Journals
Week 1 – Journal Entry CYSE 201
After reviewing the NICE workforce framework, I have been able to narrow down the career paths that I would like to focus on. I am interested in implementation and operation, as well as protection and defense. I prefer less conceptual subjects, that’s why I think that implementation and operation as well as protection and defense would be what I am best suited for. With both IO and PD involving work on existing devices with existing tools. I would be least interested in oversight and governance, design and development, and cyberspace effects. I do not think I would enjoy oversight and governance, since I have not developed leadership skills. Likewise, I struggle with creating things from scratch, which is why I am wary of design and development. Furthermore, I am also a little confused by what exactly cyberspace effects would entail. That being said, I would still be more than willing to take on any of these roles; they are just the ones I am least interested in.
Week 2 – Journal Entry
Applying the principles of science to cybersecurity
There are seven principles of science: relativism, objectivity, parsimony, empiricism, skepticism, ethical neutrality, and determinism. Relativism means all things are related. When it comes to cybersecurity, this can be applied in many ways. One example is when new technology is developed, new exploits will be developed alongside it. Objectivity is to be value free. When analyzing a potential network breach, you need to be objective to effectively resolve the issue. Parsimony means keeping explanation as simple as possible. When reporting on an incident, it is best practice for cybersecurity professionals to keep it as concise and simple as possible, since the people reading the report will most likely not be as knowledgeable on cybersecurity. Ethical neutrality is also important for cybersecurity because it helps protect people’s privacy. Determinism can help to produce a motive for data breaches. Lastly, empiricism is to only study behavior that is real to the senses. I can’t see how it would relate to cybersecurity, since cyberspace is not something that can be sensed.
Week 3 – Journal Entry
Public Data on Data Breaches
The publicly available information on data breaches can help researchers tremendously. Once a data breach occurs, organizations such as PrivacyRights.org have access to information such as when it happened, the name of the affected organization, the type of breach, the number of records stolen, the location of the data breach. They also have access to the URL of the website that was breaches. This information is compiled into graphs and charts by PrivacyRights.org. If a researcher wanted to know what type of data breach is most likely in Virginia, they could easily do so with PrivacyRights.org. With access to this information, I believe researchers can do much more in depth research that can lead to securing data more efficiently.
Week 4 – Journal Entry
The first/base level of needs on Maslow’s Hierarchy is physiological needs. For me, I think that this level could represent the hardware I use such as my computer and modem, as well as electricity. For security needs, I believe things such as a surge protector, firewall, and antivirus could all be applicable for my digital experience. With the base level of basic needs covered I will now move onto the psychological needs which are esteem, belongingness and love. I keep in touch with many of my friends via the internet, this relates to the needs of belongingness and love. I feel a strong feeling of accomplishment when I complete assignments with my computer, and a feeling of prestige if I hit a high rank in a video game. These resemble the esteem level on Maslow’s Hierarchy of Needs. The last level is self-actualization. For me, when I am using technology to learn, I feel as though this is accomplishing self-actualization because it is helping me achieve my full potential.
Week 5 – Journal Entry
This is a list of what I think are the most common motives for cybercrime, going from most likely to least likely. First money, this is the main motivation for most crimes, cybercrime included. Second political, many large scale cyberattacks are due to politic reasons. Most notorious hacking groups are government funded. Third revenge, many cybercrime and real crimes are due to a grudge. Fourth multiple reasons, many cybercrimes are due to complex situation. Fifth entertainment, not many people commit cybercrime for entertainment, so I think it is lower. Sixth boredom, I doubt many people will commit cybercrime solely from boredom. Seventh recognition, a criminal will usually not want to be recognized when they are committing a crime.
Week 6 – Journal Entry
I was having trouble finding fake websites. I also did not want to put my computer at risk so I used an article from Memcyco to complete this assignment.
In the article, they showcase a fake website impersonating paypal.com. The name of the website is pay-pailcom. The only reliable way to tell the difference between the two websites is the URL. The login page is almost an exact copy of paypal’s.
Another fake website was made to impersonate Nike. This website was made during the FIFA World Cup and offered massive deals. I would like to point out that the timing of the website’s creation was during a high-traffic time for Nike in an attempt to steal as much information as possible in a short amount of time. The website was titled suewhitehurst.shop/collections/air-jordan-1. It is easy to determine that the URL has nothing to do with Nike but those less versed in technology were easily duped by the fake website.
Lastly, the only fake website that I found, and then stopped because I thought it was too risky, was https://www.belenkasale.com/ it is a fake shoe store website. The link looks legit but it will immediately send you to a fake website to steal your information. In contrast, the link to the actual store is https://www.belenka.com/
Week 8 Journal Entry
Media drastically distorts cybersecurity and hackers. The media often portrays hackers as geniuses who can compromise almost any system, even though this could not be further from the truth. All hackers usually do is exploit a vulnerability in a system or machine. These vulnerabilities 99% of the time are only present because of user error or oversight. These can easily be mitigated by follow best practices for security. Media makes it seem as though there is nothing we can do, but most of the power is in the hands of the users, not the hackers. When it comes to the remaining 1% these are known as zero-day attacks where an unknown vulnerability is used to typically exploit a process running on an open port. These zero day threats are only ever a real threat to large companies due to the amount of time and resources it takes to develop one.
Week 10 Journal entry
One of the social themes the video presents is adaptability. As stated in the video, a cybersecurity analyst covers a wide array of different jobs and responsibilities. Each Cybersecurity analyst’s role differs drastically between companies, making it very important for a cybersecurity analyst to be adaptable and open to new things. However, the video also states that most cyber security analyst roles will essentially include being the network’s first line of defense. This means a cyber security analyst must be quick to respond, defense-oriented, and willing to work long hours to resolve issues. The video also mentioned that many cybersecurity analysts will have to do security awareness presentations amount other things to educate employees about cybersecurity. This means cybersecurity analysts must have strong communication skills and the ability to teach.
Week 10 Journal entry 2
Essentially this article is a commentary on how warfare has changed to be more cyber-based. While cyber warfare does have global implications the article does focus on how Russia has been using cyber warfare. The article does put an emphasis on social cybersecurity. Russia for example has used social media among other platforms to spread misinformation which disturbs social cohesion. The article suggests that we develop strategies to counter social cybersecurity threats. The article proposes we put more of a focus on teaching people how to identify misinformation to counteract these threats. The article also goes over some of the tactics used to make social cyber warfare more destructive such as bots and social-cyber maneuvers.
Week 11Journal Entry 12
Social Theories
This letter can be related to Maslow’s hierarchy of needs. It shows how once the base level of the hierarchy is under threat, nothing else really maters. The breach showcases how important security is and why it is the first pillar for Maslow’s hierarchy. I also think that the framing theory relates to this, since the company framed it in a way to make them not look bad.
Economic Theories
The rational choice theory states that individuals and businesses make choices in their best interest. This can be shown by how the company delayed saying that they had a data breach until they had investigated it. The Laissez-fare theory states that the government should only interfere with companies to protect people and their rights. This is showcased by the police investigating the incident.
Week 11 – Journal Entry 13
I found that the article had many enlightening insights from the research they conducted. The article studied the popular bug bounty policy that many companies have been adopting. The bug bounty is essentially an incentive for independent white-hat hackers to pentest a companies’ software. The research showed that many hackers do not act on monetary gain alone. Many of them have altruistic intentions or want to gain recognition. The research also showed that a brand’s profile has little to no effect on the amount of valid bugs received from the program. The research also found that industries that can be easily exploited for massive monetary gain via vulnerabilities and bugs are less likely to receive valid bug reports. I think these findings showcase just how valuable a bug bounty system can be. As well as gives an insight into how hackers function.
Week 12 Journal Entry 14
In Andriy Slynchuk article “11 Illegal Things You Unknowingly Do on the Internet” he describes illegal things that many people do online without realizing. I believe that the five most serous violations are the following. First off, recording a VoIP call without consent. This happens very often and usually has no malice behind it. Often times, students will record a meeting with an advisor or teacher so they can reference it later. Even though they don’t intend to break the law and violate the privacy of someone, they unknowingly did. Next is collecting information about people younger Than 13. While this doesn’t happen typically, it does happen and can lead to child endangerment. There is also faking your identity online. This can cover a wide array of different forms of online fraud. While it is smart to not use your real name online, you also shouldn’t pretend to be a different real person. Another critical issue addressed in the article is bullying and trolling. The issue of cyberbullying has in many cases been addressed by the introduction of several laws regarding cyberbullying. In some cases the cyberbullies get charges and in some cases even jail time. Lastly and most importantly are illegal searches on the internet. The internet holds an immense amount of illegal material that should not be viewed. If the wrong person views the wrong material, it could result in devastating consequences and even lead to the loss of life.
Week 15 Journal Entry 15
The careers of digital forensics investigators relate to the social sciences in many ways. Using the speaker from the video as an example. For many of the jobs he had doing digital forensics, he had to understand how and why people think to aid him in his digital forensics. His career pathway required a lot of knowledge of the social sciences. He was originally just an account but was able to use his communication skills to get a more IT-related position. After this, he continued to learn more about IT and digital forensics. At the point he is now he still needs to keep social science in mind when working for his clients. One thing that is very important for him to understand is ethics and the law. These subjects fall under social sciences and are required for him to perform his job.