CYSE 201S

Cybersecurity, Technology, and Society

Students in IT/CYSE 200T will explore how technology is related to cybersecurity from an interdisciplinary orientation.  Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:

  1. Describe how cyber technology creates opportunities for criminal behavior,
  2. Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
  3. Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
  4. Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
  5. Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
  6. Describe the costs and benefits of producing secure cyber technologies,
  7. Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
  8. Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
  9. Describe how cybersecurity produces ideas of progress and modernism.

Course Material

Students in this course have completed a number of activities including an reflection essay, weekly technology and cybersecurity journal,  and several quizzes and exams. Please include some of these artifacts on this page, particularly the reflection essay, explaining what you did and how these projects helped you engage with the outcomes listed above.

Be sure to remove this instructional language when you have completed updating content on this page

.

Article Review #1

Beasley_Article-Review-1

Beasley Career Paper

Journal #1

Out of all the specialty areas that the NICE workforce, the two specialty areas that catch my eye the most are analyze and protect/defend. Analyzing seems like a skill that will be much needed in my career because having the ability to analyze data and threats is valuable to organizations. Protecting and defending software systems goes along with analyzing information while being able to defend systems from outside threats and/or attacks. However; there are two specialty areas which drive my interest away. Oversee/Govern and operate/maintain are the two categories which drive my interest away the most. To oversee and govern, that skillset is something to be acquired through years of experience and management skills. Managing a cyber team isn’t a specialty I see myself doing soon based on requirements. Operating and maintaining system security has less of my interest in comparison to analyzing information for threats. Being able to operate a software system is still a skill that is important for cybersecurity jobs.

Journal #2

Social Sciences have just as much capability to be scientific as natural sciences. This relates to cyber security through all of the scientific principles encountered with framework. All of the scientific principles are Relativism, Objectivity, Parsimony, Skepticism, Ethical Neutrality, and Determinism. Relativism is when all things are related, so when changes are made to one system then there will be an effect on another system. Objectivity is how scientists review and study material without promotions of opinion(s).  It is crucial that all cyber studies are unbiased and to make sure opinions don’t have interference with research. Parsimony is keeping scientific explanations as generic as possible to grant several variables. Determinism is actions that begin from pressured or influenced events. Determinism examples would be nomothetic models, idiographic model, and  various social sciences.

Journal #3

This website has a comprehensive look at the past history of data breaches in the United States and their outcomes. It also has an extensive view on the laws of notification of breaches in each state. I think this information is useful for citizens to know their rights if they are affected by a data breach so they are aware of how the law is on their side and actions they can take to protect their privacy and identity going forward. It’s also beneficial when corporations learn from each other. So corporations should develop dedicated teams to researching past data breach events, how they happened, what the company did for it’s affected customers, and how the company is now protecting itself from a future data breach. For example, the Target data breach was one of the largest in history. From the information included in that breach, many companies have been able to learn from this in order to protect themselves and their customers’ information. This website also has important information for consumers and how they can protect themselves and the kind of ways hackers are trying to get at their information. There is a slippery slope with research to be careful not to infringe on a company’s privacy when their information is made public by accident. So proper research methods should be used. The most important tool is for learning proactive measures to protect their companies and their client base.

Journal #4

A well-known psychological theory called Maslow’s hierarchy of requirements proposes that human needs are arranged in a pyramidal form, with basic physiological necessities at the bottom and aspirations for self-actualization at the top. Technology, a rapidly growing industry, undoubtedly has an impact on many parts of daily life, including how people meet their requirements. Technology has made it simpler to meet even the most fundamental physical needs, such as having access to food, liquids, and shelter. Additionally, it has made communication easier, satiating the want for social interaction. Technology has made it possible for humans to meet demands at higher levels, like esteem and self-actualization, as we move up the ladder. For instance, social media allows users the chance to share their accomplishments and request compliments from others, satisfying their need for respect.

Journal #5

Ranking the motives for cybercrime, I would put them in the following order based on what is the more purposeful that makes the most sense:

  1. Multiple Reasons – this motive for cybercrime is all encompassing and in a way explains many of the other motives clumped into one. It involves financial motives for gaining money, psychological factors such as boosting ego and for revenge. It also includes socioeconomic factors such as political reasons or because of revenge against rich people or because someone has no friends and this is their form of entertainment.
  2. Money – this motive uses a financial reward as a reasoning for hacking into systems in order to obtain bank information. The causes for this might include low socioeconomic status and the need to pay for basic necessities to be able to afford luxury items that they may not have the resources to obtain under average conditions.
  3. Boredom – children that are given digital devices by their parents as entertainment are setting their kids up to be targeted by cybercriminals. Certain cybercriminals prey on apps, software, or games because they know children are easy targets and are entertained by talking to different people online. Because children/teenagers are hungry for social interaction, it is simple to convince them to meet or give them important information or even pictures. Then the criminal has their face, address, etc to prey on them. While this motive is highly reprehensible, it makes sense because of the ease of victimization
  4. Political – activists hacking into social media and tech networks in order to spread their message and make a point. This type of cybercrime gets a lot of attention lately because of the emphasis placed on political issues since 2020. I could also align this with the recognition motive as these groups that have political motives are doing it for recognition as well.
  5. Recognition – this motive goes hand in hand with the political motive as the two motives are quite similar. Hacking just for attention for the recognition of a certain party or group is what drives some cybercriminals. In this article, Niblock shut down Labour Party websites to stop a candidate from campaigning for an election. This was also to recognize his own political views.
  6. Revenge – this motive is probably the most malicious of all because it hurts the reputations of individuals who have been victimized by revenge porn. Just to get revenge makes little sense because it seems obvious that some of the images are fake, it costs a lot of money just to get revenge, and for what? Celebrities are often the victims of this crime and the gratification of revenge compared to the effort and resources to commit the crime, plus the dangers of being identified as the hacker just don’t make sense.
  7. Entertainment – committing cybercrime out of boredom or doing it just because you can is deplorable. Millions of people were put at risk because of the LinkedIn breach because the hacker was doing it just because. There was no monetary, political, or social gain so the reasons for hacking for entertainment makes the least amount of sense as it doesn’t forward the goals of the hacker for anything important. And if caught, the consequences are severe.

Journal #6

Fake websites can be identified by looking at the address bar. Often it has no padlock symbol or https:// in front of the website. Also fake websites have too good to be true deals or information that seems satirical or unbelievable. In addition, these websites are often littered with pop up ads. This DMV website has a padlock and https:// before the URL, but you can tell it’s fake because it says it’s not related to any government agency. Hackers may use poor grammar and misspelled words as well. 

https://www.dmv.com/?tg1=DVA&utm_content=dmv.com&utm_medium=dmv_&tg7=dmv_&utm_source=dmv.com&tg9=dmv.com&utm_term=organic_dmv&utm_campaign=organic_dmv

https://www.dhmo.org/

https://www.theonion.com/

Real Websites:

Real websites will have a padlock symbol or https:// before the URL. Real websites wouldn’t have grammar problems or misspelled words. Also most real websites will have ways to get in contact with the company and will have a social media presence. Real websites come from a trusted source. Websites ending with a .edu or .gov are generally safe.

https://www.odu.edu/

https://www.dmv.virginia.gov/#/

https://www.today.com/

Journal #7

This is potentially a student or an employee in a public space, on public wifi checking email, logging into accounts, or working on assignments. Due to our increasing digital footprint, public wifi is now a necessity for many people.

Even at home during our leisure time, we are on our tablets, computers, and mobile devices taking care of the business of our lives. All aspects of our life is a digital action, even our medical records.

We are so busy so we try to capture a little peace while still working. This means we have become dependent upon mobile devices to help us maintain our lives. 

Humans often end up in public spaces, such as coffee shops, for their hotspot capability and to grab a little snack or treat whenever we can. This again shows our dependence on digital devices.

Part of how we connect with friends and family is over video chat applications. This woman looks to be having a video conversation with someone she knows outdoors. In this scenario, someone could be listening in or attempting to tap into her personal hotspot.

This would indicate to patrons of perhaps a library, coffee shop, airport, etc that there are spaces available for computer usage. This could include a desk, outlet for charging, or usb ports for connecting devices. The danger in using usb ports is that corruption could be transferred to your device. In addition, this would indicate the need for public wifi usage. We take our work with us everywhere we go as a lot of jobs are on call 24/7. 

Even at home to break the boredom of the peace and still, we entertain ourselves on our mobile phones. With so many applications available for just about every aspect of life, we have our world at our fingertips through our cell phones.

This could be a college class or a company meeting. Many times these two situations are carried out through Zoom or Google video chat. Also sharing documents is part of many companies’ protocols. Idea sharing is done more digitally now.

Similar to the previous meme, this is most likely a college class or a business meeting where we probably see the document has been shared to many different people. 

Our cell phones are used in every aspect of our lives. Now we don’t need separate cameras due to the advanced technology available for mobile phone photography. It also shows here that we use our phones anytime and anywhere and they are a lifeline to many people. So many aspects of our lives are contained in our cell phones.

Journal #8

In the Youtube video that was in Module 8, there was a professional Cybersecurity expert describing how the media distorts how hacking actually takes place. Most often movies portray hacking as commonplace within society and a faster process than it actually is. This is to get people more interested in a tv program or a movie. The act of hacking is sensationalized to retrieve that “shock factor” from the audience to keep them hooked. 

Similarly with other avenues of the media, stories are twisted and construed so as to portray urgency or emergency situations with regard to cybercrimes. The media skews the sense of reality of cybercrime in order to get more clicks on their website or social media pages. They only tell the facts that will get the most viewers. This sensationalization of cybercrime is disruptive to society as it creates a higher level of unnecessary panic. What I think is not portrayed is the behind the scenes cybersecurity measures in place to find the criminals and actions to proactively stop criminals. Cyberspace can be a safe place with the proper measures taken, but for exaggeration, the media doesn’t show that information.

Journal #9

On the 9 question Social Media Disorder Scale, I scored 5 no answers to 4 yes answers. I feel that means that social media doesn’t affect my functioning as much as it would some users. My split down the middle score surprised me a little because I do not feel that addicted to social media platforms. My “yes” answers were that I have felt bad not using social media, I have failed to spend less time on social media, I have lied about the amount of time I spend on social media, and I have used social media as an escape from my feelings. So what this tells me is that I use social media as a distraction and while on social media, I get caught up in it and spend more time on it than I planned. It is an addicting genre that makes it difficult for people to turn away. We are so interested in others’ lives and what people have to say, plus we have an interest in what other people do or think. I think different patterns across the world differ based on availability of resources. Of the entire world, 56.8% are social media users according to the lecture, and of those 99% access social media from a mobile device. Those areas that have high social media usage also have high mobile device usage. Social media usage is up 13%, which will increase the occurrence of social media based cybercrime.

Journal #10

Article Summary “Social Cybersecurity: An Emergent National Security Requirement”

Social Cybersecurity is an attempt at understanding the social, psychological, and criminal behaviors behind cyber attackers in an attempt to stop them before they assemble. The United States and countries around the world must get on top of this type of hidden crime wave. Cyber attacks will cripple whole systems one day. Russian journalists have said this is the plan of attack to divide and conquer nations and their capabilities of defense through their networks. It is well known teams of hackers work tirelessly in Russian and China to get at our core, our military secrets, our government, our utility systems, and even our healthcare.

We, as a nation, need to look at all aspects of our organizations to find all possible areas of weakness and proactively plan for disruptions as part of this cyberwar. Just this week a 21 year old released classified documents. People on the inside even need to be watched. Other countries are clever in placing their spies. These crimes are acts of terror. This, in my opinion, is an extension of the Cold War. Instead of attacking only our military installations, this attack is on our innocent citizens. The reading of this article was alarming and disturbing, yet warranted. I think this is information everyone should pay attention to in the future. We must be on guard against those that set out to terrorize us. It no longer needs to be an attack of close proximity.

Journal #11

Video Response for Cybersecurity Analyst Job Description Video

This video is presented by a woman who has been a Cybersecurity Analyst and is giving the public information about the Cybersecurity Analyst position. She describes this position as being a lucrative job with a good salary no matter where the job is located, either domestically or globally. This job is entry-level, so it requires a person willing to work shifts with less desirable hours in order to learn and gain experience. That means a person wanting to gain experience needs to be eager and flexible as well as patient for the right opportunity. Also, Analyst positions are a position that requires social networking and meeting new people, as well as being able to be a good communicator. These jobs often start out as Help Desk positions where the Analyst is helping people with phishing scams or viruses, so they need to educate, help, and patiently assist end users with their computers. The optimal character traits for this position would be patience, detail oriented, problem solver, analytical, good communicator, and organized. Having this type of position would enable the Analyst to have a high paying job in a growing field where there is little competition and a wide open opportunity field at the moment.

Journal #12

asherparts.com Breach Letter

         In this case, there are two economic theories that could be best applied to this situation. First, the Rational Choice economic theory suggests that individuals make rational choices based on the information they have at the time, (Ganti, 2023). They weigh the benefits and costs and make the most rational decision they can. Here, customers made digital purchases on a website after deciding the products were the best possible choice for them and they were willing to pay the cost of the products. The rationality of this is that the customers placed trust in Glass Washer Parts that their website was safe and secure and that the company took proactive measures to protect their information gathered on the website. They assumed based on their research that the company had protected itself from malware and was performing due diligence to keep their purchase information safe.

         The second economic theory that applies to this case would be the Laissez-Faire theory. This theory suggests that government should not intervene in economic processes, (Investopedia, 2023). Specifically for this case, the investigation happening by law enforcement kept Glass Washer Parts from notifying its customers in a timely manner that their financial information could have been compromised. Instead of a prompt notification to customers, they were forced to delay notifying their customers until an investigation was complete. The victim here is the customer and while the investigation was ongoing, the customer information was still at risk and unprotected. If I were a customer of this company, I would be extremely angry that I was not notified in a timely manner so I could take steps immediately to protect myself.

         In addition, two social science theories that I believe relate to this case are Conflict Perspective Theory and Strain Theory. Conflict Perspective Theory suggests that society is composed of groups that have their own goals and sometimes the goals between groups do not coincide and conflict emerges, (National University, 2022). In this case, the goal of the consumer was to safely purchase a product they needed. The goal of the hackers was to criminally steal their information to use for selfish reasons. The goals of the consumer and of the criminal were opposite and conflicting. In addition, the goal of Glass Washer Parts was to notify their customers right away so they could take measures to protect themselves. The goal of law enforcement was to complete an investigation and keep the customers out of the loop because it would interfere. These goals were completely opposite which created a conflict for the customers and their security.

         In addition, another social science theory that relates to this case is the Strain Theory. This theory suggests that people participate in criminal acts because of a strain they are dealing with that is affecting their life. In this case, hackers placed malware on the platform provider’s site in order to steal financial information of customers in order to steal money or use financial information in a criminal manner. The reason they would be interested in carrying out this act is for financial gain. Why would hackers want to steal? In order to satisfy a strain in their life, which would be the greed for money because they feel they don’t have enough financial security in their life.

References

Encyclopedia Britannica, E. (n.d.). Strain Theory. In Encyclopedia Britannica. Encyclopedia Britannica. Retrieved April 2, 2023, from https://www.britannica.com/topic/strain-theory-sociology.

Ganti, A. (2023, January 11). Rational choice theory: What it is in economics, with examples. Investopedia. Retrieved April 2, 2023, from https://www.investopedia.com/terms/r/rational-choice-theory.asp#toc-examples-of-rational-choice-theory

Glass Washer Parts Sample Data Breach Notification. (n.d.).

Journal #13

Should Bug Bounty policies be implanted for businesses?

Bug Bounty policies are adopted by businesses in order to help find vulnerabilities within their networks. Ethical hackers are hired to scour the network of a company and find weaknesses that a hacker would be able to find. The benefit to this is that they could potentially find areas that the company needs to improve by use of a professional hacker. The cost of this would be the price to find the areas of weakness and to take actions to secure that part of their network. This is most important in the financial, retail, and healthcare industries. 

According to the article, there is relatively low cost in finding bugs within a system; although, hiring hackers comes at a higher cost. Large companies have a more complex network which opens itself up to more security risks. Smaller companies are simpler in nature with fewer avenues for security risk. Although this is true, larger companies have more monetary resources to handle cybersecurity risks than smaller companies. Larger companies can often create their own software programs making their applications safer. Smaller companies rely on the software produced by outside companies, thus opening them up to more security risks. The cost of hiring a bug bounty hacker is around $85,000 which is much less cost than hiring two cybersecurity professionals full time in an organization. In this day and age of an increased demand for the digital footprint and computerized procedures, the security risks are massive. The benefits of implementing bug bounty policies much outweigh the costs of hiring the hackers to investigate networks. In the end, paying the cost of a breach or corrective procedures in reaction to a breach event is much greater than proactively researching the networks. In addition to the monetary consequences, a company loses trust in its customers and employees if they do not proactively take protective measures. The conclusion found in the article was that no matter the cost of the hacking services, demand remains constant for the service bug bounties provide.

In conclusion, I feel it is a responsibility of companies to take up front measures to ensure the security of their networks. Bug bounties are a way companies can complete this. By hiring ethically based hackers to dive into a network, companies are able to identify areas of vulnerability within their network. This would be the same as a person checking their financial statements for fraud, adding security systems to their home, or locking their doors at night. All of these are protective measures in order to keep their money and homes safe. The same initiative must be employed by companies to protect its customers and employees. The cost of the service is minimal compared to the benefits received as money would be saved in the long run. If a company contracts hackers instead of fulltime employees, money is saved. Although, companies must decide if it’s worth the risk of hiring an ethical hacker who might sell their information illegally. But this risk is small.

References

Sridhar, K., & Ng, M. (2021). Hacking for good: Leveraging hackerone data to develop an economic model of Bug Bounties. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab007 

Journal #14

  1. Bullying/Trolling – cyberbullying is a punishable offense and it the cause of so many young deaths these days. School children are often the victims of cyberbullying and it causes mental depression and sometimes suicide. The acts are cruel. Also hiding behind social media posts to troll people and say mean or intimidating words hurts people and affects them mentally. This is the most unethical of all the internet crimes as it attacks people on a personal level
  2. Collecting Information about Children – gathering information online about children is illegal. Children are targets for many internet crimes because they are not as aware of the dangers and think they are talking to a friend, when in fact they are communicating and sharing information with strangers. This is dangerous and illegal and should be punished to the extent of the law. Children are a protected class.
  3. Using Unofficial Streaming Services – streaming of illegal film media is a risky business. Yes, you are watching movies for free, but it comes at a price if you are caught downloading pirated material. This is theft and punishable by law.
  4. Sharing Passwords, Addresses, and Photos of Others – passwords, addresses, and photos are the private property of individuals. This information should not be used, shared, or collected as it is an invasion of privacy and puts the victims at financial and personal safety risk.
  5. Illegal Searches – be careful what you are searching on the internet. If its seeking illegal information such as child pornography or crime related information, you could be the target of investigation. I’ve seen news stories where criminals were caught based on the Google searches done from their homes on how to commit crimes, find hitmen, etc.

Journal #15

The man in this video was a Digital Forensics Investigator. He collects, analyzes, and manipulates data to be used in a court of law. He has been in the field for 17 years and did not get a college degree for this type of work. He began his career as an accountant and still does this during the day. In the evenings, he goes through a computer seeking data he can use in an investigation. He began his career with a small accounting firm who needed an accountant, but also someone who could provide basic IT help. He was eventually promoted to a large accounting firm where he positioned himself to become a Digital Forensics Investigator for an Australian firm. Interesting that he didn’t study, nor have a degree in IT or Cybersecurity. This tells me that this position is in such high demand that anyone can be molded to be in Cybersecurity. My dad graduated college with a Biology degree and now is an IT Manager. This person uses social sciences for his job such as Criminology, Psychology, and Sociology. He works with Criminal Justice professionals to get the data for them and manipulate it into usable form. He tries to understand his target and why they think and act like they do so he can anticipate their motives. He tries to think socially about what brought the hacker to the place they are in so he can find all the groups he/she might be associated with so they can track down sources of information.