IT/CYSE 200T
Cybersecurity, Technology, and Society
Students in IT/CYSE 200T will explore how technology is related to cybersecurity from an interdisciplinary orientation. Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:
- Describe how cyber technology creates opportunities for criminal behavior,
- Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
- Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
- Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
- Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
- Describe the costs and benefits of producing secure cyber technologies,
- Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
- Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
- Describe how cybersecurity produces ideas of progress and modernism.
Course Material
Students in this course have completed a number of activities including an reflection essay, weekly technology and cybersecurity journal, and several quizzes and exams. Please include some of these artifacts on this page, particularly the reflection essay, explaining what you did and how these projects helped you engage with the outcomes listed above.
Be sure to remove this instructional language when you have completed updating content on this page.
Free Write (Week 2)
Cyber Security Analyst was the first one that popped up for me. The requirements are Strong understanding of RMF process, Secret clearance, CISSP or IAM level III equivalent certification, Ability to conduct Information Systems vulnerability assessments, risk mitigation, and Plan of Action and Milestone (POA&M) development. At this point in time, I don’t really fulfill the requirements at all. In order to fulfill them I would have to do every requirement not to mention you need 5 years of experience. I think I would want to do this way later because the second one I found was an entry level cyber security analyst. The things I have to fulfill in this is, Ability to follow an established process, Must have excellent attention to detail, Proficiency in MS Office applications (Word, Excel, Outlook, Visio),Ability to work in a fast-paced environment ,Ability to think independently and inventively. I fulfill everything for this except basic knowledge about cyber security, I know some things but I’m still new to the degree. The last job I found was cyber security engineering. The requirements for this is Experience in a professional work environment internship , Experience with Microsoft Office, including Outlook, Word, Excel, and PowerPoint , Experience with Web development concepts, including HTML and JavaScript , Possession of excellent oral and written communication skills, Security+, CISSP, CISA, or related certifications. Basically, I would need certifications and an internship. I could probably look online for one or see if odu has any.
Free Write (Week 3)
If I was a policymaker and was obligated to implement a minimum set of cyber security requirements to a company with 20 or more employees, the first thing I would implement is the company policy its self. For the company policy I want to have an email policy, password policy, network access policy, mobile device policy, and an incident response policy. I think theses will be the basic company policies to start out with and I will add more policies later if issues arise. The next thing I am going to do is raise awareness. I would probably send stuff through the emails (depending on if it is bad or not) and have meetings to raise awareness of any new policies or if anything bad happened and how to fix it as a group. The training is another important thing that should happen, and this is how I will train people. I think I would train people with informative videos about threats, risk, and what not to do. After that, I would probably have them shadow somebody in order to learn the ropes too. The education level would probably depend on the job, but I would say associative or higher would be for the best. The technology would have to be decent and up to date, it does not have to be fancy on nothing just some to get the job done. The requirements would have to interact with computers and agreeing with the policies and training. If the companies are not compliant with the basics then I would fine them and if I gets bad, I will find a new company to work with.
Free Write (Week 4)
A cyber attack that would be a disastrous one would probably affect a lot of people. I think it would be in the millions. I think I want to pick Amazon for my first example scenario because it’s a well-known company and a lot of people uses Amazon. For the cyber-attack scenario, it would be an attack on a bunch of people’s personal information. Peoples banking information would be leaked, compromised, and lose trust in the company in the process. Amazon would have to pay back a hefty amount of money to a bunch of people in order to appease them. In this scenario, Amazon would probably have to fix their malware or replace it immediately. It could have been prevented if they detected it earlier and dealt with it, but it failed because the malware was compromised.
The last scenario I want to talk about would be something government related. Hopefully this would never happen because that is a scary thought to have. The government had one weak point in its security, and someone was able to hack in to it. They end up seeing tons of very secured information like financial information, stuff about the military, and future plans that have not been implemented yet. The hacker ends up leaking it to the public or selling the information to a country that does not like us. In this scenario, it was caused by an old piece of equipment which was out of date and someone or something did not check it correctly. This could have been prevented if the piece of equipment was up to date and not over looked.
Free Write (Week 5)
If I was interviewing people for an if formation security officer position, I would ask five questions. The first question I am going to is, have you ever experienced a security breach? If so, how it was handled. This question is important because it ask if they have any experience with breaches. If the person says yes, then they have experienced a breached and they tell you how it was handled in a crisis. Obviously if they say no, then they have no experience with security breaches.
The next question I am going to ask is, how do you help identify potential vulnerabilities? This question tests their ability to analyze the problems with in the job. I would want them to say something about them identifying vulnerabilities.
The third question I will ask is, what is the difference between a threat, a vulnerability, and a risk? This question tests your ability of your understanding of cyber security. The answer I would want would probably be a brief explanation of each one.
The fourth question that I will ask is, how well do you work on a team? This question is important because I want to know if they are good on a team. I want them to say I am good on a team.
The last question I am going to ask is, what is your technical experience? This question is important because I want to know what exactly they done over the years. I would want them to answer with decent technical experience.
Free Write (Week 6)
Legal ways to make money in cybersecurity list
Create app that rates software
Yacht GPS software that is secure
Bodyguard Security Service app
Exploit Developer
Rate a website
Security software business making and selling
Encrypted email easy to use and easy to adopt
Cybersecurity job app
Useful scam prevention scanner
Risk service
Incident Responder
The protection of mobile devices
Yelp type of service for electronics app
Out of all the legal ways to make money in cyber security, I think I want to pic an incident responder app for the police and fire men. I want this app to be like calling 911, but this app would be more efficient than calling. I want this app to be easy to use in an emergency as well. This app you would do a small survey with button input and sends the survey to the police. I want this app to save people lives as well. Obviously, this would have to start out small with a city and I would probably have to talk with people who runs the city and see if they would like to try this app out a bit before I make it available to the city. Let’s just say I some how got permission for the app. This app will probably still need an operator to send to send help according to what the user inputted. I don’t want to put them out of a job. I just want to take the load off them. For this app I am not sure how much money I would need to start it and it would probably a decent amount of money. I would set up a small team to get the money to start the project. This small team would also have to be my technical team to help me with the app. I also would have to have a bunch of tests to find any glitches or problems before the finished product is used. Once we got it in use with the city and is successful, we can talk about money with the city. In order to get paid I think that every time someone use the app, we get a certain amount of money. The last thing I would talk about is customers. This app would have no customers.
Free Write (Week 7)
If I was a CEO of a company and had to think of specific rewards and sanction for employees here is what I would implement for them to achieve goals.
For the sanctions the first one I think it would be using somebody’s personal information with bad intentions. Basically, using it for money. The next one would be embezzlement. This sanction they are taking money from the company and is very bad. The last sanction is whistleblowing. The company’s private information should not be leaked to the public at all. In every single one if you break it, you will be fired for doing it, might go to jail, and might get sued. This will be effective because it protects the company, customers (potentially), and workers.
For the rewards the first one I will talk about is raises. If employees work hard then they should get more money. This increases productivity. The next reward is a monetary reward for catching people that break company policies especially sanctions. This will make the company a bit safer and gives them an incentive to turn in anyone who is violating policies. The last reward is employee of the month and gifts. This initiative will give gifts to people achievements in life (like birthdays) or performance in the work place. All these rewards boost morale and make it effective.
Free Write (Week 8)
To start at with, I think the question I want to pick is can we trust the system? I think that we can’t trust the system as much because it is not entirely safe.
Do you think that people treasure their physical property more than their personal data in the online space? I believe that its people treasure their physical property more than their personal data in the online space. The reason why I think this is because the system is still relatively new. The strategy I propose is to make have more security in place and software that detects breaches and violations more efficiently.
If I was an owner of a company and had the IT department engage and be responsible for applying practices here is some of my ideas. For my first idea, I would have them protect their personal data. Avoid sharing their security and credit card numbers, basically not engaging in scams. The second idea is to avoid pop ups and unknown links. And the last one is to have a secure Wi-Fi and have firewalls on.
Lastly, I think there will be a lot of challenges that will happen in the next 20 years for cyber security. I think the worst challenge would be hackers probably and are going to be more prominent. The counter measure is to make the internet more secure, so this does not happen. It will probably come from corporate practices and policies and I can see it coming from federal/state/internal agreements and laws.
Free Write (Week 9)
VPNs or virtual private networks is private networks that use public networks to connect to remote sites or users together. It has virtual connections through the internet from private business networks to sites or a person and is encrypted.
The five benefits of using VPNs are Enhanced security which is a lot safer than using Wi-Fi, VPNs helps you bypass Geo-blocks on websites(basically see things regions block out), VPN hides your online identity, VPNs help prevent bandwidth throttling, and helps you save money in the long run. The five downsides of using VPNs are it giving you a false sense of security and believing it to be entirely safe, VPNs can not unblock every single website, VPNs are illegal in some countries, VPNs can be difficult to configure on a router, and VPNs can slow down internet connections.
All in all, I think that VPNs offer more advantages than disadvantages. It being safer and cheaper is a huge point in its favor. I will say that the slow connects can be bad but the positives just out ways the negatives. I also like the fact that it gives users a sense of privacy and you are not exposed at all.
Free Write (Week 10)
Individual Indicted And Arrested For Smuggling Counterfeit And Misbranded Products From China December 20, 2019 Male , age unknown, Puerto Rico
Three Members of GozNym Cybercrime Network Sentenced in Parallel Multi-National Prosecutions in Pittsburgh and Tbilisi, Georgia December 20, 2019 Male, 47, Bulgaria
Chinese National Pleads Guilty to Federal Mail Fraud and Conspiracy Charges for Trafficking in Counterfeit Goods December 19, 2019 Female, 34, California
State Department Employee and Spouse Indicted for Trafficking in Counterfeit Goods from U.S. Embassy December 18, 2019 Male 53 and Female 39 Oregon
Former GE Engineer Pleads Guilty to Conspiring to Steal Trade Secrets December 10, 2019 Male 44 Canada
Former GE Engineer Sentenced for Stealing Trade Secrets December 10, 2019 Male 41 Mexico
TWO MEMBERS OF THE ROMANIAN CYBERCRIMINAL ENTERPRISE BAYROB GROUP SENTENCED ON 21 COUNTS RELATING TO INFECTING OVER 400,000 VICTIM COMPUTERS WITH MALWARE AND STEALING AT LEAST $4 MILLION December 6, 2019 Both male, 37, and from Romania
Pensacola Jury Convicts Man For Federal Theft Of Trade Secrets And Online Extortion Of Local Company December 5, 2019 male 42, Alabama
Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware December 5, 2019 male 32 Russia and male 38 Russia
Russian Hacker Who Used NeverQuest Malware To Steal Money From Victims’ Bank Accounts Sentenced In Manhattan Federal Court To Four Years In Prison November 21, 2019 male Russia
I have found a couple of patterns. The first one is they use the internet for their own gain (money mostly and some information). There were some cases of stalking on the internet as well. This just show that you are not safe on the internet at all.
Free Write (Week 11)
For the 2017 case study with the Russian agents using Facebook to influence the voting for the presidential election, I think this is an act of cyberwar. It fits into the category of propaganda within this unit. I can also see why it could not be considered an act of cyber war. It really does not have any military benefit for Russia or anything really negative associated with it.
For the ethical view on this, I think it was morally wrong of them to do this. Russia use religion to influence people decisions for the presidential election for 2017. The people running should have a fair shot at winning without anyone other than the other candidates saying anything. It also looks like they did not want a woman in office from the looks of things.
The next thing I would like to talk about is the political view. Russia should not be in the united states affairs like this. This just shows that anyone could influence the election. For this propaganda it wants Hillary Clinton to lose by Comparing her to Satan and trump as Jesus. Trump is a republican and she is a democrat, so they were trying to have a republican in office from the looks of it.
The last I want to talk about how it affects this business side of things. It can affect the taxes on business. Elections can affect the affliction the inflation rate as well. The last thing it can affected wanted items of businesses.
Free Write (Week 12)
For the first question, here is what I think the biggest cybersecurity challenge will be in 2040. I think hackers are going to be more prevalent in the future. Later, in 2040 machines are going to play a big roll and they might be used for hacking as well. The machines are going to be self-learning and are going to be hard to counter. So, I think we are going to have to make counter machines to stop them.
I think policy makers would have a bunch of policies to make for dealing with hackers. Policy makers would probably have been stricter in order to make it less likely to do it. The first policy is probably going to do with embezzlement for companies and what will happen if you do. The next policy would have to with fraud and what the penalty for taking peoples information for criminal means. The last policy needs to be recovery for what the hacker did and a plan for rebuilding as well.
Lastly here is what I think the specific strategies used to mitigate the issue. Well for starters the polices I mentioned previously. I also think having those machines as counter measures as well as people working to prevent it. These counter measures will also be buffed up malware or some advance fire walls. I think data would have to be more encrypted so no one can easily be able to use it. The FBI and the cops would probably be more involved with this.
Free Write (Week 13)
I looked up a case involving social engineering was with target in 2013. There was a breach in data. Hackers gain 40 million of customers payment information. They ended up using phishing to grab their information from emails they used. The hackers then installed a malware on a target partnering company. The hackers also installed another malware on targets system to copy credit card and debit card information.
The psychological mechanism they used literally took advantage of people in order to gain financial gain. This happen around black Friday, one of the busiest times of the year for shopping. So, people were shopping for the holidays for their family or friends and this crazy thing happened. This lasted until December 18th.
The hacker benefited from this manipulation because they took a lot of money from target. Target also benefited from this as well as strange as that sounds. They ended up making all of their systems better because of the hackers with less flaws than before. They did have to pay back a bunch of people and lost some trust in the process.
As for the consequences for the manipulation user, they found out who was responsible for targets data breach. The person responsible for the hacks he somehow had access to targets information. He was arrested shortly after they found out it was him.
Here are some for suggestion I have to prevent this from happening again. Be very cautious with the information you give out. Make sure your network is secured so people cannot access everything.
word count: 258
Midterm Project
Working with a group with a group was pretty decent for the most part. We got all the stuff done in a couple of days of time. We had fun working together overall. I would like to talk about the steps we took in order to achieve the video presentation for the midterm project.
Step one, we tried contacting each other through email. At first, I did not see the email my other partners sent me at first. I ended up seeing their email and we exchange phone numbers. We set up a time and place in the library. We even reserved a room in the library, so we stay in there and talk about some ideas bit.
Step two we talked about what we were going to talk about. We did some research on the topic we had and had to defend it and find the good in it. One of my team members took it home and came up with the script.
Step three was the filming. We tried filming it and we all was really nerves about being on camera. So, we took separate videos using the script. We ended up using the one I made.
Lastly, I think working in a group was beneficial and productive. We got everything done in a couple of days and we a great time do it.