Weekly Journal Entries
Journal #1
The NICE Workforce Framework, created by the National Institute of Standards and Technology was designed to improve the nation’s level of cybersecurity by emphasizing the importance of skills and abilities in the cyber workforce. There are seven total categories of the NICE framework and it includes “securely provision, operate and maintain, protect and defend, analyze, operate and collect, oversight and development, and investigate” (ISACA). Out of these categories, I believe that Security Provision appeals to me the most. This area is responsible for the development of an organization’s network and system. Building and maintaining a secure protection system is something I look forward to in my career. The category that appeals to me the least is Oversee and Govern. Although the roles associated with this area are very significant, I think the advocacy portion is the least exciting.
Journal #2
When exploring cybersecurity as a form of social science, principles of science need to be taken into account. These are the scientific principles of relativism, objectivity, parsimony, objectivity, ethical neutrality, and determinism. The principles, suggested by Robert Bierstedt, can be applied to cybersecurity the same way it applies to natural sciences. The first principle, relativism, proposes that everything is related to one another; if one portion of the whole system is affected, the others in the system will be too. The second principle is objectivity. This refers to people’s ability to examine subjects openly. This is because science is not intended to encourage one “correct” view or point. People studying cybersecurity should be able to approach it without a preconceived notion that one idea is “right” or “wrong”. The third principle, parsimony requires people to simplify their explanations. This makes it easier for others to comprehend their explanations, especially newcomers. Empiricism, the fourth scientific principle, means that information should come from real observations. The fifth principle is ethical neutrality. This is significant when doing research; it ensures that people’s rights are protected, and everything is done professionally. The last principle is determinism. Determinism suggests that every action is the consequence of past events; simply a cause-and-effect relationship. When explaining events in cybersecurity, hacking (cause) can bring an organization to build new security measures (effect).
Journal #3
A data breach is when sensitive information is stolen from an organization without authorization. This can lead to financial loss, an untrustworthy reputation, and legal troubles. The website “privacyrights.org” makes information on the chronology of data breaches available to us from the past 17 years. According to them, there were more than 20,000 breaches in the United States during that timespan, where most happened in California. Of the 20,000 breaches that took place, two billion confidential records were impacted. With this information, researchers can use it to better understand how and why data breaches happen. Later on, they can use their knowledge to prevent data breaches from happening in the future.
Journal #4
Maslow’s Hierarchy of Needs is a pyramid arranged into five levels that, from the bottom, start at physiological needs, safety needs, love and belonging, esteem, and self-actualization. Although this theory tries to explain the motivation of people based on basic human needs, it can be applied to digital experiences. For example, physiological needs can be replaced with technological needs, where in order to access the internet we need a web browser, an internet service provider with a modem, and a device such as a computer or smartphone. Safety needs could represent the use of cybersecurity and how your privacy needs to be protected with encryptions and secure websites. The use of phone/video calls and messaging apps could show the need for love and belonging. Esteem needs could come from social media platforms, where likes and comments could either boost or destroy your self-esteem. Other applications that can be used in spare time such as ones that help you learn or even games could represent the self-actualization portion of the pyramid.
Journal #5
Based on the list of motives presented in module five, I am inclined to present an ordered ranking of motives that would explain why people would commit cybercrime. The following ranking will start from the most reasonable to the least. The first reason is for money. You’ve seen it before, whether its scams or phishing schemes, people will always need or want money for luxury and status. Next would be political reasons. Professional hackers will conduct operations for the government in order to gather information or disrupt enemy plans. Hacktivists will try to promote their ideologies. Recognition would be next, as seeking validation or gaining notoriety by displaying their skills is like a sense of accomplishment to them. Fourth is revenge; they will do this in order to inflict harm to people who have caused them damage. Last is entertainment and boredom; people will troll or just find pleasure in hacking for fun.
Journal #6
Fake websites can be easily compared to real websites by comparing several factors. The first thing to check is the URL. Fraudulent websites make look too similar to the “brand name” but could also have misspellings, an extra character, or even a different domain extension. One important thing to note is the “https” the URL starts with. Real websites have this to show they are verified and have secure encryption. Some websites may be obviously fake, such as ones that lack user interface design and don’t provide clear contact information. An old example of a fake website is the “tree octopus” website. It displays no credible sources, photoshopped images, and the tree octopus is not a real animal. An example of a real website that provides information about octopus is National Geographic.
Journal #7
Meme #1
Meme Caption: Basic cybersecurity practices are so easy that even your dog can do them.
Explanation: The caption I chose shows how simple some cybersecurity practices are. These practices can be using strong passwords, frequently updating your device, and avoiding suspicious links. These habits are easy to adopt emphasizing that even people, or a dog in this case, can learn it.
Meme #2
Meme Caption: That moment when you know better than to click on the suspicious link in your email.
Explanation: The caption relates to the image suggesting that the man is smiling because he can recognize phishing scams and suspicious links he receives in the mail. This highlights that potential cyber threats could be easily recognized when you are aware. You can learn to spot them by being in a class like CYSE201S.
Meme #3
Meme Caption: Honey, hold on, I just need to finish securing our cyber defenses.
Explanation: This caption implies that the person in the image is prioritizing securing his family’s digital experience. Some things that you can do to be like the man in the image is utilizing VPNs, installing antivirus/malware, and backing up your data.
Journal #8
In the video where security analyst and hacker, Keren Elazari, rates hacking scenes, she goes over the accuracies of hacking that media may portray in movies and shows. Many scenes exaggerated the work of a hacker, emphasizing their capabilities and speeding up the process. In real life, it is a tedious procedure and may take a long time. As for the representation of cybersecurity in the media, I think their work is downplayed. In the scenes, hackers made easy work of their security measures, successfully bypassing their systems. In the video, Elazari also points out that there is a lack of code in the movie scenes, which plays a big role in cybersecurity and hacking.
Journal #9
After completing the Social Media Disorder scale, I scored a four out of nine. I was one point short of being formally diagnosed a “disordered social media user”. I feel like a lot of the items on the scale are very common to find in teenagers today. I believe that it can be relatable to them because they have so much time on their hands, and have nothing around them but their mobile devices; it is always in their possession. Around the world, different patterns are found regarding social media use. The average screen time will be higher in developed countries than in developing countries, thus more people will be diagnosed with a social media disorder.
Journal #10
According to the article by Lieutenant Colonel David Beskow, social cybersecurity is a developing field of national security that focuses on the relationship between technology and human behavior. It tries to understand how things that happen in the cyber world can impact society and politics. With the observations that are collected, it can be used to develop defenses against threats. This includes defending against the spread of misinformation in social media. Reading this article made me realize how important cybersecurity is, especially to the military. Overall, it was an eye opening read that helped me understand what social cybersecurity is and why we need it.
Journal #11
The video that is given for this week’s journal entry was by Nicole Enesse. The video talks about how people can find a path towards cybersecurity, even without a degree in college. She points out that there a lot of jobs available and good money can be earned in the cybersecurity field. To get a job, however, certain social behaviors are expected. Systemic thinkers, team players, and having both technical and social skills are some of the characteristics you should have. To increase your chances of getting a job you’re satisfied with, making connections and joining groups can definitely help. This video shows that although you could be part of the cybersecurity community, you need some social behaviors to secure a job.
Journal #12
In the sample data breach letter that is provided, there are two economic theories that can be applied to the letter. First, the rational choice theory. This theory suggests that “individuals/businesses make choices in their best interest”. In regards to the letter, customers could weigh the expense of replacing their corrupted cards against the risk of identity theft, choosing to contact their card providers to protect their financial security. Second, the calssical economic theory. This theory is “based on ideals of supply and demand and belief that vovernment should not interfere in economy”. In the context of the letter the data breach poses uncertainty and risk to the customers, disrupting the regular market. This can lead to the demand for better security for their online transactions.
Journal #13
The article “Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties” had a study that looked at bug bounty programs where people are paid to look for and explain problems in a company’s digital infrastructure. It found that programs like these are a good way for companies to improve their cyber security without a such a big investment. Their research showed that people in the cyber field would be interested in helping companies who can’t afford much. More importantly, researchers found that as bug bounty programs get older, it becomes harder to find problems in the system. Because of this companies need to constantly update their systems. Overall, bug bounty programs benefit companies and cybersecurity as a whole.
Journal #14
Of the eleven illegal things Andriy Slynchuk has listed in her article. These five are violations that I think should be considered the most serious offenses. First, bullying and trolling is a severe violation because they are intentionally meant to cause harm on the victim’s well being. Next, collecting information about people under the age of thirteen “violates the Children’s Online Protection Act”. Third, faking your identity and pretending to be someone else can lead to harmful consequences; the person on the receiving end can suffer a damaged reputation while also having their privacy violated. Fourth, recording a VoIP without consent is another violation of privacy and can take away the trust from whoever is calling. Last, sharing passwords, addresses, and photos of others is another violation of privacy. It could be a combonation of trolling and cyberbullying. These five things could potentially lead to serious consequences such as jail.
Journal #15
In the TED talk, Davin Teo talks about his career of being a digital forensic investigator. The job of a forensic investigator is to collect, analyze, and report electronic data in a way that can be presented in the court of law. This career overlaps with social science principles in many ways. First of all, people like Davin try to understand the cyber criminal’s minds and why they committed the crime they chose. This falls under the category of psychology. To do all of this, digital forensic investigators need to do it in a way that is ethical and legal.