Journal Entries | koreyeportfolio

Journal Entry #1

The NICE Workforce Framework for Cybersecurity outlines several roles and categories within the cybersecurity field. The most appealing areas include Cybersecurity Policy and Planning and Threat Analysis. Cybersecurity Policy and Planning involves developing and maintaining cybersecurity plans, strategies, and policies. It is appealing to those who enjoy strategic thinking and influencing organizational security practices. Threat Analysis involves analyzing and understanding cyber threats to develop effective defense strategies. It is ideal for those who are analytical and enjoy staying ahead of potential threats. The least appealing areas include Communications Security (COMSEC) Management, Incident Response, and System Administration. COMSEC involves managing the security of communication systems, which can be more technical and less strategic. Despite Incident Response being crucial, it can be extremely stressful because it involves responding to and managing cybersecurity incidents in real-time. System Administration involves maintaining and managing an organization’s IT infrastructure, which can be routine and less dynamic.

Journal Entry #2

The principles of science are essential for understanding and addressing cybersecurity issues. They include Empiricism, Determinism, Parsimony, Objectivity, Ethical Neutrality, Relativism, and Skepticism. Empiricism involves using observation and experimentation to gather data and improve security measures. With Determinism, understanding cause-and-effect relationships helps predict and mitigate potential threats. With Parsimony, designing simple, straightforward security systems reduces errors and vulnerabilities. With Objectivity, making decisions based upon unbiased evidence ensures reliable and effective security measures. Ethical Neutrality involves maintaining impartiality and avoiding biases in scientific inquiry to ensure fair and just security measures. With Relativism, adapting security measures to the specific needs of an organization acknowledges different contexts. Skepticism involves questioning assumptions and seeking evidence to help identify potential vulnerabilities and ensure robust defenses.

Journal Entry #3

Researchers can utilize the data available on PrivacyRights.org to analyze data breaches in multiple ways. The website offers a detailed database of publicly reported breaches, which can be examined to identify trends and patterns over time. By studying the types of organizations affected, the methods of breaches, and the geographic distribution of incidents, researchers can gain insights into the vulnerabilities and risks associated with different sectors and regions. Additionally, the detailed breach notifications can help researchers understand the impact of breaches on individuals and organizations, as well as the effectiveness of existing security measures and policies. This information can be used to develop more robust data protection strategies and inform policy recommendations to enhance cybersecurity.

Journal Entry #4

Abraham Maslow’s Hierarchy of Needs states that all human beings have needs that exist on a hierarchy. There are five levels in this hierarchy, with lower-level needs and upper-level needs. The five levels include physiological needs, safety needs, love and belongingness, esteem needs, and self-actualization. Maslow’s Hierarchy of Needs highlights how technology supports different aspects of life. An example of a physiological need is that technology helps meet basic needs with online grocery services and telemedicine. Safety needs include tools like VPNs and antivirus software that protect personal data and offer a sense of security. An example of love and belongingness is that social media platforms help maintain connections with friends and family, fostering relationships. Esteem needs include platforms like LinkedIn, which enable users to showcase achievements and gain recognition. Lastly, an example of self-actualization includes educational resources and online courses that support continuous learning and personal development. These examples show how technology meets various needs, from basic survival to self-fulfillment.

Journal Entry #5

After reading the articles linked with each individual motive in the presentation page or slide #4, I have ranked the motives from 1 to 7 based upon what makes the most sense to me. The number one motive is for the money. Financial gain is a powerful motivator for cybercriminals because it offers tangible rewards. I chose political as the second motive. Hacktivism often stems from strong political beliefs and the desire to initiate change. Thirdly, I chose revenge. Personal vendettas can drive individuals to engage in cybercriminal activities. The fourth motive is recognition. Gaining notoriety and acknowledgement can be appealing to some individuals. I chose multiple reasons for the fifth motive. Sometimes, various factors drive individuals to hack. The sixth motive is entertainment. Some hackers are motivated by the thrill and challenge of hacking. Lastly, I chose boredom as the seventh motive. While still a motive, it seems less compelling compared to the others.

Journal Entry #6

Here are three examples of fake websites and their comparison to real websites, highlighting the features that identify them as fraudulent: GenoChoice, Buy an Ancestor Online, and Dog Island. GenoChoice purports to offer genetic modification services to prevent diseases in future children. It claims affiliation with “RYT Hospital,” but the links don’t function, and the hospital can’t be found on a map or through a Google search. Buy an Ancestor Online claims to sell ancestors with authenticating documents. It has an outdated appearance, was last updated in 2012, and provides scant information about the founder. Reviews on the site label it as a scam. Dog Island describes a sanctuary for dogs with artificial caves and wildlife. However, it contains numerous grammatical errors, and the directions to the office involve solving a cryptic puzzle. Some genuine websites include RYT Hospital, Ancestry.com, and ASPCA (American Society for the Prevention of Cruelty to Animals). RYT Hospital is a legitimate hospital website with functional links, verifiable contact information, and professional design. Ancestry.com is a well-known genealogy website with current information, professional reviews, and a secure connection. ASPCA is a reputable organization with a professional website, accurate information, and no grammatical errors. The features that identify fake websites include unsecured URLs, suspicious contact information, too good to be true offers, poor website design and grammar, and pressure tactics. By comparing these characteristics, you can better identify fake websites and protect yourself from cyber threats.

Journal Entry #7

Explanation: The person believes that their password is secure, but they’re using one of the most common and easily guessable passwords. This highlights the importance of creating strong, unique passwords to enhance cybersecurity.

Explanation: Despite being in a learning environment focused on cybersecurity, students may still fall for phishing attempts. This emphasizes the need for continuous awareness and education on recognizing and avoiding phishing scams.

Explanation: The group is excited about sharing files but neglects to check for malware, which can lead to cybersecurity breaches. This underlines the importance of scanning devices for malware before sharing files. These memes focus on common human behaviors and mistakes in cybersecurity by highlighting the tendency to use weak passwords, illustrating the challenge of recognizing phishing attempts, and demonstrating the risk of spreading malware through unchecked devices.

Journal Entry #8

The media, through movies and TV shows, plays a significant role in shaping how people view cybersecurity. Hacking is often depicted as a highly exaggerated and fast-paced activity, with individuals effortlessly breaking into systems using unrealistic methods and dramatic visuals. While this is entertaining, it can lead to misunderstandings, such as simplifying the true complexities of cybersecurity or overestimating the skills of hackers. These portrayals mislead audiences into believing that cybersecurity is either exceptionally easy or impossibly complex, overshadowing its collaborative and systematic nature. On the bright side, such portrayals can generate interest in cybersecurity and highlight its importance. However, they may also promote unwarranted fear or a false sense of security by neglecting the broader technical, societal, and geopolitical dimensions of actual cyber threats.

Journal Entry #9

I scored a 0 out of 9 on the Social Media Disorder scale. Basically, it shows that my social media use is well-balanced and doesn’t significantly interfere with my daily life, mood, or time management. I think that the items in the scale accurately measure potential excessive social media use. The items are relevant and comprehensive in assessing social media usage patterns. On a global level, differences in social media usage can often be traced back to cultural norms, societal values, and the availability of technology. In some countries, heavy social media usage might be fueled by widespread internet access and digital connectivity, while in others, it might be limited by societal norms or technological availability.

Journal Entry #10

The concept of social cybersecurity addresses the impact of cyber activities on societal behavior, cultural dynamics, and political outcomes. Unlike traditional approaches that focus on safeguarding technical systems, social cybersecurity emphasizes how malicious actors manipulate public beliefs and behaviors using digital tools like bots, trolls, and disinformation campaigns. These tactics aim to disrupt public discourse and influence opinions on a broad scale. This emerging field is vital for maintaining societal cohesion and protecting democratic values. It highlights the need to counter misinformation and mitigate influence operations that threaten national security. By understanding these challenges, social cybersecurity can evolve to develop strategies that protect against manipulation and foster resilience in the digital age. This approach underscores the importance of addressing human factors in cybersecurity to build a safer and more informed society.

Journal Entry #11

The role of a cybersecurity analyst is closely linked to social behaviors, as it involves understanding and addressing human actions that contribute to security risks. Analysts need to anticipate how individuals engage with technology, such as falling victim to phishing scams or creating vulnerabilities through weak passwords. Social engineering, a method used by cybercriminals to exploit trust and human error, is a key challenge analysts work to prevent. The video emphasizes social themes like teamwork, communication, and empathy. Analysts must effectively collaborate with colleagues and educate users about security best practices to mitigate risks. Clear communication ensures that technical information is understood by non-technical stakeholders during incidents. Empathy helps analysts understand human errors and manage insider threats, highlighting the importance of interpersonal skills in addressing cybersecurity challenges. These interactions underscore the significance of human factors in cybersecurity, making the profession a blend of technical expertise and social awareness.

Journal Entry #12

After reading the sample breach letter “Sample Data Breach Notification,” the two different economic theories that I believe apply to the letter are Classical Economic Theory and Marxian Economic Theory. Classical Economic Theory views markets as being driven by rational decisions, supply, and demand. In this case, the breach notification reflects the company’s attempt to reduce damage and maintain trust by acting rationally. For example, notifying customers and collaborating with cybersecurity experts demonstrates an effort to avoid further financial loss and protect its reputation. Marxian Economic Theory focuses on power dynamics and exploitation. The delay in discovering and reporting the breach could indicate that companies prioritized profit over customer welfare, exposing a disparity in power. Customers, as the less powerful group, are burdened with protective measures like replacing compromised cards. The two social science theories that relate to this letter are Psychodynamic Theory and Neutralization Theory. Psychodynamic Theory focuses on underlying feelings and unconscious influences. The notification may reflect tensions in the company-customer relationship, especially if there were previous doubts about data security. It could touch on issues of trust and feelings of betrayal. Neutralization Theory explores how individuals justify questionable actions. If the notification includes explanations or shifts blame-such as pointing to external hackers-it may be an attempt to rationalize the breach and reduce accountability.

Journal Entry #13

The article “Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties” examines how bug bounty programs operate and the motivations behind them. These programs reward ethical hackers for identifying security vulnerabilities in company systems. The authors provide an extensive overview of the current understanding of bug bounty programs and their importance in cybersecurity. They emphasize the lack of research on the economic and motivational factors influencing such programs. The review also points out the challenges that ethical hackers face, such as unclear liability in the absence of well-defined vulnerability disclosure policies (VDPs). The study’s findings offer significant insights about hacker motivation, industry differences, evolution of programs, and policy recommendations. Ethical hackers are influenced by both financial and non-financial incentives. Reports of vulnerabilities are fewer in certain industries, such as finance and healthcare, compared to others. Over time, older bug bounty programs see fewer valid reports as easier vulnerabilities are resolved. However, expanding the program’s scope can address this decline. The lack of clear VDPs deters ethical hackers from reporting issues. The study advocates for more companies to adopt VDPs, fostering better collaboration between organizations and hackers. This study effectively bridges the gap between theoretical knowledge and practical applications by analyzing real-world bug bounty data. It provides strong arguments for the need for clear policies like VDPs to encourage responsible disclosure and strengthen cybersecurity. The insights are also valuable for organizations to optimize their bug bounty programs through improved incentives and broader scopes.

Journal Entry #14

Andriy Slynchuk outlines several significant online violations in his article. There are five that stand out due to their gravity. The first one is gathering information about children under the age of 13. This constitutes a breach of privacy laws, such as COPPA, putting minors at risk of harm and exploitation. The second one is engaging in bullying or trolling. This has detrimental psychological effects on victims and can lead to legal consequences for the offender. The third one is assuming a false identity online. This erodes trust, facilitates fraud, and causes financial and reputational harm to others. The fourth one is accessing pirated content via torrenting. This infringes copyright laws, depriving content creators of their rightful earnings and opening users up to legal risks. Lastly, conducting illegal internet searches involving prohibited material may result in monitoring by authorities and severe legal repercussions. These activities are particularly serious as they break laws, cause harm to individuals, and negatively impact society as a whole. Ethical conduct online is essential to mitigating these risks.

Journal Entry #15

Davin Teo’s TEDx talk explores his unique journey into the field of digital forensics and shows how the work of digital forensics investigators closely connects with the social sciences. Although he began his career in accounting, Teo eventually moved into digital forensics – a profession that not only requires technical knowledge but also a strong grasp of human behavior and social dynamics. His education helped him develop analytical and critical thinking abilities that are vital when examining cybercrimes and understanding the intentions behind them. His work involves examining digital evidence within organizational and legal frameworks, which aligns with social science fields like psychology, criminology, and sociology. Teo points out that digital forensics is more than just dealing with computers or data – it’s about uncovering the actions and motivations of people in a broader societal context. His career path highlights how combining social science insights with technical skills can be a powerful approach to navigating digital investigations.