Journal Entry #1

The NICE Framework categorizes fields and positions in an aim to provide organizations with possible workforce structures. 

Fields that I find appealing within the Framework are Oversight and Governance (OG) and Implementation and Operation (IO). OG because it requires leadership to go about completing job tasks. I work best in leadership roles and I’m comfortable working with a team during challenges. IO because it focuses on implementing and maintaining systems within a company. This interests me because working on systems is something I picture myself doing and enjoying. 

A field that doesn’t appeal to me is Investigation because I don’t have much interest in this field. Having to dig and work hard to find pieces of evidence, with sometimes not a lot of information, seems tiresome to me. 

Overall the NICE framework is a wonderful tool for organizations and people who want to see all possible cybersecurity job positions.

Journal Entry #2

The principles of science is a list that essentially describes the basic fundamentals of science. The principles relate to cybersecurity, because they look to maintain a standard within the field and they also can be relied on heavily in cybersecurity.

Principles like the principle of determinism can be used in the field of cybersecurity to figure out the main reason a hacker is trying to attack a certain network or server. The principle of Collegiality is an easily relatable one, because in the field of cybersecurity a lot of problems are faced over and over again. So, respecting someone’s research is important because you may need it one day and respecting the amount of hard work a person puts into their work is important too. 

In general, the principles of science can be used and practiced in many different fields because they are based on integrity, respect and knowledge.

Journal Entry #3

Researchers studying data breaches can use publicly available information to see how breaches occur, see what methods a hacker used, and see what types of data were targeted. Public information on sites like PrivacyRights.org, provide an overview of breaches that took place on a prior date. The benefit of having this information available is that researchers can take all of their findings and put them together to study tendencies and similarities in different scenarios. This allows researchers the opportunity to reevaluate and improve their own security systems. This info can help researchers understand the impact of a breach, improve security, and better prepare for any future attack. 

Journal Entry #4

Maslow’s Hierarchy of Needs is a 5-leveled pyramid that describes the basic human needs: psychological, safety, loving and belonging, esteem, and self-actualization. Psychological, can be related to my experiences with technology because learning new tricks or different aspects of certain technologies makes me happy and is something I find intriguing. Safety relates to my technology experiences because I don’t click on links from unknown sources and tend to use strong passwords for my devices. An example of loving and belonging being related to my experiences with technology is addressing all of the social media and communication apps I have on my devices. Esteem can be related to my experiences with technology by remembering the times I took a photo of myself or others in a memorable moment. Lastly, self-actualization can be related to my technology experiences by thinking about the time I participated in lego robotics in middle school. 

Journal Entry #5

Individual Motives are based upon people and crimes. Motives are the reasons an individual decides it is best to commit an illegal action or cybercrime.  

1. For money – The chances of a cybercriminal receiving a financial gain from cybercrime is likely, and they can set the amount of money they make from releasing an attack.  

2. Entertainment – Cybercriminals may view cybercrime as a side hustle because it is an illegal hobby that may pay well, and they can do it when they feel the need or motivation to do so.  

3. Multiple reasons – Other reasons like ego or the idea of gaining power by committing cybercrime.  

4. Political – Individuals trying to push personal political perspectives on to others, or influence or alter the outcome of elections.  

5. Boredom – Cybercriminals may decide to poke at vulnerabilities in a network or company.  

6. Revenge – Cybercriminals may have had a bad experience with a company, leading to them hacking them later.  

7. Recognition – Cyber criminals don’t want their identity to be found, that is why they choose cybercrime over other crimes that can be easier identified.  

In conclusion, there are a lot of motives for cybercriminals ranging from financial gain to personal reasons. Understanding these motives is important because it allows individuals to develop strategies in order to put a stop to them.

Journal Entry #6

When navigating the internet, it is important to be able to identify real and secure websites versus fake websites. Fake or replicated websites typically have improper domain names, incorrect grammar and spelling, and unusual or lacking designs. These websites are normally sent and can be accessed via email.  

The goal of a fake website is to match the identity of a real website. The website aims to get users to believe they are on a trusted site, leading to them giving out personal information or unknown access. An improper domain name is the biggest giveaway of a fake website. Hackers move, eliminate, or change characters from the domain of a trusted website, hoping it goes unnoticed by the internet user. For example, “walmart” vs “wa1mart”. Incorrect grammar is another giveaway that users can identify. Big corporations and companies check this issue multiple times before releasing any information. Hackers can get away with misspellings, because internet users fail to read the content placed on websites they assume can be trusted. Lastly, unusual designs can allow a user to see they are on a replicated website. On the website of a well-known and recognized company, users can expect to see certain colors, fonts, etc. If a user clicks on a link and the colors and fonts look unfamiliar, they can assume they are on an untrusted website.  

To mitigate phishing attacks, companies are incorporating software updates that identify and give users notifications about unsecure websites. For this reason and more, it is important that users of the internet keep their devices updated and protected. It is also important that internet users learn or become aware of everyday attacks, so they can stop themselves from becoming a victim.

Journal Entry #7

https://commons.wikimedia.org/wiki/File:Summer_school_GLAM_giorno_1_1.jpg

With a glass wall, an outsider is able to view private information. As cybersecurity professionals, it is important to have meetings and important data completely closed off to the public.  

https://unsplash.com/photos/man-sitting-on-concrete-brick-with-opened-laptop-on-his-lap-Z3ownETsdNQ

His screen is very visible to possible hackers around him. He should make sure he has a privacy screen or chooses an inside and private location to complete his work.  

https://unsplash.com/photos/black-smartphone-near-person-5QgIuuBxKwM

It should always be a concern when technology is in a meeting environment. Someone could easily record everything being said or be looking to share confidential information. As cybersecurity professionals, each individual should be allowed a certain amount of technology devices into a meeting or private space.  

Journal Entry #8

The media can influence our understanding of cybersecurity in many ways. One of the influences that the media puts on the cybersecurity field is that it only plays a role in huge cyber-breaches or attacks. When media outlets and movies only look to cover massive cybersecurity cases, for views, it can give an everyday individual the wrong perception of cybersecurity and its professionals. The media also portrays hackers as scary and mischievous villains. When in reality, they’re real human beings who may have been in the wrong space mentally, may have been looking for something fun, or may have been smart enough to understand the vulnerabilities within massive companies’ networks.  

Journal Entry #10

One of the factors of social cybersecurity is the idea of direct and indirect education. When talking about the military and direct education, training is essential so they can check for credible sources, understand potential threats, and apply cybersecurity principles when using devices. For individuals in society, indirect education is the knowledge and awareness of being able to decipher misinformation, disinformation, or the truth, in situations like being on social media platforms, listening to online news outlets, or peer-to-peer communication. This is all information literacy which is teaching people how to recognize fake news or suspicious online practices and putting what they learn into use. 

Social cybersecurity (Psychology, Sociology, communication studies, cybersecurity and technology, and law and policy) looks beyond technical cybersecurity boundaries to address human, societal, and psychological factors that contribute to spreading and mitigating information threats.  

As society becomes more digitally intertwined, the risks of misinformation and cyberattacks will only increase. It is vital that cybersecurity professionals prioritize social cybersecurity as an ongoing discipline, continuously adapting to the new challenges and evolving technologies.  

Summarizing: https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/

Journal Entry #11

The Cyber security analyst position can be worked from anywhere. There is no specific area you need to live in to get this job. Thanks to remote working and the abundance of open job opportunities for this position. All major corporations and government agencies need cybersecurity analysts to monitor their networks and respond to different incidents, phishing attacks, and vulnerabilities. This position is a high demand job that you can go overseas and travel if that is something you’re looking for as well.  

Journal Entry #12

• Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.  

Economic and social science theories can relate to “SAMPLE DATA BREACH NOTIFICATION” by examining the reasons for a cybercriminal committing an illegal crime or explaining the consequential actions an organization must take to get everything back under control.  

Two economic theories that relate to this sample breach letter are “Tragedy of commons” and “New growth theory”. The tragedy of commons theory is defined as an economic issue that relates to the consumption and the over-exploitation of resources. The new growth theory argues that gross domestic product will continuously rise because of the individual pursuit of profits. The cybercriminal that launched this attack can be believed to have done so seeking a financial gain from the customers of the organization mentioned. Economic theories try to explain and describe economies, and these two economic theories provide reasoning to possible thoughts behind the attacker performing such actions.  

Two social science theories related to “SAMPLE DATA BREACH NOTIFICATION” are “Rational Choice theory” and “Conflict theory”. The rational choice theory acknowledges that individuals make their own decisions. Conflict theory argues that society is in a constant state of conflict because of the believed competition for limited resources. Cybercriminals attacking organizations, causing damage and adding to societal conflict, do so for the benefit of profits. Obtainable money attracts the eyes of those searching for it while ignoring the consequences or effects of what it takes to own it.  

Journal Entry #13

Incorporating Bug Bounty policies into a company’s security measures offers a lot of benefits compared to other alternatives. The biggest benefits of bug bounties are them being affordable and effective. Bug bounties act as a great security measure for companies and according to the reading, aren’t driven by being paid to complete tasks. Having individuals on a team who are truly dedicated and motivated to do their jobs is always a great addition. The reading also states that the size or reputation of a company doesn’t directly affect how many bugs they have reported. This shows us that it is not based on the notoriety of the company, but rather the quality of the brand itself that impacts the number of bugs they can be expected to have reported.  

In conclusion, bug bounty programs are a great resource to add to a company’s security measures. They can improve the effectiveness of a company’s security, while also not demanding or seeking a lot of money to do so.  

Journal Entry #14

Write a paragraph describing why you think these offenses are serious: 

1. Using unofficial streaming services

2. Using copyrighted images 

3. Sharing passwords, addresses, or photos of others 

4. Faking your identity online 

5. Using other people’s internet networks 

These offenses are serious because they cross legal lines and often have serious consequences for both people and organizations. Using unofficial streaming services and copyrighted images takes away from the hard work of companies and creators and discredits it as well. A big problem with sharing passwords, addresses, or photos without someone’s permission is the possibility of it leading to more significant consequences such as identity theft or any emotional damage to an individual. Using other people’s internet network without their permission leads to distrust and, more importantly, can lead to gaining someone’s personal information unrightfully. In conclusion, these unknown illegal behaviors affect the trust within society, when in reality, we should be looking to protect one another and our information.

Journal Entry #15

Digitial forensics is “the collection, analysis, and the reporting of various types of electronic data that can be preserved in a way that can be presented in a court of law”. This relates to the social sciences by offering different methods to examine data that can provide information on people’s motivations, social interactions, and behaviors.  

Davin Teo is a digital forensics investigator and has been in the field for about 17 years. He started his professional career in a small accountant practice, and was introduced to IT when that company expressed interest in looking for individuals with IT experience that could help with their networks and computers. He then went on to work for one of the top four accounting firms, and there was given the opportunity to join and work for the first national forensics team in Australia.