Module 11

Journal Entry 12

https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf

The two economic theories that relate to the incident letter are Classical and Laissez-fare. The classical economic theory of supply and demand is one that relates to this incident because it shows how cybersecurity is important when dealing with clients/customers information as such information contains value not only for the business but also for threats. Laissez-fare relates as it is a theory which handles the governmental disclosure of cybersecurity incidents. This incident report considered a longer awaited discloser of the breach to conduct an investigation. The two psychological theories that relate to the incident are trust and reinforcement sensitivity theory. Moral trust is lost among the third party company which failed to defend against malicious threat actors. This also impacts the other companies and customer who had their payment information compromised. Reinforcement sensitivity theory allows cyber criminals to consider reward and punishment to determine the pursuit of an action or to halt that action. This instance the cyber criminals saw the reward of stealing money and payment card information while overlooking the punishment if they get caught. 

Journal Entry 13

Bug bounty research was conducted to determine whether publicly crowd funded bug bounty programs is better or worse than program funded bug bounties. The research used empirical data that was observed to give factual non objective information on valid reports from companies to the research. By analyzing 2SLS regression data researchers could study the affects that revenue and program funding might have on bug bounty results. What was determined was that public bug bounty programs and privately funded bug bounty programs were seemingly equal in results. The administering of vulnerability disclosure policies are crucial regardless of proficiency in bug bounty funding as long as these reports off factual truthful information on vulnerabilities to ensure risks and vulnerabilities can be addressed accordingly.