Journal entries
WEEK 1
Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.
After looking over the work roles section provided for this assignment I’ve determined that the “Security control assessment” role would be the most interesting to me. I believe this one will be the most interesting to me because I want to do penetration testing. I feel like the task of the Security control assessment team would be most similar to that. For which work role that I may find the least interesting would be “Cyber security legal advice.” This is mainly because I simply do not know the legality of cyber security and I honestly rather not have to learn much more than what I already know.
WEEK 2
Explain how the principles of science relate to cybersecurity.
The principles of science contribute to cybersecurity in many different ways. For instance Parsimony which is when scientists try to keep their explanations as simple as possible. This is very important in cybersecurity because there is so many different bits of information that people who are not in cybersecurity would understand. Especially any types of coding setups or shortcuts that would be stated in something like a presentation. People that aren’t coding literate would have absolutely no idea what they are talking about. It’s very important to do especially when you are trying to teach people new to the topic.
WEEK 3
Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.
Cybersecurity researchers can use the entries found on “Privacy Rights.org,” to help discern what hackers may be after. They can use the information found on the website to help create a chart of the most hacked data type or even most hacked type of companies. This will allow for the cybersecurity department for another company to know what they should focus their efforts on when it comes to making sure things are protected. For example, if a company is starting to build themselves up they can use the information found on the website to prevent any early hack on them.
WEEK 4
Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.
Maslow’s hierarchy of needs states that all humans have needs that fall into one of the needs listed on the pyramid. Starting from the bottom of the pyramid, Physiologically I do not need technology to live though it does help make life easier. For security needs, especially in recent times most forms of money have become digital and are kept securely in digital bank accounts so I do technology for that. Now for intimate relationships/friendships, technology is very important for these things because it allows me to still talk to people that I may not see everyday. Next for Esteem needs I can use my computer to enter video game tournaments for money which will give me a sense of accomplishment if I win them. Finally for self-actualization needs I can use technology to further my understanding of my career path.
WEEK 5
Review the articles linked with each individual motive in the presentation page or Slide #4. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
The individual motives we spoke about in class are: Entertainment, political, revenge, boredom, recognition, for money and multiple reasons. I believe that “multiple reasons” make the most sense because I feel as if it is more common to mix multiple of the seven motives than to just pick one. Next I believe “for money” makes the most sense. I say this because most people’s actions are for money after a certain point in their lives. Thirdly, I believe that “revenge” makes the most sense. I’ve heard a lot of stories of the lengths people will go for revenge. Fourth, I believe that “recognition” makes the most sense. People often do extra work at their jobs for recognition. Fifthly, I believe that “Entertainment” makes the most sense. A lot of people will spend extra money on things to make their experience more entertaining. Sixthly, I believe that “Political” makes the most sense. Politics are constantly seen doing extra things to make sure they have the best chance to win their election. Lastly, I believe that “Boredom” makes the least sense. I do not understand why people do large scale things just because they are bored, it does not make sense to me.
WEEK 6
Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?
I personally think that fake websites are pretty obvious for someone like myself who has been online for most of their life. Fake websites are usually emailed or sent to you by an unknown sender with little to no description of what the link contains. Another way to tell is within the link itself, there may be small spelling errors. For instance a website may say something like “www.BankOFamerica.com” when it is supposed to say “www.bankofamerica.com.” Then finally another way to tell is if you have already clicked on the link, the overall quality of the website will be very poor and there may also be a lot of pop ups that they hope to get you to click on.
WEEK 7
Review the following ten photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s).
Human-centered cyber security framework prioritizes the needs, behaviors and capabilities of the developers of the security measures. It recognizes that technology alone is not the only thing that can ensure the security of people’s data. This idea involves the understanding of the developers, what they need and addressing usability issues. You can use these things to help better security programs because just using digital input alone is not as good as using digital and human input together. My meme’s I’d say contribute to these values because while working from home it promotes understanding of my situation, what I need to be comfortable with and it addresses the usability of the software I’ll be using.
WEEK 8
Watch this video and pay attention to the way that movies distort hackers. https://www.youtube.com/watch?app=desktop&v=6BqpU4V0Ypk After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity
In the video most of the examples that were presented by Karen Elazari, she deemed over exaggerated. I would agree with this because most if not all topics found within movies or anything mainstream are extremely blown out of proportion. For hackers specifically in mainstream media they have given them the stigma that they are all nerds in black hoodies, that sit in the dark with their face a foot away from their computer screen. Though in reality that is probably a very low percentage of hackers. In conclusion, the image around hacking in the media is completely overexaggerated.
WEEK 9
Watch this Video: https://www.youtube.com/watch?v=Zbqo7MGVElw Complete the: https://www.brieftherapyconference.com/download/handouts/Tobi-Goldfus-Social-Media-Disorder-Scale.pdf How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?
For the Social Media disorder or SMD test I got a zero out of nine for my score. I personally think that the items on the scale are quite ridiculous. I feel as if these ratings are almost unachievable for adults because you have much more to worry about in your own life than things on social media. I think that there are different patterns found across the world because of the stark differences people have on internet usage as a whole. Everyone has their own opinions on how it should be used and for how long it should be used.
WEEK 10
Read this and write a journal entry summarizing your response to the article on social cybersecurity https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/
I think that this is a very interesting article. It talks about things that I personally have been wondering about which is how important is cyber security going to be in future warfare. With the world becoming more and more digital I feel like a conflict between the major powers of the world will become less physical and more digital. I feel as if the power that will come out of the battle the winner will be the power that was able to defend itself the best from cyber attacks. With the rise of artificial intelligence on the very near horizon I feel being able to protect valuable digital information will be more important in the near future.
Watch this video: https://www.youtube.com/watch?v=iYtmuHbhmS0 As you watch the video, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.
Within a cybersecurity analyst job, I found that there are a lot of social themes that show how important human interactions are for cybersecurity. The biggest theme that I found was how important teamwork is. A lot of the job is you being able to work with others and relay important information between them. Ms. Nicole Enesse in her video stated that there were many different jobs that a cybersecurity analyst could be doing depending on the company they are working for but they all at some point require you to be involved within a team. This shows how cybersecurity professionals need to adapt to teamwork.
WEEK 11
Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.
Two economic theories I found within the article are:
Rational Choice
The company waited to notify the company’s customers that there had been a data breach. Doing this put the company’s best interest first because if they had not waited they could’ve easily lost a lot or almost all of their customers due to the data breach.
Classical economy
The classical economy places a lot of importance on the protection of an individual’s right to privacy of assets. The breach violated these rights.
Two social science theories I found where
Deterrence
By announcing that the data breach had been discovered this will lead to other hackers to be wary next time because they probably have upped their security
Routine activities theory
The RA theory states that there must be three things that must be present to commit a crime. Motivated offenders, absence of capable guardians and a suitable target. This crime had all three of these.
A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The policy of bug bounties is quite an interesting one. It tasks hackers to professionally hack an institution to find “bugs” within the system. These “bugs” are basically just weaknesses within the system. This policy benefits both the hacker and company by taking part in it. The policy allows these hackers to use their skills in a legal way and earn recognition which could then lead to them finding a well sustained job. It also allows the company to use what the found from the bounty to increase their security which will overall allow the company to be more secure for their customers.
WEEK 15
Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career. https://www.youtube.com/watch?v=Pf-JnQfAEew
In Davin Teo’s Ted Talk he speaks about his entrance into the digital forensics field. Digital forensics is used to find and identify materials found within digital items. This process can take hours or maybe even days. They need to use social science principles like psychology to help them understand and perform their job. Davin Teo had an interesting pathway into digital forensics. He got into the field due to his dad and his interest in IT. He was able to work in the very first national digital forensics that was in Australia which opened a lot of doors for him and his career down the line.
ARTICLE REVIEWS
ARTICLE REVIEW 1
The Electronic Contract in Civil and Commercial Codes
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/267/95
Introduction
The article “The electronic contract in civil and commercial codes” by Ahmad Mahmoud Al Masadeh, Ahmed M. Khawaldeh, and Mohammad assaf Al-salamat takes a look at the evolution and legal building blocks surrounding electronic contracts. This article review will explore how the topic relates to social sciences and much more.
Social science connections
The discussion of electronic contracts comes into contact with various social science principles, specifically when it comes to law and economics. The idea of being about to sign contracts online highlights how our economy has started to become even more digital as time passes. Electrical contracts also involve an understanding of our legal system.
Research questions
The article poses significant research questions, one being how electronic contracts are treated under existing civil and commercial codes. A main hypothesis is that the current legal guidelines may not be able to fully address the unique challenges posed by electronic contracts. Specifically it may be hard to enforce them and provide protection for the consumer.
Research methods
The authors researched existing laws and regulations related to contracts in various areas of effect. This analysis of legal procedures regarding the topic provides a comprehensive overview of how different legal systems adapt to the challenges posed by digital agreement.
Analysis
The author’s analysis focused on legislative texts, case law and others. This illustrated the varying degrees of acknowledgment, acceptance and regulation of electronic contracts. Their findings suggest that while many legal systems recognize electronic contracts, gaps remain in consumer protecting and enforcement of these contracts.
Relates to class
This article relates to topics we spoke of in class like marginalized groups.
Challenges for marginalized groups
The article highlights that marginalized groups often face digital divide when having to access these electronic contracts. The digital divide includes but is not limited to access to technology to even view the electronic document or an understanding of technology to complete the document These barriers can emphasize existing inequalities which in term shows the need for inclusivity.
Conclusion
In conclusion, this article contributes to a nuanced understanding of electronic contracts within civil and commercial codes or laws. By creating an understanding of legal gaps and focusing on marginalized groups, the authors provide an insight that can help policymakers in the future.
ARTICLE REVIEW 2
Cyber Victimization in the Healthcare Industry: Analyzing Offender Motivations and Target Characteristics through Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT)
https://vc.bridgew.edu/ijcic/vol7/iss2/2/
Introduction
The article “Cyber Victimization in the Healthcare Industry: Analyzing Offender Motivations and Target Characteristics through Routine Activities Theory (RAT) and Cyber-Routine Activities Theory (Cyber-RAT)” by Yashna Praveen, Mijin Kim, and Kyung-Shick Choi explores the critical issues of cyber victimization in the healthcare system.
How it relates to social sciences principles
The topic of cyber victimization in healthcare intersects with various social science disciplines. Particularly sociology and criminology. It addresses the societal behaviors using criminology surrounding crime in a digital light and highlights vulnerabilities in institutions. Understanding the motives of these criminals using criminology allows for said institution to prepare security to prevent attacks.
Research questions
The study centers on what motivates offenders to target the healthcare system. What characteristics make certain healthcare institutions more vulnerable to cyber attacks? The author hypothesized that criminals are motivated to attack healthcare systems because they have exploitable gaps in cyber security and a lack of effective security measures.
Research methods
The authors utilized case studies of recent cyber attacks in healthcare sectors. This method enabled them to analyze specific instances of victimization which provides contextual insights into offender behavior.
Analysis
The data found from this study consisted of document cases of cyber attacks, talks with cybersecurity professionals and analysis of existing cybercrime within healthcare. The authors analyzed attack patterns and institutional vulnerabilities.
Relates to class
This article relates to class by using wordage we spoke about in class. It goes over motives for cyber crime and why people decide to do crime. Recently in class we spoke of economics and how it has to do with cybersecurity. The economics of the health industry make it such a big target for cyber crime. There is also probably whaling that health institutions have to deal with. This article also goes over motive identification for cyber criminals. Finally this article goes over mitigation of cyber crime.
Challenges for marginalized groups
The problem presented by cyber victimization in healthcare disproportionately affects marginalized groups. These marginalized groups rely on the services provided by these healthcare institutions to keep their information private and safe. The vulnerability in the institution causes them to be more vulnerable than others due to how marginalized they are. They are also affected by this because if their information is leaked then they may not be able to receive health benefits later on.
Conclusion
The article makes a significant contribution to understanding cyber victimization in the healthcare industry. By linking offender motivations and target vulnerabilities through social science research, the sheds light on the importance of high level cyber security.
CAREER PAPER
In general, cybersecurity is an interdisciplinary career path. You will need a collective understanding of technical, academic, and research-focused disciplines. Cybersecurity is a job that is relevant to keeping the social and private lives of people safe. Even with the need to understand software and hardware technology, you will still need to understand the social sciences and social dynamics of people to excel in this field. The ability to understand social sciences will provide someone in this career with a heightened perspective when it comes to understanding complex problems and fixing those problems. With that being said, cybersecurity is growing immensely very quickly so it is important for people who want to get into cybersecurity to learn these social sciences. From 2022 to 2023 the employment rate of cybersecurity professionals increased by 33%. This rate will continue to grow as the need for the protection of digital information rises. The cybersecurity field has many specifications, for instance, a few job titles are Security analyst, Penetration tester, systems admin, cyber policy maker, cybercrime researcher, and much more.
One cybersecurity profession that I am personally interested in and that requires an understanding of social sciences is cybersecurity penetration testing. A Penetration tester is a professional who is hired by a company to test their firewalls against would-be perpetrators. The Penetration tester would act as the hacker that is trying to break through a company’s defenses. This in itself will require the tester to have an understanding of the social science, criminology. They are to know, understand, and replicate the way a criminal would be thinking when trying to break into a firewall. They must be able to act like a criminal to do their job which requires an understanding of them. They can also do tests on personnel at the company to make sure they are not falling victim to phishing or whaling attacks. Phishing attacks are simple scam messages that are meant to get the recipient to click on a link or give them information while being disguised as someone else. Whaling attacks are very similar but they impersonate someone that is within the company who has high standings. This will educate the workers about victimization and what they do to protect themselves from becoming victims of cybercrime in their own lives as well. Teaching them to understand victimization will show the the workers what they could be doing to make themselves a victim to cybercrime and what they could do to change it.
Penetration testers are very important to marginalized groups because they are the people who are making sure that their information is not tampered with. These marginalized groups can be more susceptible to these cybercrimes because they are already pushed onto the edge of society. Some problems that these marginalized groups already face are limited access to good healthcare, employment opportunities, and general systematic disadvantages. These penetration testers are testing to make sure that there is no way that these marginalized groups are under any more distress than they already are by protecting their digital information.
Penetration testing is in an interesting position when it comes to its interaction with society. Some people see the profession as just hackers who are hacking for the right reasons. They may not inherently trust the worker because of the skills that they have to do these penetration tests. At the same time though they are a necessity when it comes to keeping information safe because of the information that they provide to companies to keep their security up to date.
References
https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm