CYSE201S

Here I have all of my journal entries, article reviews, and career paper.

Week 1 – Journal Entry

The main areas I want to focus my career on are Tracking and reporting and Career progression. I want to focus on working my way up in my career, as I hope to one day own a manager position. I know that’s where they make a lot of money, and that’s what I mainly want. I also find the field interesting. Tracking is like a maze to me. I love the aspect of finding out things and solving any issues that may be suspicious. Something that appeals to me the least is the standardized development of position descriptions. I don’t know too much about the job, and would rather stick with the tracking and reporting aspect of the NICE Workforce Framework.

Week 2 – Journal Entry

The biggest and most commonly used system I find that the principles of science relate to cybersecurity is the scientific method. No matter what field you’re in with the cybersecurity world, you will always have to perform some type of hypothesis or plan to solve whatever issue you’re facing. Cybersecurity faces new challenges every single day, so some type of method or system is required to give you the best advantage and skillset to solve the problem. People in this field must test their ideas and hypotheses to determine how to solve a certain problem or find the best solution. These principles of science are directly connected with cybersecurity.

Week 3 – Journal Entry

Cybersecurity is such a wide field that many researchers can use multiple pieces of information across different sources and frameworks to properly asses and study different types of breaches. Some of these skills researchers use include critical analysis, risk assessments, which are very popular in the field, and forming and improving security strategies. Risk assessments study further beyond breaches, they think about the industry as a whole, along with different landscapes. Critical analysis skills can correctly determine the cause of the breach and even compare and plan to other similar breaches or possible ones in the future. Lastly, improving security strategies allows for the likelihood of future breaches to decrease and makes it harder for hackers to breach different companies.

Week 4 – Journal Entry

Each level of Maslow’s Hierarchy of Needs surprisingly has related to all of my moments in technology. The self-fulfillment relates to when I built my first computer back in quarantine. I had complete creative control, and it was my favorite technology memory. I felt the esteem needed when I finished building my computer, and turned it on for the very first time, realizing that it worked with no issues, I felt extremely proud of myself. The belongingness and love needs part of the hierarchy relates to the friends I’ve built off of technology. For example, I made a friend his computer after I had built mine. Next, safety needs relate to me being in a cybersecurity class, and my major. Lastly, physiological needs relate to how I need to stay energized while doing technology work, so I make sure to treat myself to some food.

 
 
After reviewing the articles, I found, in my opinion, that the article that made the most sense to me was the political article. The first one, “New generation of angry & youthful hackers join the ‘hacktivism’ wave, adding to cyber-security woes,” was the article that made the most sense to me, so I’d rank it number one. Going down my list, I have recognition, entertainment, multiple reasons, for money, boredom, and revenge at number seven. Now don’t get me wrong, I see the motive for the revenge article, but revenge itself doesn’t make sense to me, therefore, I can’t rank the article any higher. As for the rest, recognition and entertainment made a lot of sense to me because those had to do with other nations. As the list went down, I noticed how the multiple reasons articles started to lose me a little bit, and I got confused about their motives. As for money, I don’t understand what other possible motive they could have because the consequences of getting caught were not worth it. Lastly, for boredom, it made no sense to me because there are so many other better things to do with your time. I just don’t understand that one.

                    Week 6 – Journal Entry

Let’s start with what makes a fake website fake. They usually have incredible offers on them, sometimes too good to be true. For example, if you found a diamond ring for $20 on a website, then the website is most likely fake. The next thing fake websites would most likely have is poor advertisements or little to no information on the page. The advertisements might look silly or have absurd amounts of “deals” and some of these links might lead to malicious websites. Now, here are my three fake websites compared to three real ones.

Fake:

https://www.vivobarefootdanmark.top/

https://www.groundiesblackfriday.com/

https://www.groundiesaustraliasale.com/

Real:

What makes the fakes one above is the lack of information on the page, the “.top” at the end of the website link, and the malicious links accessible from those websites.  What makes the three real ones real is their detailed pages, legit contact information, and realistic advertisements, such as ten percent off certain items.

                    Week 7 – Journal Entry

In this meme, I wanted to show how hard it can be to keep up with all of the new technology in the world in an office setting. This picture is greatly related to the Human Systems Integration because it shows the personnel, environment, and manpower involved in it. Human Systems Integration is a crucial part of any business, especially the cybersecurity world, which is constantly changing. That’s why I chose this image. I feel like it represents the environment perfectly, and it was the best out of the ten photos I could choose from. Each of the concepts I mentioned relates to the integration by manpower being the employees in the meeting, environment representing the setting this could take place in, and personnel by the man at the front of the room, being the presumed boss.

 

 

 

 

Week 8 – Journal Entry

Until I watched this very entertaining video on the media, movies, and social perception’s influence on cybersecurity, I would’ve never thought about it. I’m still learning about cybersecurity, so I didn’t notice how it was represented in the media. However, when Ms. Elazari went in depth with how the media portrays cybersecurity, especially in Hollywood, I was surprised to see how flawed the media made cybersecurity to be. Elazari exposed how everything Hollywood uses in its films or media can’t be done, and how some of it would put the user at risk. Some films didn’t even use the right terminology! Mistaking encryption with files, or what could or couldn’t be encrypted. Overall, I think the media negatively influences our view on cybersecurity because it doesn’t show us how it truly works. At the same time, I get why most media do this, as they want it to be more appealing to more audiences. However, this doesn’t show viewers the true nature and realm of cybersecurity, and just how complex it could be.

 

Week 9/10 – Journal Entry

I unsurprisingly scored very low on the Social Media Disorder scale, as didn’t say yes to any of the nine questions. The reason why I’m not surprised with these results is because I barely even have any social media. The only social media I currently use is TikTok. No Facebook, no Twitter, no Snapchat. Just Tiktok. I don’t spend much time on my phone, to begin with, and when I am using it, I’m usually just checking emails or responding to texts from friends. As to what I think about the items on the scale; I think they relate to the questions asked very well. The items and the questions correlate well with each other. Lastly, I think different patterns are found across the world because of the impact social media has on a person’s mind. For some, social media is their career, so they have to spend more time on it, and this can sometimes affect their relationships with others. It also has negatively impacted a lot of people’s minds, as some make social media their whole personality, and form an addiction to certain platforms.

 

                 Week 11 – Journal Entry 10

The article, “Social Cybersecurity: An Emerging National Security Requirement” by Lt. Col. David M. Beskow and Kathleen M. Carley, Ph.D., emphasizes the importance of understanding and addressing risks associated with social dynamics in cyberspace. The authors likely explore a broad range of cybersecurity topics, including human behavior, the functions of social networks, and the intricate relationship between technology and society. Additionally, they may discuss strategies for handling these new challenges to safeguard national interests. Overall, the article highlights the critical need for proactive measures to address the complex interactions between social dynamics and cybersecurity. By implementing a comprehensive strategy that integrates knowledge from various fields and encourages cooperation across sectors, countries can strengthen their defenses against the constantly evolving landscape of cyber threats.

                 Week 11 – Journal Entry 11

In this video, Ms. Enesse speaks about her experience being a cybersecurity analyst. As she stated in the video, a “Cybersecurity Analyst” is just a title, as it can vary depending on which company you are working for. The first, and my favorite example of a social behavior I noticed in the video was user training and awareness. When she was first starting her career, Enesse was offered a position for a “graveyard shift,” which was essentially you worked 24/7. While she was offered about $100k for this position, she declined it, as it wasn’t something she was interested in. Now, if she had taken on this position, she would’ve been responsible for so much more than her other positions. For starters, she would’ve had to learn her user training fast, as she would’ve been the only one on duty at all times, which means she would have been more responsible for the system than any of her colleagues. Next, she’d have to be constantly aware of what was going on in the system, which means she’d have to be more alert for possible security breaches. Enesse would have had to adopt more secure social behaviors and avoid probably ten times the risk, all at the same time.

 

 

                            Week 12 – Journal Entry 12

The two economic theories I found that relate to this article are information asymmetry and externalities. As for the social science theories, it was the social contract theory and diffusion of responsibility. To begin, information asymmetry arises when a company’s customers no longer have faith in it after a breach of their personal information. The person with less information could take precautions, including getting in touch with their bank to lessen the chance of identity theft, and to protect themselves. Externalities, on the other hand, are the unforeseen repercussions of economic activity that have an impact on parties who are not directly involved in the transaction. Customers who made purchases on the business website without their knowledge or authorization were affected by the data leak. The social contract idea is relevant since it can be argued that the theft of the client’s data violated this agreement, which could erode customer confidence in the business. Finally, this relates to the dispersion of responsibility since comprehension of the bystander effect emphasizes the significance of open lines of communication and accountability while managing data breaches.

 

 

                    Week 12 – Journal Entry 13

The article we read this week was “Bug Bounty Policies: A Social Science Perspective on Cybersecurity Policy.” This is a comprehensive analysis of bug bounty policies within the world of cybersecurity, looking at our world from a social science framework view. One aspect of the article that caught my attention was the shift in perspective on cybersecurity. The idea of rewarding ethical hackers for finding security holes is consistent with economic theories of incentivization, which employ rewards to promote desirable behavior. The effectiveness and ramifications of bug bounty programs are discussed, and the importance of trust between hackers and corporations is assessed severely. Although the author knows the potential advantages of bug bounty programs for promoting a cooperative cybersecurity system, the debate also brings up major issues and difficulties related to bug bounty regulations. These concerns center on the durability and scalability of specific systems and the possibility of moral conundrums for hackers. The paper also emphasizes how critical it is to comprehend the socio-technical dynamics in bug bounty programs, including the impact of business culture and the larger cybersecurity scene.

                    Week 13 – Journal Entry 14

There have been eleven potential criminal actions that Internet users partake in have been listed by Andriy Slynchuk, highlighting different facets of cybercrime and digital misconduct. Five of these acts stand out as being very serious because of the severity of their repercussions and their ability to cause great harm. To begin, breaking into computer systems or networks is a serious offense since it can result in financial losses, data breaches, and the compromise of private and sensitive information. Additionally, accessing or disseminating child pornography is a terrible crime that can have a lasting negative impact on the victims, including permanent harm and ongoing exploitation. Lastly, committing online fraud—such as identity theft or phishing scams—poses serious risks to people and businesses, ruining finances and shattering public confidence in online commerce. Overall, the significant harm that these acts cause to people, communities, and society as a whole, is not to be taken lightly. This is a very serious issue and emphasizes the urgent need for strong cybersecurity measures and effective law enforcement to combat cybercrime.

                    Week 15 – Journal Entry 15

In my opinion, the speaker, Davin Teo, took a great path in his career in digital forensics investigation. From the beginning, Teo already had an amazing role model, that being his father. Who was already familiar with and in the field. Teo even demonstrated core traits of what people in cybersecurity do, as he was understanding of human behavior, used ethical considerations, and had great communication skills. Cybercrimes are usually committed by people with certain motivations and behaviors, and digital forensics generally entails researching these crimes. When attempting to comprehend the acts of hackers, social sciences like psychology and sociology can be quite helpful as they offer insight into human behavior. Overall, Davin’s career as a digital forensics investigator is related to the social sciences because it involves understanding human behavior, communication, and ethical considerations. 

Article Review #1

                           Cybercrime Laws in Iraq: Addressing Limitations for Effective Governance

 

Introduction

Cybercrime is one of the most dangerous problems every nation has suffered, and some aren’t prepared or haven’t done much to stop it. Amid research, they asked how can we improve cybersecurity in Iraq, and implement new laws for the legislative branch of Iraq, specifically cybercrime legislation. In this process, the research methods they used consisted of contacting their legislative branch and proposing new frameworks for Iraq. In addition to this, more data and analysis done concerning this issue emphasized the Penal Code for cybercrime governance. After the data and analysis were done on the Penal Code, they concluded that it provided specific provisions that could directly help Iraq. Jawad, one of the authors, further explains this in the article: “Iraq’s digital industry is currently ungoverned, making it one of the most open and vulnerable in the world. Due to the country’s political and security environment, more effort will be required to establish the organizational, technological, authorized, and capacity-building foundations necessary to offer effective cybersecurity for its people, enterprises, and government (Jawad,2017).” While the United States House of Representatives has already filed a bill on most cybercrimes, Iraq has no direct laws relating to dealing with cybercrimes.

Relations to the principles of social science, the study’s research, and the methods used 

This article relates to the social science principle of determinism because the studies and recommendations the authors found can help Iraq improve its lack of cybersecurity. So, the big question is how could we improve on the lack of cybersecurity in Iraq. Research shows that adding frameworks, detection, and infrastructures would greatly improve their cybersecurity. Also, developing new cyber technologies to be able to properly handle cyber threats from a governmental standpoint would help as well. 

 

Concepts in class that relate

Some concepts we’ve discussed in class, through the journal entries and discussion boards, relate to this in our week two discussion of the Federal Computer Fraud and Abuse Act. One of the suggestions mentioned in the article was to provide cybersecurity from a legislative perspective and make laws for cybersecurity, as that is something Iraq lacks, which is part of the reason why they’re so vulnerable to cyber-attacks. I feel as though implementing laws like those two would greatly help Iraq, and preserve their nation’s information. Also, it would help the citizens by not lessening the chance of their information being hacked from their computers, and other devices. 

How the topic relates to the challenges, concerns, and contributions of marginalized groups

This article greatly relates to other countries like Iraq going through a similar situation, having a lack of cybersecurity.  As I stated before, every nation has suffered from a lack of cybersecurity, some more than others, but many countries like Iraq don’t have the proper measures or precautions to deal with cyber threats, such as some parts of Asia, China, Tajikistan, and many more other nations and countries. These nations face similar challenges that Iraq has in the article, and Tajikistan probably has it the worst. However, doing the same solutions that the

researchers above suggested that Iraq would also help these other nations improve their

cybersecurity. 

Contributions made to the studies to society.

The studies made by the researchers and authors in this article have helped society by providing a new look at cybersecurity. Helping marginalized nations have a way to defend themselves against cyber threats and giving them some much-needed framework has impacted their society as a whole, and will continue to further improve on their nation.

Conclusion

In conclusion, legislative framework, new technologies, detection software, and infrastructures would help Iraq, and many other nations, improve their cybersecurity. There need to be more laws and regulations placed to defend a nation’s information, and Iraq has been most susceptible to these attacks, due to a lack of cybersecurity. However, the recommendations from the researchers have shown to work for other nations, and Iraq should soon follow through, to ensure the safety of their nation.

Citations

Suleiman, N. M., Hatim, A., Alseidi, M. A., Moshen, K. S., Abd Al Aali, W. K., Abdulaal, A. H., Rasol, M. A., Hamzah, A. K., & Alsrray, K. B. F. (2023, July 2). Cybercrime Laws in Iraq: Addressing Limitations for Effective Governance. View of cybercrime laws in Iraq: Addressing limitations for effective governance. https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/186/68 

 

 

Article Review #2

                               Cyberattacks, cyber threats, and attitudes toward cybersecurity policies

 

Introduction

Each day, the public becomes increasingly susceptible to cyberattacks, prompting a pressing need for governmental intervention, particularly underscored by the significant events of the 2021 Colonial Pipeline and SolarWinds cyberattacks. Before these incidents, the United States government lacked substantial access to cybersecurity intelligence and economic security. However, these attacks spurred heightened fervor within the legislative branch to enact cybersecurity measures. Yet, these policy changes faced resistance from the public, who viewed them as encroachments on their privacy. This sparked debates on digital surveillance, particularly regarding the access of legal authorities to encrypted data. The primary research inquiry posed by the authors centered on whether exposure to various cyberattacks would result in increased support for distinct regulatory policies. To investigate this, they employed experimental and survey methods. They conducted a controlled randomized survey experiment involving 1022 Israeli participants exposed to simulated video news reports depicting both lethal and nonlethal cyberattacks—a notably intriguing and effective research approach. Finally, their analysis was rooted in examining public responses post-exposure to cyber threats, drawing on theories from the literature on terrorism and political violence. Their findings indicated that individuals exposed to digital political threats were primarily concerned with the attack’s outcomes, regardless of its lethality.

 

Relations to the principles of social science, the study’s research, and the methods used 

Based on the authors’ research, this paper pertains to the social science concepts of determinism, relativism, and objectivity since it shows that trauma, anxiety, and impotence were common reactions among citizens exposed to political violence. The main finding of the study was that people’s exposure to cyberterrorism was serious enough to cause a considerable quantity of psychological and cognitive emotions. which they also connected to those traditional acts of terror. 

 

Concepts in class that relate

Victimization, as well as the social and behavioral sciences from module two, are some ideas from our class modules and discussions that are relevant to this article. First, the obvious one: the writers spent about half of the paper concentrating on social and behavioral sciences. They experimented to investigate what would happen to the civilians’ emotions after they were exposed to political violence, as I mentioned in the preceding paragraph. It also had a significant impact on their behaviors. The study’s findings, or more precisely, the way the citizens responded, represent a victimization case as they were subjected to intentional acts of violence and experienced unfavorable feelings as a result. 

How the topic relates to the challenges, concerns, and contributions of marginalized groups

The authors directly related these experiments of political violence to the acts of terrorist groups. While this was a controlled experiment, there are terrorist groups that push political violence for a living, with negative intentions to hurt these people. Many people across the world face these challenges, as terrorist groups exist in a lot of different countries. There even may be some in the United States that we don’t know about, and they might be making other civilians suffer the same unintentional fate. 

Contributions made to the studies to society.

The research, experiments, and data from the authors and researchers collected have helped bring awareness to political violence, and how it can negatively affect an individual mind, emotions, and behaviors. They also brought more awareness to how these acts are the same as terrorists do and helped liberate different cybercrimes.

Conclusion

In conclusion, public exposure to cyberattacks and perceptions of cyber threats should be considered while enforcing cybersecurity rules. It’s hard to find the balance between privacy and exposure, but either way, everyone involved needs to be mindful of how this can affect the people. As the research has shown, we’ve seen how exposure to cyberattacks has negatively affected the public. The government just needs to be more considerate of how these regulations affect the public, and watch how they choose to enforce them. 

Citations

Snider, K. L. G., Shandler, R., Zandani, S., & Canetti, D. (2021, October 7). Cyberattacks, cyber threats, and attitudes toward cybersecurity policies. OUP Academic. https://academic.oup.com/cybersecurity/article/7/1/tyab019/6382745?searchresult=1

Career Paper

               Social Science Research in Ethical Hacking                                                                   

In this report, we discuss how ethical hackers are dependent on the principles of social science, and how the concepts in class we’ve learned apply to ethical hacking

Introduction

With cybersecurity at the forefront, the world is more interconnected than it has ever been. This is a constantly changing industry, and in the line of work I’m pursuing, ethical hackers are essential to protecting digital infrastructure by spotting security holes and averting malicious cyberattacks. However, technical skill alone isn’t enough to make ethical hacking effective; one also needs a thorough understanding of societal dynamics, human behavior, and ethical issues. Mainly focusing on marginalized populations and wider societal repercussions, my paper will examine the necessary relationship between social scientific research and ethical hacking, highlighting how professionals in this field rely on social science ideas in their everyday routines, while also showing examples from our class on the relations between these principles.

  
Expanding on Social Engineering

Social engineering is a basic component of ethical hacking that involves coercing someone into disclosing sensitive information or engaging in particular activities. Comprehending human behavior is essential for executing effective social engineering schemes. Experts in ethical hacking frequently use psychological concepts to create compelling stories or take advantage of cognitive biases. The notion of reciprocity, for example, that people must return favors, is often used in phishing attacks. Social psychologists can also anticipate how people will react to various stimuli, which helps ethical hackers create more successful security measures. Ethical hackers can make consumers more aware of possible risks and reduce the likelihood of social engineering attacks by implementing psychological insights into their techniques.

How are the concepts we learned applied to ethical hacking?

We have studied many concepts that ethical hackers use, but I’ll talk about the most important ones. For starters, ethical hacking operates within a complex ethical and legal framework. While the primary goal is to enhance cybersecurity, ethical hackers must navigate ethical dilemmas and adhere to legal regulations. Social science research provides invaluable guidance in this regard, offering ethical frameworks and moral principles to inform decision-making. Ethical hackers often grapple with questions of privacy, consent, and harm mitigation. For example, when conducting penetration testing, they must balance the need to identify vulnerabilities with the potential risk of causing disruptions or unauthorized access. By applying ethical theories such as utilitarianism or deontology, ethical hackers can evaluate the consequences of their actions and make ethically sound choices. Furthermore, an understanding of legal principles, such as data protection laws and regulations governing cyber activities, is essential for ethical hackers to operate within legal boundaries. Social science research contributes to developing these legal frameworks by examining the societal impact of cybercrimes and informing policymakers about emerging threats.

Studying Sociology and Diversity

The field of cybersecurity is not only a neutral domain; it interacts with more general social problems such as prejudice and inequality. Experts in ethical hacking need to be aware of how cyber threats affect communities and promote inclusive security measures. Sociology provides important insights into the systemic biases, power relationships, and social structures that influence cybersecurity environments. Research on digital divides, for example, reveals differences in digital literacy and access to technology, which might increase vulnerabilities within vulnerable areas. By encouraging easily accessible cybersecurity education and creating inclusive security solutions that take a variety of user demands into account, ethical hackers may overcome these disparities. Finally, a diverse workforce in cybersecurity is essential to efficiently combating sophisticated cyber threats. Research in the social sciences emphasizes how crucial a variety of viewpoints and experiences are to creativity and problem-solving. Teams of ethical hackers with a variety of backgrounds are better able to comprehend and reduce the wide range of cyber threats that different groups confront.

Conclusion

In conclusion, ethical hackers must include social science studies in their work to successfully traverse the intricacies of cybersecurity, address societal ramifications, and advance moral behavior. Ethical hackers can improve their comprehension of human behavior, ethical conundrums, and inclusive security procedures by incorporating ideas from psychology, ethics, law, sociology, and diversity studies. The multidisciplinary partnership between social sciences and cybersecurity will be essential to protecting digital ecosystems and advancing a safer, more just society as long as technology keeps developing.

References:

  • Anderson, R., & Moore, T. (2006). Information security: Where computer science, economics, and psychology meet. Proceedings of the 2006 Workshop on New Security Paradigms.
  • Himma, K. E., & Tavani, H. T. (2008). The Handbook of Information and Computer Ethics. Wiley-Interscience.

Lee, L., Leenes, R., & van Sinderen, M. (Eds.). (2019). Socio-Technical Aspects of Cybersecurity: Issues and Challenges. Springer.