Journal Entry #1

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

When I look at the NICE [National Initiative for Cybersecurity Education] Workforce Framework, I see various categories and specialties within the cybersecurity field. It’s interesting to think about where I might want to focus my career.

Among these categories, I find the “Securely Provision” area quite appealing. I enjoy the idea of responding to cybersecurity threats and coming up with strategies to safeguard systems. The challenge and the fast-paced nature of this work attract me.

Furthermore, the “Analyze” category sounds fascinating I’ve always had a knack for data analysis and problem-solving, so the prospect of digging into cybersecurity data and finding vulnerabilities and threats is something that I find delightful

Lastly, the “Cybersecurity Management” category stands out because I have leadership aspirations. Being in a role where I can oversee security strategies, influence policies, and lead teams is something I aspire to in the long run.

On the other hand, the “Collect and Operate” category doesn’t quite resonate with me. I’m not particularly interested in gathering and managing cybersecurity data and information as a primary focus. Similarly, “Investigate” seems to require a meticulous and detail-oriented approach, which may not align with my natural strengths and preferences.

Overall, I believe that exploring the diverse roles within the cybersecurity field will help me discover the best fit for my career. It’s essential to keep an open mind, gain practical experience, and align my choices with my interests and strengths as I progress in my cybersecurity journey.

September 5, 2023, 5:00 PM EST

Journal Entry #2

Explain how the principles of science relate to cybersecurity.

I see a strong link between the principles of science and the world of cybersecurity. It’s like applying scientific methods to protect our digital world. Science is all about observing, testing, and analyzing, and these principles are essential in cybersecurity. For instance, just as scientists observe and gather data to understand natural phenomena, in cybersecurity, we closely observe our digital systems for any unusual activities or potential threats. We’re like digital detectives, looking for clues.

Closely, the scientific method’s idea of forming hypotheses and testing them aligns with what we do in cybersecurity. We create educated guesses about possible security risks and then use various tools and techniques to put these guesses to the test. It’s like conducting experiments to figure things out. Data analysis is a big part of both science and cybersecurity. Scientists analyze data to find patterns and draw conclusions, while in cybersecurity, we comb through data to detect any signs of trouble. It’s like finding a needle in a haystack but with data.

Working together and ethical conduct are shared values too. Collaboration among professionals and maintaining ethical standards is crucial in both fields to ensure trust and credibility. In the end, it’s clear that cybersecurity is like applying the principles of science to protect our digital world. We observe, test, analyze, and collaborate, all with the goal of keeping our digital spaces safe and secure.

September 5, 2023, 6:45 PM EST

Journal Entry #3

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

Today, I explored PrivacyRights.org to gain insight into the types of publicly available information about data breaches. This valuable resource provides a comprehensive database of reported data breaches, offering researchers a wealth of information to study and analyze. Researchers can use this data to conduct various studies and investigations related to data breaches.

For instance, they can examine trends and patterns in the frequency and scale of breaches across industries and geographical regions, helping to identify potential vulnerabilities. Researchers can also assess the effectiveness of data breach notification laws by analyzing how quickly and accurately organizations report breaches.

Overall, PrivacyRights.org serves as a valuable tool for researchers in the field of cybersecurity and data privacy, enabling them to better understand and mitigate the risks associated with data breaches on individuals and organizations, including financial losses and reputational damage.

September 11, 2023, 6:25 PM EST

Journal Entry #4

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Considering Maslow’s Hierarchy of Needs in the context of technology, it’s fascinating to see how intertwined they are in our daily lives. Let me share some examples that reflect my personal perspective:

Physiological Needs: Technology, particularly the internet and smartphones, has become a lifeline. I remember during the height of the COVID-19 pandemic, I heavily relied on technology for essential needs like food delivery and online grocery shopping. It became a way to meet my basic survival requirements.

Safety Needs: Ensuring personal safety is a top priority. I use technology for home security systems and surveillance cameras, which give me peace of mind. Additionally, online banking and financial management tools help me secure my finances in the digital realm.

Love and Belongingness: Staying connected with loved ones is incredibly important to me. Technology, whether through social media, messaging apps, or video calls, has been a lifeline to maintain these vital connections, especially when physical distance separates us.

Esteem Needs: Technology provides a platform for recognition and achievement. I’ve experienced a boost in self-esteem when receiving positive feedback and recognition on platforms like LinkedIn or Instagram. It’s a validation of my efforts and skills.

Self-Actualization: The internet is a treasure trove of knowledge and opportunities for personal growth. I’ve taken online courses, learned new skills through digital platforms, and even pursued creative interests with the help of technology.

But it’s important to strike a balance. I’m mindful of the potential downsides, like how excessive use of social media can affect self-esteem or concerns about online privacy and security. It’s a constant juggling act between leveraging technology to meet these needs and being aware of its potential pitfalls.

In my view, technology has seamlessly integrated into our lives, serving as a tool to fulfill the various needs outlined by Maslow. However, it’s crucial to use it responsibly to ensure it enhances our overall well-being and personal growth while mitigating potential negative impacts.

September 18, 2023, 9:15 PM EST

Journal Entry #5

Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it

In my opinion, ranking the motives for cybercrime from the most understandable (1) to the least understandable (7) can be a bit subjective, but here’s how I see it:

For Money (1): Making money through cybercrime is a motive that makes a lot of sense. It’s a clear incentive, and cybercriminals often put in a lot of effort to maximize their financial gains.

Political (2): When it comes to hacktivism or politically motivated cybercrimes, I can understand the passion and the desire to raise awareness or push for a cause. While their methods can be disruptive, the motives are usually pretty clear.

Revenge (3): Seeking revenge through cybercrimes, although harmful, is driven by personal emotions and grievances. It’s not hard to see why someone might want to retaliate when they feel wronged.

Recognition (4): Wanting recognition or fame through cybercrimes is a bit more complicated. While I can grasp the desire for acknowledgment, the actions often harm others or disrupt systems unnecessarily.

Entertainment (5): Committing cybercrimes for fun, like out of curiosity or for a thrill, is a motive that’s harder to relate to. It doesn’t have a clear justification, but it’s not as harmful as some other motives.

Multiple Reasons (6): Cybercriminals with mixed motives can be a puzzle. Their actions might result from a mix of factors, making it challenging to pinpoint a single motive.

Boredom (7): Engaging in cybercrimes out of sheer boredom strikes me as the least understandable motive. It seems pretty senseless when compared to other motives.

Keep in mind that this ranking reflects my personal viewpoint and motives for cybercrime can be quite complex and context-dependent. Regardless of the motive, cybercrimes can have serious consequences for victims and society as a whole.

September 25, 2023, 9:45 PM EST

Journal Entry #6

Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?

Fake Website:
hopeforchildrenfoundation.org [This is a misleading charity name website that Requests donations for a “charity” with a vague mission statement.]
The website lacks a lot of transparency about how donations will be used. No registered charity information or verified contact details and it used to run only on HTTP [recently they have now been supporting HTTPS]

Legit Website:
unicef.org [ An established and well-known international charity organization ]
We can compare this charity website to the one above and can see the clear outlines of its mission, programs, and financial transparency. It also provides verified contact information, including a physical address.

Fake Website
Deion.Shop [ It is a fake online clothing store that was created to scam people]
Deion.Shop clearly exhibits many red flags that indicate its unlawfulness. The lack of ways to reach out on the website raises concerns. Buyers can only contact through email, without a phone number, office address, or live chat option. Lastly, the website design is amateurish with low-quality images and an inconsistent layout

Legit Website:
Amazon.com [ Legit online clothing and other items store]
Amazon is a well-established online retailer with a user-friendly interface. Offers a wide range of products with competitive prices and provides multiple contact options, including customer support and FAQs. Most importantly customers review products and Amazon does an amazing job

Fake Website:
WhiteHouse this website “whitehouse.com” is not an official government website. Instead, it was known to be a website with adult content, gambling, and fraud. It is not affiliated with the U.S. government. The official website of the White House of the United States is [Legit Website:] https://www.whitehouse.gov. Compare the content and layout to what you expect from an official government website. Official government websites usually have a professional and consistent design with accurate and official information.

The way to spot fake websites is always to be cautious of URLs with misspellings, unusual domain extensions, or hyphens. Check for exaggerated claims, poor website design, lack of contact information, and the absence of secure HTTPS connections. Additionally, research the organization or website independently to verify its legitimacy and read online reviews or reports if available. It’s crucial to exercise caution when providing personal or financial information online and report suspicious websites to the appropriate authorities.

October 3, 2023, 10:00 PM EST

Journal Entry #7

Cybersecurity Memes
• Review the following ten photos through a cybersecurity human systems integration framework.
Create a meme explaining what is going on in the individual’s or individuals’ mind(s).

The meme titled “unmasking the pawsome detective who stole my password” humorously portrays a playful cat as the “pawsome detective” who is associated with password theft. It combines humor with a cybersecurity theme.

This meme relates to Human Systems Integration (HSI) by:

1. User Engagement: You created the meme to engage viewers by using humor and creativity, making it relatable and shareable among people. This approach aligns with HSI principles, as effective communication is essential.
2. Cybersecurity Awareness: The meme indirectly reminds people about the importance of cybersecurity. While it’s lighthearted, it highlights the need to protect passwords and online security.
3. Human Psychology: By featuring a cat, the meme taps into human psychology, as cats are often seen as playful and curious. This makes the meme more engaging and relatable.
4. Effective Communication: Memes are a form of communication that simplifies complex ideas or emotions into easily digestible visuals and text. In your POV, the meme effectively communicates cybersecurity messages.
5. Audience Engagement: Your meme is designed to entertain and engage viewers, which is in line with effective communication practices. Engaged audiences are more likely to share and discuss the content, spreading awareness about cybersecurity.

October 9, 2023, 8:35 PM EST

Journal Entry #8

The Influence of Media on My Understanding of Cybersecurity

As I sit down to reflect on how the media shapes our perception of cybersecurity, I can’t help but notice the profound impact it has had on my understanding of this field.

Movies and TV shows have a way of portraying hackers that is often larger than life. On one hand, you have the genius hackers who fight for justice, sometimes seen as digital superheroes. On the other, you have the hoodie-wearing villains who use their skills for evil. It’s easy to be drawn into these dramatic narratives, but I’ve come to realize that real-life cybersecurity is far more complex.

One of the most significant effects of these portrayals is the creation of stereotypes. It’s all too common to think of hackers as either “good guys” or “bad guys,” but in reality, most of those working in cybersecurity fall somewhere in between. Their motivations, challenges, and ethical dilemmas are not as straightforward as the media suggests.

What I’ve noticed is that the media’s focus on the thrill and glamour of hacking can overshadow the tedious and less sensational aspects of cybersecurity. The professionals in this field often work diligently behind the scenes, far from the action-packed hacking sequences seen on screen.

However, it’s important to acknowledge that the media’s influence is not all negative. It can spark interest in cybersecurity and underline the importance of digital security. Still, I’ve learned that being a critical consumer of media portrayals and seeking out accurate information from trusted sources is essential to forming a well-rounded understanding of this critical field.

October 23, 2023, 7:00 PM EST

Journal Entry #9

Complete the Social Media Disorder scale. How did you score? What do you think about the items on the scale? Why do you think that different patterns are found across the world?

I scored a 3.0 on the Social Media Disorder Scale. This means I didn’t meet the threshold of 5 or higher for a formal diagnosis of a disordered social media user. In my view, the questions in the scale were quite insightful, and they made me reflect on my social media usage over the past year.

I believe that different patterns in social media usage can be found across the world because of cultural, social, and environmental influences. Cultural norms, as well as societal attitudes towards technology and social media, play a crucial role. Some cultures may encourage extensive social media use, while others may discourage it. The availability and popularity of specific social media platforms can also vary by region, leading to diverse usage patterns.

It’s important to remember that not all social media usage is problematic, and everyone’s experience is unique. This scale is a useful tool for self-reflection and assessment, but if you have concerns about your social media habits, seeking guidance from a mental health professional is always a good option in my opinion

October 23, 2023, 8:00 PM EST

Journal Entry #10

Read this article and write a journal entry summarizing your response to the article on social cybersecurity

Today, I dived into an eye-opening article on social cybersecurity, a realm that’s redefining modern warfare. This anonymous author vividly depicts how information warfare is no longer just a tactic; it’s now an end in itself.

The article emphasizes how state and non-state actors manipulate beliefs and ideas globally, eroding trust in institutions and consensus before actual conflicts begin. It introduces the concept of “cognitive hacking,” where technology isn’t just used to hack systems but to hack human minds. One fascinating aspect is the role of computational social science, where a range of disciplines like political science, psychology, and machine learning come together to understand how social media influences human behavior.

The Russian information warfare blitzkrieg is a striking example. It illustrates Russia’s relentless campaign to sow division and discord in other nations. Their strategy targets political parties, races, religions, alliances, and more. It’s a stark reminder of the importance of unity in our increasingly divided world. The article also delves into the enabling factors behind this cyber-threat, particularly the decentralization of information flows due to social media. It highlights the need for better information verification, especially in an era dominated by “fake news.”

In essence, this article underscores the urgent need to grasp the field of social cybersecurity. In a world where modern warfare revolves around manipulating societal beliefs, values, and behavior, we must be vigilant and proactive. As we move forward in this digital age, the fundamental question remains: How can we protect our core values and society from social cyber threats? This is a question that deserves our attention and exploration.

October 30, 2023, 5:40 PM EST

Journal Entry #11

Watch this video as you watch the video, and think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

When I think about the role of a cybersecurity analyst and how it relates to social behaviors, it becomes evident that there’s a close connection. In the cybersecurity world, we’re not just dealing with machines and software; we’re dealing with people’s behaviors and actions. For instance, there’s this concept called “social engineering,” where cyber attackers try to manipulate individuals into giving away sensitive information. It’s all about understanding how people think and act.

Moreover, the video discussed the significance of establishing a cybersecurity-conscious culture within organizations. This means changing how employees view and engage with security practices. It’s not just about software and hardware; it’s about shaping the social behavior of the workforce.

So, what struck me were the social themes in cybersecurity discussions, like trust, ethics, and the impact of security breaches on individuals and communities. It’s a fine balance between safeguarding information and respecting personal privacy. The video truly emphasized how cybersecurity analysts are at the intersection of technology and human behavior, making their role all the more intriguing.

October 30, 2023, 7:00 PM EST

Journal Entry #12

Read "SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter

Economic Theories:

1. Theory of Information Asymmetry: The Theory of Information Asymmetry, often associated with George Akerlof, highlights the disparities in information between parties in an economic transaction. In the context of the letter, the breach notification reflects this theory. The organization had information about the breach that the affected customers did not possess. The delay in notifying customers due to the ongoing investigation is an example of information asymmetry. The organization had information that affected customers didn’t, and this can influence the decisions made by customers, such as contacting their credit or debit card companies.
2. Cost-Benefit Analysis: Economic decisions often involve weighing the costs and benefits of different choices. In this letter, a cost-benefit analysis is evident in the recommendations to customers. They are advised to contact their credit or debit card companies to report the potential compromise of their card information. The cost of doing this includes the time and effort required, but the benefit is the reduced risk of financial loss due to fraudulent transactions. This analysis is essential for individuals to make informed decisions regarding the protection of their financial assets.

Social Sciences Theories:

1. Social Exchange Theory: Social exchange theory, rooted in sociology, suggests that individuals engage in relationships and interactions based on a rational calculation of costs and rewards. In the context of the breach notification letter, customers are advised to contact their credit or debit card companies. This recommendation aligns with the social exchange theory as it implies that individuals are making a rational calculation based on the perceived costs (time and effort) and potential rewards (protection from financial loss).
2. Crisis Communication Theory: Crisis communication theory, a concept from communication studies, explores how organizations respond to crises and communicate with stakeholders. The data breach notification letter is an example of crisis communication. It outlines the steps taken by the organization, informs customers about the incident, and offers guidance on what to do. The letter reflects elements of crisis communication theory, including providing timely and accurate information to mitigate the impact of the crisis and rebuild trust with stakeholders.

Overall, economic theories like information asymmetry and cost-benefit analysis are evident in the letter’s content, particularly in the organization’s decisions and customers’ recommended actions. Social science theories, such as social exchange theory and crisis communication theory, are also reflected in the way the breach notification letter addresses customer concerns and communication strategies to manage the crisis effectively. These theories provide a framework for understanding the behavioral and decision-making aspects of both the organization and the affected customers in response to the data breach.

November 6, 2023, 8:00 PM EST

Journal Entry #13

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try to explore the cyberinfrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

The article delves into the reasons why bug bounty programs have gained so much attention. It’s primarily because of the scarcity of cybersecurity professionals worldwide, and smaller companies struggle to hire in this competitive environment. Bug bounties provide a solution by allowing these companies to engage freelance security researchers, which can be a game-changer.

There’s this concept called “Linus’s Law,” which suggests that more eyes on software mean more vulnerabilities get fixed. So, bug bounties enable firms to tap into a global network of hackers with diverse skills, complementing their internal security teams.

Now, when it comes to factors impacting security researcher supply, several things play a role. The age of the bug bounty program matters because as time goes on, it becomes more challenging to find vulnerabilities. The industry also has an impact; some are more susceptible to bugs due to complexity or difficulties in recruiting technical talent. The reputation or brand profile of a company is also a factor. Hackers are more likely to report vulnerabilities from well-known companies for various reasons, including career opportunities and recognition.

The bounty amount is crucial too. Some programs pay more generously, attracting more hackers. Time to resolution matters because if two hackers find the same vulnerability, only the first one gets paid. Faster resolution times are essential to prevent duplicated efforts. Company revenue is a bit of a puzzle; it’s not clear whether bigger companies or smaller ones receive more bug reports.

The scope of a program, whether it covers more assets, can influence the number of vulnerabilities found. New bug bounty programs might either intensify competition or create positive network effects, leading to more reports. Finally, whether a program is public or private plays a role; public programs get more reports but also more invalid ones, making it costlier to manage.

The literature review shows that these factors have been discussed in previous research, but there’s still room for empirical evidence to substantiate these claims. That’s where the article’s findings come in. For example, it found that hackers are price insensitive, meaning even companies with limited resources can benefit from bug bounties. The size and brand profile of a company don’t seem to have a significant impact on the number of bug reports they receive. It also suggests that bug bounties might be more useful for smaller companies.

There’s a debate about whether new bug bounty programs dampen reports to existing ones, but the article found that new programs don’t seem to have a significant impact on the number of reports companies receive. Interestingly, as bug bounty programs age, they receive fewer reports, unless they expand their scope.

Overall, this article is a valuable addition to the literature because it addresses many shortcomings of previous research. It uses comprehensive data, includes both public and private programs, and employs robust statistical methods to understand how bug bounty programs impact cybersecurity. It’s exciting to see bug bounties becoming a significant part of the cybersecurity landscape.

November 6, 2023, 8:45 PM EST

Journal Entry #14

Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

In my opinion, among the eleven internet-related offenses mentioned in the article, five that stand out as the most serious are:

1. Using Unofficial Streaming Services: Illegally streaming copyrighted movies, TV shows, or sports content not only violates copyright laws but also potentially supports piracy. This is a significant issue because it directly affects the livelihood of content creators and the entertainment industry.
2. Using Torrent Services: Downloading copyrighted material without proper authorization through torrents is a serious offense. It harms the intellectual property rights of creators and can result in substantial financial losses for content producers.
3. Sharing Personal Information of Others: Posting someone’s personal address or pictures without their consent, particularly with the intent to harm, is a grave violation of privacy and could lead to real-world consequences for the individuals involved.
4. Bullying and Trolling: Engaging in cyberbullying and trolling can be emotionally damaging and may escalate to criminal charges in severe cases. Such actions can harm a person’s mental well-being and potentially lead to legal consequences.
5. Collecting Information About Children Under 13: Gathering data about children under 13 without proper consent is a serious violation of the law and the Children’s Online Protection Act. Protecting children online is of utmost importance, and violating their privacy is a significant concern due to the potential risks involved.

These five offenses are particularly serious because they infringe on copyright, privacy, and personal safety, leading to both legal and ethical consequences. They not only harm individuals but also impact entire industries and society as a whole. Therefore, it is crucial for internet users to be aware of and avoid engaging in such activities to ensure a safer and more lawful online environment.

November 13, 2023, 7:30 PM EST

Journal Entry #15

Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

Today, I delved into the intriguing world of digital forensics through Davin Teo’s TEDx talk. The speaker’s insights shed light on the captivating journey one can take in pursuing a career in this field. What particularly caught my attention was the intersection between digital forensics and the social sciences.

Digital forensics investigators, as illuminated by Teo’s narrative, play a pivotal role at the crossroads of technology and society. Their work extends beyond mere technical proficiency, delving into the intricate tapestry of human behavior, ethics, and societal implications.

Teo’s pathway to his career highlighted the multidisciplinary nature of digital forensics. It’s not merely about deciphering complex codes and unraveling digital mysteries; it’s about understanding the people behind the screens. As I reflect on his journey, a few key points emerge:

1. Human-Centric Approach: Digital forensics, as Teo outlined, demands an understanding of human behavior. In the ever-evolving landscape of cybercrime, investigators must decode the motivations and intentions of individuals who leave a digital footprint. This inherently requires knowledge rooted in the social sciences, delving into psychology, sociology, and criminology.

2. Ethics and Privacy Considerations: Teo emphasized the importance of ethical considerations in digital forensics. The decisions made by investigators impact individuals’ privacy and civil liberties. A background in the social sciences equips professionals to navigate the ethical nuances of their work, making informed decisions that balance the demands of justice with respect for individual rights.

3. Communication Skills: The ability to communicate complex technical findings to non-technical stakeholders is a crucial aspect of a digital forensics investigator’s role. Teo’s journey underscored the significance of effective communication, bridging the gap between technical intricacies and broader societal understanding. This skill, rooted in the social sciences, facilitates collaboration with law enforcement, legal professionals, and the public.

4. Impact on Policy and Regulation: Teo’s narrative hinted at the broader societal impact of digital forensics, including its influence on policy and regulation. Investigators contribute to shaping the legal frameworks governing cybercrime, necessitating an awareness of governmental structures, international law, and the societal implications of these policies.

Overall, Davin Teo’s pathway to a career in digital forensics exemplifies the dynamic relationship between technology and the social sciences. The investigator’s toolkit extends beyond coding skills to encompass a deep understanding of human behavior, ethical considerations, effective communication, and the broader societal context. This intersection enriches the field, emphasizing its role not only in solving digital puzzles but also in contributing to a more just and secure society.

November 27, 2023, 7:00 PM EST