Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas are most appealing to you and which are least appealing.

After reading through and clicking around on the website, the most appealing areas to me were the work role categories implementation and operation, and protection and defense.  I think I liked these the most as I’ve always enjoyed using and examining systems more them creating them, as I’m kind of bad at that part. I think I’d want to focus my career on systems security analysis or insider threat analysis. The least appealing area to me was on the competency area page, it is AI security. I think it’s the least appealing to me since I’m not a fan of AI and I don’t think it should have a major role in cybersecurity. Yes, human error can cause many issues but what happens when all the information it was storing gets breached. But then again that could happen to any system so maybe this is my bias showing.

How does the principle of empiricism enhance the effectiveness of cybersecurity practices?

For cybersecurity, I think that empiricism enhances the effectiveness significantly. Since in empiricism, all evidence is gathered from observation and experimentation. Instead of just assuming things are secure and running properly, you actually go in and test. You look at firewall logs, do vulnerability scans, and other penetration tests. If you take that small example and apply it to other aspects, I think cybersecurity is an empirical discipline. 

For identifying emerging threats, in the Social and Behavioral Studies reading, they discussed that social cybersecurity science used data collection and analytics to sort through user behaviors on social media to identify information on social cyberattacks. To assesses the effectiveness of current security measures, I think it’s about knowing your current security tools are working. Empirical analysis would involve doing things like checking how many malicious websites did your DNS actually filter out. Also doing things like going through your vulnerability scan results. Empirical analysis can help guide the development of new strategies by looking through existing data to see what works and what doesn’t. What systems are actually helping and which are not.

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches and forecast future data breach trends ?

I clicked around on the website and saw that they actually have a search that you can filter throughout. When I picked the filter option for data breaches, it showed things like a Data Breach Chronology, United States Data Breach Notification, and  a Data Breach Reporting Requirements. Researches could use the information from these articles to  conduct predictive analysis. They can look at older data from previous years to identify trends that slowly grew over time. Things like the average number of people affected in specific types of breaches, the most frequently targets industries, or just an increase in incidents. I think that if researchers were able to examine the root cause of a breach, the data that was exposed, or the time taken to regain control after a breach, researchers could make statistical forecasts that show possible future breaches and trends. THis older data could also allow for comparisons across different industries to determine which areas are the most vulnerable and why.

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

For physiological needs, GPS systems, my alarm clock, and my period tracker. Without those I’d probably get a bit frustrated or anxious. Safety needs would be my adblocker on my laptop, faceID on my phone, and the DUO app for whenever I have to log into my school websites or Canvas. Without these my laptop would probably be frustrating to be on, and I wouldn’t be able to do much on campus without the DUO app. Love and Belonging would be my messaging app, facetime, and discord. It’s pretty much how I communicate with everyone I know. I use discord to play games with a lot of my friends since we have busy schedules so without it I’d be pretty bored. I don’t think I have any esteem needs as I don’t have any social media. Self actualization would be apps like Letterboxd to learn about new films from around the world, Youtube to learn new fun history topics, and GoodReads for book recommendations. 

Review the articles linked with each individual motive in slide/page #3.  Rank the motives from 1 to 8 as the motives that you think make the most sense (being 1) to the least sense (being 8).  Explain why you rank each motive the way you rank it.

1. Money – I think that money makes the most sense since most people commit many crimes for money. You often hear about ransomware attacks and how the attackers will ask major corporations for large sums of money in order to remove whatever is blocking their systems. 
2. Political – I put this as number two but it was very close to being number 1. We often hear about how Russia has attacked Ukraine, or how they even messed with the systems during the 2018 Winter Olympics. There are even hacker groups like  Anonymous that hack organizations and companies to get a political point across. 
3. Revenge – I think revenge is another one that makes the most sense because it can tie into many different reasons. Political revenge, revenge against a peer or someone you knew, revenge against a social system
4. Multiple reasons – I put multiple reasons as because I think it represents all the motives above the best. Some people do commit cybercrimes for both political and revenge reasons, or revenge and money, and so on.
5. Entertainment – I think that there are some people out there that just like to cause chaos and watch the aftermath of their wrong doings. Though, I think this would be more for things like cyberbullying rather than hacking companies. 
6. Recognition – I debated on whether or not to put recognition as 5 but I think it best fits as 6. Most people commit cyber crimes because it provides them with anonymity. They have a better chance at getting away opposed to a physical crime. Though, there could be people out there, like the NASA hacker, who are responsible and alert people of their security vulnerabilities.
7. Curiosity – I think that curiosity is unlikely, but could just be someone testing out their cyberskills but…illegally. So I’m not really sure how this would happen 100%
8. Boredom – Boredom makes the least amount of sense to me as a cyber offense because I don’t think most people in their right mind would just up and decide to commit a crime just because.

Watch this video and pay attention to the way that movies distort hackers.Scientists Rate 65 Scenes from Movies and TV | How Real Is It? | Insider – YouTube 

The media influences a lot when it comes to our understanding of cybersecurity. On the positive side, some shows and movies get alot right. Mr. Robot accurately uses real hacking tools and shows competitions where hackers solve puzzles, which is a real thing called “capture the flag.” Scenes like the one in The Girl with the Dragon Tattoo, where a hacker uses social engineering to sneak into a building are very realistic. I think this movie helps people understand that the human factor plays the biggest role in cybersecurity. 

Though, I think cybersecurity has more bad PR than good in shows. They make hacking look like a super fast, flashy process with 3d graphics and “access granted’ messages that pop up instantly. In reality, it’s nothing of the sort. It’s a very slow and boring process that involves lots of code reading. These shows and movies can be extremely inaccurate which alters a lot of peoples understanding, especially if they are not already familiar with the cyber world. I think these films can create a false feeling of fear by giving people the wrong idea about what’s actually risky and making us worry about the wrong things.

Watch this Video: Social media and cybersecurityLinks to an external site. Complete the Social Media Disorder scale Download Social Media Disorder scale. or please find the attachment here: Social Media Disorder Scale-1.pdfDownload Social Media Disorder Scale-1.pdf How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

I answered “no” to all the questions since I’ve been off social media for about a year now. I’ve always been on and off, most of the time being off, so quitting completely wasn’t difficult for me and it has improved my screentime greatly. I understand the scale isn’t a proper representation of the real DSM test, but I do think more questions could be used. Especially since if you answer 5 or more out of only 9 questions, you should seek professional help. I think a more proper scale should have around 20 questions and ask things like “Do you think you need social media for day to day tasks unrelated to work or school,” things of this nature. Or questions related to social anxiety, do you feel like you lose friendships without it, which ties into other mental health issues. Different social media uses differs between countries because every country has different work cultures, city and community structures, and restrictions on social media apps. I know the EU often puts restrictions on what data these apps can collect. These apps like Instagram are free and thrive off of selling data, if they can’t get their product (data), they probably wont market their apps in these countries as much as they do in the States. Another thing is the work culture in the States is crazy, everyone is always networking even when it’s not the appropriate times. I also think infrastructure plays a big role in social media use. Not everywhere is a major city where you can find out about community events through word of mouth or a poster at a locally owned cafe. Many people rely on social media to learn about these events and stay in touch with people that are hour drives away. This also applies to learning about small businesses, a lot of small businesses in the States rely on socail media for promotion. 

Read this and write a journal entry summarizing your response to the article on social cybersecurity https://www.sciencedirect.com/science/article/pii/S2451958825000831

 The article talks about all kinds of attacks, from basic spam to really sneaky stuff like creating hundreds of fake profiles to sway public opinion or using AI to generate convincing fake news. It explains that the biggest threats aren’t just viruses or hackers breaking into systems, and that the real target is us, our trust in each other and the information we share.The most interesting part for me was learning about the different ways experts are trying to spot these threats. They don’t just rely on one method, instead they mix machine learning with social networking and even use simulations to see how lies spread through a crowd of virtual users. The article was also helpful because it listed real tools and datasets people can use, which makes the whole topic feel less abstract. It was also honest about the tough parts, like how attackers are always adapting and how we have to balance security with everyone’s right to privacy.

My main takeaway is that keeping the internet safe is less about computer code and more about understanding people. We need technology, but we also need to understand psychology and have a strong ethical compass. It’s a complicated challenge, but it’s so important for making sure the internet stays a place for genuine connection and reliable information.

Watch this videoLinks to an external site..  As you watch the videohttps://www.youtube.com/watch?v=iYtmuHbhmS0Links to an external site. think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

The job seems to be centered around labor market demands and personal sacrifice. The job is high demand, high reward opportunity, but comes with a distinct social cost, which is the expectation to work graveyard shifts. The job seems to be best suited for those without family commitments, which frames work life balance as a personal trade off rather than an issue that needs to be addressed. Even the creator of the video, nicole, spoke about her decision to pass on a $100k graveyard shift position even though she was eager. I think this highlights how career opportunities can conflict with maintaining healthy social connections. 

The video also highlights the power of self presentation in a competitive but niche field. It’s a strategic importance of networking reveal that success is not solely based on technical skill but also their ability to navigate social codes. There is also a geographical aspect, when the analyst must weigh salary against the social environment and cost of living in different cities. The job is presented as both a technical function and a social negotiation of time, location, and personal image. 

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

The article took a technological concept and broke it down using economic and social science. The authors basically looked at bug bounty programs not just as a tech tool, but as a market place where hackers decide where to spend their time. First there’s a large shortage of cybersecurity experts, so smaller companies can’t really compete for talent. Bug bounties across like a “fix” for this, letting them rent hackers instead of having to hire them full time. Second, there’s this cool idea from software called “Linus’s Law,” which basically says the more people who look at a problem, the easier it is to solve. So, by inviting a diverse crowd of hackers, companies can find bugs their own team might miss.

But the coolest part was seeing how the actual findings challenged a lot of common assumptions. I would have thought hackers are mostly in it for the money, but the research showed the opposite. Their “price elasticity” was super low, meaning that raising bounties doesn’t really lead to that many more reports. It turns out they’re motivated by stuff like building their reputation, learning new skills, or just the thrill of the challenge. This is good news for smaller organizations or government agencies, it means you can run a successful program without having to offer massive cash rewards.

I also found it surprising that a company’s size and brand name didn’t really matter that much in terms of how many bugs they get. It debunks the idea that only big, famous companies like Google can benefit from this. It seems like the hacker community is pretty efficient at finding vulnerable code, no matter who owns it. This supports the idea that bug bounties are a democratizing force in cybersecurity.

The part about certain industries like finance and healthcare getting fewer reports was really interesting. The authors suggested it might be because bugs in those areas are more valuable on the black market, so the opportunity cost for a hacker to report it ethically is higher. It shows the limits of a purely economic model and hints that for high risk sectors, the policy needs to include extra trustbuilding or other incentives.

Finally, the fact that programs get fewer reports as they age makes intuitive sense, the easy bugs get found first. The solution they hinted at, which is to keep expanding the “scope” of the program (adding new apps or systems to test), is a really practical takeaway.  Overall, this article convinced me that the most effective bug bounty policy isn’t the one with the biggest budget, but the one that best understands and engages with the hacker community on a human level. It’s less about the money and more about building a respectful and collaborative process.

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different psychological social sciences theories relate to the letter.

Economically, the attackers followed the the rational choice theory, they calculated that the benefit of stealing data outweigh the risk of getting caught. The company’s response, which was to hire security experts and notifying customers, was also a rational effort to minimize financial and reputational damage. I think the letter also ties to the Laissez Faire theory, since government intervention directly influenced the company’s actions and timeline. Psychologically, the breach notification shatters the customers assumptions of safety, which I think ties to the shattered assumptions theory. Customers learning their data was stolen probably violated their belief in a secure company. Another theory this probably ties to is psychological reactance, which is when people feel compelled to restore their autonomy. The company gave advised customers to contact card providers and monitor their statements, which most likely helped customers feel in control again. 

Andriy Links to an external site.SlynchukLinks to an external site. Links to an external site.has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

1. Sharing passwords, addresses, or photos of others.
2. Collecting information about children.
3. Faking your identity online.
4. Recording phone calls.
5. Bullying and trolling.

I view these offences as particularly serious because they represent a fundamental breach of trust, privacy, and safety. Sharing private information and collecting data on children can lead to real world dangers like stalking , identity theft, and predation. This information a could get sold on places like the dark web, leaving both children and adults in danger. Faking an identity and recording calls without consent are deceptions that manipulate and exploit others. Stealing someone else’s identity could cause problems for the real person depending on what it is you do with their identity, like if you were going around scamming people. And recording calls is a breach of privacy and lacks consent. Bullying and trolling inflict direct psychological harm, which can have devastating and irreversible consequences for victims. These violations are serious because they weaponize personal information and digital tools to cause emotional and psychological harm.