CYSE 201

Journal 1

Review the NICE Workforce Framework.  Are there certain areas that you would want to focus your career on?  Explain which areas would appeal the most to you and which would appeal the least.

Upon reviewing the NICE (National Initiative for Cybersecurity Education) Workforce Framework, I have identified three specific areas that align with my interests and career aspirations. Firstly, the role of a Security Auditor captures my attention due to my fascination with the regulatory and policy aspects of cybersecurity. The prospect of translating regulations into actionable measures and ensuring compliance within an organization resonates with my skill set and interests. Secondly, I am drawn to the position of a Cybersecurity Consultant for similar reasons, as it involves assessing risk factors within organizations and providing strategic guidance to address cybersecurity challenges. The dynamic nature of consultancy, tailoring solutions to unique client needs, is particularly appealing. Lastly, the role of a Cybersecurity Analyst stands out to me for its hands-on approach to mitigating risks. Actively engaging in monitoring and responding to security incidents, coupled with the technical skill application, aligns with my desire to be at the forefront of cybersecurity defense. While these roles strongly resonate with my interests, I find less appeal in areas that predominantly involve administrative or documentation tasks without a direct impact on shaping and implementing cybersecurity strategies. My career aspirations are centered around actively contributing to securing information systems and ensuring organizational resilience against cyber threats.

Journal 2

Explain how the principles of science relate to cybersecurity.

The integration of scientific principles into cybersecurity enhances our ability to navigate and confront the dynamic landscape of cyber threats. Like scientists collecting empirical evidence, cybersecurity professionals diligently examine real-world incidents and closely analyze network data. Cybersecurity mirrors hypothesis testing, as professionals rigorously test vulnerability hypotheses through simulated attacks. The importance of data analysis is evident in cybersecurity’s meticulous scrutiny of vast datasets from logs, network traffic, and system activity.

Reproducibility is echoed in cybersecurity through the replication of attacks to comprehend intricacies and validate findings. Peer scrutiny, like scientific peer review, ensures the accuracy and effectiveness of security research. Continuous learning is not just a virtue but a necessity in the face of evolving threats, demanding a proactive approach informed by the latest insights.

Modeling and predictions, fundamental in science, find their application in cybersecurity through sophisticated threat modeling, crucial for identifying and mitigating vulnerabilities.

Journal 3

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? 

Researchers leverage publicly available information on data breaches, that is found on websites like PrivacyRights.org, to conduct comprehensive studies that contribute to the understanding of cybersecurity landscapes. By analyzing patterns and trends over time researchers gain insights into the frequency of breaches, the industries most affected, and common attack methods. This information helps to identify vulnerabilities in systems and networks, contributing to the development of effective cybersecurity measures. Assessing the impact of each breach helps researchers understand the consequences for affected individuals and organizations. Comparative analyses between different breaches reveal variations in attack methods, response strategies, and outcomes, offering valuable insights into effective cybersecurity practices. Understanding the motivations behind data breaches aids in developing strategies to counteract specific threats. Researchers also examine legal and ethical considerations surrounding data breaches, including organizational responses, regulatory environments, and the effectiveness of data protection laws. While utilizing publicly available data, researchers must navigate limitations such as incomplete information and potential biases and adhere to ethical standards and privacy considerations in their analyses and dissemination of findings.

Journal 4

Review Maslow’s Hierarchy of needs and explain how each level relates to your experience with technology. Give specific examples of how your digital experiences relate to each level of need.

Maslow’s Hierarchy of Needs provides a framework for understanding human motivation and fulfillment. In today’s digital era, technology significantly influences each level of Maslow’s hierarchy, contributing to the satisfaction of various needs.

Physiological Needs:

Technology plays a crucial role in meeting physiological needs. Online telehealth services allow for convenient access to healthcare, while ride-sharing apps like Uber and Lyft enhance transportation accessibility. These advancements allow me to have access to have quick and efficient transportation solutions when the need arises.

Safety Needs:

In the realm of safety, I use secure online banking which ensures financial stability and protection. Technology enables encrypted transactions, fraud detection systems, and real-time monitoring, fostering a sense of financial security for individuals in the digital age.

Social Needs:

Technology has revolutionized social interactions. Social media platforms and communication tools, such as Facebook Messenger, facilitate connections with family and friends, bridging geographical gaps allowing to me communicate with family and friends overseas easily.  Additionally, online education platforms contribute to social needs by enabling continuous learning and educational interactions, enhancing personal development.

Esteem Needs:

In terms of esteem, technology platforms like LinkedIn offer opportunities for recognition and reputation-building. As a working professional I can showcase my achievements, skills, and expertise, creating a digital presence that contributes to my professional identity.

Self-Actualization:

Technology contributes to self-actualization by fostering personal growth. I can pursue diverse interests and hobbies through online resources, such as learning how to cook, training pets with online tutorials, and engaging in literature related to their field of study. Digital platforms empower individuals to explore their passions and achieve a sense of fulfillment through continuous self-improvement.

Journal 5

Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.

Money (Rank 1): This is the most common and understandable motive. Hacking skills are valuable, and cybercriminals can exploit them for significant financial rewards. Stealing data, deploying ransomware, or disrupting operations can all be lucrative enterprises.

Recognition (Rank 2): While not the primary driver, the notoriety gained from a successful hack can be attractive to some. The ability to showcase their skills, even through illegal means, can potentially lead to future opportunities, as the mentioned example highlights.

Multiple Reasons (Rank 5): Hackers can have a combination of motivations. Financial gain might be coupled with a desire for recognition, or a revenge plot could involve stealing money as well.

Revenge (Rank 6): Revenge attacks are fueled by anger and a desire to inflict harm. While causing damage might be satisfying, the consequences can often be unintended and widespread, as you rightly point out.

Entertainment (Rank 3): Some hackers might find the challenge and intellectual puzzle of exploiting systems to be entertaining. However, this is less common than the motives above.

Boredom (Rank 4): Boredom can lead people to try new things, but hacking requires significant skill and carries serious legal consequences. There are more constructive ways to combat boredom.

Political Activism (Rank 7): Hacktivism aims to make a political statement, but the collateral damage caused by malware and cyberattacks can be significant and often impacts unintended targets. There are more effective and legal avenues for promoting political causes.

Journal 6

How can you spot fake websites? Compare three fake websites to three real websites. What makes the fake websites fake?

Fake#1 abc.news.com.co

            Two glaring errors that point to this being a fake website is the incorrect font in the abc logo, and the URL has too many extensions at the end of the domain. ABC is a US based company and should have a ‘.com’ extension.

Fake#2 70news.wordpress.com

            Though the site itself is moderately professional in appearance, further investigation of the domain name would reveal that it is not a real news site. Most news sources do not host their websites on WordPress, which is where this news site is hosted.

Fake# 3 www.mousetrapnews.com

            This site has been known to produce fake news articles, as recently as last year an article from this site was circulated on social media reporting that Disneyland was considering lowering the drinking age at their parks to 18 years old. A quick google search, and you would realize this was a fake news site.

Real#1 https://forbes.com

            Looking at both the appearance of Fobes’ site, and its error free domain name—it is clear to be a real site.

Real# 2 www.google.com

            Google’s search engine, when typed into a URL bar it, pulls up the classic, well-known site and its domain is error free.

Real# 3 https://abcnews.go.com

            In comparison to the fake news site listed above, abc.news.com.co, https://abcnews.go.com has one domain ending “.com” and the site appears professional and contain the official ABC news logo.

When trying to determine the authenticity of a website, users should look at the domain name and look for spelling errors or unusual extensions at the end of the site domain. When on the landing page, users should look for a ‘professional’ presenting site, that again, is free of spelling errors and company logos should be free of errors and distortions.

Journal 7

Review the following ten photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s)

 

meme1.5

This meme captures the human tendency to prioritize convenience over security, especially when it comes to cybersecurity. The hipster represents many users who enjoy the perks of public Wi-Fi, like free internet access and a trendy coffee shop atmosphere. However, the meme highlights the internal conflict (nervous sweating emoji) that arises from the awareness of the potential security risks associated with public Wi-Fi. It emphasizes the human element in cybersecurity, where individuals have to make choices that balance ease-of-use with online safety.

 meme2.6

This meme reworks the concept of “shoulder surfing” for a human-centered cybersecurity message. Shoulder surfing refers to the act of stealing someone’s personal information by looking over their shoulder at their device. Here, the humor lies in the unexpected twist. We expect the peeking to reveal something private, but instead, it exposes a harmless detail – her shopping habits.

We often make choices based on what we perceive as immediate risks. In this case, the act of casually peeking might seem innocent. However, the meme reminds us that seemingly harmless actions, like sharing personal details online, can have unforeseen consequences. It highlights the importance of cybersecurity awareness in everyday life, where even seemingly minor actions can have security implications.

meme 3.5

This meme tackles the human-centered aspect of cybersecurity by highlighting the conflict between convenience and security. The man in the image represents users who prioritize a pleasant work environment (rooftop with a view) over data security. While enjoying the scenery, he experiences a moment of panic (freaking out) upon realizing he neglected to back up his files. This scenario emphasizes the emotional toll of cybersecurity lapses.

Human-centered cybersecurity focuses on user behavior and decision-making. The meme portrays a relatable situation where the desire for a unique work setting overshadows the importance of data protection. It reminds viewers that cybersecurity isn’t just about complex technology, but also about the choices we make and the potential consequences.

Journal 8 

After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity?

Media’s Misrepresentation Breeds Misconceptions

The media’s penchant for portraying hacking as fast-paced, dramatic infiltrations with heroes heroically thwarting villains creates a distorted reality.  These narratives rarely capture the tedious reconnaissance, social engineering tactics, and exploitation of vulnerabilities that are hallmarks of real-world cyberattacks.  This glamorization downplays the importance of robust security protocols, user education, and constant vigilance.  People might believe complex systems can be breached with a few keystrokes, fostering a false sense of security or helplessness.

Sensationalism Creates a Knowledge Gap

The media’s focus on large-scale breaches or state-sponsored attacks overshadows the more prevalent threats individuals face. Phishing scams, malware disguised as legitimate software, and weak passwords pose significant risks, yet they rarely garner headlines. This lack of coverage can leave the public unaware of these common threats and the simple steps they can take to protect themselves.

Journal 9

Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

Completing the Social Media Disorder scale yielded a score of 2. The scale’s items struck me as simplistic and straightforward. However, this simplicity may also limit the scale’s accuracy, potentially overlooking nuanced aspects of social media usage and its impact on individuals’ lives. I also thought that it would be relatively easy to manipulate responses to align with a specific desired outcome or diagnosis.

Different patterns in social media usage across the world likely stem from various cultural, socioeconomic, and technological factors. Cultural attitudes towards technology and social interaction, as well as access to internet infrastructure, play significant roles. Additionally, societal norms regarding privacy, communication styles, and the role of social media in daily life vary widely between regions. Economic disparities can also influence usage patterns, with factors like smartphone ownership and internet accessibility affecting how individuals engage with social media platforms. Ultimately, the complex interplay of these factors contributes to the diverse landscape of social media usage observed globally.

Journal 10

Read this and write a journal entry summarizing your response to the article on social cybersecurity

The article “Social Cybersecurity: An Emerging National Security Requirement” by Lt. Col. David M. Beskow and Kathleen M. Carley argues that social media platforms have become a battleground for national security. The authors emphasize the dangers posed by misinformation campaigns and social engineering tactics, which can be used to sow discord, disrupt operations, and manipulate public opinion. They call for a new approach to cybersecurity that considers the social dimension of online threats.

This concept of “social cybersecurity” goes beyond protecting computer systems and networks. It recognizes the need to defend against attacks that exploit human behavior and social networks. By understanding how these online campaigns work, militaries can develop strategies to mitigate their effects and protect national security.

Journal 11

Watch this video. As you watch the video  think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

While the field of cybersecurity may hold considerable appeal, the video delves into the potential social implications of a career as a cybersecurity analyst. It explores aspects such as the prevalence of overtime, the entry-level nature of some positions and the associated competition for positions within sought after companies. There is also variability in salary depending on where the position is located geographically. These factors can all significantly influence an analyst’s available free time, stress levels, and even preferred location, ultimately impacting their social circle and work-life balance.

Journal 12

Read this sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter

The “SAMPLE DATA BREACH NOTIFICATION” reveals interesting applications of economic and social science theories.

From an economic perspective, the letter exemplifies the concept of adverse selection. The company’s lack of knowledge about the compromised data creates an information asymmetry. They are unsure of the potential consequences for their customers, putting them at a disadvantage. This can lead to inefficiencies in the market. The data breach itself can also be seen as a market failure. The cost of the breach, such as identity theft and financial losses for customers, isn’t fully borne by the company responsible for securing the data. This creates an external cost for consumers who have to take additional measures to protect themselves.

Social science theories can also be applied to understand the impact of the data breach notification. The notification can be seen as a violation of the social contract theory. People follow social norms and laws with the expectation that companies will uphold their responsibility to protect customer privacy. This data breach can erode trust in the company and society as a whole. However, the notification can also have a positive social impact through the lens of socialization theory. By informing customers about the breach, it highlights the risks of online activity and the importance of data privacy. This increased awareness can lead to people being more cautious online and potentially push for stricter data protection regulations.

Journal 13

To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

Researchers investigated the effectiveness of bug bounty programs using data on valid vulnerability reports submitted to HackerOne from 2014 to 2020. To account for potential biases, they employed a two-stage least squares regression with an instrumental variable. The analysis suggests that the number of hackers participating in these programs is not highly sensitive to bounty amounts (price inelastic), implying factors like reputation and experience are more important motivators. This is good news for smaller companies who may not be able to offer the biggest bounties. However, there are concerns that Google’s high-paying retainer model for established hackers could draw away top talent from other platforms, potentially hurting companies with fewer resources. The study also acknowledges limitations in the data on factors like bug severity and highlights the need for further research on the impact of evolving compensation structures in bug bounty programs.

Journal 14

Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

The five most serious violations on this list are  sharing passwords or personal information of others, recording a VoIP call without consent, faking your identity online, collecting information about children, and illegal searches. These offenses are serious because they can have real-world consequences for the victim. Sharing personal information can lead to identity theft, while recording a call without consent is a breach of privacy. Faking an identity online can be used for fraud or harassment, and collecting information about children is a stepping stone to child exploitation. Illegal searches can be a sign of intent to commit crimes like stalking or terrorism. These violations can cause emotional distress, financial harm, and endanger the safety of others.

Journal 15

Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

After watching Davin Teo’s TEDxHongKongSalon talk. What struck me most was his unconventional entry into this field.  Unlike many professionals who meticulously plan their careers, Davin stumbled into digital forensics.  As an accountant by training, he found himself thrust into the role of IT support due to his tinkering with computers as a hobby.  This position sparked his interest in IT, eventually leading him to the world of digital forensics.

Davin’s story highlights a fascinating aspect of careers in the social sciences, particularly those that touch on technology. The field of digital forensics, while requiring technical expertise, also relies heavily on social science skills.  Investigators need to understand human behavior to analyze digital footprints left behind. They must sift through data with a keen eye for detail, piecing together a narrative from fragments of information. These skills – critical thinking, analysis, and interpretation – are hallmarks of a strong social science background.

Davin’s journey exemplifies how social science aptitudes can be surprisingly transferable.  His experience with accounting, emphasizing meticulous record-keeping and analysis, likely served him well in the world of digital forensics.  It’s a reminder that social science skills are valuable assets in a world increasingly driven by technology.