Journal Entry #1
When taking a deep look at the NICE workforce framework, I found that I am initially most drawn to the work role categories of implementation and operation, protection and defense, and investigation. Within these categories, I found digital forensics, data analysis, and database administration to sound the most appealing.
However, at the end of the day, my priorities when searching for a career is as follows: a job that allows fully remote work, high monetary compensation, and optimally- a job that I find engaging.
While I found cybersecurity instruction and product support management to initially appeal to me the least, I would not be opposed to a job that entails these aspects so long as the other aspects of the job fulfill what I am seeking in a career.
Journal Entry #2
The principle of empiricism can enhance the effectiveness of cybersecurity practices by ensuring that solutions are focused on the most relevant threats, and that practices and procedures are aligned with current social, economic, and political needs.
Empiricism is the practice of social scientists in which only things which can be heard, touched, smelled, tasted, or seen, are studied. Tracking human behavior and attitudes through empirical studies can help guide cybersecurity to target new and evolving issues by providing solid evidence of the changing social climate. In turn, this data can be used to deduct how such changes might shape cyber criminal activity.
In addition, empirical studies can illuminate areas of greatest need by providing data on the most commonly committed cyber crimes, and who commits those crimes.
Journal Entry #3
The PrivacyRights.Org website offers a wealth of information on data breaches, data privacy laws, and even personal stories from individuals affected by privacy laws, or lack thereof. Some of the offerings on the privacy rights website include guides, articles, reports, law overviews, news & press, and personal accounts. The law overviews provide an easy-to-understand quick-guide to federal data privacy laws, as well as California based laws. Perhaps the most valuable section of the website for researchers would be the data reports.
These reports provide detailed information on who has been compromised, when the data was stolen, where the data was stolen from, and even the method that was used for the data breach. With access to this information, researchers are able to see which sectors are targeted the most, and by what method they are attacked. By tracking the general trend in data breaches, researchers might be able to predict future issues.
Journal Entry #4
When comparing Maslow’s hierarchy to an online space, say for example- a blog on a social media website, some connections can be made.
First, an individual would have to establish their blog. This would mean that the individual would set a URL as their ‘home’. This could correspond to physiological needs – the ‘home’ acting as shelter.
The user would need a log-in, a unique username and password to access their blog, which might correspond to safety needs. Connecting with other blog users and forming digital friendships is similar to the need for intimate relationships and friends.
Next, the way a blogger might post online with the intention of receiving likes, comments, and re-blogs can correspond to esteem needs.
Finally, the blogger using the online platform to fully express themselves and create something they are truly proud of could represent self-actualization on the hierarchy.
Journal Entry #5
When reviewing the possible motivations for committing cybercrime, I would rank them as follows when assessing the motivations based on what I believe makes the most sense.
The motivation I would rank highest on this list is money. This motivation makes the most sense to me, as in our world money is essentially the key to nearly everything.
Next on the list, I would rank revenge. Since the urge for revenge is such a strong, visceral feeling, I would imagine it to be an incredibly potent motivator for cybercrime.
Following revenge I would place politics. Those who are invested in politics, or perhaps want to change the political landscape in order to make more money, would have a highly motivating reason to commit crime.
Recognition is a motivator that I feel would rank lower on the list, but still not the lowest. While money, revenge, and politics are all more emotionally charged, recognition is a motivation that I view as less intense.
Finally, I would group together entertainment, curiosity, and boredom within the same rank, at the bottom of the list. Committing cybercrime for fun might be entertaining for criminals, but as soon as serious consequences are enforced for such crime, the individuals committing crimes for these reasons will likely stop the fastest.
Journal Entry #6
While I have found it unclear as to where I am intended to look for fake websites, I am able to discuss some of my previous experience with such websites.
One website that nearly had me fooled at one point was a fake Joann fabric store site. During a period in which I was browsing the internet, I came across a legitimate-looking advertisement for Joann’s, claiming it was going out of business and selling all of it’s stock for 50-70% off. The logo was familiar, and initially nothing was suspect. The website had been crafted carefully to perfectly replicate what you might find on a typical e-commerce site.
The first thing that made me suspicious was the incredibly low price of the items I was seeing. As a consumer with an interest in saving money, the low prices seemed amazing. Too good to be true, in fact. The website name was something akin to ‘Joann-fabric-usa.com’. I decided to double check that the site was legitimate. In order to do this, I opened a new browser tab and searched for the Joann’s official site.
I found the official site, the URL to which was actually something like Joann.com. There was no sale advertised on the site, and certainly not with the steep discounts I had been excited for.
Luckily, with this, I realized that the site was fake, and likely a scam to steal my credit card information. In the end, I avoided becoming a victim of cybercrime, and I reported the advertisement to the site I had found it on.
Journal Entry #7
The first meme demonstrates the concept of neutralization theory – specifically the denial of victim. Cybercriminals often use ‘neutralizations’ to rationalize their criminal behavior. Other neutralizations include denial of injury, denial of responsibility, condemnation of condemners, and appeal to higher loyalties.
The second meme illustrates the concept of a satire attack – a subset of cyberspace security concern that uses humor, irony, and/or exaggeration to expose inappropriate actions of specific people, groups, or organizations.
The third meme illustrates the importance of diversity in all fields, but particularly in the field of cybersecurity. Diversity ensures that different backgrounds and viewpoints are considered, leading to coverage of otherwise undetected vulnerabilities.
Journal Entry #8
For many individuals, the media is the first place that folks are exposed to concepts such as cybersecurity, and hacking. In the linked video, we see that many movies and tv shows actually do a decent job of portraying realistic cybersecurity scenarios, although some media portrayals are still quite unrealistic. Some common themes in the portrayal of hackers in media is an accelerated time frame.
Many hackers are portrayed getting into systems and finding exploits much faster than they would be able to in reality. While media seems to paint a picture of hacking as something that is done quickly and with ease, it is also often portrayed in a way that leads the viewer to view hacking as something complicated and convoluted- an activity only those with a particular interest in the skill take part in.
Journal Entry #9
According to the Social Media Disorder Scale, I scored a 1- suggesting regular use and relationship with social media. I found the items on the scale to be disturbingly relevant to many of the people that I know, and even reflective of a problematic relationship I have had with social media in the past.
While I currently pride myself on my minimal usage of screens and social media, a feeling of disordered attachment to social media is something that I have previously experienced. I have found that when I am particularly exhausted or otherwise lacking motivation and inspiration, I am more likely to resort to browsing social media sites for quick and easy entertainment that takes little energy to consume.
I think that different social media use patterns could be found across the world due to differences both in culture as well as access to technology. Regions where privacy is more valued might see lower rates of social media use, whereas areas with a culture that places more importance on community and connectivity might see higher rates.
Journal Entry #10
This journal opens with a clear definition of social cybersecurity, and the difference between cybersecurity and social cybersecurity. While cybersecurity as a field maintains it’s focus on the confidentiality, integrity, and availability of key data, the field of social cybersecurity focuses on human factors and the ways that malicious actors can utilize technology to manipulate society in a number of ways. The key difference is the safeguarding of data versus the prevention of social manipulation. The article brings to light a number of previous papers that have focused on studying similar subjects, but fail to incorporate in-depth examinations of tools and datasets, current challenges, potential solutions, and advocate for continued research into social cybersecurity concurrently.
Next, the article illustrates a number of different forms of social cybersecurity attacks as well as what measures can be taken to reduce both the number of attacks as well as their efficacy. The article first evaluates the form of attack, before proposing potential solutions. Some of the many forms of attack that this article reviews include sybil attacks, impersonation, and deepfake manipulation, among others.
Journal Entry #11
When watching this video, some of the most prominent social aspects of a cybersecurity analyst that I noticed were in regards to social networking, dealing with phishing attacks within a company, and providing guidance and training for an organization.
This video portrayed the role of cybersecurity analyst as one in which social networking is important in order to be able to more easily find a job.
It also portrayed the cybersecurity analyst role as one in which the individual will be tracking and responding to phishing incidents within the organization. Phishing attacks are typically highly socially engineered, and the attack places it’s focus on social manipulation in order to conduct a successful attack.
Because one of the most common exploits in cybersecurity are related to human factors, it is an important part of the cybersecurity analyst’s role to provide training and guidance in order to decrease risk.
Journal Entry # 12
One of the economics theories that might relate to the assigned article might be the laissez-fare economic theory, which states that the government should not intervene in the economy except to protect individuals’ inalienable rights. This theory might be applied to the referenced writing with the fact that any company would be unlikely to report a notice of data breach unless they were legally obligated by the government to do so.
Another related theory could be moral-hazard theory, which is a phenomenon that occurs when parties enter an agreement in bad faith. Frequently, this means that an organization will put their customers at risk to increase profit when the company knows it will be the customer facing the hit of the loss. In this notice of data breach, no compensation or recourse is provided, insinuating that any losses occurred by the customers will not affect the company responsible.
A psychological theory that might be applied to this document is Maslow’s Hierarchy of Needs. The data breach represents a potential compromise of an individual’s digital safety, and the section regarding individual action points to the affirmation of the fact that safety, even digital safety, is one of the most basic human needs.
Journal Entry #13
This article demonstrates that bug bounties might be a useful tool and policy for companies of all sizes. The article explored the fact that ethical hackers exist in a range of ability, experience, and price elasticity. So, while the most experienced hackers are often found to demand the highest prices and thus are only within the price range of large companies, newer, less experienced hackers are often found to be flexible regarding their compensation and may at times be open to searching for bugs simply as a means to gain experience in the field.
Additionally, the article found that larger, wealthier and more popular companies experienced similar rates of valid reports per month when compared to smaller companies. These findings point to the fact that bug bounties are likely useful for organizations of all sizes and budgets.
Journal Entry #14
According to the list of eleven things that individuals do online that are actually illegal written by Adnriy Slynchuk, I believe the five most serious offenses include illegal searches on the internet, collecting information about children, sharing passwords, addresses, or photos of others, recording a VoIP call without consent, and using other people’s internet networks.
In my opinion, the most serious offenses are those that affect the health and safety of children, as they are among the most vulnerable in our population. Both collecting information about children as well as illegal searches on the internet carry the very real threat of causing a child serious harm. For instance, searches for child pornography actively supports child sexual abuse, which is devastating for all children who are impacted.
Sharing passwords can also lead to serious repercussions, with the potential for personal data to be stolen. Sharing addresses and photos can likewise prove dangerous, particularly if that information is made available to the general public. This opens up the possibility for stalking and harassment, which can prove deadly, particularly for women.
Recording a VoIP call without consent is a serious violation of privacy, for similar reasons listed regarding sharing photos and addresses of others. Using recordings of other people without their consent can also lead to legitimate feelings of violation. Finally, using someone else’s internet network is akin to stealing, as doing so would mean co-opting a services that they paid for.