Cybersecurity & Social Science.

Journal Entry:

Week 1:

The NICE framework is a set of guidelines designed by the National Institutes of Standard and Technology (NIST) in the US. It allows cybersecurity to be more accessible for commoners and newcomers to the field by centralizing every aspect of it. It also helps reduce the risks of attacks and threats. It is designed to be accessible and applicable to a wide range of organizations, from government agencies and the private sector. An area of the framework that is appealing to me is the Analyze specialty. I really enjoy researching and analyzing data, making my own opinion of a subject, or trying to improve and area based on previous errors or incidents.

Week 2:

The principle of science relates to cybersecurity in many ways. For example, the scientific method, as it requires observation, theory, testing, and analysis. The observation comes from observing subjects, trends, and potential threats, as it allows for a greater understanding of what could and is happening. The theory field allows us to theorize on threats, crimes, trends, and why they are happening. This is useful to understand when something is happening in the cyberworld. The testing part is useful to test theories, thus confirming if they are real, and allowing us to have a more secure network and policy. Finally, analysis allows for data analysis which helps us understand many types of data.

Week 3:

We can see on PrivacyRights.org all the publicly available information about data breaches around the US. During a 17-year period, from 2005 to 2022, there have been more than 20,000 breaches reported, and a large majority of these breaches were in the medical field. We also know that most of these breaches were the results of hacks, used to steal the data. This kind of information is very important to study these breaches, as it allows researchers to identify what kind of field is targeted and how it is attacked. For example, in the medical field, there is a lot of data on patient health conditions, type of medication assigned, health insurance, addresses, phone numbers… These information can be used to run large-scale scams, theft, or identity theft. Knowing that hospitals are targeted, researchers can develop protection to prevent future theft. This kind of information is also a good way to train newcomers in the cybersecurity field.

Week 4:

Maslow’s Hierarchy of Needs is a pyramid regrouping the five stages of psychological needs that humans face during their lives. The five stages are physiological needs, the most basic needs like food water, and shelter, safety needs, security and safety, belongingness and love need, needs to build a family and intimate relationship, esteem needs, the feeling of prestige, and self-actualization, achieving full potential. This pyramid of psychological needs can be associated with technology, especially in our time since technology helps us fulfill some of these needs. For example, technology can help someone achieve their goals by providing knowledge and creative tools, useful to start a company. This would fulfill the self-actualization stage. The love and belongingness stage can be fulfilled by the connection the internet offers. The esteem needs stage can be satisfied by the large platform that technology brings for self-expression. Safety can be covered by security or emergency systems. Finally, Physiological needs are covered with the help of different tools that can improve food production, sleep schedule, or how to build a shelter.

Week 5:

Week 6:

A fake website is often created for fraudulent activity such as phishing or scamming. A fake website can be detected by different factors. First, fake websites are usually poorly designed compared to real websites. A poor design might not be the main indicator that it is fake but is usually a major factor. A suspicious URL is also a good way to flag a fake website. An unusual domain extension or subdomain can be an indicator that a website is not real. The absence of a privacy policy or terms of service is usually the best indicator, since the website does not care about your privacy, it might lack the legal text normally required.

Week 7:

Week 8:

Media are a good way to introduce a large amount of people to certain subjects, cybersecurity included. Even if it’s a good thing that more people become aware of what it is, I think that the media don’t portray cybersecurity the way it should be portrayed. The best example, in my opinion, is the Matrix franchise as it revolves mainly around networks and computers. In this series of movies, cybersecurity is portrayed as something very complex and complicated to get into. It also portrays cybersecurity as a very niche thing that only “nerds” or very passionate people are able to understand. I don’t particularly agree with this portrayal of cybersecurity in the media, but I think it is a good way to popularize the field and get more people into it.

Week 9:

Week 10:

A cybersecurity analyst often involves not only technical skills but also an understanding of social behaviors. It specifies analyzing human behavior, human factors in security, user awareness, incident response, investigation, social engineering defense, and policy development. The job of a cybersecurity analyst involves understanding threats, how they would affect a cyber environment, why, who, and where they could happen, and the behavior of humans related to the cyber world. While another job requires some technical skills, a cyber analyst might just need to understand the social cues and behavior in their environment.

Week 11:

Week 12:

Week 13: