Week 15 Journal #1

Prompt: Watch this video (https://www.youtube.com/watch?v=Pf-JnQfAEew) and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

Response: Davin Teo gave an interesting lecture regarding his career in digital forensics. It was interesting to hear his experience during the older days of technology. He used many of the principles of social sciences throughout his life. At a very high level, digital forensics is all about social science and investigation. Using research methods like archival research to connect dots on certain events. At its highest level he uses the fundamental principles daily. Objectivity to gather research, relativitism to connect to data into something more meaningful, parsimony to relay the info to other teams, skepticism to judge data relevancy, and so forth.

Week 13 Journal #1

Prompt: Andriy Slynchuk Links to an external site.has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

Response: After reading Slynchuk’s eleven things internet users do that may be illegal, I would consider the following five things to be the worst. Starting with the worst, collecting information about children. All of the acts listed in the article are bad and/or illegal but targeting children is a further layer into malicious activity. Using other people’s internet networks is also bad as you are effectively stealing from them. Bullying and trolling is bad as there is no benefit to doing so, and can have very drastic consequences. Sharing account information of other people to other people is identify fraud and theft. Faking your identify online can be very harmful as well. It is frequently used to psychologically harm someone or trick them into sending your money.


Week 12 Journal #2

Prompt: A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

Response: The article was a very interesting read. Their findings documented that while well established hackers are typically paid on retainer by larger firms like Google, there are plenty of smaller businesses thriving off of bug bounties with “up and comers”. The companies seem to have benefited regardless of size. They also found that hackers are not solely motivated by the monetary reward of the bounty but more-so motivated by the reputation it establishes and reward of reporting a bug first.

Week 12 Journal #1

Prompt: Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf Links to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

Response: After reading the article I can see how it relates to two economic principles Laissez-Fare and Classical. In cybersecurity privacy is seen as an inalienable right and would require government intervention if that right was violated, much like how the police get involved to right the companys/intruder’s wrongs. The classical economic theory also fits with this article as the customer gives the company their information willingly and that company can then use the data for more than it’s primary use. This article also showcases an example of the exposure theory, since this company chose to go through a platform provider, their data is subject to the exposure of the platform provider’s security. As it was not enough to stop these intruders, the company and their data was then exposed to crime.

Week 11 Journal #2

Prompt: Watch this video. https://www.youtube.com/watch?v=iYtmuHbhmS0.
As you watch the video think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

Response: Watching the video there were a handful of social behaviors and/or themes that arose. The lady in the video talked about what it takes to get your first job in cybersecurity, such as you work ethic, certifications, knowledge, where to look for jobs etc. The common qualities or behaviors she talked about were that to get a job in cybersecurity a person needs to be detail oriented, a good team player, think critically, and constantly pursue knowledge and growth. One could also reason that RST theory is used by the law enforcement by their reasoning of hiding this breach from the customers as to investigate with less interference.

Week 11 Journal #1

Prompt: Read this and write a journal entry summarizing your response to the article on social cybersecurity https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/Links to an external site.

Response: I found this article to be very informative. With technology progressing as such an fast pace and constantly ingraining itself more and more into our daily lives, it changes how information is transferred in every side of information tactics. Bots are a rampant issue in most online spaces but even I didn’t think to contemplate that a bot used in a nefarious manner could not only be a hacker/bad actor but a foreign state/government sponsored one at that. There is a large information war and it would only our country good if there was a larger effort to educate those on it.

Week 9 Journal

Prompt: Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?


Response: I took the Social Media Disorder scale test and scored a 3/9. Luckily, I was not deemed a “disordered social media user”. I think the items in the scale are fairly straightforward. While I think the majority are rather excessive in terms of habit/addiction for my personal standards, I know plenty of people both in my friends and associates that would score 7/9 and above. I think it is reasonable to say that there are different patterns found across the world for various reasons. I think the most obvious variable would be how much technological infrastructure a country/city/state/etc. has. It would be obvious assumption that a remote tribe in the amazon rain-forest would not be addicted to social media whereas there are millions of people in the United States that are addicted and/or have a social media disorder. I think the biggest factor would be how much technology is integrated into our lives. In the United States we use technology for just about everything you can think of. Being connected via technology has become so common place that it would cause addiction in many.


Week 8 Journal

Prompt: https://www.youtube.com/watch?app=desktop&v=6BqpU4V0Ypk After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity

Response: I believe that the media likes to play up the theatrics and drama around hacking. I do not mean to say that hacking is not serious or that it lacks drama, but hacking simply usually is not a super intense and suspenseful scene. While the ramifications of the action may or may not be intense, the actual actions required to complete a hack is not. It is interesting to see certain movies, shows, etc. get certain processes and terminology correct. An example directly from the video was the movie or show referenced the CTF challenge from 2012 to build their scene.


Week 7 Journal

Prompt: Review the following ten photos through a cybersecurity human systems integration framework. Create a meme explaining what is going on in the individual’s or individuals’ mind(s). Explain how your memes relate to Human Systems Integration.

Response:

This meme relates to system integration in a couple of ways. It is common to bring your work devices (such as laptops) to meetings during work (or at least it is common in IT roles). I’ve been part of hundreds and thousands of different meetings, and unfortunately a good number of them could be summed up in an email. This relates to the fact that technology is so ingrained in our day to that whether or not the information is delivered in person or via email, I will have my device with me working on something. I quite literally cannot do my job without technology and systems.



Week 6 Journal

Prompt:

Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?

Upload this journal entry into your ePortfolio.

Note: Don’t generate/access or click on any unwanted/fake websites on your web browsers. Showcase with examples, what makes the fake websites fake.

Note: Upload your journal entry into your ePortfolio and submit the link in the assignment.

Response:
I’ve seen countless fake websites during my time in IT. In my current role I commonly see fake Microsoft sign on pages (the landing page you see when attempting to login Office365) asking for your login information. Some of them are well done and could fool more than the average user. The common mistakes these phishers make is misspellings, this is a dead giveaway. Sometimes a phisher will misspell keywords intentionally to avoid the site hosting platform’s auto detection policies. For example, I commonly see forms with titles such as User.name, P@ssw.ord: Em.ma0-l. etc.) These random characters avoid detection policies that search for forms designed to harvest credentials. Free website hosting services see thousands of these fake sites. The most common vessel I see in use is Wix. A good way to spot a fake site (take the Microsoft phish example mentioned earlier) is to look at the URL. No Microsoft URL will ever be Wix site domain. No Microsoft login URL will resemble anything similar to Mywebsite.wixstie.microsoft.com.

Week 5 Journal

Prompt:
Review the articles linked with each individual motive in the presentation page or Slide #3.  Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7).  Explain why you rank each motive the way you rank it.

Response:
Ranking each motive from 1-7 (1 making the most sense) is as follows
1 For Money
2 Multiple Reasons
3 Recognition
4 Political
5 Revenge
6 Boredom
7 Entertainment

Starting with number one, money is greatest motivator for just about anything. Be that good or bad, money seems to motivate everyone to do something. We need money to live, entertain, and grow. Multiple reasons I put in second because it’s incredibly rare that someone commits a crime for one reason alone. Money is the only motive I can truly believe being a sole factor. Recognition is a strong motivator in the cyber world. With how much an online presence can get you, be it fame, promotions, money, etc. The bigger your name the more fame and or opportunities you experience regardless of benevolent or malevolent intention. Political motivated crime has been prevalent since the dawn of politics. People have ideas and convictions, sometimes those convictions take over the person and may motivate them to commit a crime. Revenge is common itself, be that in the cyberworld or not. Boredom isn’t as popular, sure there are thousands of people with too much time on their hands, but compared to the other motivators this one just isn’t as common. Last up is entertainment. I can see thousands of people enjoying committing crime. There are countless cases of criminals who do bad things just for the love of the game. But to enjoy malevolence is a rare and I don’t personally understand it myself. I cannot find enjoyment in hurting others.



Week 4 Journal

Prompt:
Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Response:
Maslow’s Hierarchy of Needs is broken down into three categories (Self-fulfillment needs, psychological needs, and basic needs) and five subcategories (self-actualization, esteem needs, belongingness and love needs, safety needs, and physiological needs). I can relate to each level of the hierarchy in countless ways in regard to technology. Starting with basic needs in both safety and physiological, I use technology such as an internet of things (IoT) thermostat to regulate the temperature in my apartment. I also use a smart phone paired with a smart watch to wake me up in the morning via haptic vibrations every day at 6am. I have a blink doorbell camera along with cameras in my apartment to monitor the well being of my pets and wife. Secondly in psychological needs with belongingness, love, and esteem needs. I use my phone to text, video call, and message my wife, family, and friends. Being that I moved from Michigan a few years ago, my long time friends can only keep our close relationships relevant because of the many instant messaging features on both phone and computer. I frequently post my artistic, gaming, and academic accomplishments on social media to show pride and accomplishment to my family and friends. Lastly I use technology to fulfill my own goals and hobbies in many ways. A great example would be taking this CYSE201S course completely online. Due to the restriction of my 9-5 job I can’t attend in person classes. This allows me to learn more about cybersecurity and achieve my goal of obtaining a bachelor’s degree.

Week 3 Journal

Prompt:
Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

Response:
PrivacyRights.org offers many different forms of information that would be useful to study breaches. Upon visiting the landing page of the site, you are greeted with several recently updated tables and graphics. Researchers have the ability to gather knowledge on where in the world breaches are being reported and by how many are located in a specific area. PrivacyRights.org also offers a chart with record of over two decades of breaches broken down by state. Researchers can use this data to analyze trends not only by year but by location as well. This can help draw ties between recent technological advancements, political events, etc, to help gain insight to the target/intent behind the breach. Having both the date and location unlocks a door to more specific details. PrivacyRights.org also lists how the breach was able to gain access (i.e. hack, physical, port, unknown, etc.). Combining all of the presented information into an archival style research can yield greatly detailed results.
Week 4 Journal

Prompt:
Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Response:
Maslow’s Hierarchy of Needs is broken down into three categories (Self-fulfillment needs, psychological needs, and basic needs) and five subcategories (self-actualization, esteem needs, belongingness and love needs, safety needs, and physiological needs). I can relate to each level of the hierarchy in countless ways in regard to technology. Starting with basic needs in both safety and physiological, I use technology such as an internet of things (IoT) thermostat to regulate the temperature in my apartment. I also use a smart phone paired with a smart watch to wake me up in the morning via haptic vibrations every day at 6am. I have a blink doorbell camera along with cameras in my apartment to monitor the well being of my pets and wife. Secondly in psychological needs with belongingness, love, and esteem needs. I use my phone to text, video call, and message my wife, family, and friends. Being that I moved from Michigan a few years ago, my long time friends can only keep our close relationships relevant because of the many instant messaging features on both phone and computer. I frequently post my artistic, gaming, and academic accomplishments on social media to show pride and accomplishment to my family and friends. Lastly I use technology to fulfill my own goals and hobbies in many ways. A great example would be taking this CYSE201S course completely online. Due to the restriction of my 9-5 job I can’t attend in person classes. This allows me to learn more about cybersecurity and achieve my goal of obtaining a bachelor’s degree.

Week 3 Journal

Prompt:
Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

Response:
PrivacyRights.org offers many different forms of information that would be useful to study breaches. Upon visiting the landing page of the site, you are greeted with several recently updated tables and graphics. Researchers have the ability to gather knowledge on where in the world breaches are being reported and by how many are located in a specific area. PrivacyRights.org also offers a chart with record of over two decades of breaches broken down by state. Researchers can use this data to analyze trends not only by year but by location as well. This can help draw ties between recent technological advancements, political events, etc, to help gain insight to the target/intent behind the breach. Having both the date and location unlocks a door to more specific details. PrivacyRights.org also lists how the breach was able to gain access (i.e. hack, physical, port, unknown, etc.). Combining all of the presented information into an archival style research can yield greatly detailed results.

Week 2 Journal

Prompt:
Explain how the principles of science relate to cybersecurity.

Response:
The principles of science hold great weight in the world of cybersecurity. Cybersecurity is such a broad world and science. Part of my current role is cybersecurity and I use all of the listed principles daily. When reviewing a potential threat such as a phishing email, I am always skeptical as we receive hundreds of social engineering attacks. Reading a flagged email usually involves opening an email not intended for me personally, these emails can involve subject matter that I may not agree with personally, I must remain neutral and process my investigation as I would any other email. I must remain ethical. I do not create an opinion on the attacks I prevent and remediate. I simply look for the intent, causes, and impact of them objectively. I see how they could’ve gotten past filters and what tactics they are using that are potentially successful, the relation/relativism of their actions and impact. Finally, I often have to explain to an end user why they have to update their passwords and information because of the attack they fell victim to. I work with a lot of users that are not well versed in technology, so my explanation needs to be simplified so that they can fully understand what happened and why it happened.

Week 1 Journal

Prompt:
Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Response:
After looking into the NICE Workforce Framework I have realized a couple areas I intend to focus on. I currently work as a systems engineer and am in the process on transitioning to a Cyber Security Analyst. The two biggest areas I want to focus would be Protection and Defense and Investigation. Both of these factors go hand in hand, to fully protect something from a threat, I will need to study it. I will need to investigate how, when, why, and where it attacks . The area I will probably focus on the least is Oversight and Governance. I’m not interested in leadership, and I struggle memorizing all of the compliance/governance regulations. Given the role (Security Analyst) I am transitioning into, I will not be implementing compliance regulations or handle management. I will routinely scan for intrusions, investigate potential threats. and respond to incidents.