Free Writes
A collection of all the free write assignments completed.
FR 1: Hey everyone, I’m Mouhamed from Alexandria, VA. I’m a junior here at ODU and my major is finance. My career goals are real estate development and investment banking. I really enjoy working out, playing basketball and playing video games at times.
FR 2: The first job I found on indeed.com is Jr Financial Analyst. The requirements were Associates degree with 2 years of relevant experience, experience with UFMS, and must be eligible to obtain and maintain a US government security clearance. To fulfill these requirements, I will finish my bachelor’s degree, take courses on UFMS to familiarize myself with the system, and apply to have my background checked by the US government via their website. The second job I found was Financial Advisor at Merrill Lynch Wealth Management. The requirements are, experience managing client portfolios and driving growth, a bachelor’s degree, and have proven relationship building and business development skills. I will need to complete my bachelor’s degree and work as a financial advisor intern. The third job I found is Wealth Manager at McAdams Financial. The requirements are, bachelor’s degree in business and US citizenship or permanent resident. To fulfill these requirements, I need to finish my bachelor’s degree.
FR 3: If I were a policy maker, I would obligate companies with more than 20 employees to implement a minimum set of cybersecurity requirements in the following sectors; education/awareness and Technology. The first requirement I would have implemented is that all employees must take a short cybersecurity course following their employment. This would educate all employees and employers in being educated enough to minimize the risk of a company security breach. Educating and increasing awareness of cybersecurity also helps individuals outside of the work environment. The internet is becoming more of an extension of us individually and learning to protect ourselves in this realm can benefit companies. To ensure that companies are abiding by this requirement, fines will be imposed to companies that are not compliant with the policy. The reason so is because it is imperative that companies are well versed in cybersecurity. The second requirement is that companies must make sure that employees are well versed with the newest technology/software that is heavily used in their industry. Technology is advancing at an exponential rate and with that being said, employees have to stay up to date to not only stay competitive in the job market but to also maintain high security. I wouldn’t impose fines because it’s already a big incentive for companies to want to hire as many knowledgeable employees as possible so fines would not make sense.
FR 4: 23andMe has an account breach affecting millions of users’ accounts giving hackers access to millions of people’s genetic information. The hackers were able to achieve this breach by sending mass spam emails containing malware that infects computers when a link is clicked. This would grant the hackers access to people’s accounts hence their genetic information. The hackers then offer to sell the hacked accounts back to 23andMe as ransom and threaten to post user information online for the world to see.
Millions of people’s information could be at risk and 23andMe business integrity would be affected. The worst-case scenario would be that the hackers sell the information to insurance companies, researchers, banks, the police, or nefarious individuals. Insurance companies could decide not to insure someone or make them pay more if they know that they have a high risk of getting a disease or illness. Banks could decide not to give someone a long-term loan if they know that person has a high chance of dying sooner than they can pay back their loan. The police could track people based on their DNA tests and pin down on high risk individuals without their knowledge. This could be prevented by having 23andMe enforcing a 2-factor authentication system and encouraging its users to change their passwords often. They could also prevent this by updating their firewall options and upgrading their remote devices. All user traffic can be diversified on more than just a few ports to reduce the amount of people hacked in case that occurs again.
FR 5: The 5 questions I would ask potential candidates interested in an information security officer position would be the following; How many years of experience do you have in information technology? How do you plan on building a risk-aware culture and securing the workforce at our company? How often do you expect your fellow information security officers to keep up to date with new software updates? How do you make sure authorized personnel outside the company receive classified information in the most secure way possible? How important is it to you to keep track of what information is being communicated within the company? These questions are important because the role of an information security officer is to establish and maintain the company strategy and program to make sure that information assets are adequately protected. These questions give me insight on how the potential candidates would go about strategizing and maintaining a program that ensures that information within the company is well protected. The responses I would want to hear from the potential candidates would be; “I would begin by defining the risks and goals as well as educating all users on taking as many measures as possible to ensure that any information they send is as protected as possible via encryptions.” “It is absolutely imperative to keep track of what information is being passed around within and outside of the company.”
FR 6: Cryptographic software that develops security systems that encrypts banking transactions
Yacht GPS tracking
Blog about security systems that updates professionals and individuals interested in cybercrime/security about updates and new technology
E-commerce Analysis software for online businesses
Regulate online traffic for online businesses to detect potential threats
Security training for businesses
Encrypt sensitive data for big corporations to reduce hacking attacks
CCTV camera production
Update company security software systems for companies
Risk management training for companies
Identity theft online protection
Training center for students seeking cybersecurity certifications
YouTube copyright claim protection system to protect content creators
Business Plan: YouTube copyright claim protection system to protect content creators.
Executive summary: There has been an increase in unrightful copyright claims against content creators causing them to lose much needed revenue income. Many bigger entities and youtubers have been abusing youtube’s copyright system to silence smaller youtubers who criticize, review, or use their content in a transformative way. This is the case because YouTube automatically forces content creators to either go to court which can be quite expensive with lawyers and other fees or give up all revenues to whoever claims their content under copyright infringement. This company offers a copyright protection system that analyzes claims and protects content creators.
Target audience: YouTube content creators looking to protect their content and revenue streams.
Capital Needed: To start up, this company would need $45,000 to set up the software system, advertisement, and to hire developers. To obtain the capital needed, the company can look to gain investors and partnerships with youtubers and YouTube themselves.
Maintenance: To maintain the company, there will be a constant search for cases to investigate and offer help to any content creator in need of assistance.
FR 7: 3 rewards:
- Small salary raises every year an employee is up to date with security training. This would be effective because it is a great incentive for employees to want to be more proactive in keeping up with their security training.
- Increase vacation time hourly for every few hours of security training completed. Giving employees the option to either receive more vacation time or high compensation for being proactive in keeping up with security training can give employees more of an incentive to keep being safe.
- Make sure security training programs are actually helpful and enjoyable endure. This gives a sense of enjoyment to employees rather than dreading training.
3 sanctions:
- Provide a solid written security policy to ensure all employees are aware of what is and is not allowed. This will be effective because the more aware the employees are, the less likely they are to make a mistake and cause information to be vulnerable.
- Limiting information access to all sectors of the office. This is important for security because it makes sure that employees don’t have access to all of the company’s information, only the information that is important to their sector is what they know. This will make sure that in case of an information leak, all of the company’s information will not be at risk.
- Deleting data that is not needed anymore. It is imperative that employees are trained to delete any data that is no longer needed as the more information that is stored online, the greater the risk of an information leak.
FR 8: Prompt: What do you think will be the biggest challenge in cybersecurity in the next 20 years? What do you think will be the most successful counter-measure for this challenge and do you think it will come from individual actions of employees/leaders, corporate practices and policies or federal/state/international agreements and laws?
According to the paper, Ommeren, Borrett and Kuivenhoven state that 70% of security executives expressed concern about cloud and mobile security. I think this will be one of the biggest challenges in cyber security in the next 20 years. Cloud and mobile security require new processes, technologies, and security designs. These changes could pose a hacking threat if cybersecurity professionals don’t prepare adequately enough for them. Technology doesn’t wait for us; it will always keep advancing.
The most successful counter measure for this challenge will be to require systems developers to gradually integrate new technologies to give enough time for cybersecurity professionals to adapt and prepare for new and continuous changes. This will help newcomers into the industry as well as experienced professionals to learn, study, develop, and teach new security measures and stay up to date. There should also be a centralized system that regulates how quickly new technologies are released. These solutions would most likely come from actions of policies, and federal/international laws and agreements. It makes sense to me that 1 large body of professionals and developers work together to regulate security practices as well as technological releases because things could get out of hand if individual companies and entities release new technologies at will. The internet for example is one of mankind’s greatest inventions yet a large portion of the world doesn’t even know how it works nor do they have access to it. With cloud and mobile security and other such technologies being released more frequently than ever in the history of our race, I think that there should be a governing body regulating it. It will soon begin to affect our moral and ethical standards and we need to worry about this now while we still have time.
FR 9: The 5 benefits of using a Virtual Private Network otherwise known as a VPN. are improved security, increased anonymity, the ability to bypass geo-restrictions, remote access to one’s information, and some VPNs include trackers. With improved security, users of VPNs enjoy the luxury of knowing that they have less chances of getting hacked than your average internet user. Along with the security, anonymity is even easier to achieve with a VPN as well. VPNs allow for users to bypass geo-restrictions for example, Netflix is restricted in China, however, with a VPN you can bypass the restrictions. This also goes for other websites. Users of VPNs are able to remotely access their information on the internet such as safe password banks for all accounts they use. Finally one of the best benefits of VPNs is that they block trackers that companies such as Google and Facebook use to sell to businesses for advertisements.
The 5 downsides of using VPNs are, it can be illegal in certain countries, there may be performance issues, potential risk of VPN service to track and store your data, it doesn’t guarantee anonymity, it does not bypass all restrictions. VPNs can be illegal in certain countries to begin with. With the sometimes high computational power they use, they can sometimes cause performance issues when on the internet. A lot of VPNs actually store their clients’ data with the intention to sell it, basically what Google and Facebook are already doing. Despite the promises, many VPNs don’t actually guarantee full anonymity. Lastly, a lot of VPNs don’t actually bypass some restrictions.
Overall, VPNs are more disadvantageous than they are promoted to be beneficial. They have a lot of great components, however, there are a lot of things people don’t actually know about VPNs and their limitations. People putting their full trust in them is just as dangerous as not having one. Unless you pay high fees to get some more layers of protection on the internet.
FR 10:
Male, 35, Florida, USA.
Male, 24, Georgia, USA.
Female, 56, Michigan, USA.
Female, 37, Florida, USA.
Male, 32, Maryland, USA.
Male, 37, Nebraska, USA.
3 Males, 2 of them are 32 and 1 is 29, Minnesota/Missouri, USA.
Male, 31, Montana, USA.
Male, no specified age, Puerto Rico.
Male, 49, Iowa, USA.
I found that many of these cyberstalkers seem to be people with very low social intelligence. They typically target people they know such as an ex, coworker, associate, or minors. The people targeting minors I think feel a sense of power and dominance when threatening them.
FR 11: This does constitute cyber warfare. This is the case because of the impacts it has on the US. Russia is disguising their harmful intentions through the internet and taking advantage of the ignorant/misinformed to sway election results into what they want. This destroys the integrity of democracy in the country as it is using people’s religious beliefs to sway public opinion hence separating people further. This leads to more violence, riots, and political unrest in the country which Russia intends to use to gain an advantage on the US’ civil turmoil.
The political ramifications include political unrest as we’ve seen since 2016, corruption from our leaders, and how divided we have become as a country. It’s possible to even say these actions have caused the state of our society today (a hostile environment politically. Businesses now rely heavily on the politics of today to advertise to people they share a belief in.
On the other side, this could be deemed as not being cyber warfare because the internet is simply free and open. Anyone can use it to post anything. Opinions are allowed on all platforms so long that they are not offensive. As we become more connected online, more and more people’s voices are heard and social media/news companies allow us to filter what kinds of news we’re exposed to. It’s good for their business and people hold firmer onto their ideologies. What the Russians did, just proves that cyber security for our nation should not be taken lightly.
FR: 12 In 20 years, I think the biggest cybersecurity challenge we will face will be figuring out how to fairly regulate the internet without abusing anyone’s rights. In the future, a larger percentage of the world population will have regular access to the internet and more people will be able to do a lot more that possible today with the power of the internet. Countries will have to face the challenge of regulating cyberspace from criminals while making sure to protect people’s basic rights such as freedom of speech.
I would advise future policy makers to be careful when attempting to regulate the internet. The first generation that must experience that extreme of a shift will not take this very easily. The internet has always been a free and open space that anyone can participate in. Regulating it at too fast of a pace could cause a lot of trouble worldwide. Countries should also focus on tightening their cybersecurity against each other. Cyber warfare is becoming more of a reality every day. We see countries interfering with elections via the internet today and over time, things will only get worse unless the internet becomes a lot more regulated.
There should be one overseeing body that regulates the internet along with countries. I am suggesting a system like the UN and every nation in which the UN oversees the world climate and implements regulations that all countries must agree to abide by. Doing the same thing for the internet will make things a lot safer and the security across the internet could better be tackled with sufficient support and resources from a large central body that regulates it.
FR:13 A great example of social engineering are the infamous Indian call center scammers. They acquire a large sum of phone numbers every month and attempt to call as many of them as possible. They typically target older people and impersonate as tech support callers working in large American tech companies. Once they’ve gotten a hold of a will-be-victim, they will attempt to connect their computer to yours and either steal all your valuable information such as bank account information, computer files, or simply take over access to one’s computer.
They typically use a wide variety of psychological mechanisms such as phishing, baiting, and quid pro quo. The most popular method however is vishing otherwise known as when a scammer attempts to get information from you on the phone. The obvious beneficiary would be the scammers because they receive valuable information to harm people with. The United States has been fighting these cyber criminals by giving prison time. I would suggest that people not open or answer phone numbers or contacts they do not know and to always avoid giving information about oneself to anyone they do not know over the phone or internet.
Recent Comments