Journals
Week 1 – Journal Entry CYSE 201
After reviewing the NICE workforce framework, I have been able to narrow down the career paths that I would like to focus on. I am interested in implementation and operation, as well as protection and defense. I prefer less conceptual subjects, that’s why I think that implementation and operation as well as protection and defense would be what I am best suited for. With both IO and PD involving work on existing devices with existing tools. I would be least interested in oversight and governance, design and development, and cyberspace effects. I do not think I would enjoy oversight and governance, since I have not developed leadership skills. Likewise, I struggle with creating things from scratch, which is why I am wary of design and development. Furthermore, I am also a little confused by what exactly cyberspace effects would entail. That being said, I would still be more than willing to take on any of these roles; they are just the ones I am least interested in.
Week 2 – Journal Entry
Applying the principles of science to cybersecurity
There are seven principles of science: relativism, objectivity, parsimony, empiricism, skepticism, ethical neutrality, and determinism. Relativism means all things are related. When it comes to cybersecurity, this can be applied in many ways. One example is when new technology is developed, new exploits will be developed alongside it. Objectivity is to be value free. When analyzing a potential network breach, you need to be objective to effectively resolve the issue. Parsimony means keeping explanation as simple as possible. When reporting on an incident, it is best practice for cybersecurity professionals to keep it as concise and simple as possible, since the people reading the report will most likely not be as knowledgeable on cybersecurity. Ethical neutrality is also important for cybersecurity because it helps protect people’s privacy. Determinism can help to produce a motive for data breaches. Lastly, empiricism is to only study behavior that is real to the senses. I can’t see how it would relate to cybersecurity, since cyberspace is not something that can be sensed.
Week 3 – Journal Entry
Public Data on Data Breaches
The publicly available information on data breaches can help researchers tremendously. Once a data breach occurs, organizations such as PrivacyRights.org have access to information such as when it happened, the name of the affected organization, the type of breach, the number of records stolen, the location of the data breach. They also have access to the URL of the website that was breaches. This information is compiled into graphs and charts by PrivacyRights.org. If a researcher wanted to know what type of data breach is most likely in Virginia, they could easily do so with PrivacyRights.org. With access to this information, I believe researchers can do much more in depth research that can lead to securing data more efficiently.
Week 4 – Journal Entry
The first/base level of needs on Maslow’s Hierarchy is physiological needs. For me, I think that this level could represent the hardware I use such as my computer and modem, as well as electricity. For security needs, I believe things such as a surge protector, firewall, and antivirus could all be applicable for my digital experience. With the base level of basic needs covered I will now move onto the psychological needs which are esteem, belongingness and love. I keep in touch with many of my friends via the internet, this relates to the needs of belongingness and love. I feel a strong feeling of accomplishment when I complete assignments with my computer, and a feeling of prestige if I hit a high rank in a video game. These resemble the esteem level on Maslow’s Hierarchy of Needs. The last level is self-actualization. For me, when I am using technology to learn, I feel as though this is accomplishing self-actualization because it is helping me achieve my full potential.
Week 5 – Journal Entry
This is a list of what I think are the most common motives for cybercrime, going from most likely to least likely. First money, this is the main motivation for most crimes, cybercrime included. Second political, many large scale cyberattacks are due to politic reasons. Most notorious hacking groups are government funded. Third revenge, many cybercrime and real crimes are due to a grudge. Fourth multiple reasons, many cybercrimes are due to complex situation. Fifth entertainment, not many people commit cybercrime for entertainment, so I think it is lower. Sixth boredom, I doubt many people will commit cybercrime solely from boredom. Seventh recognition, a criminal will usually not want to be recognized when they are committing a crime.
Article Review #1 Cyberbullying and Cyberbullicide Ideation
Paul Cumiskey
Diwakar Yalpi
Cybersecurity and the Social Sciences
October 2, 2024
Article Review #1 Cyberbullying and Cyberbullicide Ideation
Introduction
One of the most prominent issues among youth in the twenty-first century is cyberbullying and cyberbullicide ideation. Diab Al-Badayneh, Maher Khelifa, and Anis Ben Brik studied these important issues in-depth in an article titled Cyberbullying and CyberbullicideIdeation Among Jordanian College Students. The article goes over the concepts of bullying and cyberbullying, suicide in adolescents because of cyberbullying, as well as theories created by physiologists and sociologists about cyberbullying. The study hypothesizes that students’ cyberbullying victimization could lead to cyberbullicide and cyberbullicide ideation. In simpler terms, the hypothesis is victims of cyberbullying may have an increased chance to kill themselves or think about killing themselves.
What is cyberbullying and cyberbullicide
Cyberbullying is the act of using the internet to hurt others. Cyberbullying is especially dangerous because the animosity provided by the internet makes many people more critical and ruthless online. The victims of cyberbullying will often experience depression, anxiety, social frustration, and emotional pressure(Al-Badayneh et al., 2024). Cyberbullicide is a term used for suicide committed as an outcome of cyberbullying. The article gives an apt and in-depth definition of both cyberbullying and cyberbullicide as well as a long list of real-life examples of the consequences.
The research
The research for the article was conducted via an electronic questionnaire, this is a type of survey research that was learned in class. The questionnaire was sent to 1000 Jordanian students from all 12 governorates. These students were selected at random and all attended college. Diab Al-Badayneh, Maher Khelifa, and Anis Ben Brik (2024) found that 45.4% of the students were male while 54.6% were females. The questionnaire used a variety of metrics to measure cyberbullying victimization some of which included a scale for bullying, cyberbullying, victimization, perpetration, and self-reported cyberbullying. They found that all students had experienced cyberbullying of some nature. 26% of the students had experienced cyberbullying in general, while 73% knew cyberbullying victims.
The data and analysis done
The data collected through the survey proved very valuable allowing the researchers to make many statistical models to prove a link between cyberbullying and cyberbullicide. The two main types of analysis used were regression analysis and correlational analysis. Regression analysis is a way to relate a dependent variable to any number of independent variables. This was used to identify which factors significantly predicted cybulicide ideation. Correlational analysis is used to discover the linear direction and strength of two different variables. This was used to study the relationship between cyberbullying and cyberbullicide ideation using correlation coefficients. We have gone over many similar statistical analysis methods in class.
Marginalized groups
The study relates to the challenges and concerns of marginalized groups in multiple ways. In this study, they succeeded at representing all 12 governorates of Jordan. This helped to define all Jordan students without excluding certain groups. The article also helped bring awareness to cyberbullying victims, who are a marginalized group in their respect. The article did a wonderful job of showcasing the challenges of cyberbullying victims.
In conclusion, the article successfully supported its hypothesis that students’ cyberbullying victimization could lead to cyberbullicide and cyberbullicide ideation. It also successfully relates to many principles of social science. The article successfully implemented relativism by challenging many of the preconceived notions of cyberbullying. It also remained objective by only stating facts and avoiding opinionated statements. The article also maintains parsimony by relating their findings to simple solutions. The overall societal contribution of the study was raising awareness about the deadly nature of cyberbullying. This improved awareness can have a ripple effect. Some campuses might start to take cyberbullying more seriously and introduce new policies to combat it and improve mental health resources.
Reference
Al-Badayneh, D., Khelifa, M., & Ben Brik, A. (2024). Cyberbullying and cyberbullicide ideation among Jordanian college students. International Journal of Cyber Criminology, 18, 1-25. https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/329?__cf_chl_tk=i81YKHmLIJzw9wQV3yPnzYME9y_SRPO6XNaWZhJ5AFc-1727926374-0.0.1.1-8276
Week 6 – Journal Entry
I was having trouble finding fake websites. I also did not want to put my computer at risk so I used an article from Memcyco to complete this assignment.
https://www.memcyco.com/home/5-recent-examples-of-fake-websites/
In the article, they showcase a fake website impersonating paypal.com. The name of the website is pay-pailcom. The only reliable way to tell the difference between the two websites is the URL. The login page is almost an exact copy of paypal’s.
Another fake website was made to impersonate Nike. This website was made during the FIFA World Cup and offered massive deals. I would like to point out that the timing of the website’s creation was during a high-traffic time for Nike in an attempt to steal as much information as possible in a short amount of time. The website was titled suewhitehurst.shop/collections/air-jordan-1. It is easy to determine that the URL has nothing to do with Nike but those less versed in technology were easily duped by the fake website.
Lastly, the only fake website that I found, and then stopped because I thought it was too risky, was https://www.belenkasale.com/ it is a fake shoe store website. The link looks legit but it will immediately send you to a fake website to steal your information. In contrast, the link to the actual store is https://www.belenka.com/
Week 8 Journal Entry
Media drastically distorts cybersecurity and hackers. The media often portrays hackers as geniuses who can compromise almost any system, even though this could not be further from the truth. All hackers usually do is exploit a vulnerability in a system or machine. These vulnerabilities 99% of the time are only present because of user error or oversight. These can easily be mitigated by follow best practices for security. Media makes it seem as though there is nothing we can do, but most of the power is in the hands of the users, not the hackers. When it comes to the remaining 1% these are known as zero-day attacks where an unknown vulnerability is used to typically exploit a process running on an open port. These zero day threats are only ever a real threat to large companies due to the amount of time and resources it takes to develop one.
Week 10 Journal entry
One of the social themes the video presents is adaptability. As stated in the video, a cybersecurity analyst covers a wide array of different jobs and responsibilities. Each Cybersecurity analyst’s role differs drastically between companies, making it very important for a cybersecurity analyst to be adaptable and open to new things. However, the video also states that most cyber security analyst roles will essentially include being the network’s first line of defense. This means a cyber security analyst must be quick to respond, defense-oriented, and willing to work long hours to resolve issues. The video also mentioned that many cybersecurity analysts will have to do security awareness presentations amount other things to educate employees about cybersecurity. This means cybersecurity analysts must have strong communication skills and the ability to teach.
Week 10 Journal entry 2
Essentially this article is a commentary on how warfare has changed to be more cyber-based. While cyber warfare does have global implications the article does focus on how Russia has been using cyber warfare. The article does put an emphasis on social cybersecurity. Russia for example has used social media among other platforms to spread misinformation which disturbs social cohesion. The article suggests that we develop strategies to counter social cybersecurity threats. The article proposes we put more of a focus on teaching people how to identify misinformation to counteract these threats. The article also goes over some of the tactics used to make social cyber warfare more destructive such as bots and social-cyber maneuvers.
Week 11Journal Entry 12
Social Theories
This letter can be related to Maslow’s hierarchy of needs. It shows how once the base level of the hierarchy is under threat, nothing else really maters. The breach showcases how important security is and why it is the first pillar for Maslow’s hierarchy. I also think that the framing theory relates to this, since the company framed it in a way to make them not look bad.
Economic Theories
The rational choice theory states that individuals and businesses make choices in their best interest. This can be shown by how the company delayed saying that they had a data breach until they had investigated it. The Laissez-fare theory states that the government should only interfere with companies to protect people and their rights. This is showcased by the police investigating the incident.
Week 11 – Journal Entry 13
I found that the article had many enlightening insights from the research they conducted. The article studied the popular bug bounty policy that many companies have been adopting. The bug bounty is essentially an incentive for independent white-hat hackers to pentest a companies’ software. The research showed that many hackers do not act on monetary gain alone. Many of them have altruistic intentions or want to gain recognition. The research also showed that a brand’s profile has little to no effect on the amount of valid bugs received from the program. The research also found that industries that can be easily exploited for massive monetary gain via vulnerabilities and bugs are less likely to receive valid bug reports. I think these findings showcase just how valuable a bug bounty system can be. As well as gives an insight into how hackers function.
Week 12 Journal Entry 14
In Andriy Slynchuk article “11 Illegal Things You Unknowingly Do on the Internet” he describes illegal things that many people do online without realizing. I believe that the five most serous violations are the following. First off, recording a VoIP call without consent. This happens very often and usually has no malice behind it. Often times, students will record a meeting with an advisor or teacher so they can reference it later. Even though they don’t intend to break the law and violate the privacy of someone, they unknowingly did. Next is collecting information about people younger Than 13. While this doesn’t happen typically, it does happen and can lead to child endangerment. There is also faking your identity online. This can cover a wide array of different forms of online fraud. While it is smart to not use your real name online, you also shouldn’t pretend to be a different real person. Another critical issue addressed in the article is bullying and trolling. The issue of cyberbullying has in many cases been addressed by the introduction of several laws regarding cyberbullying. In some cases the cyberbullies get charges and in some cases even jail time. Lastly and most importantly are illegal searches on the internet. The internet holds an immense amount of illegal material that should not be viewed. If the wrong person views the wrong material, it could result in devastating consequences and even lead to the loss of life.
Week 15 Journal Entry 15
The careers of digital forensics investigators relate to the social sciences in many ways. Using the speaker from the video as an example. For many of the jobs he had doing digital forensics, he had to understand how and why people think to aid him in his digital forensics. His career pathway required a lot of knowledge of the social sciences. He was originally just an account but was able to use his communication skills to get a more IT-related position. After this, he continued to learn more about IT and digital forensics. At the point he is now he still needs to keep social science in mind when working for his clients. One thing that is very important for him to understand is ethics and the law. These subjects fall under social sciences and are required for him to perform his job.
Article Reveiw 2
Paul Cumiskey
Diwakar Yalpi
Cybersecurity and the Social Sciences
November 17, 2024
Article Review #2 How cybersecurity relates to intimate relationships
Introduction
The article “Privacy Threats in Intimate Relationships” by Karen Levy and Bruce
Schneier investigates how intimate relationships can lead to privacy risks via modern
surveillance technologies, when cyberthreats are studied and analyzed most privacy threats due
to intimate relationships are almost always overlooked. Even though in the everyday lives of
most people privacy breaches are perpetrated by people very close to the victim. This is
essentially the phenomenon that Karen Levy and Bruce Schneier explore. This relates to
cybersecurity and social sciences in many ways.
Questions asked
The article asked many pressing questions that, if answered, would illuminate an
unexplored area of cybersecurity and social sciences. How do new salience technologies affect
privacy in interpersonal relationships? What are the risks of digital surveillance and data
sharing? What are the social and legal implications of privacy breaches in interpersonal
relationships? These are some of the main questions that are asked in this article.
Research methods
While this article does not conduct any new research endeavors it does successfully
compile available data. Karen Levy and Bruce Schneier use existing research from disciplines
such as sociology and criminology. They use this data to analyze trends and patterns to see how
technology is affecting privacy in relationships. They also use anecdotal examples of technology
being used to invade victims’ privacy such as stalking. So simply put this article mainly analysed
data to come to their findings.
Data Analysis
When it comes to the data analysis they used a wide array of different methods. They did
a Theoretical analysis to connect their findings to the concept of privacy and control in
relationships. They also used a qualitative analysis with the data that they retrieved from
secondary sources. Lastly, Karen Levy and Bruce Schneier also analyze the data from a legal and
ethical point of view.
Social Science Principles
This article relied on real-world cases and data from prior research to see how technology
can affect privacy in relationships. The article also relied on an interdisciplinary approach. It
analyzed data from sociology, criminology, psychology, and legal studies to give an insight into
privacy risks in relationships. The article also examines the social norms around trust and
privacy’s evolution. This gives good social context to the issue.
How it relates to class
In class, we have gone over many topics that can relate to this one. One of which is the
theory that criminals commit their acts because they think there is no victim. Many people who
breach the privacy of their friends and family do not realize that they are victimizing the one they
care about. Also similar to hackers sometimes the reason the privacy breach is committed is
because they believe that they are doing something for the greater good. Lastly, I think this topic
interacts oddly with Maslow’s hierarchy. While it does fall under a base need of security most
people don’t think of it as a very critical issue. Which just shows to show how underrepresented
this issue is.
Marginalized groups
The study provides critical insights into how power dynamics in relationships are
evolving with modern technology, particularly in marginalized groups such as victims of
domestic abuse. Women, who are disproportionately affected by intimate privacy violations, are
highlighted as a group that requires additional protection. Issues like cyberstalking, coercive
control, and the widespread availability of surveillance tools are addressed, underscoring the
urgency of developing policies to safeguard these vulnerable populations.
Conclusion and overall societal contributions of the study
The study on privacy threats in intimate relationships offers meaningful contributions to
society by spotlighting an underrepresented issue. It highlights how technology can be misused
to breach personal boundaries, disrupt trust, and exert control in relationships. By exposing gaps
in current laws and advocating for stronger legal protections, the article calls for urgent policy
changes. Furthermore, it promotes ethical technology design, urging developers to prioritize user
privacy and consent. Overall, the research fosters a deeper understanding of the complex
interplay between technology, privacy, and relationships, encouraging a safer and more equitable
digital environment for all.
Reference
Karen Levy, Bruce Schneier. (2020). Privacy threats in intimate relationships.Journal of
Cybersecurity, Volume 6, Issue 1, 2020, tyaa006,
https://academic.oup.com/cybersecurity/article/6/1/tyaa006/5849222
Career Paper
Paul Cumiskey
Diwakar Yalpi
Cybersecurity and the Social Sciences
November 17, 2024
Career Paper – How Cybersecurity advocates use the social sciences and their principles to
reduce cyber threats
Introduction
When people think of cybersecurity, they usually think of topics that go over their head.
Things like network security, hackers, and large data breaches in the past make it seem like an
inevitable threat. However, shockingly, 95% of cybersecurity breaches result from human error.
(OVHcloud. (n.d.). Cyber threat: The role of human error This means that the best way to
mitigate cyber threats is to understand social science principles and how they interact with
cybersecurity. The profession that has to keep this in mind the most and educate others about
how cybersecurity and social science are integrated is cybersecurity awareness advocates.
Cybersecurity awareness advocates are essential and provide the much-needed insight into the
social sciences to successfully mitigate human error in cyber breaches.
Security Awareness Advocate
To understand what impact a security awareness advocate has on cybersecurity, we first
need to know what a cybersecurity awareness advocate is. The primary role of Security
Awareness Advocates is education. They try to promote the best security practices to individuals.
Practices such as strong passwords, phishing email detection, and social engineering. They keep
human factors in mind while educating people about cybersecurity. Haney J. and Lutters, W.
state in “How cybersecurity advocates overcome negative perceptions of security” that many
people have a rather negative perception of cybersecurity. Security awareness advocates help to
mitigate some of that negative perception.
The application of social sciences
Security awareness advocates need to have a focus on social science while they are
educating. This is because they need to focus on human-centered cybersecurity to successfully
mitigate potential data breaches. One area of the social sciences that needs to be kept in mind is
behavioral psychology. This allows security advocates to understand why people take security
risks by understanding their decision-making and habit formation. Another social science that
security advocates need to have a strong understanding of is sociology. Understanding sociology
allows them to understand how peer behaviors and social norms can affect cybersecurity
practices. Economics and decision science can also help security advocates analyze and
understand why people make security errors. They can use cost-benefit analysis to help educate
individuals on just how much they are risking by making security errors. They can also
implement incentives to reward safe behavior. Lastly, and most important for cybersecurity
awareness advocates, is understanding human factors and ergonomics. This helps to ensure a
user-centered cybersecurity design. It will also help cybersecurity advocates keep in mind the
cognitive load on the ones they are teaching.
Career connection to society
Cybersecurity awareness advocates have a complex and dynamic relationship with
society. This is due to them being needed to educate users about cyberthreats and how to avoid
them. Cybersecurity awareness advocates will eventually seem dull and boring to many people
after they have already heard the main talking points about security. This leads some people to
think that they are not needed after a while. However, the amount of data breaches caused by
human error has only increased in the past decade. This showcases just how important
cybersecurity awareness advocates are.
Connection to marginalized groups.
Cybersecurity awareness advocates help marginalized groups in a plethora of unique
ways. First, cybersecurity awareness advocates make a point to present data in a clear and
precise way so that it can be easily understood by many backgrounds. Cybersecurity awareness
advocates will also usually make a point to keep in mind that for some people, English might not
be their first language. So they will oftentimes make a separate presentation in different
languages. Cybersecurity awareness advocates will also make a point to support vulnerable
groups such as the elderly, children, and even immigrants. Oftentimes, the elderly will not be
knowledgeable about how technology works. This leads them to be susceptible to phishing
scams and many other cyber threats. This is why cybersecurity awareness advocates typically
make it a point to sufficiently educate the elderly on these issues. Lastly, children in many cases
spend the most time online, so cybersecurity awareness advocates do try to keep them in mind
when making presentations.
Conclusion
In conclusion, cybersecurity awareness advocates play a very crucial part in battling
significant cybersecurity vulnerabilities. They do this mainly by applying social sciences and
social science principles to the cybersecurity awareness education they do. Cybersecurity
awareness advocates also make a point to educate marginalized groups such as the elderly,
immigrants, and children, as well as the public. They effectively tailor their presentations to
reach their audience in the best way they can. Cybersecurity awareness advocates are able to
effectively turn the very technical field of cybersecurity into an easy-to-understand and digestible
topic for the public. This is why cybersecurity awareness advocates are essential and provide the
much-needed insight into the social sciences to successfully mitigate human error in cyber
breaches.
Works Cited
Carley, K. M. (2020). Social cybersecurity: An emerging science. Springer Nature Link, Social
Cyber-Security. Retrieved from https://link.springer.com/article/10.1007/s10588-020-09322-9
Haney, J., & Lutters, W. (2017). Skills and characteristics of successful cybersecurity advocates.
University of Maryland, Baltimore County. Retrieved from
https://www.usenix.org/system/files/conference/soups2017/wsiw2017-haney.pdf
Haney, J., & Lutters, W. (2018). How cybersecurity advocates overcome negative perceptions of
security. University of Maryland, Baltimore County. Retrieved from
https://www.usenix.org/conference/soups2018/presentation/haney-perceptions
Lin, Y.-Y., Hsu, H.-M., & Hsu, S.-C. (n.d.). A study of the effects of information security
advocacy. Association for Information Systems, AIS Electronic Library (AISeL). Retrieved from
https://core.ac.uk/download/pdf/326833228.pdf
OVHcloud. (n.d.). Cyber threat: The role of human error. Retrieved November 24, 2024, from
https://us.ovhcloud.com/resources/blog/cyber-threat-human-error/