CYSE 201S

Article Review #1

Career Paper

Week #1 Journal Entry

Through the seven different areas in the NICE framework, i feel id like to focus my career on either oversight and governance or investigation. Id choose oversight and governance because i feel its a great way to squeeze my way into the government and get a security clearance which would give me more credibility and would open me up to many new job opportunities. I feel like also managing and advocating using risk management would be interesting. For investigation, i feel like id be interested in it as ive always wanted to be a cop or detective, and being able to investigate attacks or suspicious cyber activity among an organization. I feel like the one that would appeal the least though would be operating and maintaining as this would require a large amount of time and effort because you have to constantly pay attention to what’s occurring and what needs change.

Week #2 Journal Entry

The principles of science relate to cybersecurity in many ways. Empiricism could potentially be collecting data or monitoring network traffic to develop better defense mechanisms. Determinism could potentially be the idea that certain cyber incidents arent random and that they are the result of a specific action or vulnerability. Parsimony relates to the idea that things should be straightforward and put into the simplest form so there’s no room for error. Objectivity could potentially be making sure that everything is unbiased and reliable. Falsifiability could entail that programs/framework systems etc. should be tested to their maximum potential to make sure they are strong. Reproducibility could entail that solutions that are found are able to be found again. Reliability could mean that measures made are reliable and perform consistently. Validity could be security measures that accurately perform what it was designed to do. Lastly, Generalizability could mean that a solution is open to a wide range of scenarios.

Week #3 Journal Entry

Researchers might use the information available on the privacy rights website to study breaches because it has many different studies available on breaches. This automatically allows people studying breaches to have access to many different breaches that have already happened so that they dont have to experience it firsthand to figure it out themselves. This means if they ever come into contact with the breach, they will already know due to the information available on the website. The website also has information available about data breaches that occur in different states, times, industries, laws etc. Accessing this website also gives you access to a list of data breaches, shows the type of breach, which company was affected by it and how many people were affected by it.

Week #4 Journal Entry

Maslow’s Hierarchy of Needs has 5 stages: Self-Actualization, Esteem, Belongingness and Love, Safety, and Psychological. For Self-Actualization, I indulge in taking online courses to learn more about Cybersecurity. For Esteem, I use an app on my phone called Strava which tracks my running progress and set goals over time. For Safety, I use two-factor authentication for most of the applications that align with my ODU account. For Belongingness and Love, I use my text app to have easy access to get in touch with friends and family. And for Psychological, I use an app on my phone called uber eats that allows me to access food through a delivery process that takes roughly half an hour to an hour for food to be delivered right to my doorstep.

Week # Journal Entry

Through reading the example articles and thinking about each motive that is provided I
have ranked them in a way to which i believe they make the most sense. First off, I put
money first; simply because no matter what your socioeconomic status or place in society
everyone needs money to be able to live. Not only do we need money to live but it allows us
to buy things we desire. For the second motive I selected recognition because i feel like
people tend to want fame to be known or to be wanted in general, many people to know
their face. I put political in third place because someone might want to hack so that a
politician can get the upper hand in a political race and ultimately win in the end. Next,
multiple reasons, I feel like someone whose hacking will hack for multiple reasons at a
time let’s say money and revenge is insane as they can do two things at once from the
same hack. After this i had Entertainment, this underlies graphic content and just the idea
that someone hacks to get access to said content or maybe pirating it for profit. Lastly, i
put boredom last because there is a very small amount of people that hack for boredom
because most people that know how to hack use it for their occupation or use it for ill
intentions not just because.

Week #6 Journal Entry

Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source].

Randomly searched these websites no sources involved

– 1: All About Explorers

– 2: Martin Luther King Jr. – A True Historical Examination

– 3: Save The Pacific Northwest Tree Octopus

Compare the three fake websites to three real websites and highlight the features that identify them as fraudulent.

Note: Don’t generate or click on unwanted/fake websites on your web  browsers. Use examples from your sources to demonstrate what specific characteristics make these websites fake.

Week #7 Journal Entry

I created a Meme of my own, i feel like this meme relates to the human centered cybersecurity framework because you either go one way or the other. One way being the option that you choose to stay uneducated on the framework and different protocols to ensure that your workplace is endanger of being insecure, this is the option that the vehicle or you choosing which way to go doesn’t go. The way that the car or you is actually going is the option going towards the off ramp which is the right way being that you chose to become educated on the frameworks and different protocols which creates a safer workplace environment.

Week #8 Journal Entry

After watching the video and listening about the multiple topics that were discussed, I realized how much media shapes our understanding of cybersecurity. The video shows that many hacking scenes are exaggerated for drama which makes hacking seem easy and fast. It explains real concepts like Spearfishing and Capture the Flag Competitions, but in my opinion most scenes mislead viewers about real hacking including myself. This can make people either too scared or not concerned enough about hacking and what it has to do with cybersecurity. Even though there are some inaccuracies, they can still spark interest and encourage people to learn about it. The video also stresses about how as someone researching you should find reliable information and think critically.

Week #9 Journal Entry

In the scale I scored a 2 out of 9, according to the scale I lie between 2-5 so I am using social media at a risky level. I think the Items on the scale were only relevant to someone who is addicted to or a heavy user of social media in today’s world. I feel like different patterns are found across the world simply due to the fact that different countries limit social media use or even block some platforms due to the weight it would carry on the population and some are completely open to it and allow anything like the US due to its first amendment allowing freedom of speech.

Week #12 Journal Entry

The data breach sample letter is tied to two economic theories which are information asymmetry and negative externality. First off the company is showing information asymmetry as they knew about the breach way before the customers knew about it but helps close loose strings by letting the customers know. Secondly, the data breach is a negative externality on the customers as a huge cost that isn’t relevant to the customer was inflicted on them. And for the two psychological theories that are tied to the sample are cognitive dissonance and trust and distrust. Customers might experience cognitive dissonance or discomfort when they find out their data isn’t secure, but the letter helps fix things by giving the customer steps to make sure that their data becomes secure and protected. Lastly, trust and distrust show how the company is trying to rebuild trust by being honest and clear with them and explaining what happened, what the company is doing to fix the problem, and what the customer can do to protect themselves if it were to happen to them.

Week #13 Journal Entry

Bug bounty policies compensate white hat hackers or ethical hackers that search for weaknesses in an organizations security systems. These policies are based on the cost and benefit approach. The article talked about how bug bounty programs have the potential to help organizations find more vulnerabilities by using cyber professionals. The research shows that bug bounty programs help companies find more vulnerabilities and hire professionals that have a broader knowledge on security. The article also shows that hackers are motivated by factors other than money, making these programs useful even for the companies that dont have large budgets. Company size and reputation dont really affect the number of reports received, which means these smaller companies can benefit from it too. But the number of valid reports can vary by industry and decrease as the program gets older.

Week #15 Journal Entry

He started out with a passion for computers and collaborated with his accounting firm, they were looking for an IT support person. He filled this role and quickly got himself a spot in the top 4 accounting firms. This most likely got him into the digital forensics field. As technology progressed, he got access to things that assisted his career like a digital camera that would take screenshots of the monitor, and he would put it on a floppy disc to be used as evidence. He talks about his career as it was his hobby, he gets excited over getting a hit on an IP address that matched what he was looking for. He found that someone in the IT department had breached the companies database and how he worked with phishing emails that entailed death threats. Moral of the story is he got into his field because he has a hobby for his work, starting out as someone who loved computers and turned into someone who became proud of catching digital criminals.