Analytical / Reflection on Nature of Cybersecurity Policies

Posted by mbowl012 on

This paper argues that although cybersecurity depends heavily on forecasting attacker behavior, “The Short Arm of Predictive Knowledge” reveals how prediction consistently falls short in the face of human unpredictability, system complexity, and rapidly evolving threats.


The CIA Triad
The CIA Triad is defined as three things, starting with confidentiality. Confidentiality deals with keeping sensitive information secret, meaning only authorized eyes should be allowed to view this information. Confidentiality is incredibly important because malicious attackers may abuse the data they gather from sensitive documents, which is why keeping this data private is crucial to an organization. Integrity is the I in the CIA triad, and this deals with making sure that files remain untampered with. Keeping files secure and uneditable is easy and essential to a successful, strong security. Making multiple copies of a piece of data is one of the many crucial steps to securing valuable information. Finally, availability is the final part of the CIA triad. Availability is the ability to get access to data easily. Without availability, data can’t be accessed, and neither can websites, documents, folders, etc. All of these sides of the triangle are equally as important as each other, but having one of these sides down will affect every single side of the triangle.
The CIA has many different types of mitigation strategies, like using antivirus, IPS, IDS, backups, and many different methods of securing data. It is important to have the proper mitigation strategies in place, as securing data is an important step in cybersecurity. For example, data can be secured by encryption which fulfills its confidentiality. Having multiple backups of one piece of data will secure its integrity, and keeping physical copies of the data secures its availability. This can mitigate attacks against cybercrime, and bolster your defense.

Cybercrime
Cybercrime is incredibly prevalent, especially in today’s society where a good percentage of things now operate with some sort of technology. Cybercrime is defined as any illegal activity conducted using computers, networks, or digital devices, such as hacking, identity theft, fraud, and malware attacks. Cybercrime can occur so frequently due to the difficulty of carrying out these cybercrimes, which is why it’s important to bolster your personal computer’s security so data doesn’t become affected.
For example, a group of kids will probably not bully another kid at school because they could get in trouble, so they get rid of this risk by cyberbullying a person on social media, masking their identity and making it harder for people to trace the originality of the bullying. This makes cybercrime much more accessible because it is more difficult to trace the offenders of cyberbullying. Another example is pirating movies, shows, or games. Piracy is a crime because you’d be using a service for free, which means it’s stealing. Furthermore, this makes piracy much more accessible, because piracy is just a click away on most illegal tv streaming sites. As a result, this also increases the desire to pirate because people would rather pay or use a service for free than spend their money to use a service. It’s easily accessible, and piracy isn’t really enforced. Studies show that around 10 to 30 percent of adults pirate some sort of media, showing a peek on how many people truly pirate media (Mann, 2024). Piracy is enforced, however, law agencies will target the larger-scale distributors rather than the individual downloaders, which is why people who pirate media don’t really worry about getting caught by law enforcement.


White-Collar Cybercrime
White-collar cybercrime is about the same thing as cybercrime, except more formal, and more focused on the financial aspect of cybercrime. White-collar cybercrime focuses on the financial aspect of the crime, targeting funds and resources for their own personal gain. Furthermore, white-collar cybercrime is usually orchestrated in groups of malicious attackers, which makes this incredibly sophisticated compared to regular cybercrime. Due to its sophistic nature, stronger mitigation must be put in place compared to regular cybercrime.
For example, a group of teenagers might have trouble robbing a bank in person because their physical security is enormous leaving no clear path for them to exploit. As a result, they may target other areas, like their technology, to examine and exploit any weak points in their cybersecurity. This makes cybercrime much more accessible to anyone as opposed to regular crime. Anyone can carry out something illegal, but it’s easier and safer to carry out illegal acts online where you can mask who you are, rather than in person where you can be identified solely based on biometric data, like your height. This is called white-collar cybercrime, as it is done primarily online, targeting different areas like accounts, authorization, personal data, transactions, etc.
It is also important to recognize the difference between regular cybercrime, and white-collar cybercrime. White-collar crime is more organized, more sophisticated and usually targeting resources or finances of a victim and/or organization. Whereas cybercrime is defined as more petty crimes like cyberbullying, or pirating media. Knowing the difference between the two shows how severe a cyber threat truly is, as white-collar is more dangerous than regular cybercrime due to its organizational structure.

The Need to Rethink Cyber Policy Amid Rapid Technological Change
Having numerous threats emerging from seemingly nowhere necessitates a force of security to grow with it as well, which makes rethinking cyber policies important. As cybersecurity grows, cyber threats also grow with it. Staying with a static policy will ultimately result in that organization’s downfall. Having an adaptable cyber policy that’s ever changing is the most optimal way to survive in the cybersecurity world. Take the NIST framework for example. It’s incredibly adaptable with any other framework outside of the NIST organization, and it works hand-in-hand with the other framework very nicely. It was also recently updated, which makes this framework incredibly relevant. Furthermore, it covers many of the bases in the cybersecurity world, and can be used with any organization, large or small. All of these characteristics of the NIST framework makes this an incredibly useful policy to imply within an organization, and it also shows why having a proper cyber policy is important. Even if you stick with this current cyber policy, it is possible that it could become outdated and eventually fail against a stronger malicious attacker.
Conclusion
When​‍​‌‍​‍‌​‍​‌‍​‍‌ looking into the predictive aspect of cybersecurity, it is evident that the most sophisticated frameworks and defenses are still not able to surpass the limitations of predicting human behavior, technological evolution, and system complexity. Securing information is still based on the CIA Triad—confidentiality, integrity, and availability—however, these principles cannot foresee every new threat.
As cybercriminals along with cybercriminals of a white-collar nature continue to grow due to factors such as accessibility, anonymity, and sophistication, the defenders are up against enemies who not only exploit human vulnerabilities but also technical ones in a manner that is hard for them to predict. This fact points to the significance of the instrument of adaptive mitigation, also continuous monitoring and layered defenses. The ever-changing and unforeseen character of the cyber world is in line with the argument raised in “The Short Arm of Predictive Knowledge” that prediction will always be inadequate when it comes to rapidly evolving technologies and determined attackers. Accordingly, it is suggested that organizations should opt for cybersecurity policies that are flexible and ever-changing, like adaptable frameworks such as NIST, rather than static ones that are outdated.
Cybersecurity cannot be resolved in one instance but rather it demands a continuous effort of foreseeing, adjusting to, and dealing with threats that can suddenly arise. By being adaptable and aware of the intrinsic limitations of prediction, organizations put themselves in the best possible position to deal with an unknown digital ​‍​‌‍​‍‌​‍​‌‍​‍‌future.
















References
Mann, C. (2024, October 11). Study: Impatience, price drive US content piracy. Advanced Television. https://www.advanced-television.com/2024/10/11/impatience-price-drive-us-content-piracy/
05b_6329-White-collar-cybercrime-White-collar-crime-cybercrime-or-both-module7 – 202510_CYSE200T_18507 CYBERSECURITY-TECHNOL-SOCIETY – Perusall. (n.d.). https://app.perusall.com/courses/202510_cyse200t_18507-cybersecurity-technol-society/05b_6329-white-collar-cybercrime-white-collar-crime-cybercrime-or-both-module7?assignmentId=WCsqRHr9tdLcEZmqR&part=1
READING: Cybersecurity and Criminal Justice: Exploring the Intersections (payne-hadzidimova) – 202510_CYSE200T_18507 CYBERSECURITY-TECHNOL-SOCIETY – Perusall. (n.d.). https://app.perusall.com/courses/202510_cyse200t_18507-cybersecurity-technol-society/reading-cybersecurity-and-criminal-justice-exploring-the-intersections-payne-hadzidimova?assignmentId=2jPeDRhiqzeS2Fpjw&part=1


Appendix
AI was used for this assignment, only to build the framework and document where I should place my information. Everything was hand-typed by me.

Leave a Reply

Your email address will not be published. Required fields are marked *