Journal Entrys
Week 1
The most compelling aspect of this field is oversight and governance. I prefer to operate in a
capacity that allows me to advocate for individuals and organizations, rather than engaging in the
technical dimensions of cybersecurity, such as protection, defense, implementation, and
operation. I would rather be the individual who poses critical questions, such as, what
necessitates our actions? And what will be the impact and cost associated with this risk?
Furthermore, I prefer to avoid involvement in the design, development, and investigative
components of the NICE framework, as these aspects are complex in various respects. A
thorough understanding of network systems is essential, including how computers connect to
servers and the measures necessary to ensure the security of both the computers and the servers
involved. The investigation process encompasses intriguing tools and technical skills designed to
extract valuable information. However, it involves a complex sequence of procedures to maintain
data integrity for digital evidence within the chain of custody. It is critical to note that a single
misstep in the chain of custody can compromise the integrity of an investigation.
Week 2
Empiricism is a key approach to cybersecurity, which is heavily data-driven, as it allows
you to present data and facts, rather than relying on assumptions; it provides concrete
evidence. Data collection can help analyze threats, assess security measures, and
inform the development of new strategies to protect systems. Threat intelligence,
pattern analysis, performance metrics, and vulnerability detection are all tools that serve
different purposes, but they all have a common goal. Threat intelligence collects data on
current incidents, vulnerabilities, and attack trends from multiple sources to create a
report on the latest threats. The next one is pattern analysis, which examines patterns,
anomalies, and shifts in attackers’ techniques, skills, and methods. This is signaling new
or evolving threats. The third one is that performance metrics, which are the data
generated by security tools, incident logs, and audit security, provide insight into how
these tools are working to defend against threats. The last one is vulnerability detection,
which involves data generated that indicates which vulnerabilities are being exploited,
which security controls are adequate, and what needs to be changed. These are all
tools that can help with empirical data collection and analysis for the goal.
Week 3
This website provides comprehensive information on data breaches, including where
they occur, when they are reported, annual breach reports, the types of data being
exposed, and high-risk areas for impact in the United States. It also details how
breaches are perpetrated and which companies are most frequently targeted.
Researchers can utilize this information to forecast future data breaches and gain a
better understanding of past breaches. They can also study it to understand when a
company is being attacked and what data is most likely going to be stolen. And what
attack vector are they using to gain access to the system to initiate the attack. These
are all significant points to consider when understanding data breaches and attacks.
Researchers can use annual reports to analyze the yearly impact and identify trends. To
see if the trends will go up or down. They can also examine the data that is most likely
to be attacked at a specific time of year, which can help make a future forecast and
identify trends. Researchers use all of the other points to understand data breaches and
use that information to create a future forecast.
Week 4
Physiological Needs, which are needed for survival, include shelter, food, and water.
Technologies that are necessary for survival include delivering food apps and online
services for the store. If you run out of food or medicine, you can just order what you
need from the app.
Safety Needs, which include security in the environment, are addressed through
technologies such as weather apps. Weather apps achieve this by sending out alerts
when you need to go inside and take cover, when you need to leave an area due to a
storm, when you need to go to the store to buy supplies, or when you need to stay off
the road. All of these alerts keep you informed about what’s happening and what you
should do to stay safe.
Love and Belonging Needs are the social and acceptance. Technologies that do that
encompass all of mobile communication. Calling and texting are the biggest for me. As I
have family that I talk to every week, I enjoy talking to them; the only way I can do that
is by calling or texting.
Esteem needs refer to the need for recognition, competence, and respect. Technologies
that enable this are achieving achievements online. For me, I always feel a sense of
accomplishment when I finally earn an achievement after working on it for weeks.
Self-actualization needs refer to the desire to strive for one’s full potential. Technology
that allows you to do this includes learning from YouTube to acquire new skills for
hobbies or a professional side, such as watching a video to earn a certification. And,
you may have other professional websites that offer opportunities to learn new skills,
such as Udemy.
Week 5
1 For Money
2 Political
3 Revenge
4 Recognition
6 Enterainment
5 Multiple Reasons
7 Curiosity
8 Bordeom
The motives, ranked from most to least sensible, are for money, political gain, revenge,
recognition, entertainment, multiple reasons, curiosity, and boredom, with boredom
being the least sensible motive.
The reason why I ranked For Money, Political, and Revenge one to three is that they
are the ones that make the most sense, and they can be interchangeable from third to
first. Those are the ones you think about the most, and these have the biggest reasons
why people do them. These motives also yield the most significant benefits for the
attackers among the other eight.
Fourth, fifth, and sixth are also interchangeable; they are all around the same. They
make sense why people have these motives. But they don’t make as much sense as
the top three. I understand that you have a black market presence, which is very
prominent in your name, associated with the things you do, and your recognition.
Multiple reasons can be linked to recognition, revenge, and politics, but I think fewer
people believe that way. The only people who have various reasons are those who
mainly care about their recognition. And entertainment, I feel like a mixed bag. It makes
less sense than recognition and multiple reasons, as there is always a good reason to
do it all at once if you can and are skilled enough to do so. However, entertainment still
makes sense because some people enjoy watching others in pain for no apparent
reason. I love to watch people who are unable to do something.
Curiosity makes more sense than boredom. I understand the curiosity aspect of things,
mainly for kids, and then for adults, who should be aware of more resources to explore,
such as events or websites to spark their curiosity and learn new skills, like
TryToHackMe. And boredom makes zero sense, as I think of someone who is bored as
someone who has the resources to learn new skills and to practice these skills, but they
just don’t care to use these resources. I feel that both of these make no sense, as there
are many resources available, and a good number of them are free to use. This gives
you no reason to motivate you to do something that you know you should do, just
because you are curious or bored.
Week 6
Out of the five that were given on the website I used, I was able to spot only ex 1 and 3; the
other three would likely catch me. I will discuss the three that have affected me, so that I can
better understand why they are detrimental to me and to you, and so that you don’t fall for these
scams.
The second fake website in the security blogs was an Apple support website that closely
resembled the real website. However, the problems with this website were that it wasn’t the real
website; it was a fake website designed to trick people into calling a scam center, where they
could request your bank and personal information. They achieved this by poisoning the search
engine, causing only this website to appear when searching for Apple support.
The second one that caught my attention was the four examples about ChatGPT; they all have
the same bank information filled out, but the only problem with them is that they’re not from the
real ChatGPT. If you look before the bank details, it says chatgptftw, not chatgpt. If you are
buying something on ChatGPT, it should be said that. It shouldn’t happen to me, but that is a
reason why you should always keep an eye out when online to make sure you are on the right
website.
The last one that got me, and the last I will talk about, is Nike. The reason I think this was the
real website is that I see no problems with it. It appears to be the real Nike website, but it’s not.
This website was a fake URL that resembled the real Nike website and sold counterfeit Air
Jordans or nothing at all. They did it by flooding social media and searching with the links for
these websites, and when you buy from the website, you will be scammed out of your money.
This is the reason why you should always double-check online to ensure that something is
accurate.
Week 7
Don’t I love working at a coffee shop where people can read what I’m doing on the public
network, and just eavesdrop on what I’m doing, and if I am on the phone, people can just
eavesdrop on that conversation
I love showing people my phone, and showing people that you use a PIN to log in to your phone
means that you most likely like to use a PIN instead of a password to log in, which means that
for your computer and other ways to log in, you like to use a PIN to log in.
I love working in a meeting room where I love working in a room with zero privacy where people
can see what I’m working on. And people can just eavesdrop on me and see what my
passwords, users, and private information are.
.
Week 8
The way the media influences our understanding of cybersecurity is that it makes hacking scary, with all the complex terms and very complex pictures of what files are doing. The media makes it seem that these hackers are evil and do all their work in a criminal lab. And the claim that hackers know everything and that the most complex attacks can happen in seconds is inaccurate. And hackers can get into your system without you knowing, which is true. Still, most of the time, even simple attackers will see something downloading, or your system will be affected, and performance will tell you your computer isn’t acting right. The way the media influences our understanding of cybersecurity is that it makes hacking scary and complex, and that the government has all the skill in the world to stop these hackers in seconds. But at the same time, the government has no understanding of how to keep these systems safe, leaving public files open or back doors. The media also shows that the hackers have complex graphs showing what the virus is doing and the ability to execute complex attacks in seconds, whereas such attacks take at least a day or two to plan. Hackers who run complex attacks need more time to plan where to attack the system, assess the door, and install backdoors so they can monitor the system over time and ensure the attack goes right.
Week 9
My score was a 3 out of 9
What do you think about the items in the scale? Some of the items aren’t serious problems, or if you know how to keep yourself, they’re not. Like the Escape one, I watch YouTube to get a break from schoolwork and relax, since it’s a social media platform I use for that. But issues like deception and displacement are serious problems that people need to consider carefully if they are engaging in them. So that social media doesn’t take over in your life outside of technology. Why do you think that different patterns are found across the world? The patterns are based on the region’s culture. The technology is in the area. Somewhere like Sudan would be different than the United States. And somewhere like Japan would be different from the United States, since the cultures are different. In the sense of the internet and the way people go through their lives.
Week 10
I agree with the article, as it points out that people are often the weakest link in a security chain. They are sometimes responsible for the failure of security systems. And how with our lives being online, we now need to understand how social cybersecurity works and how to protect it. I love how online attacks show you how attackers work, in both simple and more technical ways. Then talk about solutions that you can add that have the potential to create less risk for these attacks. Not to stop, as in cybersecurity, the goal is to cause less harm to people or a company if the attack is successful. This article does a good job with the technological and non technological talk, so someone who doesn’t know these terms can understand what is going on, too. Using a summary takes less time for someone to understand what the article is talking about, too. Then the use of tables is to present figures that help both technological and non technological people understand it without having to pick a side. This is also technological, given the amount of information, and there are some things I don’t know or understand. But the article also does a good job of helping you understand what the term means, what it does, how it keeps us safe, and how it relates to the big picture.
Week 11
The description of the cybersecurity analyst job is very broad, with no details about what they do. It’s a job where you can be doing anything in terms of cybersecurity; it’s just based on what your job requires you to do. What social behaviors can a cybersecurity analyst recognize as attacks, mainly social engineering, and how people fall for them? You also have to take action on data and risk. You also have to understand what end users are doing to assess the risks on a system and whether their behaviors are causing them. Two points I live by are that end users are the weakest link in any system. And you will always have a risk; you can make it 0%.
Week 12
The first economic theory that applies is rational choice, as it didn’t provide any immediate information after the attack, so the business could keep running normally afterward. They put their industry interests ahead of the individuals affected. The second is the Marxian economic theory, which states that those with power exploit those without power. These relate to it because the attack occurred at a third-party company as part of a supply chain cyberattack. Glasswasher had no power during the attack, as it happened at a third-party company.
The two psychological social sciences theories that relate to the letter are neutralization theory: The company didn’t believe they were in the wrong, so they didn’t tell customers about the breach, and when they thought they needed to, it was still delayed. And cognitive theories: The company had its reasons for not letting people know their data was being put in a harmful place. Even after the company knew about the attack, they didn’t inform customers about their data, which was their decision.
Week 13
It is not new to me that non-skilled or new hackers are the ones who take the money for less than the more skilled ones, as they need to build up their skills and their following. I would say it’s weird that company size doesn’t affect how many reports it gets. I feel like more people would want to find bugs for Google or Amazon than for a company they don’t know about. But on the other hand, it is not new knowledge that people don’t look at critical bugs in infrastructure, such as finance and healthcare. As these things get overlooked, something still happens that affects these things. And, weirdly, new programs affect the number of reports companies receive. I thought people would only want to stick with the old programs and not switch, but I guess new hackers trying to get their feet wet in these programs, like this affect the number of reports.
Week 14
1 4 6 5 11 3
2 6 7 7
3 9 8 2
4 8 9 1
5 11 10 10
For me, my choices are from the most serious to the least. Out of five, it would be 4,
then 6, 9, 8, and then 11. You may think I picked eleven at the bottom of my list, and
why one and two are not on my list. The reason why I picked 4,6,8, and 9 over using
torrent services and unofficial streaming services would be higher. For me, offenses that
will and can cause harm to other people are more serious than offenses that will only
affect the company. 4, 6, and 9 can all be used for doxing, which causes serious harm
to a person. People don’t want their personal lives on the internet, as that creates a
whole other set of problems. And the company can make the money back, or they have
laws that require them to get the money back. The violations that affect the company mainly affect cash. But the violations on the human side cause personal harm, which
they are least worried about; it is primarily about their safety.
Week 15
The ethical question the presentation raised was whether jailbreaking the AI chatbox was ethical. There should be limits and safeguards on these AI tools to prevent them from aiding people in committing crimes. And I get that jailbaiting is just another hacking technique. But the AI shouldn’t be able to break these safeguards, just because you change the way you prompt the AI to do something.
The way society should address these ethical concerns is for governments to take more action. And it shouldn’t be on the companies anymore. It is now, and will always be, a global problem that each country needs to start taking more action on. There should be new laws that say that if a hacker attacks a company outside their country, the hacker would face time, as the rules would apply to them. And more governments need to take more decisive action to safeguard the internet; there will always be a way. But if we start taking action now. And make the only places where you can see the technique, so that jailbreaking AI is only on the black market. That would lower the risk of jailbreaking AI, as fewer everyday people would see it and want to do it too.