{"id":257,"date":"2025-12-05T02:07:34","date_gmt":"2025-12-05T02:07:34","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/?page_id=257"},"modified":"2025-12-05T02:10:37","modified_gmt":"2025-12-05T02:10:37","slug":"cyse201","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/cyse201\/","title":{"rendered":"CYSE201"},"content":{"rendered":"\n<p><strong>Article Review #1<\/strong><\/p>\n\n\n\n<p><strong>Introduction<\/strong><\/p>\n\n\n\n<p>The article by Trinh, Dinh, and Tran (2025) examines the psychological traits of cybercriminals<br>and their broad implications for crime prevention. Using a systematic review of 1,200 studies<br>(with 45 meeting inclusion criteria), the authors bring attention to the connections between<br>psychology, criminology, and cybersecurity while giving recommendations for law, policy, and practice.<\/p>\n\n\n\n<p><strong>Relation to Social Science Principles<\/strong><\/p>\n\n\n\n<p>Cybercrime is not only a technological concern but also a social science concern because it<br>represents behavior, motivation, and social interaction online. The article connects criminology,<br>psychology, sociology, and law to explain cybercriminal behavior, applying theories like Routine<br>Activity and Deterrence Theory to digital contexts. <\/p>\n\n\n\n<p><strong>Listed below is the research question, hypotheses, independent and dependent Variable.<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group is-vertical is-layout-flex wp-container-core-group-layout-1 wp-block-group-is-layout-flex\">\n<p>Research question: What psychological traits do cybercriminals have and how can those traits improve cybercrime prevention?<\/p>\n\n\n\n<p>Hypotheses: Cybercriminals show specific psychological traits like narcissism, impulsivity, and tech proficiency that influence their behaviors.<\/p>\n\n\n\n<p>Independent Variables: Psychological traits such as narcissism, impulsivity, and technical proficiency.<\/p>\n\n\n\n<p>Dependent Variables: Cybercrime behaviors, like hacking, phishing, and fraud.<\/p>\n<\/div>\n\n\n\n<p><strong>Research Methods<\/strong><\/p>\n\n\n\n<p><br>The writers used PRISMA guidelines to complete a literature review. They searched databases<br>like Web of Science and Google Scholar and applied strict criteria. NVivo and Excel were used for coding and thematic analysis.<\/p>\n\n\n\n<p><strong>Data and Analysis<\/strong><\/p>\n\n\n\n<p>The review combined qualitative and quantitative findings from past studies. Data types<br>included psychological assessments, case studies, and theoretical frameworks. The analysis<br>focused on identifying recurring traits, motivations, and trends in offender profiles.<\/p>\n\n\n\n<p><strong>Connection to PowerPoint Concepts<\/strong><\/p>\n\n\n\n<p>The article connects with the PowerPoint concepts: Routine Activity Theory (crime occurs with a<br>motivated offender, suitable target, lack of guardianship), Deterrence Theory (punishment reduces crime), and privacy vs. security balance.<\/p>\n\n\n\n<p><strong>Relevance to Marginalized Groups<\/strong><\/p>\n\n\n\n<p>Marginalized groups often face the most cybercrime, like identity theft, financial fraud, and<br>privacy breaches. Study shows that victims may experience stress, anxiety, and reputational<br>harm. Low-income communities are vulnerable because they may lack access to strong cybersecurity protections.<\/p>\n\n\n\n<p><strong>Contributions to Society<\/strong><\/p>\n\n\n\n<p>The study contributes to society by advocating for integrated policies that combine<br>psychological insights, international cooperation, and legal reforms. The recommendations that<br>were given included improving offender profiling, enhancing cybersecurity education, and strengthening defenses for critical infrastructure.<\/p>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p>Trinh et al. (2025) provided an important bridge between psychology and cybersecurity,<br>showing that cybercrime prevention requires understanding human behavior as much as<br>technology. By applying social science principles and recommending multi-level strategies, the<br>study highlights paths toward reducing risks and protecting society from evolving digital threats.<\/p>\n\n\n\n<p><strong>References<\/strong><\/p>\n\n\n\n<p>Trinh, D. T., Dinh, T. C. H., &amp; Tran, T. N. K. (2025). Exploring the psychological profile of<br>cybercriminals: A comprehensive review for improved cybercrime prevention. International<\/p>\n\n\n\n<p>Journal of Cyber Criminology, 19(1), 114\u2013137.<\/p>\n\n\n\n<p><a href=\"https:\/\/cybercrimejournal.com\/menuscript\/index.php\/cybercrimejournal\/article\/view\/452\/133\">https:\/\/cybercrimejournal.com\/menuscript\/index.php\/cybercrimejournal\/article\/view\/452\/133<\/a> <\/p>\n\n\n\n<p><strong>Article #2<\/strong><\/p>\n\n\n\n<p><strong>Introduction \/ BLUF<\/strong><\/p>\n\n\n\n<p>This article investigates how bug-bounty programs (crowdsourced vulnerability<br>discovery) function economically and what factors influence the number of valid<br>vulnerability reports organizations receive. The bottom line: Bug-bounty programs are<br>shown to be cost-effective and accessible even for smaller firms, because the supply of<br>ethical hackers is relatively price-inelastic, and firm size or brand prominence has limited effect on report volume. <\/p>\n\n\n\n<p><br><strong>Relation \/ Connection to Social-Science Principles<\/strong><br>The study connects to several social-science principles:<\/p>\n\n\n\n<ul>\n<li><strong>Incentives and motivation:<\/strong> It explores how non-monetary motivations<br>(reputation, community, altruism) influence hacker participation, beyond just payment amounts.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Crowdsourcing and collective action<\/strong>: The bug-bounty model taps into<br>decentralized networks of ethical hackers, illustrating principles of volunteerism<\/li>\n\n\n\n<li>and group behavior.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Trust and transparency:<\/strong> Organizations need to build vulnerability disclosure<br>policies and trustworthy relationships with hackers to encourage participation.<\/li>\n\n\n\n<li><strong>Inequality and access<\/strong>: The finding that smaller firms can benefit suggests<br>democratization of cybersecurity talent, linking to social-justice\/inequality themes.<\/li>\n\n\n\n<li><strong>Organizational behavior \/ change<\/strong>: Firms adopting bug-bounty programs<br>represent shifts in internal practices and cybersecurity culture.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Risk perception and behavior<\/strong>: The authors discuss how firms\u2019 willingness to<br>adopt bug-bounty programs is tied to perceptions of cyber-risk and resource constraints.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Network effects and economic externalities<\/strong>: The study examines whether<br>adding more programs increases competition or expands the hacker pool (positive network effect). <\/li>\n<\/ul>\n\n\n\n<p><strong>Research Question \/ Hypothesis \/ Independent Variable \/ Dependent Variable<\/strong><\/p>\n\n\n\n<ul>\n<li><strong> Research Question<\/strong>: What factors determine how many valid vulnerability<br>reports a firm\u2019s bug-bounty program receives? Do firm size, brand profile, bounty<br>amounts, program age, industry, and number of new programs influence report volume?<\/li>\n\n\n\n<li><strong> Hypotheses:<\/strong><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"wp-block-group__inner-container\">\n<ol>\n<li>Higher bounty amounts \u2192 more valid reports.<\/li>\n\n\n\n<li>Larger firms \/ stronger brands receive more reports.<\/li>\n\n\n\n<li>Older programs receive fewer valid reports over time.<\/li>\n\n\n\n<li>Entry of new bug-bounty programs may reduce reports for existing ones (competition) or increase them (network effect).<\/li>\n<\/ol>\n<\/div><\/div>\n\n\n\n<ul>\n<li><strong>Independent Variables<\/strong>: Bounty amount, firm revenue\/size, brand profile (proxy<br>via Twitter followers), program age, industry dummy variables (finance, retail,<br>healthcare, etc.), number of new programs in the month. Semantic Scholar<\/li>\n\n\n\n<li><strong>Dependent Variable:<\/strong> Number of valid vulnerability reports submitted to a firm\u2019s program in a given month. Semantic Scholar<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Types of Research Methods Used<\/strong><\/p>\n\n\n\n<p>The authors employ<strong> quantitative methods<\/strong>: they use a large panel dataset from the<br>bug-bounty platform HackerOne covering August 2014 to January 2020, comprising<br>thousands of observations. Semantic Scholar They apply econometric modelling<br>(regressions, instrumental variables) to control for endogeneity. They also mention<br>qualitative elements (interviews with HackerOne staff and researchers) but the core method is quantitative.<br><\/p>\n\n\n\n<p><strong>Types of Data Analysis Used<\/strong><\/p>\n\n\n\n<p>The authors use ordinary least squares (OLS) regressions and then move to two-stage<br>least squares (2SLS) with instrumental variables to address potential endogeneity. They<br>also perform fixed-effects regressions and robustness checks (e.g., using different<br>proxies for brand, bounty amounts) to test the stability of results. <\/p>\n\n\n\n<p><strong>Connections to Other Course Concepts<\/strong><\/p>\n\n\n\n<p>This study reinforces our module\u2019s concept of <strong>cost-benefit analysis in cybersecurity<br>policy: <\/strong>bug-bounty programs are framed economically and the article provides<br>empirical support for their cost-effectiveness. It also links to<strong> human\/social factors in<br>cybersecurity:<\/strong> understanding the motivations of hackers (social behavior) is crucial.<br>Further, the concept of <strong>incentive alignment<\/strong> (an agent vs principal issue) appears here<br>\u2013 organizations aligning incentives for external researchers. It challenges the<br>assumption that only large firms can benefit from advanced cybersecurity measures,<br>underscoring the democratizing effect of crowdsourced vulnerability discovery.<\/p>\n\n\n\n<p><strong>Connections to the Concerns or Contributions of Marginalized Groups<br><\/strong>While the article does not specifically focus on marginalized groups, its finding that<br>smaller firms (which often have fewer resources) benefit from bug-bounty programs<br>connects indirectly to issues of resource inequality in cybersecurity. Smaller businesses<br>may lack internal specialists and thus are often under protected; the crowdsourced<br>model opens opportunities for them to access security talent they couldn\u2019t otherwise.<br>Also, because ethical hacking communities often include younger, freelance, global<br>participants (including students), there is a dimension of broadening access to security work, possibly empowering under-represented individuals.<\/p>\n\n\n\n<p><strong><br>Overall Societal Contributions of the Study \/ Conclusion<\/strong><\/p>\n\n\n\n<p>In conclusion, the study advances our understanding of how bug-bounty programs<br>operate as a cybersecurity policy instrument through the lens of economics and social<br>science. It shows that such programs are viable for firms of all sizes, highlighting their<br>potential to improve global cybersecurity resilience by tapping into distributed talent.<br>This contributes to society by suggesting a scalable, inclusive approach to vulnerability<br>discovery and reminding organizations to consider social dynamics (motivation,<br>network, culture) alongside technical measures. It also points to future directions:<br>measuring bug severity, expanding scope of programs, and further understanding hacker motivations will help refine policy design in this space.<\/p>\n\n\n\n<p><strong>Reference<\/strong><\/p>\n\n\n\n<p>Sridhar, K., &amp; Ng, M. (2021). Hacking for Good: Leveraging HackerOne Data to Develop<\/p>\n\n\n\n<p>an Economic Model of Bug Bounties. Journal of Cybersecurity, 7(1).<br>https:\/\/doi.org\/10.1093\/cybsec\/tyab007 Semantic Scholar<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Article Review #1 Introduction The article by Trinh, Dinh, and Tran (2025) examines the psychological traits of cybercriminalsand their broad implications for crime prevention. Using a systematic review of 1,200 studies(with 45 meeting inclusion criteria), the authors bring attention to the connections betweenpsychology, criminology, and cybersecurity while giving recommendations for law, policy, and practice. Relation&hellip;<\/p>\n","protected":false},"author":31325,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/pages\/257"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/users\/31325"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/comments?post=257"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/pages\/257\/revisions"}],"predecessor-version":[{"id":258,"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/pages\/257\/revisions\/258"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/mharpercyse201\/wp-json\/wp\/v2\/media?parent=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}