Examining the Social Networks of Malware Writers and Hackers
The article relates to the principles of social science because it talks the community of malware writers and hackers and how they go about sharing information between though their social networks. The objectivity in the article is the way it is stated about how malware writer and hackers communicate with each other and how their community is set up based off their abilities to provide information to others and it doesn’t promote or criticize their actions for doing so. The parsimony in the article its ability to simply discuss how the malware writers and hacker community comes together and gives characteristics of the types of peoples that happen to be in these types of social networks. The hypotheses of the article is that there is a speculation that the hackers who are the best skilled play a very key role in hacker social networks in which other hackers look to them. Knowledge that is already known about the hacking and malware community is that there aren’t many skilled hackers, though it’s uncertain of their interaction and their positioning in relation to others in the community.
The research method used was blogs. The types of data and analysis done was an assessment of the social networks of the malware and hacking community in Russia and Eastern Europe. It was a sample of 336 people who had constant interaction with an account on a commonly used social networking site that happens to be very popular in Russia. The base level of relationships were formed based on mutual friends which means both users have each other added, friends which means a user was added by another user with no reciprocation of a tie from the other user, and a friend of which is a user has been added by another user in which they weren’t added in return. This information was used to create social networking structures of hacker groups.
Each of the usernames and their contact information provided were then used to start Google search queries to determine their association within the hacker community. The results were then used to create a risk index for all of the users based on their involvement in the creation, distribution, and use of malicious software and hacking techniques. In all, 70% percent of the users had no perceived risk, 19% percent were in the second risk category, and 6.3% were in the high risk category. Concepts like archival research relate to the article because they used blogs in order to gain information about users in a malware writer and hacker community. As well as the relationships between the users. The topic relates to the challenges, concerns, and contributions of marginalized groups because these communities are affecting the broad population of computer users and essentially finding different ways to victimize people for their own personal gain. The overall contribution of this article is to gives a perspective on communities dealing with malware writers and hackers and how they communicate to one another. As well as who has a lot of power in these communities, how they are helping each other, and what their intentions are with information they are sharing with each other.
The Concept of Cybersecurity Culture
The article relates to the principles of the social sciences because it talks about the increased number of cyberattacks and how the human factor is often overlooked by organizations. The determinism in the article is how individuals are also responsible for maintenance of the security and vigilance of a culture at work and humans do pose a threat. Which increases the risk of vulnerability of protection of information which then could lead to cyberattacks. The parsimony in the article relates to it addressing the problem of how humans are making protection more vulnerable and the need for a cybersecurity culture. The hypotheses of the article is, according to Gzaca and von Solms (2017), cybersecurity culture is found to be an ill-defined problem that lacks widely accepted key concepts that delimit the culture. They also believe that it is partly due to the concept being subject to different researchers’ perspectives and contexts of applications.
The type of research method used was a narrative literature review. The types of data and analysis done was a literature search that was performed utilizing electronic journal databases that are accessed by the Institute of Energy Technology (IFE) researchers. The databases used were Google Scholar, IEEE Explore, ScienceDirect, SpringerLink, and Elsevier. Then a general web search was used for a relevant published literature which was the Google search engine. The searches were used with keywords like “safety culture”, “security culture”, “cybersecurity culture”, “culture maturity model”, and “information security”. A total of 83 documents had been identified, and 59 were selected to be screened.
A second search was done which was done to result of interest was to point out dimensions of cybersecurity culture in organizations. The search resulted in a total of 391 papers, and 70 were chosen as relevant for abstract screening. It was 59 papers that were happened to be selected for full review. Among the ones selected four papers had overlapped with the ones from the first search and in total 69 papers were reviewed. Concepts like archival research and multi-method research are related to the article because they used a narrative literature research, information from databases and keywords for their data. The article relates to the challenges, concerns, and contributions of marginalized people because it is directed at humans and how they can be a liability to security more than an asset. It is up to the organization to help train and educate their employees to help mitigate risks of cyberattacks happening. The overall contribution of this article is it helps gives addresses the issue of humans being a liability when it comes to cybersecurity and gives solutions on what can be done to help improve the problem and help protect information.