Journal Entries

Journal Entry #1

With gifts in teaching, research, and analysis I saw many interesting and relative roles in the cybersecurity field. Though my cybersecurity coursework at ODU, I have learned that I love research cybersecurity articles related to national security and defense. A couple of the roles listed by the NICE workforce framework interest me and include Cyberspace Operations, Digital Forensics and Target Analysis. I included the Digital Forensics role as the description describes analyzing digital evidence and I love analysis and CSI! Areas that I find challenging in a cybersecurity position would be design such as the Secure Systems Development and Systems Requirement Planning roles. Although I understand and have studied NIST, I think the application of policies will be easier with cybersecurity work experience.

Journal Entry #2

Several principles of science apply to cybersecurity include Relativism, Objectivity, Parsimony, Empiricism, Ethical Neutrality, and Determinism.  With technology use in all institutions, Relativism applies to cybersecurity as they all require protection from threats and vulnerabilities.  Cybersecurity analysts must objectively(Objectivisim) analyze potential threats in their systems and cannot minimize to save costs.   Cybersecurity must be simple enough for most people to understand which employs the concept of parsimony.  Cybersecurity should use empiricism by testing all theories and devices to ensure that they work.  When creating and employing cybersecurity measures, ethical neutrality must also be taken into consideration – Is it okay for the internet to save everyone’s visit history?  Finally determinism must be considered by evaluating why users do not abide by cyber hygiene guidelines.

Journal Entry #3

Privacyrights.org contains a number of resources that could be very useful for analysis by researchers.   The Data Breach Chronology Page is one resource which identifies all breach notifications and organizes them in order with details regarding each breach.   There is also a link to historical data which opens into a tableau page where data can be selected and visualized through graphs and charts.  Trends and variations can be identified through data visualization.  Different variables may be selected and contrasted across multiple states to help identify similarities and differences.  Researchers can analyze the information to help keep our data safe and to also ensure that data captured is used ethically. 

Journal Entry #4

Maslow’s hierarchy of needs suggests that basic needs must be met first followed by psychological needs and then self-actualization.  Cell phones and the internet have become nearly a physiological need.  If I forget my phone, I become very worried and stressed.  If the internet goes out, I become very stressed because it affects my work.  Forgetting a cell phone can also affect safety needs due to google map dependence or the need to call someone when in danger.  Having friends and followers on social media helps us meet the psychological need for belonging and love. The growth of social media has affected esteem as more friends and followers increase self-esteem. Many people self-actualize by having a business on social media.                                      

Journal Entry #5

My ranking of motives for cybercrimes is as follows:

  1. Money:  Everybody needs money so this is very logical and many cybercriminals exploit for this purpose.
  2. Political:  People are affected by politics, therefore cybercrime for political gain makes sense.  People also like to get their way in life.
  3. Multiple reasons:  Many factors drive individuals to various types of cybercrimes which include money, power, ego, revenge, etc. 
  4. Revenge:  Anger, pain, and jealousy are experienced by all and could lead to online revenge.
  5. Entertainment:  I think most cybercriminals have a purpose, so this reason seems less logical.
  6. Boredom:  Young people may experience boredom, but most have a purpose, so this seems less logical.
  7. Recognition:  People do thrive for recognition, but I think most want popularity.

Journal # 6

Hackers often try to mimic popular websites such as Paypal, Apple, and more recently Bed, Bath, and Beyond with the recent closure.  Fake websites may have nearly identical website design but a small difference in the domain name might be used such as paypail.com.  One red flag to look for in a fake website is using the unsecure protocol “http” instead of “https” which provides security.  In the past, I have accidentally put wwww.google.com in the web browser which led me to an unsecure site so hackers may try to manipulate accidental typos by users.  Missing contact information and poor graphics are additional clues. Legitimate business websites typically provide contact information and shop policies.

Journal #7

In several of the photos (13 and 14), two people looking at the same computer screen.  In photo 13, the father/son duo are looking at the screen together without considering any potential cybersecurity threats as they trust each other.  In photo 14, two people appear to be working together and looking at the same laptop.   They also appear to trust each other as coworkers.  These trust behaviors are learned, and may cause these individuals not to consider potential shoulder surfing in other situations like at a coffee shop.  Even at work, coworkers should not be trusted with passwords.  Photo 16 is a good example of someone working remotely with no potential threats. 

Journal #8

The video “Hacker Rates 12 Hacking Scenes in Movies and TV| How real is it?” shows that movies can influence our understanding about cybersecurity in both positive and negative ways.  Some of the movies provided an accurate portrayal of cybersecurity while others misrepresented cybersecurity.  For example, in the movie “Wargames” from 1983, the ease of locating passwords and hacking into accounts by login is a true representation of cybersecurity that can easily happen.  The movie “The Fate of the Furious” from 2017, was based on a real world hack, however, it is not very realistic today for a hacker to get into lots of makes and models of cars.  Remotely turning on the ignition is not easy to do today, but as cars become more connected it could become more possible unless cybersecurity finds alternative solutions.

Journal #9

I scored a 0 on the social media scale which indicates I have a healthy use of social media.  The problems listed in the scale appeared to measure a person’s level of addiction to social media.  I thought they were very relevant and could be helpful to struggling people.   Life in the USA today is social media based.  While on a surfing retreat one spring, I noticed my “friend” constantly staring at her facebook page while ignoring the people around her.

Different patterns may be found around the world due to various reasons such as culture, lack of technology, and political limitations.  Japan uses social media, but less than the USA as school and work are high priorities. 

Journal #10

Social cybersecurity is an emerging field in the military and is different than traditional cybersecurity because humans rather than technology are the target. Social media can be used to create division between people, races, allies, and religions which can weaken a nation’s military response when needed.  After the War on Terrorism, the US military realized the need to shift from physical warfare to technology enabled warfare to influence people.  Fake news in the individual hands of users is becoming a serious problem that is difficult to control without violating the freedom of speech. Multiple social-cyber maneuvers also exist that can influence a group or nation.  For example, in Ukraine adult content-sharing accounts were created for young men and then pro-Russian rhetoric was injected into the group.  It is crazy to think this is happening and will certainly make warfare dangerous and challenging.

Journal #11

A cybersecurity analyst is the first line of defense for the network and responds to
intrusion detection, phishing attacks, vulnerabilities, etc. They may also provide
education, engage in research, and place patches. The presenter mentioned that job
hours are 24/7, which means cybersocial attackers also work around the clock. It is
important for cybersecurity analysts to educate as the user is the most important link to
a cyberattack which can often be prevented. Cybersecurity is in high demand as the
need for user awareness is huge according to the video. Attackers are always coming
up with new phishing emails and vishing messages. The analyst must also work with
cross-functional teams to investigate incidents and ensure security.

Journal #12

Two economic theories to consider for the sample breach notification reviewed include Rational choice theory and Laissez-fare economic theory.  In Rational choice theory, businesses make choices that are in their best interest.  Glass Washer Parts follows this theory by using a platform provider who works with a leading cybersecurity firm to remove the malware and also to monitor the platform and safeguard personal information.  They also notify potentially affected clients about the breach with recommendations for personal information protection.  The Laissez-fare economic theory does not believe in government intervention unless there is a need to protect a person’s alienable rights.  This is illustrated in the breach as the platform provider is cooperating with law enforcement.  The company also had to wait to notify clients of the breach until law enforcement could investigate.

Two social theories to consider for the sample breach notification reviewed includes Objectivity and Parsimony theory.  In Objectivity, study and analysis takes place without any bias.  For this breach, the company delays notifying their customers about the breach because they needed time to investigate and determine the extent of damage.  This ensures they can give clients the most accurate information.  In Parsimony, explanations are as simple as possible.  This letter is very simple and clear so that all customers of various education levels can easily read and understand.

Journal #13

HackerOne data was researched to determine the benefits of a bug bounty company.  Bug bounty advocates argue that they save money for businesses, especially those that may not be able to afford to find their own bugs.  The findings of the research concur with their argument.  Research found that hackers are motivated more by experience, reputation, and altruism than they are by money which makes the bug bounty companies affordable.  The reputation and revenue of the company did not have an economically significant impact on reports received.  Bug bounties are effective for companies of all sizes and there is a positive effect on revenue.  Hackers did not work in healthcare and finance as much as in other industries, but this is most likely attributed to the fact that these industries must employ cybersecurity measures to protect highly personal data.

Journal #14

Andriy Slynchuk writes an interesting article regarding eleven things we do online that could be illegal. Five of the offenses struck me as serious: Using unofficial streaming services, sharing photos of others, using copyrighted images, and collecting information about children younger than 13.  Most concerning, many people may participate in these activities without realizing they are considered illegal.  Many people use unofficial streaming services because they are free, however, they are also an opportunity for threat actors to steal personal information.  Although free, they are a violation of copyright laws.  Many people also engage in photo sharing without asking for permission.   Although acceptable in public locations, taking a picture of someone and posting on the internet is illegal in private locations.   Most people take pictures of friends and share on social media in private places without asking permission.  Permission should be asked as some people may be sensitive and it is certainly more polite to ask first.  The use of copyrighted images is also quite common, and it is very easy to copy and paste an image from the internet anywhere.  My team at work does this often for birthdays and even team projects, however, we should be providing a citation.  Of course, collecting information about children younger than 13 is illegal and many internet marketing techniques targeted children until the Children’s Online Privacy Protection Act was passed.  This is very disturbing because data collected about children for marketing purposes could get into the wrong hands and potentially exploit children.  Although parental consent may be obtained, I think parents should still be cautious due to security issues today.        

Slynchuk, A. (2021, June 1)  11 Illegal Things You Unknowingly Do on the Internet.  Clario.          

Journal #15

The TED video with Davin Teo was very interesting to me as I think I would really like digital forensic investigation.  He mainly provided the technological details considered in digital forensics, but he did mention that they often go into an investigation with legal counsel.  He also mentioned that in the digital forensics they deal with emails containing death threats.  This is a good example of the relationship between cybersecurity and criminology as the digital forensic investigator will need to understand criminological theory to better understand the criminal and victims.  This is why cybersecurity professionals need to understand political science/law because they often must relate to and speak the language of legal counsel.  He has an interesting background and was an accountant by profession.  An accounting practice wanted an accountant who could also help with IT which he had also tinkered with. He took the first digital forensics investigator position in Australia and found his passion.