Cybersecurity & Social Science
Journal Entries
Week 1 Journal Entry
After reading through the NICE (National Initiative for Cybersecurity
Careers and Studies) Framework. The areas that appeal to me the most are
Cybersecurity Architecture, as well as defensive Cybersecurity, and
Vulnerability analysis. After I graduate college, I am hoping to work my way
up to becoming a penetration tester or a cybersecurity engineer. The reason
behind these options is because of the main reason I wanted to peruse a
career in cybersecurity which is to help people and protect them from
hackers endlessly trying to steal then later sell information to the highest
bidder.
The areas that appeal to me the least would be Cybersecurity legal advice.
While other careers in the oversight and governance seemed interesting the
cybersecurity legal career is the least interesting to me.
Week 2 Journal Entry
After reading through module two it makes it clear that seven scientific
principles relate to cyber security. The two that stood out to me the most can
be grouped together to help explain how the principles of science relate to
cybersecurity. These principles are Parsimony, and Relativism to me this is
important because to be successful in cybersecurity you have to think like a
hacker when creating your system and making your network safe from
threats. Thinking like a hacker will help you understand why they would be
committing the crime which could also help break down the level of the
attack ether a small petty attack from a teenager to a full on ransomware
attack on your company from another country.
Week 3 Journal Entry
After reading through privacyrights.org it can help researchers study data breaches by clearly laying out easy to follow links to research the given topic such as “data breach chronology”. After clicking on this tab you can see there are around 10,343,677,251 estimated impacted individuals to data breaches as well as the number by state across the United States. As well as how to get involved, internships, data age, and labels for breach types. There is also a tab section that will inform you how to get a free copy of your credit report from the three credit bureaus as well as other related questions about the topic.
Week 4 Journal Entry
When looking at Maslow’s Hierarchy of Needs comparing technology and how it affects my personal life. For self actualization technology has increased my creativity by learning new hobbies from Youtube. Technology has increased my self esteem because it has given me the ability to go to school online so I am able to maintain a career while going to school. For love and belonging technology has helped me out to keep in contact with my Marine friends and family without technology there is a possibility I would never see or hear from them again. Safety and security if it was not for technology I would have never known someone was walking around my house until the cameras alerted me someone was outside. Finally for physiological needs technology has given us Amazon for clothes, and Door Dash for food if we choose to not want to leave the house.
Week 5 Journal Entry
Out of the seven motives in the module from 1 making the most sense to 7 making the least sense I would place them as.
1- Revenge because this is always the motive you hear about when it comes to most crimes especially revenge porn unfortunately is on the rise across the globe.
2- For money simply because money is a driving force for all of us without it we cannot survive which will make us do things we never thought we would.
3- Political is a driving force for hacking because you can make or break someones campaign by leaking information about them or their opponent.
4- Entertainment makes sense to me as a motive for cybercrime because a lot of hackers will steal things just because they enjoy to do so.
5- Multiple reasons because hackers normally have multiple reasons such as financial and entertainment at the same time.
6- Boredom while it made sense I put it last on the this low because I felt like the other articles were close to being tied for the top.
7- Recognition is last because I believe the other articles fit more with their motives more than recognition did.
Week 6 Journal Entry
The first example of a website is a copy of paypal.com titled paypail.com this is a phishing website the easiest way to tell was the website and the logo are not spelled the same.
The second example of a fake website is TiffanyCoShop.com this website is a fake of the Tiffany website you can tell because of the extremely low prices are and the website is completely different than the real one with some spelling mistakes. When it comes to these baiting sites it is important to remember if it is too good to be true it probably is.
For the third example of a scam website Walofficals.com they are stating they are a discount Walmart which like I stated in the second example it is too good to be true. Another point is the scammers used half of Walmarts name and put officials to make you believe it is real.
The first example of a real website is sitkagear.com you know it is a real website because you can see there are actual real reviews, no misspellings, and it is a well made website.
Second example of a real website is usatoday.com you can tell this is a website because if you scroll to the bottom of the website it has the copyright of USA Today logo and the division of the company.
The third example of a real website is tiffany.com this website is a real interactive website unlike the fake one I covered earlier because it has a very well laid out website with no spelling errors and is using HTTPS protocol.
Week 7 Journal Entry
For the first meme this is a play showing if you leave your device unlocked it is the easiest vulnerability an attacker can use against you.
The second meme is a important because you have to be focused on security not just on your device but you have to make sure someone is not looking over your screen.
For the third meme is a joke stating you have to be in the clouds to take cloud security seriously.
Week 8 Journal Entry
After watching the video I was surprised how much Hollywood did their research with most of their computer hacking scenes. When you watch the movie for the first time you do not catch all of the small details, but after you go to school for computer science or cybersecurity it is impressive how the movies included real information some being far fetched but still going off of real data for the most part. The scene that stuck out the most for me is the scene from Silicon Valley because if people paid attention to this it can show just how important it is to not just pair to wifi just because you want to get on your phone. It is more important to pay attention and educate yourself than it is to send a text or logon to facebook.
Week 9 Journal Entry
After watching the video How Cybercriminals Can Use Your Social Media Against You and going over the Social Media Disorder Scale
1. Yes I mainly use Snapchat and Facebook to talk to my friends that do not live close to me.
2. No I normally do not get upset I can not spend more time on social media
3. No I am sometimes relieved when I cannot use social media.
4. Yes I try to use social media less and less but always seem to be using it more than I want to.
5. No I am happy to say I put important things in life ahead of social media.
6. No I have not had arguments over social media.
7. No I am honest about the times I pull up social media even when I am shocked thinking back to how many times we use it per day or week.
8. No I use my time in the outdoors to get away from negative feelings. I personally believe social media is what causes negative feelings most of the time.
9. No I have not had a conflict over social media use I try my best to keep the phone down when I am visiting or hanging out with relatives.
Week 10 Journal Entry
After reading Social Cybersecurity An Emerging National Security Requirement continues to prove the next war that breaks out will be a cyber war first before the war even starts. While also showing us the difference between cybersecurity and social cybersecurity. The difference is “cybersecurity involves humans using technology to hack technology” while social cybersecurity is “humans using technology to hack other humans”. To defend against social cybersecurity you must use an interdisciplinary approach using psychology, forensics, sociology, marketing, and network analysis to defend yourself. The article also talks about Network maneuvers to manipulate the actual network by examples of Leveraging the opinion leaders influence to spread narratives. As well as community building and bridging. Building a community around a topic, then bridging by injecting ideas from one group to another. Finally there is false generalized where you put a false notion of an idea should be accepted and believed by all which can easily sway a group of people especially by fear.
Journal Entry 11
The video “What does a Cybersecurity Analyst do?” educates us by Nicole telling us what a cyber security analyst is and how to read through what employers are looking for on linked in or indeed. Which is where the the social side comes into play this is important because you have to know what you are looking for being look out for scam jobs as well as location look who your competition is meaning look at the schools around where you are moving. The most important part of getting into the cybersecurity field is to build your network at work by gaining experience as well as the area you move to get out into your community around you.
Journal Entry 12
After reading the Sample Data Breach Notification. The first economic theory that comes to mind is Asymmetric information theory which is where one party has more information than the other this can be looked at multiple ways one being the hacker versus the individual, or the company who is sending out this letter claiming they are unaware of any actual misuse of the information. Second economic factor is New growth theory because they are removing the malware and gave the client all of the information on what to do to grow from this cyber attack. When it comes to two social science theories I believe conflict theory because it emphasizes struggles. As well as Rational choice theory thinking about the changes the individual will make looking forward while recovering from the cyber attack.
Journal Entry 13
Personally I believe that economics is a very important aspect to not only cybersecurity, but every field I say this because of how Bug bounty advocates state they are cost affective for companies. Some small businesses do not have the budget that the large scale can so they will not be able to get the best firewall or the best switches for their network so they can look for bug bounty advocates for help. Bug bounty advocates is also adding in new programs that will “cannibalize hacker reports to existing programs”. Another interesting point is that public programs get hit three to five times more than private programs.
Journal Entry 14
After reading 11 Illegal Things You Unknowing Do on the Internet, the five most serious offenses to me are. Number one sharing passwords, addresses, or photos of others is wrong because when you do that it is not only illegal but you are also giving someone access to another persons accounts without their consent. The second thing is bullying and trolling, cyberbullying is bad because it causes lack of self esteem in the victim and can lead to suicide. The third is faking your identity online. You only fake your identity or change yourself online because of two reasons one if you are lying about your age or everything about yourself it is deceitful and lying to the another person to get them to believe that you are someone else for personal gains. Another thing is using other peoples internet networks is wrong because it is stealing from someone even though it is not illegal it is still the wrong thing to do. Finally collecting information about children younger than 13 is very illegal especially if you are over the age of 18 and without the consent of the parent it is wrong on so many levels.
Journal Entry 15
Digital forensics relates to the social sciences heavily because you have to look at the social interactions of individuals to know their behavior especially when they are working in a covert operation. The social sciences will also help digital forensics out by realizing certain patterns on their target seeing where they are possibly hiding information they are looking for.
Davins pathway to his career is similar to my start when I asked my work about an IT internship and it jumpstarted my drive to graduate with my cybersecurity degree. I also liked how he jumped on his opportunity to join a digital forensics team in Australia. His story just goes to show if you have an opportunity even if you do not know if you are going to get accepted or not go for it do not settle.
Article Reviews
Article review #1
Impact of Cybersecurity and AI’s Related Factors on Incident Reporting Suspicious Behavior and Employees Stress: Moderating Role of Cybersecurity Training
After reading through the article, I selected it was clear that the topic relates to the principles of the social sciences. Simply because the article talks about how stressful cyber security can be which correlates to objectivity, data analysis, and ethical considerations. The article connects to objectivity because when you let stress from life and work either the possibility of AI taking your job or making your daily job functions more difficult when hackers can use AI against you. Data analysis, and ethical considerations because if you are stressed you might not use the proper techniques when fighting against hackers leading to simple mistakes.
The hypothesis of this article is “Incident reporting suspicious behavior mediates the relationship between cyber security incident management and employee stress levels.” (Venugopal Muthuswamy, V. V. M., & Esakk, S. (2024). In the field of cybersecurity, it is important that we lean on our training from school, certifications, past experiences, and our supervisors to make the right decisions when we let our emotions get the best of us, we fall for social engineering attacks. Which easily gives the hackers another win we cannot afford to give them.
The data and analysis the article shows are statistics of cybersecurity awareness being. “Cyber Security Incident Management (CSIM), Cyber Security Awareness (CSA), Intention to Use AI (IU-AI), Perceived Threats in AI (PT-AI), Cyber Training (CT), Incident Reporting Suspicious Behaviour (IRSB), and Employee Stress Level (ESL). Each factor is rated on a scale from 1 to 5, where the average score reflects the typical response, and the standard deviation indicates the variability in responses.” Venugopal Muthuswamy, V. V. M., & Esakk, S. (2024). CISM is a 3.2, CSA is a 3.6, PT-AI is 2.9, IU-AI 2.9, CT is 3, IRSB 3.1, ESL is a 3.2. The data shows that incident management and stress levels are the same which can lead to mistakes. It is important to stay focused on the task at hand not letting stress and emotions distract you.
The article contributes to society by stating “Stressed employees may also make poor decisions, neglect security measures, or fail to implement them correctly.” (Venugopal Muthuswamy, V. V. M., & Esakk, S. (2024). This is important to me for the simple fact that in the cyber security field if you are stressed and let it overwhelm you a mistake such as overlooking a phishing scam can put your company and coworkers’ information at risk. In cybersecurity it is crucial we work as a team and communicate to your coworkers when situations get the best of us.
Finally with this article it is important to remember in cybersecurity we are a team that
must work together as a unit if we want to stop hackers. We cannot let stress or personal feelings get in the way because that is what the enemy wants making us fall into a trap we must stick to our training to stay focused on the task at hand.
Sources
Venugopal Muthuswamy, V. V. M., & Esakk, S. (2024). Impact of Cybersecurity and AI’s
Related Factors on Incident Reporting Suspicious Behaviour and Employees Stress: Moderating Role of Cybersecurity Training. International Journal of Cyber Criminology.
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/330/99
Article review #2
Adapting cybersecurity practice to reduce wildlife cybercrime
This article stood out to me because of my passion for wildlife conservation meeting my future career in cybersecurity. With the “wildlife traffickers using the internet to commit cybercrimes, and the struggle of developing different methods for pursuing cybercriminals and bringing them to justice” (Haas, T. C. 2023). With the US department of fish and wildlife service’s having 250 cybersecurity agents they need to work hard to come up with different strategies using social sciences to give them the advantage they need to protect wildlife from future ongoing crimes.
This article relates to the principles of the social sciences are culture theory because of the aspect of not only does the department of fish and game have to deal with trafficking they have to watch for is poachers that are illegally hunting or fishing and then wasting the meat by taking a picture with the animals, then leaving them there. To me this relates to culture theory because when people grow up and they see or hear of parents and friends hunting, trapping, and fishing illegally being without a license or poaching making them believe they can do it and the process repeats in a cycle. This needs to stop because it is wasting the meat when there are a lot of donation points to donate the meat to individuals who need it. When it comes to the cyber side of social context is how wildlife trackers are growing as the advancements of technology are making it easier to conduct their illegal businesses of trafficking animals and plants to areas they are not normally from. I think this article and cybersecurity pairs with social context to fight against crimes could potentially using honey pots with either good hunting lands trying to bait people into trying to hunt areas they are not supposed to. Also, by posting that they are trying to sell endangered animals to someone who wants them for a pet.
One solution to catching large scale poachers involved in wildlife trafficking is “collecting intelligence on individuals wire transfers and shipments” (Haas, T. C. 2023). The only way to do this is to work together with other government agencies because of the little number of special agents the department of fish and game has.
Finally, I believe the US department of fish and wildlife must combine the social sciences along with cybersecurity fundamentals not only to defend the employees but the wildlife as well. Without using interdisciplinary studies combining the social science principles I do not believe they will be able to do their job successfully.
Sources
Haas, T. C. (2023, March 22). Adapting cybersecurity practice to reduce wildlife cybercrime. OUP Academic. https://academic.oup.com/cybersecurity/article/9/1/tyad004/7083342
Career Paper
Out of all of the careers in cybersecurity I believe penetration testers rely on social science research because, when you conduct a penetration test you must go inside the mind of a hacker to be successful. To be able to understand how a hacker that is going to try to exploit a vulnerability you must understand hacker behaviors. While doing so we need to focus on the social science concepts and how they correlate with human errors along with overlooked errors hackers will exploit vulnerabilities in your network.
First, we need to look at what exactly penetration testers are and what they do. A penetration tester is also known as an ethical hacker who utilizes their skills to help businesses avoid cyber-attacks. There are three different types of penetration tests one is a black box penetration test where the business who hired you does not disclose any of their information to the ethical hacker, they must try to get in like a hacker would from the outside. A white box is when the business gives you all of the information and you point out all of the vulnerabilities to them. Finally, there is a grey box penetration test, and the client will disclose some information but not all to you.
Second it is important to get into the mind of a hacker and do the reconnaissance just as they would when you have to conduct a black box test on a company you would look into the clients’ employees as well as open ports. I specified employees first because employees are the easiest way into a network. This can be done by a phishing email where they mimic their bosses’
emails with a link enticing you to click on. Another is spear fishing for example a hacker notices you love animals, and they send an email saying click here to donate to an animal shelter. The most important take away is to inform the client to talk to their employees and inform them on what to look for, and if there are any questions talk to their supervisor or their IT department.
When it comes to penetration testing there is more than the social sciences connecting the ethical hacker to the real-life hacker trying to steal information to sell to others. I mean this by the penetration tester must focus on authority bias, ethics and reciprocity because the client must trust that you will disclose all of the vulnerabilities and know that what you found is strictly confidential. You must not tell anyone about the vulnerabilities besides the businesses IT group
so they can fix their issues before an actual attack happens, and you will not talk about
employee’s information you found while searching for vulnerabilities. If the client does not trust you there is a good chance you will not get more business with said client or others for that matter. For authority bias and reciprocity these go hand and hand because sometimes clients will tell you not to go into certain off-limits areas and if you need to do so making sure you can or cannot gain unauthorized access to that file or folder before doing so.
After looking into what a penetration tester is and the different types of tests are it is clear we need to work together to prevent hackers to do so we need to teach our employees what to look for. We also covered how ethics plays the largest part because that is what separates a penetration tester from a hacker. While how authority bias and reciprocity can make the difference of gaining clients or losing them all together.