Journal 1:
Week 2: Explain how the principles of science [Empiricism, Determinism, Parsimony, Objectivity etc.,] relate to cybersecurity
Parsimony can relate to cybersecurity because simplistic designs can reduce attack surfaces and make change and configuration easier. Empiricism refers to measurable evidence so it uses concepts similar to ones that detect threats based on behavioral analysis, logs, and analytics. Determinism focuses on how things occur due to something causing it, which is similar to how companies may conduct a root cause analysis after an attack happens to determine why and how to prevent the attack from happening again. Objectivity is widely known to be unbiased as something that is subjective is opinion-based. Therefore, objectivity in cybersecurity would involve looking at risk assessment scores and audits that are based on standard security guidelines and procedures
Week 3: How might researchers use this information to study breaches?
The information on privacyrights.org displays important statistics about data breaches. From this data, researchers can analyze how prevalent of a problem data breaches are. For example, the first data point they would be interested in is how many people are affected, which is listed at 8.16 billion people. Another important area for researchers to study would be the geographical data of data breaches, so they can analyze where these breaches happen. This could identify which areas are mostly targeted and may need future laws in order to manage the threat. The most important to researchers focused on identifying the root cause would be the method of breach, which unfortunately shows that over half of the methods are unknown while “hacking” is the second most prevalent. With those three main sets of data, researchers can understand where and how breaches happen, along with their effect.
Week 4: Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology.
For me, the physiological needs for technology would be power, as we need it to cook and clean ourselves as well as maintain the temperature inside.
The safety needs would be the smoke alarm that warns us of excess smoke and the ability to call 911 via phones.
The Love and belonging comes from keeping in contact with family and friends using my phone
For Esteem needs, not having a phone would be hard because i would feel left out. I also use my phone to track my personal goals like fitness and eating
The self actualization translates to me being able to learn almost anything I want and search information. Technology is also my main source of entertainment as i can consume a variety of content easily and keep up with what is going on in the world
Week 5: Review the articles linked with each individual motive in the presentation page or Slide #4. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
The “for money” motive makes the most sense because many attacks are centered around finance such as payment data and identity information
The article citing “multiple reasons” would rank second because it includes money, power, and ego. All of these are things that people normally chase so it would be no different in the cyber world
The third reason that makes the most sense is revenge. Revenge over the internet would be safer and easier to the perpetrator versus trying to physically assault someone.
The fourth would be “recognition” which is similar to ego. If the person doesn’t care about the money, being known/famous would be next on their list as they want to be seen as a legendary hacker and have their abilities recognized.
5th would be “political” because the internet and social media is where a lot of people get their news, so it makes sense they would attack these areas. However, spreading misinformation is usually more effective.
Sixth is “entertainment”, it is ranked low because not many people find the actual act of hacking to be entertaining in my opinion. However the result or outcome could be slightly entertaining
7th would be “boredom”, because I feel that the amount of expertise and effort some of these attacks take are time consuming and boring, so it wouldn’t be the ideal thing to do if you’re bored.
Week 6: Spotting fake websites
Fake Amazon website with a domain of AmazzonWarehouse.com. IT has typos in the domain name, no ssl, no return policy, and uses payment methods such as cryptocurrency and wire transfers. The real website would use trusted payment methods, have a valid ssl, and a return policy
PayPal is a common target for fake websites. The domain name will often be misspelled, it will be distributed through email asking to yo login or claiming for there to be account issues. One thing you could do (could be dangerous) is check the external links on the website to make sure they are legit, and check for 2FA. If you are not able to access your account after logging in or if you are redirected to login again, that is a red flag.
https://www.memcyco.com/5-recent-examples-of-fake-websites/Links to an external site.
Apple websites are also a common scam, since iPhones are more popular. They will try to get you to login or download viruses disguised as updates. Always double check the domain name, and double check the support number before you call it. Apple updates are usually downloaded through settings, and you should be wary of any pop ups while using the browser on your iPhone.
Week 7: Create a meme
Week 8: how movies distort hackers
Week 9: Social media and cybersecurity
I ended up with a score of four selecting preoccupation, withdrawal, persistence, and displacement. I think the questions definitely test if your social media usage is becoming problematic, because answering yes to all of the questions would mean that social media has caused conflict and distress in your life among other problems. I also like that each question had a clear term that it focused on, all of which are potential signs of addiction for things such as drugs. Different patterns are probably found around the world because smartphones are more widely used in some places than others, leading to higher chances of addiction.
Week 10: social behavior of cybersecurity analysts
One social behavior that tier 1 analysts might do is communicating flaws in the current network setup to higher levels of management. Engineers design these systems to be as efficient as possible, but many changing factors can affect these systems over time. These fixes can be for issues like false positives, which are detections that appear malicious but are not. Another important role that relates to social behaviors is being involved in user awareness, as teaching them not to click on suspicious links keeps the network safer and makes your job easier. This role eventually falls on the incident response team as they advise users and management how the issue could have been handled better.
Week 11: response to article on social cybersecurity
The article brings up a lot of interesting points, initially starting out by reiterating how Russian leaders have claimed that wars such as information warfare have already begun, and I believe this can already be seen in the amount of cyberattacks between nations. The focus on social cybersecurity is also informative because although we often patch our systems, we need to ensure our users are not vulnerable to attacks as well. We have already seen attempts from Russia when it comes to interfering with US elections, which makes recognition of misinformation an important skill people should have. This is arguably a downside of decentralization, which refers to the lack of government control over news and informational coverage. Therefore, it is imperative that the United States continues to improve its cyber capabilities as the potential technology threats increase
Week 12: pentesting and policies
Bug bounties offer a great solution for companies that don’t want to hire full time workers to collaborate with skilled hackers and improve their overall cybersecurity. However, I do agree that businesses centered around sectors such as finance should be careful, as these hackers may weigh the potential rewards from both the business and the dark web or other malicious actors. As the study found, I do believe bug bounty programs are good for companies of all sizes, although reports tend to slow down as the programs age. I also think that some companies that work in sensitive areas should opt to do private programs to prevent the threat of their data getting into the wrong hands.
Week 13: common illegal online activities
Out of the 11 illegal things the author listed, I think the most serious offense listed is Bullying, due to the negative effect it can have on people. It has been the initial cause of many violent acts in the past such as school shootings, and cyberbullying should be taken as seriously as real life bullying. Second would be collecting information about children, because this exploits their privacy and can be predatory in nature depending on how you plan to use the information. Third would be using other people’s networks, because they pay for their service and using up too much of their data could cost them extra money. The fourth would be sharing the address of others, which could be higher depending on the situation. You could potentially be causing them danger depending on factors like your reach and influence, and what others think of them. Fifth would be using torrent services, because you are stealing a paid product from a company, which is fraud and detrimental to the company.