CYSE201 | cybercsteph

Journal Entries

Explain how the principles of social science relate to cybersecurity

Cybersecurity is a part of social science. It is an applied science where it is a subset of computer science, with its own specialized field of study. People in the field often apply known facts and scientific discoveries to create useful applications, often in the form of technology. It is a computational social science with a large foot in the area of applied research. Other forms of science include natural science (e.g., biology), and formal science (e.g., statistics). Cybersecurity is a broad category, covering the technology and practices used to protect humans, networks, software, and informational data from harm. People throughout industry, academia, and government all use formal and informal science to create and expand cybersecurity knowledge. As a discipline, the field of cybersecurity requires authentic knowledge to explore and reason about the “how and why” we build or deploy security controls.

The principles of science relate to Cybersecurity in the same ways than any other form of science does. They all must adhere to the same principles. These principles include; relativism, skepticism, determinism, ethical neutrality, objectivity, parsimony. Relativism is where we develop knowledge to understand that all things are related like a domino effect. We understand that an extensive output and release of carbon dioxide and toxic waste into the land and air has caused us to experience global warming. Like nature, cybersecurity is no different. With technology advancing at an alarming rate (self-driving cars, smart tvs/speakers, robots,) there has been a rise in cybercrime. With our world shifting from a more physical to digital world there has been a need for newer systems, systwares, protocols, and frameworks. Cybersecurity is now needed in all systems that we use today like government, healthcare, education, etc. The more humans use technology to store their information and complete work then there will be a need in cybersecurity/upkeep of security involving their technology.

Determinism is another key principle of science that some believe in and others do not. This is where we argue if proceeding events determine the type of decisions and path you will take. Social scientists are in the middle with this principle, because both points of views have some truth. At the end of the day, humans make every decision they make. Some people have stories to tell about coming from a hard upbringing and overcoming their obstacles. Others have stories where they have fallen victim to the events and actions they have encountered during their life. I feel like not everyone will blame their past or be able to fight their circumstances to where they break free. Both are understandable and possible scenarios. Dealing with cybersecurity, we have to answer questions like who, why, and what would a hacker do? The answers could be that a person is hacking for political reasons and helping their country fight their enemy, or it could be a person that is greedy and wants attention for their bad actions. Either scenario is possible, and I am sure if you ask the person on the other side why they are doing what they are doing they will believe they are right. I feel like this is an eye for an eye, or something scientists will never agree on because it just depends on your point of view.

Scientists also must follow the protocols of ethical neutrality. It is important for them to stay neutral so the data that they collect is unbiased and correct. They must protect the rights of individuals they study, and be willing to objectively study topics. Cybersecurity scientists have a huge role in adhering to this principle. A ton of questions have been answered, and a ton have not still. Using this principle, scientists can look through a different lens to understand and gain knowledge that is very reliable to society. For example, Facebook has gathered a ton of data on its users and faced a lawsuit about selling user data without their consent. Scientists can research them and other companies to figure out why and how they were selling data. It is very unsafe and unlawful that Facebook sold data, again another company solely focused on profit, and not protecting their consumers information. A huge aspect of cybersecurity is protecting consumers and users data!

Parsimony is another principle that social scientists study in order to create answers and gain knowledge that will simply help. Parsimony simply means finding the simple answers to questions. This is harder on individuals who study cybersecurity, because they are most likely studying human behaviors or network/software/coding programs. If they are studying human behaviors, and the actions of someone that has caused the need for cybersecurity may be difficult. Everyone has their own reasoning for the decisions they make, but we could study that individual and other cases to see if there is a pattern in their actions or background.

Objectivity is another huge principle that social scientists deal with when they are researching topics and discussing issues. Science is not always about the answer to this problem that will never change, but the way of advancing knowledge. Like knowledge, our technology is advancing at a constant pace. Every year there is a new device that beats the previous model whether it is equipped with newer or more technology to enhance it. It is hard for somebody to study a topic without being objective and biased, because we are humans first. We all have core beliefs and values. Scientist may need to study topics about offenders punishing offenders for using the internet to commit crimes regarding sex, fruad, hacking, etc. Scientists are human like the rest of us, and all hold opinions; but it is important for them to thoroughly research and gain as much information as possible in order to produce an answer that will help society. They have to be able to put their opinions aside to conduct research that they probably already have seen in the news, and felt a distinct way about it.

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?

Cybersecurity is a new field, with a broad range of roles that a person can go into. Whether an individual decides to be an ethical hacker or cybersecurity analyst they still should follow these principles in order to efficiently do their job.

Researchers can use the information provided to get a better understanding on breaches. A data breach is a security violating in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an authorized individual. It could be a result from hacking, stolen credit/debit cards, lost or stolen documents, or mishandled sensitive information. Privacy.org allows users to shar their stories which in turn could give consumers more insight and knowledge about their privacy. This website provides reports and advocacy discussing data breaches. The most recent report on data breaches that was uploaded on the website is titled, “Data Breach Notification in the United States and Territories”. This report compares each state’s data breach notification statue along key provisions like form of data covered, what entities are covered by the state, whether notifications triggers after discovery or reasonable investigation, if there is a risk of harm trigger for notifications, what must be included in the notice, what type of notification etc. All of the states do not have the same law when it comes to data breaches. This forum answers a lot of questions that users across the United Stats would want to know about. They also list all the fifty states and included the state’s law about data breaches. A consumer can read over this forum and become more knowledge about how their state reacts to data breaches. They can further deicide if they agree with the laws in places, possibly affecting their decision to reside in the state.

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Abraham Maslow’s hierarchy of suggest that all humans have needs that exist on a hierarchy. The hierarchy he believes exist is made of up five calibers that starts with physiological needs at the bottom. The next pillar up is safety needs. Both physiological and safety needs will be anything we can describe as our basic needs like food, water, safety, security, and rest. The middle of the period is the belongings and love need with esteem needs sitting at the second to first pillar. They both can be categorized as our psychological needs. This could be anything from intimate relationships and friends to prestige and the feeling of accomplishment. At the top of pyramid, lies self-actualization, achieving one’s full potential. The theory states that when our lower -level needs are met, we begin to focus on meeting our upper-level needs. Central to this belief is that our behavior is determined by our needs, which can obviously change over time. Maslow’s theory also states that every individual strives for self-actualization, but only a few meet that need. These needs provided by Maslow can relate to experiences with technology. Starting at the bottom, physiological and safety needs can be improved with the use of technology regarding surveillance and access to resources. With the advancement of technology, we can watch our homes from miles away. For example, a lot of consumers use Ring Cameras to monitor their homes. Ring Cameras allow you to monitor and record your homes for suspicious activity or every time you encounter a guest. This security feature is very helpful because you can connect your Ring Camera to an app which allow you to view the camera from any place, talk through the camera, and record footage. Moreover, we can use technology to shift from grocery stores to e-commerce. This way of living promotes a more convenient, less-expensive pivot to do things. Most grocery stores have adopted self-checkout and the use of merchant services over the last few years. Using in store technology to improve customer experience and reset cost is the smart to go following the pandemic plus advancement of technology. Not only has technology helped us in grocery stores, but it also has made things like shopping and dining easier and more convenient. All you have to do is open your phone and either start an app or login to a website to have anything mailed or delivered right to your doorstop. Moreover, technology has also help with love need and esteem needs. I have a boyfriend, of four years, and we met through Instagram, he attended Old Dominion University, however he sent me a direct message one day to talk to me and we kicked it off from there. Technology has been the reason why many couples can say they are married, in a relationship, found a family member etc. There are hundreds of websites and apps that we can access on our mobile devices or computers in order to connect with people. Technology also has given individuals the platform to showcase their accomplishments to the world; many people can make a social media post or to any platform to gain recognition or publish their accomplishments. Every day there is a person going viral, or boasting about a graduation, new car, house, or trip. I love using my social media platforms to post when I am traveling, or when I got a new shoe release. The attention and being able to broadcast my happiness definitely will affect my ego in a positive way. I enjoy posting online and showcasing my good doings. At the top of hierarchy lies self-actualization, where we seek personal growth; spirituality; and complete fulfillment. People who encounter this need are individuals who have peak experiences, they are realistic, independent, and have a sense of appreciation. Technology can help facilitate, encourage, and empower these things in the context of your personal brand. For example, technology has helped boost and promote many positive reforms and movements across the nation. We use technology to advocate and help others get involved in social causes and activism. The movements across the United States involving abortion and police brutality has been broadcasted and exploited into the media using technology. We use it to get our point across and share messages across the world, so others can encounter self-realization. Technology has helped society’s need in a number of ways and has helped me with every need listed by Maslow. Hopefully, we continue to keep a steady pace of using technology for the greater good.

Rank the motives from 1 to 7 as the motives that you think make the most sense. Explain why you rank each motive the way you rank it.

After analyzing the seven articles provided regarding the different motives for cybercriminals, I have ranked them from what makes the most sense to least. The seven motives were entertainment, political, revenge, boredom, recognition, money, and multiple reasons. Fist, I think money and political make the most sense to me. When it comes to money, a lot of crimes are committed with the rewards of profit in the future. I am not surprised and understand that money is a motive for cybercrime because money makes the world go round. It is a necessity in today’s world for everybody unless you plan on living in woods or homeless. Moreover, I think the political motive seems equally reasonable to me, because that is another big reason why individuals or groups commit a crime. Political issues have been a thing since the beginning of time, and it is something that will never be solved or be able to be prevented due to individuals having their own opinions and feelings. Politics is a controversial topic that involves everyone because all the countries, states, groups, etc. – have a political stance. Having to have a stance on an issue creates the perfect enemy or opposer to your opinion, which then created criminals who want to commit a crime because of their strong feelings for or against the political reason. Secondly, I think revenge is a reasonable motive for cybercrime. Revenge has been the reason for a ton of murders, robberies, kidnapping, etc. It is a common emotion and motive, so it makes sense to me for it to be on a list. We all have wanted to get revenge on somebody or something for whatever reason – but some of us do not act on that emotion. Next up, I think boredom and recognition are tied as well for me. People do things because they find it enjoyable or want to receive recognition daily. It is not uncommon to be either of those things, however, I think it is not a just reason for an individual to engage in cybercrime. In the articles provided an individual decided to steal millions of users’ private data from LinkedIn, only for the fun of it. Then for recognition it was an article about a British skipt kiddie who disturbed an election website for recognition. I found both articles interesting, but still very poor justifications to commit a crime. It seems like the hacker for LinkedIn was just a hacker who enjoyed doing bad things. On the other hand, we had a kid who wanted to do something he felt would get him appreciated and recognized since he broadcasted his actions leading to him being charged. Another motive is multiple reasons, and I was provided an article which depicted what reasons a cybercriminal might commit an act. It stated that motive, money power, and ego can drive a person to commit such acts. Money may be understandable since majority of crimes are money motivated, but I think if you commit a crime for power and ego then it is senseless. It will never make sense to me for a person to harm another person or disrupt something to have their ego stroked. A lot of individuals need to seek mental help or simply get offline in my opinion. I think that since crimes can be committed online versus in person then it may be easier for individuals to engulfed themselves in harmful activity. They do not have to face their victims in person or see them being physically hurt. Therefore, they can be whoever they want to be alone. I think that is a sad excuse for a human to commit a crime or such act. Lastly. I think boredom makes the least to me. I will never understand why a person will willingly commit a crime just because they are bored. You can talk a walk and touch some grass if that is the case. The article provided linked to boredom discussed cyberbullying and online grooming. Cyberbullying has been an alarming issue regarding children since the increase of them using technology i.e. computer and mobile devices.

Can we create three fake websites and three real websites & ask them to spot what makes them fake?

We can create real and fake websites. Creating a website in today’s age is pretty simple and takes a quick google search to figure out the steps. ODU has partnered with WordPress in order to allow students to create websites that publish their coursework through the years of achieving their academic degree. Cyber criminals will do multiple things to increase trust like create fake personas to connect with the victim in order to get personal information or make websites look legitimate. You can look for things like double-check the URL for misspelling and to make sure it is secure. There should be an image of a padlock at the beginning at the URL which means that the site is secure and sealed. Other things users can do to make sure they are engaging in some safe online activity is to read online reviews, never pay by bank transfer, ask yourself if the offer is good to be true, and don’t click on malicious or mysterious pop-ups.

Explain how your memes relate to Human Systems Integration.

Human Systems Integration is a system engineering discipline that applies knowledge of human capabilities and limitations throughout the design, implementation, and operation of hardware and software. Everything ties together meaning humans, software, and hardware all depend on another in order to be successful. My meme depicts the “human” trying to contact Hardware and Software in order for him to work on his job. Majority of cybersecurity or IT professionals are allowed to work from home, so it looks like the “human” is just ready to start his day at work.

After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.

I think the media influences our understanding about cybersecurity by misleading us to think that it is easier than it is. In the video clip from Youtube, some of the scenes made it seem as if hacking was some easy thing to do where they can “crack the code in a few seconds”. In reality, it takes hours to days to figure out how to hack into a software or system. Of course, movie writers may want to dumb things down because they coulde probably care less on education the public on cybersecurity techniques and operations. Social media has a way of making things unrealistic, and it consequently makes consumers have a distorted sense of reality. It is easy for someone to see something online and think that you could do it as well. Dealing with the media, there will always be a good and bad side to things in my opinion. Yes, it can perpetuate a false narrative about hacking, or cybersecurity etc. It could also be used to spread information regarding cybersecurity. Many users spend most of their free time online so it would be easy for the media to promote information or report news that is regarding cybersecurity. The spreading of information could influence us to take more cybersecurity measures and become more knowledgeable on the subject.

Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

After completing the Social Media Disorder scale, I scored pretty high. I think that my phone has become a part of my daily routine which means I could easily possibly be addicted. Most of my peers spend time on social media, and I feel like we have lost this sense with the outside world. Most of the people don’t have hobbies anymore like how they used to back in the day such as dancing, painting, riding bikes, reading books, etc. A Lot of my peers, including myself, spend their free time using social media. Social media is used to connect with people around the world. We use it to post pictures, videos, and to share posts or talk to our mutuals. The questionnaire asked a lot of good questions that I feel like I should address personally. I should plan on taking a break from my phone and finding a hubby to ensure I am not letting the usage of social media affect my mood. I feel like it is easy to become dependent on social media apps like TikTok, Instagram, and Twitter. Social media can have a lot of toxic and explicit information which can make users become desensitized or warp our mind in an unhealthy way. Different patterns may be found across the world, because other parts of the world don’t have the same accessibility to social media like the United States. Third-world countries are not as advanced as Western countries so that means they won’t have the same access to phones or computers like others. It is a good thing and a bad thing. It is easy to develop bad habits regarding social media activity and usage, but It also can be a life-changer. It allows us to connect to individuals and have access to information from all over the world.

Read this and write a journal entry summarizing your response to the article on social cybersecurity

I think this article does a great job explaining social cybersecurity and its effect on things like warfare. Traditional cybersecurity involves humans using technology to “hack” technology. The target is information systems. Social cybersecurity involves humans using technology to “hack” other humans. The targets are humans and the society that binds them. Social cybersecurity is an emerging subdomain of national security that will affect all levels of future warfare, both conventional and unconventional, with strategic consequences. We have to study the way communication on platforms like social media and online websites affect the way society views things. A new generation of war be dominated by information and psychological warfare that will seek to achieve superior control of troops and weapons and to depress opponents, armed forces personnel and population morally and psychologically. The wars in history or known for their notoriety of hundreds of thousands of lives lost for only a few yards of physical terrain. Technology and social cybersecurity have helped waive the requirement for physical proximity/battle in order to influence society. Leaders can easily post information on social media to push whatever narrative they please. The article also mentions how the decentralization of information flows has reduced the cost of entry. Over the last thirty years, we have watched as information flows rapidly become decentralized. If we take a look at American history, the government, large organizations, and large news outlets were the only ones who had control over news. They were the only entities or platforms broadcasting information and news coverage. They controlled the flow of information which essentially influenced consumers. Nowadays, we have social media, blogs, and social networks that are allows individuals to communicate and spread information. There is now a low cost of entry, financial incentive to create viral content, and anonymity is relatively easy to accomplish. I definitely see the study of social cybersecurity becoming more prominent within our conversations because technology is only becoming better. Everything is becoming more digital; therefore, we need to study techniques to identify, counter, and measure the impact of communication objectives.

Watch this video. As you watch think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing themes that arise in the presentation.

As a security analyst, your overriding duty is to implement systems that protect your organization from the specter of cyberthreats. Their job relates to social behaviors because their roles require them to possess all the social behaviors expected of cybersecurity professionals. They must have technique and social skill since they will be working on hardware/software within a team to ensure they are completing their task. They also must have civic duty; meaning they must have loyalty to the company or country ideals. The analyst job is to protect from vulnerabilities and outside threats. Cybersecurity analyst also must know how to communicate and be willing to continue to learn. Since they will be tasked on protecting their organization then they will need to be able to first be able to communicate amongst their team, and to individuals who may have the same understanding as them regarding technical information.

Read “Sample Breach Letter Notification” and describe how two different economic theories relate to the letter.

This letter relates to two economic theories, the Rational choice, and the Marxian economic theory. The Rational choice theory is that individuals/businesses make choices in their best interest. They will do what is best to them and what they feel aligns best with their ideals. The letter was a sample text of a company informing their customers that was a breach on their website and that their personal information could have been compromised. The breach had to do with their third-party website (creator) who had a malware breach. This ties into the rational choice theory because companies have the decision of investing in malware and budget for cybersecurity products. They must decide if malware or other cybersecurity products/training is worth it to them. Marxian theory states that those with power will exploit those without the power. The letter stated that the breach was over a year ago, and they were just notifying their consumers because “law enforcement told them not to since it could interfere with investigation.” I think this is exploiting and honestly nonsense. How would letting the customers know interfere with the investigation? The only thing consumers will be able to do is change their card information and possible freeze their credit. This aspect of the letter is very selfish and exploitive in my opinion. It also ties in with the rational theory because, maybe they felt as if they notified consumers when everything was discovered then it would have blown up to something bigger causing them to lose business. So, they decided to do what’s best for them, which is way to let some steam blow over then inform customers to make it seem like it’s not a big deal. If they haven’t had any issues with their card information by now then it’s no worry, and the breach isn’t an issue. That is very unethical.

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try exploring the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

Bug bounty programs are when companies hire ethical hires to explore their network and report to them if they have any vulnerabilities. They also provide companies that lack the cachet to recruit top-tier talent with an outlet to engage freelance hackers. These ethical hackers give different types of companies the chance to explore if their systems in order to ensure they are not at high risk of being compromised. They conducted research to answer multiple questions that were going unanswered when it came to bug bounty hunters. Their findings were that hackers are relatively price insensitive, with an elasticity of between 0.1 and 0.2 at the median. Second, they found that bug bounties are definitely effective tools for companies of all sizes and levels of prominence and that companies in certain industries received fewer reports, than companies in other industries. Companies that are in the financial and retail industries. Fourth, they found that the number of new programs created in any given month has a marginal—and statistically insignificant—impact on the number of reports companies receive on the HackerOne platform in that month. Lastly, they were able to discover that programs receive fewer valid reports over time, all else remaining constant. The researchers were realized towards the end of their study how we all still know about the bug bounty markets. They failed to specifically identify most of the time-invariant variables which impacted hacker supply. Future research should focus on identifying and measuring more of the variables which determine hacker supply. One day research will elucidate how bug bounty markets work, sharpening our understanding of an increasingly important cybersecurity tool.

I think that bug bounty programs are a cool way for companies who do not have the money to improve their security. In the article it is also mentioned that most of these ethical hackers are students who are working part time; so, it also gives them the option to practice and gain more skill in their field of study. I think it is a win-for-win for everyone!

Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

Slynchuk described eleven different things in this article which he believed to be illegal. I think that sharing an individual’s personal information (address, phone number, photos) without their permission, bullying/harassing, faking your identity, collecting information on children, and illegal searches on the internet or the most serious violations. If you expose an individual’s personal information online, then I feel like you should definitely face consequences. The individual could end being seriously injures, killed, or stalked due to a person exposing them. It will not only put them at risk, but everyone around them especially if they have children or do not live alone. Next, I think that bullying/harassment is a serious violating simply because it has commonly resulted in suicides. This has been common among teenagers, and I think this action is morally wrong! Adults and kids are able to get behind their computer screen or cellphone and become a different type and allows them to say cruel, evil, and disgusting things. The embarrassment from cyberbullying can be long-lasting so I think violators should be prosecuted. Especially when suicide is involved! If the violators are minors, then I feel like they still deserve to be prosecuted because cyber-bullying is immoral and it’s no excuse. I also believe that faking your identity is a serious offense as well because I do not see anything good that can possibly result from this. The person pretending to be somebody else can gain financial or psychological reward, however, the person being deceived receives nothing. Some people tend to create fake online profiles and “catfish” other individuals because they are bored or insecure. It still is not right. Some individuals also create fake identities online in order to scam people and receive money or person information. Next, I think that if a person collects information on children, then they should be prosecuted and questioned. The article states collecting information on any person under 13, but I believe any person under 18 or the legal age of consent for that state. The only excuse I can make for this is that the person is a pervert or pedophile. There is no reason why you should be trying to gather information, pictures, on children. Lastly, I think that if you conduct illegal searches on the internet then you deserve to be monitored. I understand that
prosecuting an individual may be hard, but if you are found to have child pornography on your computer then automatic jail time! If you are searching up things like bombs, terrorist relating ideas, and other questionable things then you should be monitored.

Pages: 1 2 3