Cybersecurity 201S
This is where I will be posting work I have done in my CYSE 201S class.
Journal entries
Week 1 Journal Entry
In the NICE workforce framework, things like cyber defense analysis appeal to me the most since cyber security is what I’m mainly studying. In cyber defense analysis, your job is to protect information among networks and report or prevent events that may occur. Another one that interests me is incident response with its main goal to respond to urgent situations to decrease their severity. Another field in the NICE framer work is cyber forensics which plays a heavy role in criminology and cyber security. In digital forensics, your main goal is to solve crime whether it such as fraud or theft.
Week 2 Journal Entry (Explain how the principles of science relate to cybersecurity.)
Social sciences are the study of human behavior and how they react to one another in a society. Cybersecurity ties into social science because it can be used to justify, explain, or help understand how people behave in cyberspace. Social sciences can include relativism, parsimony, and determinism. Cyber security has a way of relating to all of these sciences mainly because they include humans and why they do things given certain tools and other factors. Relativism means that everything is related to something. This means that cybersecurity is related and influenced by certain aspects such as the economy, advancements in technology, and the creation of cyberspace. Parsimony is the social science of keeping explanations simple such as things falling down because of gravity. This can relate to cyber security because it can be used as a way to teach others about how to protect themselves from online threats such as not clicking on links from emails you don’t know because you can negatively impact your computer. Determinism means that everything happens due to past actions and this relates to cybersecurity because someone may commit crimes such as hacking due to their environment, interest in computers, or other factors.
Week 3 Journal entry
Privacyrights.org is a website that specializes in data breaches across the country. They provide reports on recent data breaches and provide overviews of laws that can help someone understand what rights they have when it comes to privacy. Because the website provides information on data breaches, this can provide useful information to researchers who want to closely examine any certain trends or types of data breaches in the country. For example, if someone is a researcher for a specific company and wants to know more about what type of breaches happen, they can use this information to better understand and prepare themselves for the off chance that they might become the victim of a data breach.
Week 4 Journal Entry
Maslow’s Hierarchy of Needs is a chart shaped like a triangle consisting of multiple layers that get more and more advanced the higher you go up. On the base, it starts as a basic set of needs being food, shelter, water, and clothing. As the chart progresses, the needs become less physical and more psychological in the sense of having friends, and relationships, and wanting to improve oneself. This chart can also be applied to technology by using the chart in relation to your needs but instead of what you need to survive, it’s what you need to use technology. At the base physical needs, things like smartphones, computers, and electricity can be put there to act as physical things you need in order to use technology. Safety needs can be virus protection or training on how to properly deal with emails or other influences telling you to visit links you’re uncertain of. Love and belonging can relate to online communities you find through hobbies, interests, or location. Esteem can relate to the freedom you have with technology and being able to create or do whatever you want with it. Self-actualization can relate to wanting to use technology to its fullest potential and wanting to invent something new that can push technology forward.
Week 5 Journal Entry
1. (For Money): This seems like an obvious motive for why someone would want to commit a crime since it usually yields the most results. Recently in America, the eastern gas pipeline got shut down by hackers, and were holding it closed until their ransom was met.
2. (Political): Politicians are very powerful people and for me, it doesn’t seem far-fetched to hire someone or for someone to willingly hack into something to sabotage their competitors.
3. (Revenge): Someone committing a cyber crime out of revenge seems very likely whether it be identity theft, leaking private information, or cyberbullying.
4. (recognition): Sometimes people commit crimes just to get their name out there or have people talk about them while also gaining a massive amount of influence over others.
5. (multiple reasons): These reasons could mean anything from watching a movie and wanting to imitate it in real life or something traumatic happening to you. However, I don’t think someone is learning how to hack into computers just because they grew up a certain way or they saw a form of media.
6. (entertainment): This seems very unlikely to happen but it can still be a possibility. It just seems weird to me that someone would risk jail time or fines just for fun.
7. (Boredom): This in my opinion is the least likely way for someone to commit a cybercrime since there are better ways to relieve boredom than to do something as risky as committing a crime.
Week 6
Phishing is a type of cybercrime that consists of someone trying to get another person to click on a link or obtain private information by tricking them. The most basic phishing attack comes from emails and they consist of someone trying to paint themselves as a company emailing you about a special offer or security violation. Once the email is clicked on it may ask you to sign in with your account credentials causing you to give up your account. You can tell the difference between a phishing account to a real one by going to the company’s website and confirming you’re responding to the correct email account.
Week 8
Forms of hacking can be seen in movies, TV shows, and video games. While some are realistic depictions of what one would do if they wanted to force their way into someone’s device, others could trade realism for looking cool or sounding appealing. To start, hacking isn’t an easy task to do that just requires you to type a few words on your computer. It requires information about the device that you are trying to hack into and even certain aspects you need to be physically near the hardware in order for it to work. A good example of hacking shown in the video would be the spear phishing example as it shows how someone could find information about you online and use it against you like creating an email that is tempting for someone to click on. The media can influence our idea of hacking by making it look like it’s something cool and easy to do but in reality, it’s difficult and takes a lot of knowledge in computer to understand how to do it consistently.
Week 9
For the social media disorder scale, I answered no to every question asked. I do have social media but I feel like I don’t rely on it or overshare. I don’t share anything about my life or even post anything on social media, to begin with. What I mainly do is open it up for a few minutes to look at anything new, and then close it. I feel like the scale is a good way to see how much of a reliance someone has on social media and whether or not they need to make a change with how much they use it or to cut it out of their lives entirely.
Week 10
The article is about social cybersecurity and is said to be a subdomain in national security. It covers how it aims to decipher how people change due to social technologies. These changes include behavioral, social, cultural, and political. The main difference between social cybersecurity and technical cybersecurity is what type of hacking people do with it. With technical cybersecurity, people normally hack technology but in the context of social cyber security people try to hack each other. This means that the person hacking other people can use it to turn people against each other or persuade them to do a certain action. I like this study since in this day and age of social media, misinformation can be used to weaponize people’s opinions and actions against others.
Week 11
During the video, she explains what a cyber security analyst is supposed to do. Their job is to be the first line of defense when it comes to technology. They watch over networks and respond to irregular activities in order to prevent attacks. Since the job is about preventing attacks, it means that they are actively defending others from hackers. When it comes to social sciences, hackers have several different motives when it comes to why they chose to do it in the first place. Depending on their motives whether they want to do it to gain money, information, or cause damage, it can affect the type of crime they commit thus making each job for the analyst different. Their job can vary from defending companies or the average person who calls into the office.
Week 12
This article relates to social science theories such as social exchange theory and structural strain theory. I say this because hackers attacked this company stealing the personal information of many customers which mainly include credit card numbers. This relates to social exchange and structural strain theory because hackers do this to gain the most benefit from a crime and most of the hackers who commit crimes for money, probably wouldn’t have done it if their needs were met. An economic theory that can be applied to this article is strain theory which relates to criminals committing crimes because of their standing when it comes to money.
The article goes over that they found a solution to penetration testing that is also cost-effective and benefits all parties involved. The company did this by putting out bounties for finding out about any vulnerabilities in their system in exchange for money. This benefits both the company and the penetration tester since one gets paid and the other gets detailed stats about what vulnerabilities lie in their system and how to fix them. In my opinion, this is an effective way of cost/benefit analysis since the company would usually have to hire penetration testers which would be more expensive than just having a bunch of hackers do it for a smaller sum of money.
Week 13
In the article, it goes through a list of commonly broken laws by people who use devices. The ones I think are the most important are using unofficial streaming services, sharing passwords of others, faking your identity, collecting info about children, and cyberbullying. Using unofficial streaming services and sharing passwords of others are both acts of stealing which are usually very illegal crimes. Collecting info about children is also a crime that’s broken and shouldn’t be overlooked since in most cases, children aren’t even allowed to have access to social media accounts so spreading their information can be seen as a form of doxing/stalking. Faking your identity online is a crime of fraud and can even be used after identity theft. Lastly, the crime of cyberbullying can be seen as a form of harassment that can have an effect on others in the real world.
Article Reviews
Article Review #1 Cyber Bullying
The name of the article I am reviewing is called, Cyberbullying: Its Social and Psychological Harms Among Scholars. This topic relates to social science because bullying is a repeated behavior that is intended to cause harm to another human. Bullying is linked to social sciences because there’s a motive as to why people do it and social science is all about finding out why people do certain actions and how they interact with others. The motive can consist of how they grew up in a household, what they’ve experienced from their parents or outside sources, or they just do it for their own amusement. The article briefly touches on the study of bullying before going into the definition of cyberbullying. Cyberbullying is the act of intentionally aggressive behavior over the use of technology. A type of research method they used was surveys and they found different definitions of bullying between Health Behaviors of School-Aged Children (HBSC), The Youth Risk Behavior Survey (YRBS), and the School Crime Supplement (SGS). The HBSC states that bullying is when one or two more students do unpleasant actions towards another while the YRBS states that bullying is repeated negative actions like teasing but it’s not bullying when the students are of the same age, height, or grade. Later in the article, Swedish research begins to answer why people tend to experience bullying. They took into account whether someone was experiencing external issues or internal issues as that could have an impact on whether someone experiences bullying or not. They came to find out adolescent students tend to show higher levels of internalized health problems. The data came from the NCVS and they retrieved this data by going house to house and interviewing students from the age range of 12 to 18. They concluded that cyberbullying rates increase through the years as more people get a handle on technology. The power points that we’ve seen in class relate to this since cyberbullying can be seen as a cybercrime and with cybercrime there are motives and reasons why people interact with each other in certain environments. This study contributes to society by explaining bullying and cyberbullying and how some students are more likely to experience it than others.
Sites: https://vc.bridgew.edu/ijcic/vol4/iss1/3/
Article Review #2
About The Article:
This article is about how certain security measures should be taken when it comes to companies that employ several employees. When it comes to these security measures, factors that should be taken into consideration include individuals, procedures, and technologies. It then states the best way to keep security measures intact is to apply “robust access controls”(Open Acess) in order to prevent the loss of sensitive data. This then leads to other security measures such as security cameras, intrusion detection software, and event management. This relates to social sciences (mainly sociology) since some of the security measures focus on the employee and how well they cooperate with the company when it comes to having access to files, passwords, and data. When trusting individuals with classified personal property, we need to look for the most efficient way to make sure they are well-equipped to handle it and how they will interact with others with that information (will they keep it to themselves like they were told, or will they leak information to others).
Hypothesis/ Research Method
The main hypothesis of this article is that security training among employees should decrease the risk of a company while not informing employees or having them lack computer literacy could raise the risk of having the company fall into a cyber attack. The research was done by observing companies that implemented training for their employees which in turn, provided the employees with more confidence, making them less afraid to ask for questions or help, and provided the company with a higher level of security. Another research method was a questionnaire given to 246 employees in different companies in Saudi Arabia.
Relations:
This article reminds me of readings and videos we’ve done on the human factor of cybersecurity and the human firewall. During those studies, we learned that sometimes virus protection and digital firewalls might not be enough to protect users from cybercrime. What we need to focus more time on, is the human factor of cybersecurity like teaching people how to identify phishing scams, how to avoid malware, and appropriate ways to handle important data from companies. This article relates to all of this since the article focuses on building a strong security foundation by educating employees on cybersecurity and making sure they’re confident when it comes to avoiding victimization.
Conclusion:
This article is helpful to society because it puts emphasis on teaching people the importance of cybersecurity and how it can positively affect a company’s workplace. I always appreciate studies like this since digital protections can only carry us so far and we should focus more on whether people know how to identify and avoid putting themselves in harm’s way of cybercrime.
Career Paper
Carrer Paper
Introduction:
When it comes to cybersecurity, there are a multitude of careers that focus on different aspects of cybersecurity. Each career usually has a strong link with social sciences since the main point of cyber security is to prevent cybercrime, and crime is something that is studied under sociology since it studies how people interact with each other in a community and why they do certain things. The one that I’m going to mainly focus on is Information Security Analysis since I feel like the field of cybersecurity has a lot that can go hand and hand with social science.
Information Security Analysis:
Firstly what is the purpose of Information Security Analysis? The main purpose of Information Security Analysis is to protect companies or others from cyber attacks. These people are usually on the front line when it comes to cyber security and monitor devices looking for anything that may seem abnormal. They install protective software like firewalls and antivirus on computers, while also responding to people who become the victim of a cyber attack. The qualifications for the job usually include a bachelor’s degree in computer science, and certifications such as security+, CySA+, ethical hacking, and Risk and Information Systems Control. As with any other cybersecurity field, it has close ties with social sciences, but with Information Security Analysts, I feel like they have the most to do with it due to them being the front line of cybersecurity.
Cyber security and social sciences:
Social science has a great emphasis on Information Security analyses because they deal with hackers head-on, and with hackers, comes motives. When I talk about these motives, I will mainly talk about them from a psychological and sociological perspective. Psychology and sociology both cover human behaviors and reasons for what they do but in different ways. Sociology is about the way people interact and react to different social situations while psychology focuses on the motive from only one person’s point of view. One motive that can be applied to hackers that are attached to the psychology part of social sciences is determinism. Determinism means that actions that someone causes are usually related to an experience they had. This can be applied to hackers since past experiences such as trauma or imitation can motivate them to commit cybercrime in the future. When it comes to the Information Security Analysts who need to prevent these crimes, they need to consider the motivations of hackers and the current state of the world around them as those factors could affect what attack happens. A factor that can happen in today’s world could be a political factor due to upcoming elections. A hacker could perform a DDOS attack on an opponent they want to sabotage or purposefully spread misinformation to provoke people to vote for their candidate. Another social factor could be money since in today’s age, countless people find themselves in low-income communities living paycheck to paycheck. This may provoke a hacker to hold websites or people’s devices for ransom. Even though it may not seem like it, all of these reasons directly affect Information Security analysts since they directly deal with cybercrime and must consider the movies of hackers.
Conclusion:
In conclusion, Information Security Analysts have a link to social sciences just like all other careers in cybersecurity. Since Information Security Analysts deal with hackers head-on, they need to consider their motivations and the state of the world around them in order to prevent cyberattacks. Information Security Analysts need to watch out for those who are in marginalized communities (people in poverty) or those who want to use cybercrime for their own personal gain.
Sources: