.

Research. Paid research into cybercrime is done and often needs credible experts to aid.

Industries often have automated processes, the functions of which needs to be safeguarded.

Testing cybersecurity system for companies like Microsoft and Apple to make them stronger.

Yield a profit by upgrading and maintaining security of online vendor platforms like eBay.

Entry #6

            While cyber technology has eased the workflow for citizens around the globe, implementing them at the workplace has created a space for cybercrime to exist. The same computer that allows an employee to carry out their daily work could also be an access point for a malware attack. The same external storage device used to hold company documents can be taken out of the workplace and uploaded to another device within minutes. Emails sent between companies and coworkers can have harmful files attached or can be part of a phishing scheme to pry valuable data out of company personnel. Many corporations give some form of company identification to authorize and sometimes to keep track of their employee’s online work. Identification authorization methods include cards/badges, a login username with password and biometrics like fingerprint confirmation. Companies will often employ a mix of these strategies, even so, unauthorized access scenarios have occurred in the workplace. This raises a particularly alarming issue, being that behind a computer a user can potentially act as another to gain access to sensitive information or to carry out sabotage. Stealing company information could not be possible like this if it weren’t for one major contributing factor. The factor is that data that was once stored in literal filling cabinets are now being stored in digital databases. One does not even need to be anywhere close to the company’s physical building location to try and tap into their online databases or systems. This can be done from a remote location, making it more convenient to commit the crime while making the perpetrator harder to detect and neutralize. In the digital age of today, it is important to reinforce good cybersecurity practices in the workplace and to implement a relevant and reliable cybersecurity framework. Doing so could deter employees and hostile entities from breeching security measures.

Entry #7

            Businesses in the modern era practically must conduct some of their operations through online activities in order to stay competitive and up to date. This means that it is almost guaranteed that a business should have some sort of plan put in place relating to the security of their online assets and dealings. The benefits of doing so usually far outweigh the potential consequences of a security breech. Costs of the cybersecurity system as a whole will vary with the protection needs of different businesses. For example, a museum may have an extensive network of online databases to store digitalized data about artifacts. It would make sense for a business like that to spend resources into a strong and reliable firewall to protect the databases from unauthorized access, since it’s main presence in cyberspace exists as databases. A business that conducts meetings through the internet would need to sink some of their resources in security and integrity of the online communication, to ensure that no one can listen in on business proceedings. The benefits of implementing a strong cybersecurity framework are usually quite apparent. Hostile entities will be less inclined to launch attacks on a well secured system. Even if they decide to launch a cyberattack, a strong cybersecurity network will ideally minimize the risk of loosing valuable data. If valuable business information is actually compromised, a competent cybersecurity plan will have at least some guidelines to recovering lost data and restoring damaged systems. Even if a business will never use their security measure (which is unlikely), it still serves as a vital deterrent for interested cybercriminals. In this way strong cybersecurity practices in businesses can be seen like an insurance that not only actively protects the insured with the security implementations, but also deters would be hackers from launching attacks in the first place.  

Entry #8

            Computers play a part in the daily lives of many people around the world, and as access to technology and the internet spreads, the number of people that computers will affect increases likewise. It should stand to reason that technology, which is interacted with daily should be reasonably safe, one should be familiar with the ways that they can better protect their computer from cyberthreats. While you can never protect against one hundred percent of cyberthreats all the time, there are still many things that can be done to ensure that a computer is operating in a safe manner. One of the most basic and accessible protections one can obtain for their computer’s safety is an antivirus software. The software should be from a credible developer with a considerable degree of effectiveness. A quality antivirus software protects against common types of computer malware that are prevalent on the web and can also scan the computer system for existing malware. To protect against incoming packets of information that may contain malicious code, a firewall of some sort is best suited for that job. Firewalls scan and filter the flow of information packets that are being sent to the computer system. The parameters of a firewall’s filters can vary to fit one’s preferences or specific security concerns. Firewalls can be hardware based; they can also exist as just software, giving interested users further variety when selecting their cybersecurity measures. Practicing simple, positive cybersecurity habits in day-to-day life is often a key aspect of keeping one’s computer safe that is overlooked. This includes habits like making strong passwords that cannot easily be guessed or cracked by an algorithm. Another habit is being mindful of the computer’s physical location and condition. Keeping the computer in a safe location and locking the computer screen while one is away from the monitor can prevent others from acting on your computer.

Entry#9

            The digital age is practically defined by the vast amount of information that is available to anyone with access to the internet. Computers have caused many effects across the nations of the world, some of them extremely beneficial, some of them potently harmful, and some of them are a combination of both. The most apparent effect of computers and the internet is the rapid communication between individuals who are thousands of miles apart. There are two sides to this coin, one good and one bad. The positive outcome of this has been the swift spread of academic information, like medical knowledge, as well as the spread of innovative ideas. The negative effect is very closely related. Ideas that promote violence, anarchy and similarly harmful things can also be spread quite quickly through the internet. On a more positive note, humanity can use computers to run simulations in a program, something that would take forever if not be impossible to do if one calculated all variables by hand. Simulations are run for insights into topics of interest by the simulation runners, usually done in scientific pursuit. Another positive aspect of computers is that they save space due to being able to store documents and media digitally. Paper files, film reels and photographs all take up physical space and are more sensitive to damage then properly stored digital files. As for more negative aspects of computers, simple computing devices can be fitted onto bombs, essentially weaponizing the computer. This is done to give the explosive a timer or provide an electric spark to ignite the combustible material. Something that happens quite often is cyberattacks, a very prevalent negative outcome of computers. Since some valuable data exists in digital form, there are hostile entities who aim to steal this information from the rightful holders without proper access.

Entry#10

            The field of engineering is vast and there are a lot of nuances to be found within it. Inside this broad profession, there exists an interdisciplinary field called systems engineering. A systems engineer will have the skillset required to design complex systems. They will have the knowledge to identify the pieces needed to make the system functional and efficient and implement them into the whole. That is where cybersecurity crosses over into the interdisciplinary field. When engaging in cybersecurity activities one will often find themselves needing to implement some feature into technology, it may require an entire system of security measure to properly be secured. A security systems engineer would be an expert in designing security measures in a complex system. In some processes, like those found in fully automated assembly lines, a computer system is keeping track of all the data of the other subsystems and the network of interconnectivity can become extensive. To not be overwhelmed by this reality a studied expert, in this case a security systems engineer, could propose the proper security measures that the systems need to function properly while being protected from threats. They would be able to identify how to secure each part of the interconnected systems and then implement them into those systems. Having a secure system is valuable for all technologies that are vulnerable to cyberthreats, but systems that are large and complex tend to be especially important to secure because they have so many parts serving different functions. One can see that by identifying security needs, providing parts for that need, and correctly implementing the addition, Security System engineers could provide valuable and skilled labor to the field of cybersecurity. The overall effect it would have would be hard to pinpoint, but it would most definitely make cyber networks safer.

Entry#11

            Criminal Justice deals with why crimes are committed, and the actions taken to prevent further crime from occurring. Since the widespread adoption of the computer into many households worldwide, crime has been conducted and persists online. Often in cybersecurity, one is working with features of technology designed to prevent the success of cybercriminals. By learning key theories in criminal justice and applying them to the cybercrime world, cybersecurity experts and Criminal Justice experts can work alongside one another to prevent the occurrence of crime. Criminal Justice often deals with sociology, questioning why people commit crimes against other individuals in society. It also involves philosophy, by questioning human nature to better understand motive to commit crime. Most theories aim to decrease the occurrence of crime by understanding key aspect of how crime arises in the first place. Without going on a tangent about the nature of these theories, I will say that they could all be beneficial to apply to cybercrime. Many crimes committed online are not unique to cyberspace, stalking, harassment, theft, fraud and corporate espionage. Since theories already exist about the nature of these crimes and the offenders of them, it is convenient and helpful to apply them to cybersecurity while noticing the differences. For instance, a large difference between crime and cybercrime is face to face communication does not usually occur in cybercrime. In math, it is often helpful to see where mathematic principles break down when altering the variables or parameters, the idea between Criminal Justice theories and cybercrime is very similar. By seeing where they don’t show similarities, we can assign the different patterns that separate crime from cybercrime. Further distinction of what cybercrime entails can help cybersecurity experts to better protect against it. Cybersecurity experts then can make security systems in other lines of work like engineering safer as a result.

Entry#12

            Criminals in the present era can now reach more potential victims of their crimes than any other time in human history. The reason for this is the prevalence of technological devices capable of connecting to the internet. The internet is hard to censor, and it reaches across the entire globe. For the first time in human history, someone sitting on their living room couch in India can scam someone doing office work in Canada for financial gain, all with neither party leaving their home country. This is certainly one way that the internet and computers have changed the dynamic between the offender and the victim. Offenders now have access to a much larger victim pool if they choose to conduct their criminal activity online. Examining this fact, another interesting revelation can be made about the nature of offender and victim involving cybercrime. If someone decides to scam someone by email, maybe pretending to be some other entity that promises financial investment to unsuspecting victims, the crime can be carried out to the point where the offender has the desired resource then all communication with the victim can be terminated. In the entire interaction, the offender of the cybercrime and the victim of the cybercrime never had to face on another in person, or even in video. Communication can consist solely of written messages to one another. When the offender doesn’t have to actually face their victim, it depersonalizes them form the act they committed to some extent. This is because the offender of the cybercrime does not see the damage that they caused to the victim, they could assume that the damage was minimal or that whoever was scammed deserved it. It would be easy for some actors of cybercrimes to see all of their crimes as victimless because they don’t see the immediate repercussions of their harmful actions in the real world. This in addition to the fact that the offender has proven this crime a successful one, they are likely to repeat it due to the perceived one-sided nature of their acquisition. In crimes such as harassment, technology and computers have made contacting someone and getting their attention extremely easy and available. This is of course problematic considering computers are an integral part of most people’s daily routine.

Entry#13

            Developing cyber-policy and infrastructure is an essential aspect of cybersecurity that is key to the implementation and maintenance of effective cybersecurity systems. The reach of predictive knowledge is considerably short. This leads to some important factors to take into account when considering the methods of developing infrastructure and policy retaining to cybersecurity. Predictive knowledge cannot be reliably used to develop policy because it too short-sighted to properly address the security needs that make up a well secured system. It would be an ineffective decision to address the cybersecurity needs of systems based off of what is likely to happen because, as discussed, the knowledge to predict this does not extend far enough to secure the safety of the system for a long duration of time. Another approach would likely be much more helpful when developing and implementing policy and infrastructure in cybersecurity. It could be much more beneficial to keep in mind what threats can occur and prepare to respond to the threats that are possible. When approaching cyber-policy and infrastructure this way, all possibilities are taken into account and adequately assessed and prepared for. While developing each, focus on what to do after a cyberattack has occurred. Make note of procedure relating to how the damage can be mitigated, how lost data can be recovered, and how to further protect against the threat and decrease the possibility of another successful attack. The goal should be that just as much effort is put into preventing the possible threats as the effort put into responding to the possible threats. If too much importance is placed on preventing the threat than the response and recovery in the wake of a successful cyberattack will suffer. If too much importance is placed on responding to the threat and recovering lost data, one may unnecessarily respond to a threat after it happens when it could have been avoided.

Leave a Reply

Your email address will not be published. Required fields are marked *