Week 1 – Journal Entry 1
After reviewing the NICE Workforce Framework, I found a strong interest in the work role of defensive cybersecurity and digital forensics (Protection and Defense): this is because it concerns analyzing collected data and I am someone who really likes to take time to research and find more about things in general. Vulnerability analysis is also one of the work roles I like because it concerns assessing systems and networks to identify deviations from acceptable configurations which still aligns with my interest which is to research things. Investigation role is the work which I have the least interest in because it is a huge responsibility to investigate on cybercrimes and the pressure to get the job done quickly.
Week 2 – Journal Entry 2
Social science principles play a vital role in cybersecurity. Let us take a look at skepticism, this principle makes all claims should be questioned thereby searching for continuous improvement rather that accepting everything. While ethical neutrality furthers trustworthy, unswayed decisions in the improvement of security tools. On the other hand, parsimony can help systems to be built in a simple but efficient way which also not only give less weaknesses to the system, but it also permits for cybersecurity professionals to respond easily in a case of an attack. Take for instance one of a good characteristic of a policy, a policy needs to be easy to understand. Here, parsimony still applies; while building an organization’s security policies, they have to be easy to understand by anyone. In regard to empiricism, it makes that we cannot depend on just opinions to build an understanding on cybercrime and cybersecurity; instead, emphasizes the importance of data-driven decisions which relies on evidence from security incidents to further best practices.
Week 3 – Journal Entry 3
After haven the read the article, researchers could make use of the data collected to study patterns and the trends of various breaches. With the data at hand, researchers could make deeper investigations to know why breaches happen in a high rate in certain areas. In regards with this investigation, they could make use of it to now find a way to solve the problem of the occurrence of breaches in those areas. Researchers could also make use of the geographic mapping of breaches to investigate regional vulnerabilities and effect measures to fight against this. Furthermore, breach type will the help researchers to know the scope and the impact of breaches in different sectors. All these information can help researchers to find different strategies to mitigate any future occurrence of breaches.
Week 4 – Journal Entry 4
Maslow’s Hierarchy of Needs is divided into 5 levels which are further categorized into 3 starting with basic needs and ending with self-fulfillment needs which he believed that just few of us are able to attain. Physiological needs are the basic thing that we need, for example, I use my phone to track the number of steps that are taken every single day. Safety needs are those we can use to protect our personal information/data. For example, I make use of the two-factor authentication each time that I want to access my ODU portal and other apps. This permits my personal data to be safe and adds reassurance. Belongingness and love needs are what we might use to reach out to our loved ones. I for example make use solely of WhatsApp to text my family members or friends. I also use calls sometimes to talk with my mom and sister. Esteem needs are the achievements that someone has made. I have gaming trophies on my PlayStation five in Fc25 which is a soccer game. Self-Actualization is when someone has achieved his/her full potential. I practice Math’s solving on Alexs which permits me to become better at Mathematics every day. For me it is a huge accomplishment because it makes it easier each time I want to take a test in Maths.
Week 5 – Journal Entry 5
1. Political: In this case, I fully understand that this person is trying to do something in order to better the lives of others and this is a decent excuse.
2. Recognition: Niblock engages in the DDoS attack for his personal gains of attracting attention and followers to his UGLegion twitter account. He goes in with good intentions to make his work known though he did it the wrong way.
3. Revenge: Sometimes the decision taken by the government might not be the one that we like, and I understand that she felt let down by the law as cybercrime slips through the net. She wants a better justice and there is nothing wrong in that in my opinion.
4. Multiple reasons: They go with the wrong intentions of making money, being popular, and are proud of one’s ability to hack into systems. In the end, it is all centered around greed and egoism.
5. Entertainment: It makes no sense for someone to be out here committing cybercrimes just for fun. Going along with scrapping people’s accounts just for fun is not a valuable excuse.
6. For money: This is not that huge of an excuse because nowadays there are a lot of different ways to make money. It is just that a lot of people want to make quick money and make it the easy way.
7. Boredom: Kids might be bored and do unconscious things that they might not really know the meaning of, but this does not make it right for adults to be taking advantage of exposed kids on the internet.
Week 6 – Journal Entry 6
1. PayPal fake website: There were fake websites replicating PayPal’s login page in 2023 so that users will fill in their information and be hacked. It made use of an identical URL like that of PayPal, for example “paypaysecurity.com” which resembled the original. The real PayPal website is “paypal.com” and an HTTPS attached to it alongside a verified SSL certificate.
The catch: The fake website had misspelled URLs; it lacked the HTTPS in some moments, and it send emails that users knew nothing about.
2. Apple fake website: Trying to impersonate Apple’s support for malfunctioning apple devices, they used SEO poisoning technique which made “apple-support.com” to appear among the results when someone searched things like “iPhone not charging”. Apple’s original site is “support.apple.com” that contains secure connections.
The catch: The fake website had poor grammar, unofficial domains, and requested money.
3. Netflix fake website: Fake websites cloned Netflix platform in 2023 by sending emails so that users could log in and solve a payment issue. The real Netflix site is “netflix.com” and not “netflix-payment-issue.com. Logging in consists of secure login protocols. The fake website sent unsolicited emails for a payment action to be made while the real website doesn’t.
5 Recent Examples of Fake Websites | Memcyco
Week 7 – Journal Entry 7
Photo #9
Explanation: It is a common issue that people use passwords like “123, or repetitive passwords” because they are easy to remember. This caption of this meme is to educate people on using stronger passwords for better security measures.
Many people might find inconvenience in updating their software. This could be due because it requires time, the action of restarting devices, or temporarily interrupting work which people might not want. Nonetheless, not doing an update of a software or system might expose it to attacks like ransomware, breaches and several malwares. Doing an update prevents exposure, makes the systems efficient thereby improving worker’s productivity.
Human-centered cybersecurity also consists of training which includes ways to protect oneself from being hacked. Though people might see two-factor authentication as time wasting or even unnecessary, having a 2FA provides an additional layer of security by requesting verification.
Week 8 – Journal Entry 8
Media influences our understanding about cybersecurity in a very significant way. This could be seen in the video as it blends reality with dramatization for entertainment. The movie Mr. Robot and The Matrix show concepts such as SQL injections, ransomware, and social engineering which are among the main malwares in this present time. Nonetheless, there is an exaggeration on the speed and simplicity of these cyber-attacks by creating unrealistic expectations. For example, hacking a registrar or cracking a 12-character password in just few seconds to far away from reality. It is true that these visualizations bring about awareness about cybersecurity threats, but they also mislead viewers to underestimate the complexity of such cyber-attacks or even more overestimate the capabilities of hackers. It is important to know that these movies are just there to entertain the viewers because they are most at times far away from the truth. Media to foster accuracy to educate the public effectively while at the same time entertaining the viewers.
Week 10 – Journal Entry 9
Out of the nine questions that were asked, I had a score of three. In my opinion, the SMD scale items were well designed because it contains criteria that demonstrates behavioral addiction such as tolerance, preoccupation, etc. Nonetheless, cultural and socioeconomic factors could explain different patterns across the world. For example, societal norms around social media use, and the role of social media in daily life vary widely. In some areas, social media is very vital for work and communication, while in other areas, it might be less pervasive. I also think that an early exposure to social media by parents to their kids could also be considered as one of the factors. It is true that in many parts of the world, kids are expose to social early on, but there are also areas where I have seen parents giving access to social to their kids when they turn 17 or 18 years old. These differences influence how individuals interact with social media and their susceptibility to disordered usage.
Week 11 – Journal Entry 10
This article mentions that cybersecurity is a critical emerging domain where technology makes it possible for state and nonstate components to manipulate human behavior. In comparison with traditional cybersecurity, traditional cybersecurity targets systems, social cybersecurity exploits psychology, social media and policy gaps in order to hack human cognition which is known as cognitive hacking. Russia makes use of an “information blitzkrieg which uses disinformation to break societies: this also removes trust within institutions and also comes along with achievement strategic gains without kinetic warfare. Some of the main challenges with this is decentralized information flow, where algorithms amplify divisive content faster than fact-checking can counter it. There is a need for the US to adopt multidisciplinary solutions that should blend social sciences AI, and policy to defend democratic values.
Week 11 – Journal Entry 11
In this video, she mentioned some of the roles related to a cyber security analyst such as working on phishing, vulnerability, user awareness, communication, collaborations, and adaptability. Being a cyber security analyst requires one with interact with several departments and individuals: this demonstrates the importance of communication, and more importantly when responding to incidents such as phishing attacks. Still in the aspect of communication, it is need for teamwork, when the analyst works with other professionals, staffs, etc. Adaptability here tells how an individual in the field need to go just beyond having his degree. He/she needs to have certifications or internships to increase his/her chances of getting a job in the field. Due to high competition in some areas, an individual will need to adapt to the competition too and adapt to a high or low salary in terms of their geographical location. Adaptability also involves the analyst to communicate to different audiences, from technical teams to users, and as mentioned, to bring about user awareness.
Week 12 – Journal Entry 12
Labeling theory occurs when a social behavior states that people come to identify and behave in ways that reflect how they are labelled by others. In this case, the breach might have surely stigmatized the users which will make them to be more skeptical with future financial systems. Social contract theory is when individuals give some of their freedom to an authority in charge in exchange for protection. In this situation, the consumers gave part of their freedom to the business and expected their data to be protected in exchange. This message is also a way to bring back trust between both parties after the incident.
Laissez-faire theory is applied here as it could be seen that law enforcement was investigating the incident and nothing more. The government only intervened to protect individuals’ inalienable rights. Marxian economy theory could also apply here because poor individuals are more vulnerable to cybersecurity threats
Week 12 – Journal Entry 13
This study gives empirical support for bug bounty policies as a cost-effective tool for cybersecurity. Its literature review depicts 2 key rationales which are Linus’s law and Labor market gaps. In Linus’s law, there is a crowdsourcing of vulnerabilities via several hackers who unveil numerous flaws than internal alone. On the other hand, Labor market gaps, bug bounties make access to talent possible most for SMEs who have shortage in resources to employ full-time professionals. This study reveals that hackers are price-inelastic, and it suggests that non-monetary motivations can drive participation which also makes bounties viable even for low-budget firms. In addition, industry sectors and program age reduce report volume, which might be due to higher black-market incentives for unreported flaws. This helps to come about with an economic cost-benefit logic via the low R^2 signals unmeasured variable which requires further research. These dynamics when designing incentives to balance security and affordability should be highly considered by policymakers.
Week 13 – Journal Entry 14
Among the 11 illegal things you unknowing do online, the following are the most serious ones in my opinion: sharing passwords, addresses, or photos of others, bullying and trolling, recording a VoIP call without consent, faking identity, and collecting information about children. Sharing passwords, addresses, or most commonly photos of others has become a big issue and it’s recurrently done on TikTok. This is terrible because it violates the individual’s privacy, and it provides more information for people who have negative intention such as harassment and cybercrime. Buying and trolling is bad because it makes someone uncomfortable, and it might even lead to depression and possibly suicide. Recording a VoIP without consent is concerning not only because there’s is an attend to privacy, but also because deepfakes could make use of someone’s voice to deceive someone in giving you money or other bad intentions. It is no news that a lot of people fake their identity online and use this method to ask money from people online or even nudes from women. Collecting information about people younger than 13 because they lack the maturity to understand the implications of what they are doing, and it goes against the parents’ consent because most of the time this information is mostly misuse of sensitive data.
Week 15 – Journal Entry 15
Let us first start by knowing what digital forensics is based to the speaker. It is the collect, analysis, and the reporting of various types of electronic data that is preserved in a way to be presented in the court of law. The speaker’s pathway is very interesting considering the fact that digital forensics wasn’t a thing back then and there were no courses. He transitioned from accounting to digital forensics which underscored the field’s interdisciplinary nature and brought a combination of technical skills with human behavior analysis. His work consisted of investigating fraud, anonymous threats, and employee misconduct demonstrates that digital evidence shows societal issues like trust ethics, and organizational culture. The speaker’s accidental entry into the field shows how careers in tech-driven social sciences usually evolve unpredictably, driven by curiosity and real-world problem-solving. He is an inspiration for me to work hard, take cybersecurity seriously, and do this with passion.