This course addresses the social, political, legal, criminological, and economic dimensions of cybersecurity through a social science framework. Students are introduced to a human-factors approach to understanding cybersecurity threats. Attention is given to the social factors that contribute to cyber incidents and the political and legal mechanisms that are developed to control the behaviors of those who create risks and cybersecurity incidents. The class also explores how cybersecurity is studied by social scientists in various social science disciplines.

Journal

Entry 1

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Under the NICE Workforce, there are several areas that appeal the most to me. Because of my Law enforcement and Security background while in the military, the Investigate area interests me, specifically Cyber Investigation and Digital Forensics. Also, Systems Administration under Operate and Maintain is another because I have some experience with access control during my military career. Furthermore, Cybersecurity Management is another program that I am interested in as well because I was the Superintendent of Inspections for the entire base.  I have program management, overseeing, training personnel, and conducting inspections, evaluations, and exercises.

The area that least appeals to me is Technology R&D, and that is because I don’t think I have the technical knowledge for an area like that, but I am open and willing to try and learn any area as I learn this field.

Entry 2

Explain how the principles of science relate to cybersecurity.

The principles of science, which are Determinism, Relativism, Objectivity, Parsimony, Skepticism, Empiricism, and Ethical Neutrality, relate to cybersecurity in several ways. Cybersecurity and cybercrimes are not just about the technology but also the people who are using the technology, and that is how the principles of science relate to cybersecurity. Using these principles can help to understand the cause of a cyber security event. For example, determinism is the reason a hacker commits a cybercrime. In that hacker’s mind, they had no other choice.  Additionally, that same hacker could have felt that they had an ethical beliefs like Utilitarianism, Contractarianism, Deontology, Consequentialism along with Determinism that drove them to commit a cybercrime.  The principles of science can assist end helping find the reason for cybersecurity-related issues or events and give us a better understanding.

Entry 3

How might researchers use this information to study breaches?

A researcher can use the information from the PrivacyRights.org website in several ways to gain information to study breaches. First, they can get general data for the spreadsheet like the number of breaches within a year, the total number of organizations hacked, and to type of breaches to say if there is a pattern or common method being used.  Then, they can contact the affected organizations to conduct interviews, review attractions reports, and see what implementation have to the organization made to mitigate another incident from occurring in the future. In the case of the Equifax data breach, some of the things they implemented were improving systems monitoring, enhancing the security team’s communication with the C-suite, and changing the culture by getting the employees to recognize the importance of cybersecurity. Gathering the above information from actual sources and real-world events is a valuable asset, especially in the cybersecurity/IT field, where technology is constantly changing, it helps to get the most accurate and recent information out for a researcher.

Entry 4

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

My digital experience relates to Maslow’s Hierarchy of Needs because each level helped me understand where I am on my journey into cybersecurity after my military career. First, the physiological level is the level of knowing that I can do this, and learn cybersecurity technology to prepare for and second career. Next, the Safety needs level is getting confrontable and understanding the cybersecurity technology to where I am proficient and knowledgeable with the classwork and assignments. Then the belongingness needs level, is where I feel like I have accomplished the above levels and now I am accepted by my classmates as a cybersecurity major and not the old guy in the room. Finally, the esteem need level is the final step in the process of completing my degree in cybersecurity and Self-actualization I have the foundation to move forward to get certified (A+, Security +…) and move on into the cybersecurity career field. Maslow’s hierarchy of Needs can be useful as a guide for me to use to show where I’m at or where I should be as far as it relates to my experiences with technology and cybersecurity.

Entry 5

Review the articles linked with each individual motive.  Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7).  Explain why you rank each motive the way you rank it.

1. For Money  
   • Money is always the number one motive when it comes to anything. If that is enough money in it for you then you will do it in most cases.
2. Revenge
   • Revenge is because there is “nothing sweeter than revenge” sometimes you want revenge more than money, and most movie plots, especially old-school Kung Fu movies are about revenge (“you kill my teacher, you will pay”).
3. Recognition 
   • I rank recognition third because, in today’s interconnected world where people like to post everything on social media. I think recognition would be third because sometimes people want you to see what they can do. Either to say they or the join a group.
4. Political  
   • Political is fourth I feel strongly about the top three and one of those could by the reason for a political attack.
5. Entertainment
   • I ranked Entertainment because the above list could be done by an individual or group and I feel entertainment is something that an individual would do.
6. Boredom
   • I ranked Boredom the same as Entertainment, I feel that it is something that an individual would do.
7. Multiple
   • I rank multiple last because sometimes there is only a reason for cybercrime but there are multiple reasons also, it depends on the criminal or organization behind the crime.

Article-Reviews-_1

Entry 6

Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?

Fake websites are used to scam people out of their money. There are several ways to identify fake websites. For example, the URL will be made up of random letters, some sites have prices that are to good to be true, and shortened URLs are a way to create a simpler URL that is still unique. Some sites have fake buttons that  by clicking on these links  can ping some malware into your device, most items take you to a landing page designed to look indistinguishable from the real thing. Some sites will use the same picture on several fake websites, like the links below.

https://thesocialsavior.com/
https://www.lubricantessoloil.com/home/

The below site is a fake site or a scam. The top of the page says” PolgonMeta.com is for sale,” but that is not any information on the page about what Polygnmeta.com is or does, and the price is very specific ($27,950).   

http://www.Polygonmeta.com

These are just a few examples of fake websites, there are several sites on the web that identifies the fake site and there is even site checker that you can use the verify to ensure a site isn’t fake.

Entry 7
Create a meme through a cybersecurity human systems integration framework, explaining what is going on in the individual in the photo.

Human-Factors-in-Cybersecurity

The photo shows the man with his laptop opened and working on public Wi-Fi. I wanted to demonstrate how human errors can cause cybersecurity issues by presenting the man in the photo who missed his cybersecurity training, which included the risk of using public Wi-fi. I also integrated the caption from this week’s lecture, “Human factors in cybersecurity are necessary to reduce human-enabled errors” which adds to the point I wanted to get across.

Entry 8

About how you think the media influences our understanding about cybersecurity

The media can influence our understanding of cybersecurity. Numerous articles, news reports, and social media posts related to cybersecurity have existed. I believe that the media plays a significant role in shaping our perceptions of this critical topic. First, the media tends to focus on attention-grabbing stories related to cybersecurity breaches, data leaks, and cyber-attacks. While these stories raise awareness of cybersecurity, they can also create a sense of fear among the public.
Additionally, the media may present inaccurate or incomplete information to make an event more difficult than it may seem. For example, they may fail to mention that many cybersecurity incidents are the result of human error rather than sophisticated hacking techniques. Finally, the media can also help get the ball rolling regarding a cyberattack like the Equifax breach or any breach involving personal data. The business involved may want to keep the investigation in-house, but once it gets to the media, there have to be answered, and the company cannot hide anymore. In some cases, like Equifax, the CEO had to answer before Congress. I believe the media can help and hinder the influence of cybersecurity. While they play an essential role in increasing awareness about this critical issue, sometimes they don’t present accurate or complete information to make a situation seem more complex or get more ratings or likes on a social media platform.

Entry 9

Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

I have completed the social media disorder scale, and as I expected, I scored a zero, which doesn’t surprise me.  I am older and don’t use social media or have any social media accounts. If you look me up on Facebook, you will find that my dad and his wife made his account which he doesn’t use, when it comes to social media, as far as the accounts that I have, the only version I only use for finding jobs because when I was retiring from the military, it was said that this social media site was a good source and it would help me as I was transitioning out of the military.  I have to keep it active because I will be looking for employment once I graduate, but I don’t post anything to let people know what is going on in my life. As far as the items on the scale, I think they are very relevant to how some people feel about the use of social media. Some people feel it’s their only source and can’t go without posting or checking their social media feeds. I have heard/know about people getting into arguments about their use of social media and their phones, especially the younger generation. I have heard stories and seen people I  worked with lose their jobs because they violated the company’s phone policy in the work area because they were checking their social media. Unless it was some type of emergency, then they needed to get permission. I think that different patterns are found across the world because everybody and every area around the world are different and is influenced by different things. Some forms of social media may not be allowed in some countries while others are, so there are going to be different patterns around the world. I score a zero on the Social Media Disorder scale because I don’t use social media that much, but I do think that it does have some benefits that help, and some are harmful too.

Article-Reviews-2

Journal Entry 10

Read this and write a journal entry summarizing your response to the article on social cybersecurity

The article Social Cybersecurity an Emerging National Security Requirement suggests that social cybersecurity is becoming a necessary part of national security. With the rise of social media and other digital platforms, there is an increasing amount of personal data that people share online. The author stated that “social cybersecurity is an emerging subdomain of national security that will affect all levels of future warfare, both conventional and unconventional,” which means that cyber warfare will be the new norm.  Data can be used to manipulate or influence individuals and gain access to sensitive information. The author states that there needs to be a complete approach to social cybersecurity that combines technological solutions with education and awareness programs to combat this threat. The article also identifies the need for collaboration between government agencies, private sector industries, and individuals to create a strong defense against cyber social threats. Overall, the article emphasizes the importance of social cybersecurity in protecting both individual and national security.

Journal Entry 11

Think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

The job of a cybersecurity analyst is a complex and dynamic role that requires a range of technical skills and knowledge. However, there are also some heavily dependent on social behaviors as it involves analyzing and identifying potential security threats and vulnerabilities in networks. One social theme that arises is effective communication. It is critical to be able to explain complex technical issues in a clear and concise manner to non-technical personnel which requires excellent written and verbal communication skills. Additionally, it is importance to be able to work with a team, to be trusted and cooperation among team members. Cybersecurity analysts must work closely with their colleagues to ensure that systems are secure, and any identified issues are promptly resolved. Problem solving is a critical ability needed to find solutions to issues that arise. Finally, technical skill and continued learning are what a Cybersecurity analysts will need to do there job. They will need to get certification for their job and as that branch into different areas and the continuous learning is a part of the technical skill but also they need to stay abreast of the new technical. The job of a cybersecurity analyst is not only technically demanding, but also requires a range of social skills and behaviors. Trust and cooperation, effective communication, adaptability and continuous learning, and professionalism are key social themes that arise for a cybersecurity analyst.

Journal entry 12

Read this article and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

The article “Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties” provides an in-depth analysis of bug bounties. In this security approach, organizations pay outside individuals to find vulnerabilities in their cybersecurity systems. Such an approach is considered beneficial as external researchers can offer a different perspective and identify any gaps that may have been overlooked by internal teams. The article evaluates the advantages and drawbacks of adopting bug bounty policies using data from the HackerOne platform.

The study finds that hackers are willing to be paid for their services, and the best among them will come at a higher cost. Additionally, the research shows that companies with a limited ability to pay security researchers can still benefit from bug bounties. The study presents an economic model that proposes bug bounty policies as a cost-effective method of identifying cybersecurity vulnerabilities and highlights the critical factors that determine the success of these policies.

The article reports that bug bounty policies may have varying degrees of success across different industries. For instance, finance, retail, and healthcare companies received fewer valid vulnerability notifications than companies in other sectors. These findings have important implications for companies looking to improve their cybersecurity defenses.

The article’s comprehensive analysis of bug bounties and the proposed economic model can aid companies in making informed decisions about implementing bug bounty policies. This security approach is an effective way of identifying vulnerabilities in a company’s cybersecurity infrastructure. While costs may vary, the benefits of bug bounty policies make them an attractive option for organizations.

Journal entry 13

Read this sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

There are several different economic theories that can apply to the sample breach letter. However, I think Classical economics and Laissez-faire economic theories may relate to data breaches in general.

Classical economic theory is based on ideals of supply and demand and the belief that government should not interfere in the economy. Emphasizes the importance of free markets and the role of determining prices and production. In the situation of data breaches, this could be applied to the market for cybersecurity services. The demand for cybersecurity services may increase due to high-profile data breaches like the Equifax breach, which could increase prices as more companies pursue protecting their data.

The Laissez faire economic theory suggests that the government should not intervene in the economy except to protect individuals’ inalienable rights. The importance of minimal government intervention in the economy and the ability of individuals and businesses to make their own decisions without government interference. In data breaches, the theory applies to government regulation of data privacy and cybersecurity. It refers to the government’s preference for responding to cybersecurity incidents rather than developing strategies to prevent breaches. An example would be the CEO of Equifax testifying before Congress about the Data breach.

The social science theories, like the sociological of deviance and crime, apply to data breaches. This theory is that certain individuals or groups may engage in deviant or criminal behavior as a result of societal pressures, which could include hackers who engage in illegal activities to gain access to personal information. Psychological theories of motivation could also be to understand why individuals may engage in risky behavior that could lead to data breaches, such as clicking on phishing links or using weak passwords.

Journal entry 14… Speaking of Mistake of Law…

Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

After reviewing the list of the 11 listed illegal activities, the five most serious violations are:

1. Collecting information about people younger than 13.
   • Collecting information about people younger than 13 violates child privacy laws and can put minors at risk. These offenses are serious because they can harm individuals and society as a whole, erode trust in online interactions, and can lead to legal and financial consequences.
2. Bullying and trolling
   • Bullying and trolling can have severe emotional and psychological effects on the victims, leading to anxiety, depression, and in some cases, suicide.
3. Unofficial streaming services
   • Using unofficial streaming services and torrent services not only violates copyright laws but also supports the illegal distribution of copyrighted materials, which can have a detrimental effect on the creators’ ability to make a living from their work. Also, unofficial streaming services are of the reasons why the cost of streaming services keeps going up.
4. Using torrent services
   • It violates copyright laws but also supports the illegal distribution of copyrighted materials. Also, sites like Torrent a prone to malware getting onto your device
5. Using other People’s Internet Network
   • Using other people’s internet networks without their permission is a violation of privacy and can result in legal consequences. These violations can have significant consequences, ranging from legal and financial repercussions to psychological and emotional harm to individuals, making it crucial to be aware of and avoid such activities.

Cybersecurity Career Professional Paper

CybersecurityCareerProfessionalPaper

Entry 15

Write a journal entry describing what you think about the speaker’s pathway to his career.

The speaker, Davin Teo, in the video, is a Digital Forensics investigator. According to the video, at the time, there were no courses to study digital forensics and he said that he was placed into the digital forensic career field. He is an accountant by trade but due to his interest in IT, he started working in the digital forensic career field. I believe his path to digital forensics this one where he had a lot of on-the-job training just by being in that type of career path along with his knowledge of IT he was able to learn and grow as digital forensics became more in demand. I think while he was in college studying Accounting, Dan probably took some IT courses because he said he had an interest in IT and he got put into the Digital Forensics section. He did do a lot of on-the-job training and continuing education as the field of digital forensics evolved over time, so he could have stayed updated with the latest developments through continuous self-study, and other relevant training programs that might have become available. Additionally, he probably worked or coordinated training with local or federal law enforcement agencies Digital Forensics departments to receive training on current and updated forensics techniques. Pursuing a career in digital forensics at a time when there were no formalized courses would have required resourcefulness, self-motivation, and a proactive approach to learning. It would have involved a combination of self-study, practical experience, networking, and continuous education in gaining the necessary knowledge and skills to succeed in this field.