Journal Entry 1
After reviewing the NICE Workforce Framework there are a couple areas that interest me more than the rest. The first area I would like to focus on would be the operate and maintain category because I would like to start off with a more hands-on approach with being the one that installs, configures, tests, maintains, and manages the networks and firewalls, which includes the hardware as well. This would also include the troubleshooting of these systems depending on the specific job. The next category I would like to focus on would be protect and defend. This is because I would feel that this would be a good next step after already having a deep understanding of the systems themselves by working with them. This may be a little less hand on but would be very important to the organizations security which is something that I would love to be able to help. Eventually I would like to go into the category of oversee and govern. That would be after I have a deep understanding of the general systems and the best practices and measures to keep them safe or mitigate in the event of a break or attack. I feel that this category would be the natural next step to focus on and is where you could have even further influence on the actual organizations security and actually be able to make sure that higher ups follow the security policies. I feel like the investigate and analyze categories appeal to me lease because of the nature of work that would be involved in them. I have never been the biggest fan of analytics and analyzing such information and prefer a more hands-on approach to things and that is why I feel that these would be a little less “fun” to me over the other categories.
Journal Entry 2
The principles of science are closely corelated to cybersecurity in many ways. In fact, the use of science principles is key to the success of cybersecurity and the protection of computers, networks, and data from hackers and malware. Principles such as determinism can be used to aid cybersecurity specialists by being able to consider certain factors that might make a hacker hack something so that they can decide to protect those areas with stronger security measures. Another principle that can be utilized by cybersecurity is parsimony; this is because parsimony essentially means that the level of explanation should be as simple as possible which would make cybersecurity, within business, more efficient and streamlines. Objectivity is another principle that can be used in cybersecurity to ensure that there is no bias which could blind people from certain security risks. A continuation of objectivity would be ethical neutrality which can be important from a legal standpoint and cybersecurity due to determining what measures are ethical or not to implement to reduce cybercrime.
Journal Entry 3
Researchers can use the public information about data breaches for many different purposes. One way they could utilize this information by analyzing the companies that get breached the most to try and figure out what their vulnerabilities are and then you can also analyze the companies that have the lease number of breaches to try and determine what security measures they are taking that might be preventing as many attacks as possible. Having the knowledge of which companies are experiencing more or companies with less breaches, can be an invaluable resource for cybersecurity researchers. With the historical data of past breaches, the researchers can build models that predict future attacks so that they could be able to better prevent and mitigate such attacks.
Journal Entry 4
Maslow’s Hierarchy of needs consists of 5 different levels ranging with three different types if needs. Those three needs are basic needs, psychological needs, and self-fulfillment needs. In the modern era of technology, it can be said that technology is now an essential tool for attaining these hierarchy of needs.
Starting with the first level “Physiological needs” technology has helped me attain this level of need in many ways such as, the refrigerator that keeps my food and drinks cold so they don’t spoil, the microwave and oven/stove that warms up and cooks my food so that it won’t get me sick, the AC and Heater that maintains a comfortable temperature in the house, and the smart phones that act as alarms to wake you up in time and even can track your sleep in sync with sleep track devices like an apple watch.
The next level of needs is that of “safety needs”, technology can help one attain security and safety with features such as being able to call 911 from your smartphone anywhere and new phones like the latest iPhone allowing you to connect to a satellite so that you can message emergency services without cell signal. Other technologies like the ring camera systems allow you to check who is at your door from anywhere and even lock your door remotely as well which is a very important and useful security feature. New cars allow you to even unlock or lock your car from the convenience of a app on your smartphone.
The third level of needs is “belongingness and love” which surprisingly can be attainted with some help from technology. The technology that assists with this level of needs is by simply allowing people to communicate with their loved ones from anywhere and whenever they want, either with texts, phone calls or video calls. This can make it substantially easier to have and maintain long-distance relationships which would have been a lot harder to do in the past. Now there are apps that help you meet new people which you would have never meet in the real world. Some people have even met their future husbands and wives on such apps. Even I met my partner on one of these such apps and I definitely would not have discovered her if it wasn’t for these apps. Even just social media such as Instagram allows for this.
The fourth level needs are “esteem” which is where people feel prestige and accomplishment. Technology can help people accomplish this by allowing people to show off any awards or accomplishments that they have attained to the whole world through social media and the internet. Even with E-portfolios like this one is a way that people can present their awards and achievements to the whole world. People can even start businesses or become social media influencers with just a phone and or computer, which just highlights the power of technology and people being able to accomplish things.
The fifth and final level is “self-actualization” which is when one achieves their full potential. It can be hard to actual calculate or know when one achieves their full potential, and some people may never fell as if they have attained this level of need. Technology, however, will give people the best chances to be able to attain this tier of need. This is by allowing people to showcase their accomplishments to the entire world through the internet, actually being able to track how many people see their such achievements and being able to impact millions of people with the aid of the internet, hopefully for the better, because it could be said that that is the greatest achievement.
Journal Entry 5
When you think about someone committing a crime you also must wonder why they did it and what motivated them to do it exactly. There are a common seven motives which are multiple reasons, for money, political, revenge, recognition, entertainment, and boredom. The question is what motive makes the most sense out of all of these.
IN truth I would say that obviously it would be “multiple reasons”. This is because a lot of times people may do things because of many different factors such as someone may decide to hack for monetary gain and recognition or for monetary gain and for the fun of it. I believe that for most things you must consider multiple different factors and there rarely is only one reason people would do things, especially regarding cybercrime.
The next motive that I find makes the most sense is for money. Let’s face it, money is what keeps the world spinning and people would do essentially anything to have more money. Committing a cybercrime for the potential gain of millions of dollars does indeed make a lot of sense based on the shear amount of money that is involved in these data breaches and how much the companies end up paying out just to get their data back. In current times, there are even ransomware services where people or groups essentially hire these high skilled “hackers” to do certain tasks for a percentage of the earnings.
The third motive that make the most sense would have to be political reasons. There are many cyberhackers that do what they do for what they believe to be good cause. This however doesn’t change the fact that they are committing crimes, but people are going to break laws for what they believe to be right which does make sense to me.
The fourth and next motive that makes the most sense to me would be revenge. I rank this one forth because revenge is an emotion that can drive people to extreme measure to satisfy their need for it. Depending on the reason for revenge, people would be able to “understand” why someone would do certain things even though it may be considered “wrong” and be a crime. That is what I consider to be a sympathetic villain.
The fifth motive that makes the most sense is recognition. People do many things for the belief that they will be able to live on forever because of the fame of what they do gives them. A lot of times these people do not care if what they do is considered a bad thing or not. Perhaps these people feel like their skills are not recognized enough by people like their employers, so they decide to prove themselves by hacking the company they work for. Although that may be almost like revenge, I would argue that it is different, but they are correlated, which is why I believe that the “multiple reason” motive makes the most sense.
The sixth motive would be entertainment, and this is because to me I wouldn’t decide to commit a cybercrime just because I want to seek entertainment. Sure, it might be because of the thrill/adrenaline rush of doing something you’re not supposed to be doing but compared to the other motives I find this one makes the one of the least amount of sense.
Lastly, the motive that makes the least amount of sense to me is boredom. I just do not understand why someone would want to commit a cybercrime because of pure boredom. I feel that you could find something better to fill the time and boredom in your life besides doing something illegal but that may be because people are not aware of what qualify as a cybercrime and are surprised when they are being prosecuted for cyberbullying. I still find this one to make the least amount of sense to me, however.
Journal Entry 6
In this journal I have listed three fake websites and three real websites where we explore the format of the real and fake sites and compare them to help be able to determine fake websites from real ones.
Fake websites:
website 1: Dog Island Free Forever (thedogisland.com)
The format of this website shows poor website design with many images not even loading. It even has a section where you would enter your email address as you are roleplaying as a dog trying to sign up to go to dog island. This could potentially be dangerous as this information could be sold or used to send spam and phishing emails to the email entered. The website even has a disclaiming that claims the website was created to be funny. I would not trust this website based on these many reasons.
website 2: About Boilerplate | Big Red Hair
The format of this website is also suspicious but is not as bad at the one above. This website also doesn’t have a way to contact them.
website 3: The Official Kresky Home Page (kreskytv.com)
This website has poor format and is attempting to give information about a made-up television series that never existed. The site even has a disclaimer that states that the site is not endorsed by certain groups that are supposed to be part of the so-called show.
Real websites:
Website 1: https://www.amazon.com/
Amazon as we all know is a reputable site, but what makes it reputable without the prior knowledge is the fact that it is well organized and designed. It is easy to find where to contact them for support and has the conditions of use and privacy notice.
Website 2: VA.gov Home | Veterans Affairs
The website of va.gov is obviously a real website as many would suggest. You can tell by the fact that it has sound design and that it is a “.gov” website which lets you know that it is a government website. There is also a banner on the top of the website under the URL that states that the website is an official United States government website. It also has links to its privacy, policies, and legal information.
Website 3: ODU – Old Dominion University
The website of ODU is a real website, and this can be deduced by the fact that it is designed well with great graphics and that it has “.edu” which lets you know that it is a website for a university or college. Again, at the bottom of the page there is legal information that you can view by clicking the links.
What really made the fake websites where the fact that they lacked proper professional website design and does not have any legal information present on the bottom of the page like the three real websites.
Journal Entry 7
Watch this video and pay attention to the way that movies distort
hackers. Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It? – YouTube
• After watching the video, write a journal entry about how you think
the media influences our understanding about cybersecurity
The media definitely distorts our understanding of cybersecurity by making it very Hollywood at times with either the methods that are used to hack or the timetable that it would take to perform these hacks. There are times when cybersecurity is depicted pretty accurately but of course, there will still be things altered to make it fit with the movie or show.
Journal Entry 8
When your post gets a lot of likes
Explain how your memes relate to Human Systems Integration.
This meme relates to HSI by depicting how the sociotechnical systems of social media affect how people interact with others on platforms like social media. Certain methods such as “Likes” on Instagram can really affect people in their daily lives.
Journal Entry 9
Social Media Disorder Scale
During the past year, have you …
• regularly found that you can’t think of anything else but the moment that you will be able to use
social media again? No, I have not.
• regularly felt dissatisfied because you wanted to spend more time on social media? No, I have not.
• often felt bad when you could not use social media? No, I did not.
• tried to spend less time on social media, but failed? Yes, sometimes.
• regularly neglected other activities (e.g. hobbies, sport) because you wanted to use social media? No, I have not.
• regularly had arguments with others because of your social media use? No, I did not.
• regularly lied to your parents or friends about the amount of time you spend on social media? No, I did not.
• often used social media to escape from negative feelings? Yes, at times.
• had serious conflict with your parents, brother(s) or sister(s) because of your social media use? No, I did not.
I scored a 2/9 on the social media disorder scale. I found that most of the items on the scale are for those who have a real addiction to social media and feel as if they can not live without it; that is why I did not score very high on the social media disorder scale. I feel like the reason that there are different patterns across the world regarding the social media disorder scale is that there are different societal norms or pressures that may dictate how people in that society may cope.
Journal Entry 10
This article talks about how social cybersecurity has grown in prevalence over the years, especially since the age of the internet. It brings to light how military operations have shifted from boots on the ground to cyberspace that can influence the people of a society and put wedges in the cracks that are already there to further divide a nation. The world has changed from where you would have to be physically in proximity to influence people but now physical presence is not required with the internet and social media. There are plenty of maneuvers that actors can do to manipulate the people alongside using bots as a way to multiply the effects.
Journal Entry 11
Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.
One economic theory that relates to the sample breach is that of the cost/benefit theory. This was used in the determination of whether or not to tell the users about the compromise. It is also used to determine the best course of action for the company and or individual. The second economic theory that relates to the breach letter is the laissez-fare theory which states that governments shouldn’t interfere in the economy unless it is to protect individuals. In the breach letter, the government is getting involved to investigate the breach and for the protection of those who may be impacted by the breach. One social science theory that can be applied to the breach letter is deterrence theory. this is because the person or people who decided to infiltrate the servers felt that the potential rewards outweighed the potential risks. Another social science theory that can be applied to the sample breach letter is crisis communication theory which is about how an organization should manage communication to minimize reputational damage after a breach. This is done in the letter by kind of “blaming” the third party that had run their website for the breach to defer all the blame from them.
Journal Entry 12
Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.
I believe that the five most serious violations are the collection of information on children, bullying/trolling, recording a VoIP call without consent, illegal searches on the internet, and faking your identity on the internet. I believe that collecting information on children is wrong and you are taking advantage of a child who likely doesn’t know any better. Bullying/trolling is wrong because these actions are cruel and can seriously affect someone’s mental health and could even cause depression and or suicide, The recording of a call without consent is wrong because that is against one’s right to privacy and it should be asked first before the recording of a call. Illegal searches on the internet have the potential to be really bad because they encompass things like child pornography, hiring criminals, and other questionable searches like “how to build a bomb”. Faking one’s identity on the internet is wrong because you are deceiving others and could be defaming the real person’s image along with other bad things.
Journal Entry 13
Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.
I believe that Davin Teo’s pathway to his career in digital forensics was interesting. being that he is an accountant by profession. The fact that he started as an accountant but had an opportunity to branch off into IT as well was interesting to me. He then found his way into a large accounting firm but then heard of a job opportunity in digital forensics without really even looking for it.
Article Review 1
In the article, “Human Factors and Cybersecurity in Online Game Addiction” it focuses on the human factors in cybersecurity regarding online game addiction. This article relates to the principles of social science because it considers the human factors of cybersecurity, that of online game addiction. When it comes to cybersecurity, the human factor is the weakest part of the security chain. That is why phishing attacks are so popular and often successful, especially without the proper training to identify phishing attempts. This article had the objective of figuring out whether being addicted to video games affects someone’s personal cybersecurity. Within their study, there was 212 high school students that were playing video games and using different applications who were surveyed. They used a relational screening model in order to figure out the relations between multiple different variables. The article used structural equation modeling partial least squares to analysis the data as well as SmartPLS 3.0. According to the study it was found that there was not a significant relationship between online game addiction and personal cybersecurity. There is, however, a significant correlation between online game addiction and tolerance. Players that have a focus on success within a game over human values results in them being obsessive and cannot maintain human values such as peaceful behaviors (Durak, 2019). Some studies show that online game addicts exhibit neurotic behaviors and will be aggressive in order to succeed. When you lack human values and are willing to do aggressive things in order to get the “success” that you desire it can be problematic whether it is in a video game or not. That is because these behaviors that online game addicts exhibit within the game can translate into real world behaviors. Those who are addicted to video games may become addicted to other things like social media and continue to exhibit these neurotic behaviors and tendencies. Those that are willing to be aggressive in order to achieve success within a game are the same type of people that might take their parents credit cards in order to purchase something within a game that might help them do better. This kind of risky behavior is what the article is saying might result in these people to put their own or other information security at risk within online environments (Durak, 2019). This article demonstrates that people who are addicted to things such as video games, social media, or anything else for that matter will likely demonstrate neurotic behavior that can put their information security at risk by doing things that will help appease their addiction. They found that people with an online game addiction that still focused on their human values were less likely to present neurotic tendencies like those that decided to not follow their human values to gain success. This shows that as a society we cannot stop people from playing these games or being on social media and becoming “addicted”, but with the right values education the risky behaviors of those that lack these values can be mitigated so promote better information security for these people and the people’s information they may try to use.
References
Yildiz Durak, H. (2019). Human Factors and Cybersecurity in Online Game Addiction: An Analysis of the Relationship Between High School Students’ Online Game Addiction and the State of Providing Personal Cybersecurity and Representing Cyber Human Values in Online Games. Social Science Quarterly, 100(6), 1984-1998.
Article Review 2
The article “Social cybersecurity: An emerging science” discusses the novelty of social cybersecurity and how it is slowly evolving into its own field. The article initially starts by defining what social cybersecurity is, describing it as a field that encompasses both the field of science and engineering. The article states that the new technologies and findings have an almost immediate application towards the internet (Carley, 2020). This is important in the field of cybersecurity in general being that the internet is what facilitates most cyber-attacks. Further described by the article, social cybersecurity uses computational social science techniques that can determine who is influencing/manipulating social media for or against an organization or cause and which methods these people are using to do so. Computational social science techniques consist of methods such as but not limited to machine learning, high dimensional network analysis, and data science. Having the ability to figure out who is making an influence on your organization through social media, especially negative, is an invaluable resource to have. With that knowledge you can figure out ways to mitigate the effects that these people are having on your organization through social media. The article then discusses what it refers to as “Influence Campaigns” which are the actual kind of “attacks” that happen within the social cybersecurity realm where these influence campaigns may spread misinformation to influence people to believe and think about something in the way that they want them to. Social cybersecurity involves a lot of research, and the introduction of AI systems has benefited the social cybersecurity researchers with the new tools and metrics that it provides. The article later goes over three different case studies that demonstrate various aspects of social cybersecurity and how these certain social cybersecurity events affect the cyberspace and society. The first case study details how people can build communities in social media and how these communities can be influenced by actors which can be people, bots, or cyborgs. The next case study was about the increasing communicative reach in social media which talked about how Syrian expats ad ISIS sympathizers were able to redirect people to a sit about collecting money for children of Syria. This was done with the use of a social influence bot. The last case study within the article was about conspiracies in social media. This case study talks about how social media can be used to spread misinformation also known as “conspiracy theories”. This is very important and can be very damaging to society because these conspiracy theories can cause unnecessary panic and directions of social cybersecurity. They consist of social cyber-forensics, information maneuvers, motive identification, diffusion, effectiveness of information campaigns, mitigation, and governance (Carley, 2020). The emerging discipline of social cyber security is a discipline that although does have thousands working and researching it, but it has very little collaboration between other disciplines. The people within the different disciplines that fall under the umbrella of social cybersecurity need to collaborate and work together more to form a more cohesive and all intrusive field of study and work. Another root issue that needs to be addressed is that many fall prey to think that computer science and artificial intelligence are the focuses of social cybersecurity, but it must not be forgotten that the root of social cybersecurity is the “social” part. This means that it is about people and society first then cybersecurity and technology second.
References
Carley, K. (2020). Social cybersecurity: An emerging science. Computational and Mathematical Organization Theory, 26(4), 365-381.
Career Paper
For my career paper I chose the career of information security specialist. In this job, you are often tasked with being strong problem solvers and design/implement processes and systems with the objective of maintaining Confidentiality, integrity, and availability of their employer’s data. Information security specialists should combine their base knowledge of information security with a strong background in social science to set themselves apart with a unique skillset. You can do this in many ways such as user behavior analysis, Incident response and human factors, security awareness and training, along with plenty of other ways.
User behavior analysis should be utilized and studied by information security specialists to develop an understanding of how individuals on the human side interact with technology, systems, and data. Using behavioral analytics allows for the creation of a baseline for the normal look of the company and its behavior. With the baseline, you would be able to detect anomalies much easier. There are plenty of ways that this baseline can be used such as with endpoint security analysis, data access patterns, behavioral biometrics, and many others. The baseline can also be applied to the detection of outside threats trying to gain unauthorized access or if any insider threats are detected. You can also integrate incident response with behavior analysis by using the information from behavior analysis to refine your incident response plans.
In continuation of incident response, there should be consideration of the human factors within it to build a more resilient and adaptive incident response plan and response. This entails having a more human-centric approach to the incident response by recognizing that it is people who implement the response processes and are designing the strategies. By recognizing that it is people who are at the heart of the incident response plan, there can be tailored plans that consider strengths and weaknesses of people within the response plan. By doing this there can be a more fluid, efficient, and effective response in place to security threats.
In close relation to incident response, there needs to be sufficient security awareness and training within the company or organization that an information security specialist works for. This can be done by the information security specialist with the implementation of customized training programs that are multifaceted and address the specific need of the company. As the information security specialist, you should promote a culture of continuous learning within the company along with an interactive and incentive driven training program. Doing this would likely promote continued learning among the weakest link of the company’s security program which is the human factor. The training also needs to be given to executives as well so that there are no weak points in the security, as you don’t want them to be a victim of a phishing attack. This demonstrates how as an information security specialist; you need to use certain aspects of social science to have an all-encompassing security program.
Combining both information security with a social science background to have a holistic approach to the job of information security specialist. If you do not consider, the human roles and factors within the security posture of the company. It is not all about technical things like encryption, firewalls, IoT, infrastructure, networks, VPN’s, etc.; but also, about the people who are in control of these systems and technology. You also need to be able to always be caught up in the current state of the cyberspace and the different methods of attacks and exploits that attackers are using whether new or old.
References
What Does An IT Security Specialist Do? (n.d.). Western Governors University. https://www.wgu.edu/career-guide/information-technology/it-security-specialist-career.html#close
Goyette, Brenna. “What Does an Information Security Specialist Do?” ResumeCat, 4 Dec. 2022, resumecat.com/blog/what-does-an-information-security-specialist-do. Accessed 4 Dec. 2023.
“Information Security Specialist: What Is It? And How to Become One?” ZipRecruiter, www.ziprecruiter.com/Career/Information-Security-Specialist/What-Is-How-to-Become.