Identify two research questions that researchers might address related to the social aspects of cybersecurity. 

Economics relates to cybersecurity in several ways. For example, as important information or valuable assets are created or fluctuate in time, cybersecurity is needed to protect those assets from being exposed or encrypted by a malicious person or group. Furthermore, economics also influences how funding works for cybersecurity, what systems are most cost-effective and beneficial, and how profitable the careers are. Finally, there are also areas like cryptocurrency and cyber insurance that completely intertwine the two topics. Cryptocurrency has spiked in relevance due to its fluctuating value and how cybersecurity is needed for protecting digital currency. Cyber insurance is a new way for businesses to cover the cost of cybercrime. These are some of the ways that economics has mixed with cybersecurity as a whole as the industry continues to grow.

Identify which theories you think best explain cybercrime and discuss what you like about that theory.  

The best theories that explain why people commit cybercrime are Neutralization and Behavioral.

Neutralization theory suggests that people think about the possible benefits and consequences of a crime before committing it. This can explain why people may feel inclined to commit cybercrime because of how they think it has a small effect on the people around them.  Furthermore, the behavior of the offenders is exemplified by denial of injury, victims, responsibility, condemning others, and appealing to people with higher authority. I like this theory because of how it explains the rationale behind cyber offenders and the processing of logical steps.

Behavioral theories suggest that people learn positive and negative behavior from others. They can learn from family, peers, school, social media, and the environment. This relates to cybercrime with learned behavior from people that are already cyber offenders. For example, if someone has peers that know how to hack computers for malicious, then that behavior can be learned and used for more hacking. I like these kinds of theories because of how they describe human behavior and where can come from.

How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p. 217) and networking of the material world?

For individuals, groups, businesses, and markets to be effectively regulated, it requires a reflection of what it means or determines what kinds of information are private or public. Therefore, there needs to be the formation of a foundation for future privacy issues that manages and determines what’s considered private information and how it must be managed to prevent risks associated with leaks and theft of private information. In addition to this, there needs to be transparency within the regulations for businesses’ privacy policies. For example., an organization such as an advertising firm should be held accountable by having to reveal what information they’re obtaining from groups and individuals, such as the data they’ve gathered and used for heavy advertising and selling for revenue. Furthermore, the foundation would require information on limits that must be put in place to monitor the kind of information gathered for there to be far fewer issues and risks regarding data being used for targeting groups of people.

Additionally, a reflection of privacy will also have an impact on individuals and social media companies. For example, social media apps like Facebook and Twitter are plagued with waves of misinformation, which impacts users regarding how they perceive truth and false information. Because of that, a sizeable change in the terms of service would definitely mitigate the issue. Furthermore, informing individuals that use social media about how to go about using those platforms effectively, will make great changes that include less leaked information. Overall, it’s important that there’s an extensive review of the current policies in place and that a well-needed reflection on them is necessary for the bettering of all groups connected to the Internet.

How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?

When approaching the development of new cyber-policies, flexibility and thinking about long-term effects should be the main factors when implementing them. Given that the “short arm” of predictive knowledge hinders the ability to be able to account for every possible situation, having cyber policies that are broad and can apply to several technological areas can help with accounting for many possibilities. This allows them to alter as unforeseen outcomes may come into view and policies can be changed to account for them. It’s also necessary to have a philosophical perspective when approaching the possible long-term ramifications of technologies and guidelines. The question of if a cyber-policy could have larger negative ramifications in the future is critical to how the shape of cyber-policy should take form. It can inform us of the choices we make and if they’re the right ones to make.

Regarding infrastructure, adaptation is key to a brighter and more secure future. Adaptable rules can help with the limitless outcomes that could happen in the future. It can work by laying a foundation that can be changed as time progresses and events occur that call for them to be made. Multiple strategies for addressing problems can also be beneficial in addressing the development of infrastructure for the possibility of better options. Furthermore, it also applies to the cybersecurity aspect of infrastructure, for example, the NIST Cybersecurity Framework. It provides a broad but standard basis of security for organizations and forms of infrastructure that could be altered if it doesn’t account for certain cybersecurity issues. In summary, open-ended and long-term thinking are effective strategies for the development of cyber-policies and infrastructure through accounting for general and specific outcomes in the present and future.

Based on your new understanding of biological cybersecurity, identify possible ethical considerations and explain your position.

When it comes to something like genetic modification, there need to be some serious ethical considerations in place if this procedure becomes commonplace. One of those considerations would be the need for gene modification in certain situations. Gene editing isn’t necessarily the answer for every single medical issue. Another consideration is the possible risks that may come with the procedure. It may not be possible to get informed consent for a procedure like this because the risks for it may differ from person to person. A final consideration could be how editing the genetic makeup of humans could be leaning toward eugenics. While experts in the medical field may deem the concept safe despite the relation, the general public may not see gene editing that way and may relate it to the more harmful idea of eugenics.     

My position on gene editing is complicated. On one hand, it could pave the way for eliminating genetic disorders and could help the medical field immensely. But it could also lead to companies asking for people’s genetic data to see if they objectively qualify for a job. People may be forced to undergo gene editing for certain careers, but it could also create societal ostracism based on people’s DNA. The economy could also take an impact if gene editing end’s up creating a bigger wage gap. There’s also the possibility of your DNA being stolen or sold somewhere if it isn’t secured well. If companies and organizations that house that research and information don’t have the greatest security measures, then it could create massive problems for people’s identities. To reiterate, while I think genetic editing has its positives, it comes with a multitude of risks that may hold it back from being commonplace for quite some time.

https://drive.google.com/file/d/1tJfWKjsY04Tha9QLZK0TJHd4U_m6JDxV/viewLinks to an external site.

Joung, J., Sander, J. TALENs: a widely applicable technology for targeted genome editing. Nat Rev Mol Cell Biol14, 49–55 (2013). https://doi.org/10.1038/nrm3486Links to an external site.

Memi, F., Ntokou, A., & Papangeli, I. (2018). CRISPR/Cas9 gene-editing: Research technologies, clinical applications and ethical considerations. Seminars in Perinatology, 42(8), 487-500. https://doi.org/10.1053/j.semperi.2018.09.003Links to an external site.https://drive.google.com/file/d/17vZTrd3tyRkIuXtLfYKSeZypU7WpCkmM/viewLinks to an external site.

Silva, G., Poirot, L., Galetto, R., Smith, J., Montoya, G., Duchateau, P., & Pâques, F. (2011). Meganucleases and Other Tools for Targeted Genome Engineering: Perspectives and Challenges for Gene Therapy. Current Gene Therapy, 11(1), 11-27. https://doi.org/10.2174/156652311794520111Links to an external site.

From your readings of pages 1 – 21 of the NIST Cybersecurity Framework, what benefit can organizations gain from using this framework, and how would you use it at your future workplace?

The NIST Cybersecurity Framework is an instrumental tool in any organization that uses technology for any form of business. With how much reliance on the Internet there is today, this tool can be either a solid basis for a new cybersecurity program or an upgrade for an existing one. It can build a standard structure for any business, evolve as technology advances, provide status and goals for cybersecurity in the organization, focus on improvements, give progress updates, and communicate an average language to stakeholders that may not know much about cybersecurity. The Framework can benefit organizations with how to deal with the risk of breaches or threats.

Its five core functions are used to create a foundational understanding for managing risk in organizations, protect by building safeguards and defense for services, detect and respond by giving organizations the ability to find anything that may seem off, as well as allowing them to also stifle the impact when something problematic does occur, and finally to recover by implementing resources and support to repair any system that may have been harmed by an attack.

In summary, the NIST Cybersecurity Framework has many beneficial qualities that can provide a guiding hand in helping organizations protect their most valuable information and services via a well-fortified cybersecurity program. If I could use the Framework in a future workplace, I would try to enhance the protocols that are standard in that work or make risk management a more pressing issue that coworkers could train in. Another thing I could do is see what sectors of the organization need to be more fortified with cybersecurity protocol and focus on strengthening the framework by detecting threats and identifying mendable problems. I would do my best to make the NIST Cybersecurity Framework a practical appliance in my workplace to improve all areas where it’s needed best.

How has cyber technology created opportunities for workplace deviance?

There’s a multitude of ways that someone can commit workplace deviance, and cyber technology has enhanced it to newer heights. Cyber technology could allow employees to keep confidential data from the organization on a digital device or a computer. This can motivate employees to expose it or sell it to the general public or competitors that aren’t supposed to know about it. Another example could be ex-employees that may have grudges against the organization and could try to ruin its image by having access to their old accounts due to a lack of cybersecurity when clearing out their information. Another form of workplace deviance due to cyber technology is cyberloafing. Cyberloafing is when employees will misuse an organization’s technology for personal reasons. This can lead to less work getting done, accessing sites that are against the organization’s privacy regulations, and overall degrade the quality of work ethic and flow of revenue.

With the possibility of workplace deviance being a prevalent issue, several actions can be put in place to help reduce the number of occurrences that can happen within an organization. A start can be implementing better workplace policies to help with security. This can involve making employees leave their personal devices outside of the organization itself and utilizing biometrics to account for security. One could argue that taking away mobile devices could cause concern of eliminating the two-factor authentication, in this case however, it could be replaced by biometrics that would meet the same goal. It would also increase overall work ethic by decreasing distractions. Other ways to mitigate workplace deviance are by regulating information security positions and having confirmation of when employee information is cleared from the database. Regulations will decrease the possibility of deviance and confirmation of cleared data will help to seal that hole of leaking information. So, while cyber technology has greatly increased the possibility and frequency of workplace deviance, organizations can put effective strategies in place to just as greatly reduce it.

Shook, T. Cyber Threats. https://fs.wp.odu.edu/wp-content/uploads/sites/16319/2021/04/CYSE-200T-Analytical-Paper_Travis-Shook.pdf

Shrivastava, S., & Singh, K. (2021). Workplace deviance in the virtual workspace. Strategic HR Review, 20(3), 74-77. https://doi.org/10.1108/SHR-09-2020-0083

You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

If I was put into the role of a CISO in charge of managing availability, there are a few ideas that could be implemented not only to ensure availability but also to improve overall security.

One of the first things that I would implement is Role Based Access Control (RBAC). RBAC would give administrators the ability to manage the roles of authorized users. This means that employees would get the information that’s available to them in a more simplified and secure manner.

Another concept I would put in place is Multi-factor Authentication, with more of an emphasis on Biometric Authentication. Using complex passwords is helpful, but adding an application that’s needed for accessibility, as well as fingerprints or DNA scans, would greatly increase the security that comes with each person logging into the system. Additionally, it also specifies who is who and makes necessary information accessible to the people that are authorized to see it.

Thirdly, something that could ensure availability is Backups. With multiple backups of data, employees that may need to see older information would an option that provides access to them. Also, in the event of a security breach, the company would have security in backlogs of information that could be salvaged to allow systems to continue functioning while the breach is dealt with.

These are some of the ideas that I would implement in a public trading company as a CISO. My reasoning for them is that they not only increase overall security with the help of the CIA Triad, but they would also provide increased availability in the form of providing information efficiently.

Kirkpatrick, C. (2022, August 4). 200t mod 02C – the CIA triad and other cybersecurity fundamentals. Google Slides. Retrieved December 4, 2022, from https://docs.google.com/presentation/d/1DM78jjP0T5eXYWkgWm7JaD1Kg_vVadsrgDy5Em0hrUQ/edit#slide=id.g15a69fc78cf_0_6

Using the article 50 Cybersecurity Titles That Every Job Seeker Should Know About, research two or more of these jobs that are of interest to you. What disciplines do you see represented in these 50 jobs? What skills are required for the two jobs you selected? What was your biggest surprise? Be sure to include links to your research.

Some of the disciplines in the 50 jobs shown involve a general knowledge of cybersecurity and expertise in the field of technological science. Other disciplines include upstanding interpersonal skills, quantitative research methods versus qualitative, and analytical and detail-oriented minds. The first article titled “The role of the chief information security officer in the management of IT security” examined the role of a CISO (Chief Information Security Officer) before and after an IT (Information Technology) security breach. In the article, a CISO is meant to manage security management and strategy to prevent breaches and other problems from happening, however, there is a challenge when it comes to role identity and the amount of power they have. Additionally, the article adds that the skills of a CISO take the form of having a good understanding of technical and business aspects of an organization, team management skills, good communication skills, and being well-versed in cybersecurity.

The second article, “A Study of the Scrum Master’s Role,” was about experimenting with how a Scrum Master performs based on their role. The findings showed that there are 18 possible roles that a Scrum Master could play and that when used together, the Project Manager and Scrum Master roles would cause conflict. The kinds of skills that a Scrum Master needs are the ability to guide and manage a team, being a process anchor, having knowledge of engineering, maintaining a comfortable work environment, integrating software, and being a team player.

The biggest surprise for me was learning what a Scrum Master does in a management role compared to a facilitator role. In a management role, there’s a clash because that role is split between the Scrum Team and the Product Owner for estimation and prioritization respectively. Scrum Masters are meant to remove obstructions that happen while getting to the goal and maintaining a balance between stakeholders and the Scrum Team. When a Master is overburdened by management, it adds too many factors they need to monitor into their work which stops them from creating balance.

Morgan, S. (2021, April 28). 50 cybersecurity titles that every job seeker should know about. Cybercrime Magazine. Retrieved December 4, 2022, from https://cybersecurityventures.com/50-cybersecurity-titles-that-every-job-seeker-should-know-about/

Karanja, E. (2017). The role of the chief information security officer in the management of IT security. Information and Computer Security, 25(3), 300-329. https://doi-org.proxy.lib.odu.edu/10.1108/ICS-02-2016-0013

Noll, J., Razzak, M.A., Bass, J.M., Beecham, S. (2017). A Study of the Scrum Master’s Role. In: Felderer, M., Méndez Fernández, D., Turhan, B., Kalinowski, M., Sarro, F., Winkler, D. (eds) Product-Focused Software Process Improvement. PROFES 2017. Lecture Notes in Computer Science), vol 10611. Springer, Cham. https://doi-org.proxy.lib.odu.edu/10.1007/978-3-319-69926-4_22