How do engineers make cyber networks safer?

Engineers make cyber networks safer in various ways.  They focus their approach to securing networks by gaining a comprehensive understanding of both the issues that need to be addressed and the solutions that could resolve said issues.  In doing this, engineers bring an outcome-oriented approach to securing cyber networks where the focus becomes the security of the system as a whole rather than putting relatively heavy focus on the individual aspects that make up the system security.  Some of the multitude of components that encompass a secure system include ensuring the protection and security of stakeholders, “[identifying] and [assessing] vulnerabilities and susceptibility to life cycle…threats”, implementation of designs that efficiently control asset loss, implementing security considerations that focus on error prevention, “[performing] system security analyses…”, and “[evaluation] of the costs/benefits of security functions and considerations…”

What is the overlap between criminal justice and cybercrime? How does this overlap relate to the other disciplines discussed in this class?

The overlap between criminal justice and cybercrime involves the investigation of cybercrimes.  Cybercrimes need to be investigated just like any other crime, but investigating cybercrime is a bit more complicated.  Knowledge of computer forensics, knowledge of the various tools used to perform computer forensics, and knowledge of computers & networks in general is mandatory for the investigation of cybercrimes.  In general, it is vastly easier to remain anonymous committing a crime online than it is to remain anonymous committing a crime in real life.  The use of techniques like encryption, VPNs, and fake identities are just a few things that make it a potential challenge to figure out the identity of an attacker.  And since technology is advancing at such a rapid rate, staying up to date with and having knowledge of the aforementioned is a necessity when investigating cybercrime. 

This overlap relates to other disciplines discussed in class, like sociology and psychology, because an understanding of why the attacker is attacking is important in figuring out who the attacker may be.  The attacker could have been hired by another company or they could simply be attacking just because they felt like it.  Having a sense of direction would make it relatively easier to strategize about how to catch them.  Also, understanding who else may be involved is extremely important as the perpetrator may be a group rather than a single individual.  Catching the entire group of perpetrators will likely prove to be vastly more difficult than catching a single perpetrator.  The agency in charge of catching them may only figure out who a select few are, but that still leaves the others to continue their attacks.  Understanding who else may be involved will also make it relatively easier to strategize about how to catch them.

How can you tell if your computer is safe?

There aren’t telltale signs to tell if your computer is safe, and there aren’t security controls that will absolutely guarantee the safety of your computer.  While security controls will make it exponentially more difficult for an unauthorized user to access the data or information contained within, there is never a guarantee that it can’t happen.  There are many ways that you can increase the security of your computer.  Strong passwords and utilizing multifactor authentication methods are the easiest ways to get started with adding an extra layer of security.  Since most peoples’ computers are probably by or on a desk in an office, sitting on a counter somewhere (mainly speaking about a home setting), etc., it’s important that it’s at least a little bit difficult to gain access though the login screen.  This screen can be accessed remotely as well, which makes it even more important for security.  The next easiest is probably some type of antivirus software that regularly scans your computer for any malicious activity (may cost money, may not cost money).  Antiviruses can detect any malicious code that may have ended up in the files on your computer, can detect any potential threats or unsafe downloads from the internet that contain malware, can scan incoming and outgoing emails for malware, etc., that will all aid in the security and safety of your computer.  Next in line are firewalls to prevent certain types of network traffic.  Many of the ways that unauthorized users attempt to access your network can be blocked by a firewall.  Unauthorized network connections, DoS attacks, malicious data packets, network traffic that doesn’t adhere to what you want to let in or out, can all be blocked with the security policies and protocols integrated by and within a firewall.  These three methods are some of the simplest ways in which you can add layers of security to your computer which in turn will make your computer safer, but there is no guarantee that a hacker won’t find a way into the network.

Describe three ways that computers have made the world safer and less safe.

The first way that computers have made the world both safer and less safe simultaneously involves the abilities and opportunities that arose from their actual invention; computers have allowed us to create the internet, the world wide web, and gave us a method of mass communication.  The internet allows us to gain immense amounts of knowledge that otherwise would be unattainable without the internet, a way to connect with others all around the globe to socialize or share information, while also rendering us vulnerable to cyberattacks and cybercrime.  Another way that the invention of computers has made the world both safer and less safe involves general passion and ethics that can go both ways (“good” or “bad”).  With the constant advancement of technology, security controls and measures will advance; as these security controls and measures advance, our way of living that relies heavily on the internet and computers will get safer.  On the other hand, though, this constant advancement of security will bring on more determined groups of hackers; and these hackers will constantly work to stay ahead of the game and find vulnerabilities within these security controls/measure/strategies that may have been left unchecked.  Lastly, involving creations that have arisen from the invention of computers, is the creation of applications and software that are utilized for the unauthorized access and monitoring of networks.  From the programs I have used in labs so far, there seems to be a parallel where the same programs that can be used for unauthorized access and monitoring of a network, could also be used to detect the unauthorized access.  All of the above are ways in which the world has become both safer and less safe from the invention and use of computers.

What are the costs and benefits of developing cybersecurity programs in business?

Developing cybersecurity programs provides a multitude of benefits for a business with the main benefit being the protection/safeguarding of the network of systems and machines being used for daily operations.  A cybersecurity program is typically developed for risk management and is usually developed for the specific needs of the business.  There are some programs that are premade that the business could use, but I don’t believe it’s as common.  The program covers many different aspects, typically starting with risk assessment where potential risks are identified, evaluated based on potential impact on the business, and risk-reduction measures are recommended, but not yet implemented.  The next step in the program typically involves risk mitigation, where measures are taken to reduce the impact of the risks assessed in the before step.  These measures involve risk avoidance, risk mitigation, risk acceptance, risk transference, and once again, the evaluation of the assessed risks.  And lastly, comes evaluation and assurance, where risks are continuously assessed and evaluated, and this step also involves regulatory compliance; regulatory compliance meaning the maintenance of the policies, processed, and controls used to implement and perform the before steps.  All the steps involved in the risk management process are performed in a cycle if that makes sense; meaning, the steps are performed in order and performed again periodically or as needed in the same manner.  Doing this brings a strategic and systematic approach to the risk management process.  And ensuring the network is safeguarded results in a better reputation and increased reliability into play, which could also be seen as a benefit as other businesses will be more likely to collaborate. 

There aren’t too many costs relative to the benefits of developing a cybersecurity program.  The main cost is the actual cost of developing the program, like how much money is budgeted and spent.  The cost could depend on the size of the business and what needs to be protected, and it also could depend on what the company is willing to spend.  A small business may not have the budget for an advanced cybersecurity program, but at the same time, a large business may not be willing to spend what is required for an advanced cybersecurity program as the cost is relative to how much needs to be protected.  There are a lot of elements/factors that go into determining the price that may or may not even reflect the size of the business; it could be more expensive because it is more advanced, such as something that involves PKI.  Cyberattacks can result in a company losing millions of dollars and ton of lost time, so subjectively, the benefits will almost always outweigh the costs of protecting the network in the long run.

How has cyber technology created opportunities for workplace deviance?

Cyber technology opens up a variety of opportunities for workplace deviance.  Through the protection of data with these defense mechanisms and security controls, like the different methods of access control, some employees may have or obtain access to sensitive data.  These employees that have the privilege of accessing this data now have the opportunity to use this data in an unethical or illegal manner.  They may use this sensitive information, information that is not known to the public and would otherwise be unfair to utilize, for personal monetary gain.  This act is formally known as insider training, and it will very likely lead to fines or time in federal prison.  Another potential misuse of sensitive data by employees involves the theft of works that are the product of creativity, formally known as intellectual property theft.  Designing or manufacturing a product that solves a problem for people, while also being unique to the company who came up with it, is important for dominating a specific market.  If the plans for this innovation are stolen and exploited for personal use or even for the use of a competitor, the company is put in a tricky situation.  The company will lose money, lose reputation, lose employees, lose their edge in the market, etc., and the perpetrator, if caught, will very likely be fined, charged, or be put in federal prison.  Both of the above are what I consider to be some of the most severe cases of workplace deviancy that could arise from cyber technology.  A more minor case could be when an employee uses the technology offered by the company, that they are supposed to use only to do their job, for personal use.  This could be pretty much anything, like something as simple as browsing the internet.  This is formally known as cyberloafing and is probably one of the most common forms of workplace deviance that relates to cyber technology.  The emergence and advancement of cyber technology has provided a variety of opportunities for workplace deviance.

Describe four ethical issues that arise when storing electronic information about individuals.

Ethical issues that arise when storing electronic information about individuals can include accuracy, privacy, property, and accessibility.  Data accuracy entails the correct and precise representation of an individuals’ information.  Dealing with the issues that surround the ethics of data accuracy involve the assurance that information isn’t manipulated or tampered with by both authorized and unauthorized users, and security controls are used to ensure that the integrity of the information being protected remains intact.  Data privacy entails the control and protection of an individuals’ sensitive information.  Dealing with the issues that surround the ethics of data privacy involve implementing defenses against attackers and unauthorized users, ensuring that the individuals are aware of how their data is being gathered and utilized, and ensuring that their sensitive data remains confidential.  Data privacy and data property are related in the fact that they both deal with the control of an individuals’ sensitive information or data.  Data property deals with control in regard to the ownership of an individuals’ information and what the individual is entitled to do with their information.  Dealing with the issues of data property are also similar to how issues of data privacy are handled:  ensuring that the individual is aware of how their data is being used, gathered, and ensuring that the individuals’ wishes are respected in regard to both of the aforementioned.  Lastly, data accessibility involves the availability of an individuals’ information.  The individual needs to be able to access their information/data whenever needed.  The issues of accuracy, privacy, property, and accessibility are just some of the many ethical issues that arise when storing electronic information about individuals.

Compare cybersecurity risks in the U.S. and another country.

The U.S. and China face similar security risks since they are both large nations with valuable data/information that attackers want to take advantage of.  Cyber espionage is always a risk for large nations like the U.S. and China as they are some of the most technologically advanced in the world.  Obtaining this data/intellectual property could provide leverage over the nation and pose a substantial risk to the security of the nation.  In doing this, technological advancements could be halted, and economic interests could be compromised.  Insider threats are another significant risk for both the U.S. and China, and there is a higher chance of it happening since they are large nations with several large corporations.  Sensitive data could be accessed or stolen for the purpose of compromising the business or corporation, or it could even be accidental due to a lack of awareness on the issue but poses the same outcome.  Intellectual property could be stolen, the safety of employees could be at risk, the reputation of the corporation could be impacted, many negative consequences could come out of an insider threat.  Cyber espionage and insider threats are just a couple of the multitude of risks that affect both the U.S. and China; but all of them have negative consequences that can hinder the advancements of the nations and cost thousands of dollars to recover from.