Journal Entries

Journal Entry 1

January 21, 2025

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Some of the areas that I found on the NICE framework to be interesting are Implementation and Operation (IO) and Protection and Defense (PD). I would likely focus my career on the Implementation and Operation category because I believe that ensuring systems are up to date and functioning efficiently is essential for maintaining a safe and secure work environment. It is especially crucial to monitor system activity to detect any potential threats or abnormalities so that systems can operate smoothly without disruption. The area that appeals the least to me is the Cyberspace Intelligence (CI) category, as I am more inclined toward defending and maintaining systems rather than gathering intelligence. 

Journal Entry 2

January 29, 2025

Explain how the principles of science [Empiricism, Determinism, Parsimony, Objectivity etc.,] relate to cybersecurity?

When it comes to the principles of science, it can help create a more broad and deeper understanding of the field. Relativism, objectivity, parsimony, empiricism, ethical neutrality, determinism, and skepticism all play important factors in cybersecurity because cybersecurity often involves the scientific and research process to study and understand it. Relativism helps in providing how developments in technology lead to changes in different fields such as education, healthcare, or criminal justice. Ethical neutrality, determinism, and skepticism allow room for different viewpoints that hold no bias, and in cybersecurity, it’s important to consider these factors to ensure a fair and balanced approach to problem-solving. The principles help establish an ethical, neutral thinking that can ultimately guide professionals in finding knowledge and making decisions.

Journal Entry 3

February 6, 2025

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

The website Pirvacyrights.org showcases many resources regarding online privacy, such as privacy laws, data breach reports, and information on data brokers. It collects publicly available information on data breaches into a database, which includes statistics, graphs, and a map where data breaches have occurred. This information is useful to researchers studying data breaches because it provides information on past incidents; understanding the history behind data breaches can guide researchers in identifying patterns or trends that may have led to a breach and can potentially help prevent future incidents. Additionally, being able to track the industries affected, the methods used to cause a breach, and an archive of data breach reports can build an understanding of how data breaches evolve over time.

Journal Entry 4

February 13, 2025

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Physiological Needs

Technology is integrated into every aspect of my life. I carry my
phone and my laptop with me everywhere I go. My phone is important in order to communicate
with my family. I also need my laptop to complete my school assignments, check the news, or
respond to emails.


Safety Needs

I feel more secure if the devices and sites I use are protected and
secure. Having two-factor authentication with my accounts gives me a peace of mind knowing
that there’s extra security.


Belongingness & Love Needs

I’m able to keep in touch with friends and family with
technology, such as being able to call and message them, and staying connected through social
media.


Esteem Needs

The Internet, in particular social media sites, has affected my esteem in
positive and negative ways. My esteem would boost whenever I would gain likes and followers.


Self-actualization

Most of the hobbies I enjoy often rely on technology and the
Internet, such as playing video games and drawing digitally. Being able to draw digitally has
helped me evolve as an artist and made me more enthusiastic towards the hobby. The Internet
has also helped me discover new ways to learn and find new skills, whether it’s related to my
hobbies, my education, or my future goals.

Journal Entry 5

February 20, 2025

Review the articles linked with each individual motive in the presentation page or Slide #4.  Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7).  Explain why you rank each motive the way you rank it.

Rank 1: Multiple Reasons

There can be multiple reasons why someone decides to commit cyber crime. It can be a combination for profit, recognition, or to fulfill an ego. 

Rank 2: For Money

Cyber crime racks in a lot of profit which can motivate cyber criminals to go down this path. There is business when it comes to cyberattacks, where activities like selling stolen data can bring substantial financial rewards.

Rank 3: Political

Political is placed in rank 3 because a lot of cyberattacks stem from other countries (such as Russia or China). There are also hacker groups that aim to either bring political change or to spread a message, such as Anonymous. 

Rank 4: Recognition

Everyone wants to be recognized for their achievements, especially when it comes to something that requires a lot of skill, such as hacking. Being able to be recognized by those who are also in the top can be a strong motivator for some people.

Rank 5: Revenge

Revenge is placed in rank 5 since I believe committing a cyber crime out of revenge is less common compared to financial or politically motivated reasons, but can still happen from time to time because revenge is a strong emotional behavior. 

Rank 6: Entertainment

There are bigger and far more significant reasons to commit cybercrime than simply for entertainment. When someone finds something entertaining, it’s usually only temporary and doesn’t lead to something as big as cybercrime. Cybercriminals would rather seek something that would benefit them in the long term, such as money or influence.

Rank 7: Boredom

Boredom is placed at the bottom because it’s very unlikely that someone would commit cybercrime simply out of boredom. Boredom usually just triggers small actions just to pass the time. Cybercrime, on the other hand, requires more extensive planning and resources that takes more time to execute.

Journal Entry 6

February 27, 2025

Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source].

Compare the three fake websites to three real websites and highlight the features that identify them as fraudulent.

Note: Don’t generate or click on unwanted/fake websites on your web  browsers. Use examples from your sources to demonstrate what specific characteristics make these websites fake.

The first fake website is a website pretending to be USPS. The first thing that points out that this is a fake website is the usage of social engineering and request for a payment method. They request an urgent need for a package to be redelivered and in order to do so, you need to pay. The actual USPS website does not request for payment when there are delivery issues.

The second website is a fake PayPal login screen. The main thing that stands out to me is the website URL. It first says paypal.com, but the rest of the URL actually reads as confirmation-manager-security.com. The URL also does not have https in it.

The third fake website is impersonating the New York DMV. The main thing that I spot that indicates this is a fake website is by prompting the user to input some of their sensitive information and to have their SSN ready. The English is also a little bit off and is missing proper grammar, which wouldn’t show up in an official website.

Image Sources: https://www.aura.com/learn/how-to-identify-fake-websites#:~:text=just%20$3/month.-,Examples%20of%20Fake%20Websites:%20PayPal%2C%20the%20DMV%2C%20and%20USPS,your%20sensitive%20information%20without%20thinking.

Journal Entry 7

March 6, 2025

Review the following photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s). Explain how your memes relate to Human-centered cybersecurity.

Photo #9(https://unsplash.com/photos/person-holding-iphone-mgYAR7BzBk4

This meme relates to human centered cybersecurity in a way that users will often use simple passwords, such as something that relates to their personal life. When making password policies, users should be aware of the dangers weak passwords have and how to make a strong, secure password. When users are more aware of security risks, it will increase the overall security in an organization.

Photo #2 (https://commons.wikimedia.org/wiki/File:Summer_school_GLAM_giorno_1_1.jpg)

This meme relates to raising user awareness on phishing attacks, such as how to spot them and how to avoid falling for them. Raising security awareness helps people recognize threats, which will help strengthen the organization’s security.

Photo #13 (https://unsplash.com/photos/man-in-black-t-shirt-sitting-on-white-chair-TVxYoWzqdjs

Addressing what certain cyber threats look like, such as a phishing email, can increase security awareness amongst users. Having a focus on raising security awareness amongst users can reduce the amount of security incidents.

Journal Entry 8

March 20, 2025

Watch this video and pay attention to the way that movies distort hackers: Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It?. After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.

The media often over exaggerates hacking in movies and entertainment where the hacker is often portrayed as a genius who can hack into a system within seconds. They often portray hacking as something that’s really exciting and often involves hitting a few keystrokes before breaking into a system. In reality, hacking can be a long process that involves multiple steps and something that usually isn’t done overnight. The media also often portrays hackers as cybercriminals who hack with malicious intentions, however there are actually multiple types of hackers, such as ethical hackers who work for a company or hackers who are researchers. Not every hacker is a criminal as they usually are depicted in the media.

Journal Entry 9

March 27, 2025

Watch this Video: Social media and cybersecurity. Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

The social media score I got was a 3. I use social media pretty often but it’s not problematic enough to the point it’ll start straining my relationships. I believe the items on the scale are accurate to a lot of people when it comes to social media use and how it can affect their daily lives. Although some of the items do not relate to me, I can see how it can be relatable to someone else. The reason that different patterns can be found across the world is because different cultures and lifestyles can influence an individual’s social media use, such as where they’re located and how much access they have to technology. If someone lives in an area where access to technology is limited, then they may not have as much social media use compared to someone living in a first-world country.

Journal Entry 10

April 2, 2025

Read this and write a journal entry summarizing your response to the article on social cybersecurity: https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b

The article describes how social cybersecurity is an emerging threat that has taken more precedence than traditional cybersecurity, which often involves using technical measures to hack into systems. Social cybersecurity relies on using technology to “hack” into the human mind, and the article shows that it can be done through social media. This also applies to warfare where instead of traditional warfare, an enemy can be attacked by simply discouraging their population through the use of social media. Spreading information doesn’t require you to be in-person or to be a journalist, it can be spread anywhere and at any time in the digital world. This also includes misinformation and disinformation, which can be spread easily and believed by anyone who comes upon it. Spreading misinformation in the form of propaganda can bring damage to a country’s populace. Although it’s not physical, discouraging the citizens of a country can bring down their charisma and patriotism for their country. 

Journal Entry 11

April 2, 2025

Watch this video. As you watch the video, think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

One thing that points out to me in the video is how a cybersecurity analyst helps respond to phishing attacks. Phishing attacks relate with the social aspect of cybersecurity since it deals with social engineering and manipulating human psychology. Another aspect that stood out to me is user awareness. As discussed in class, security breaches mainly happen due to human error. This can occur due to falling for a phishing attack, having unauthorized access to a database, or having a weak password or login credentials. Therefore, in order to improve an organization’s security, a cybersecurity analyst should work on user training, such as increasing awareness on phishing and ensuring policy compliance, so that human error can be reduced. 

Journal Entry 12

April 10, 2025

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different psychological sciences theories relate to the letter.

Two economic theories that relate to the data breach notification letter are the rational choice theory and the Laissez-faire economic theory. The rational economic theory focuses on the company’s best interest, and for the company in this scenario, their main focus is their customers and their data. The Laissez-faire theory can also be applied since the definition of the theory explains how the government shouldn’t intervene in the economy, unless it’s to protect an individual’s rights. In this scenario, the government can get involved since it involves customer information being involved in a data breach. 

Two psychological science theories that relate to the letter are the Reinforcement Sensitivity Theory (RST) and the Neutralization Theory. The RST can apply to the perpetrator who had a financial goal in mind to steal customer credit card information. The Neutralization Theory can also be applied where the perpetrator will claim that the third-party company had “weak security”, therefore they should’ve expected to get a data breach.

Journal Entry 13

April 10, 2025

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

Ethical hackers and bug bounty programs are an effective way to address security issues within an organization that may not have enough financial resources to maintain a professional cybersecurity team. A bug bounty program can allow organizations to find a diverse set of hackers who are able to solve unique problems. Bug bounty programs can be beneficial to both hackers and the organization since it’s a great way for organizations to invest in finding vulnerabilities within their network while hackers are able to get their share for their work. It’s a mutual relationship that benefits both parties that allows for continuous improvement of cybersecurity defenses.

Journal Entry 14

April 17, 2025

Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

After reviewing the article, the five most serious offenses in my opinion are sharing passwords, addresses, or photos of others, recording a VoIP call without consent, bullying and trolling, faking an identity, and collecting information on children. I believe these offenses are the most serious because they mainly concern violating another individual’s right to policy or bring harm to another individual, especially when it comes to faking someone’s identity or collecting information on children. Additionally, sharing someone’s password, address, or their photos can be considered a form of doxing, and sharing information that is sensitive can eventually bring harm and harassment to that individual that can be long lasting and hard to undo.

Journal Entry 15

April 29, 2025

    YouTube Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

    When the speaker was describing how he became a digital forensic investigator, it was interesting to me that he started off in accounting and happened to get into digital forensics through mainly opportunities. He happened to have an interest in IT, and over time he joined a digital forensics team through an accounting firm. When it comes to digital forensics and the social sciences, the speaker mentions that you need to be covert and discreet in the field. Multiple other disciplines are integrated into digital forensics too, not just IT, but also the legal system. Digital forensics also deals with investigating crimes, so a digital forensics investigator needs an understanding in criminology and psychology to understand criminal behavior.