Journal Entries

Journal Entry 1:

The investigation role category sounds interesting, as I am currently unaware of how exactly investigation takes place in the virtual environment. Prosecution against threat actors can also serve as a proactive function of preventing future attacks, as the perpetrator would be unable to carry them out assuming they were apprehended and given a trial. Specifically, Cybercrime Investigation as the work role appeals to me more than Digital Evidence Analysis.

The work role category on Cyberspace Intelligence appeals to me the least. I do not think that analyzing the cyberspace programs of companies from other countries would really be something I could see myself doing as a career for long, because then I would rather just analyze digital evidence.

Journal Entry 2:

The principles of science relate to cybersecurity because the natural sciences closely relate to the social sciences. Objectivity is important because those who study the sciences need to be objective in their research, which applies to cybersecurity specialists as well. Parsimony involves simplifying explanations, and cybersecurity is often a difficult thing to explain due to how vast it is. With parsimony, it becomes easier to explain even if the subject matter is inherently complicated. 

Empiricism means that we can only study what is real to our senses, which leads into empirical research. This prevents new cybersecurity findings from being backed by opinionated sources or research. Determinism is useful for determining why threats to cybersecurity happen, as it explains how criminal behavior occurs from past events.

Journal Entry 3:

Researchers can use the information on the site to predict and protect more vulnerable industries more efficiently. Financial services, which include banks, are often the prime target for breaches. It is easiest to know that a attack occurred, but researchers may run into a problem with agencies leaving out crucial information. The nature behind the attack, duration, and where exactly it happened is often not disclosed.

However, it is also possible for researchers to examine the attack themselves and cross-reference them with other instances of breaches to try and pinpoint the exact cause behind the attack. Having as many reports of breaches as possible, no matter how small, can help in assisting research in the long-term. 

Journal Entry 4:

The physiological needs level of Maslow’s Hierarchy of Needs involves digital technology. My PC had broken down during finals week of my first semester, so losing it then made me more anxious than I normally would’ve been. As for safety needs, these are met by enabling two-factor authentication technology onto my device. Belongingness is achieved through interactions online, and is also something I use to communicate with people I know in real life. Esteem needs involve accomplishments, and personally involve succeeding in video games or viewing a great test grade on Canvas. Lastly, self-actualization was achieved when I scored in the top 3 of a countywide cybersecurity competition during high school. It felt like the effort I put into the tests were actualized themselves.

Journal Entry 5:

  • 7. Multiple reasons makes the most sense to be first, as other issues such as mental health and environments can influence someone, not just singular reasons such as ‘boredom’. 
  • 6. Money makes sense as a motivation because it is something almost nobody can go without. 
  • 2. Political reasons makes sense, because politics are known for causing strong divides and emotions in people. They may feel wronged about policies and attack those they believe were involved.
  • 1. Entertainment is often used for people to pass the time with and often happens in video games.
  • 3. Revenge makes sense here because the majority of people do not like the feeling of being wronged, so they take it out on other people to make themselves feel better. This isn’t as common, though.
  • 5. Recognition is harder to achieve when hacking, especially if it is done on behalf of a group. Personal recognition especially is bad, as it makes it easier to get caught. It doesn’t make much sense to want.
  • 4. Boredom makes the least sense here as it is the reason behind entertainment and is essentially involving the same thing.

Journal Entry 6:

Fake websites hold three certain characteristics that make them stand out from real ones. 

Firstly, the page may be a .com link instead of .edu or .gov. It is the quickest way to identify bad sites and is a good thing to check whenever entering a new one.

Secondly, there is another method in the link. They may use a name incredibly similar to the page attackers are trying to copy, and this method works on those who are less attentive.

Lastly, constant grammatical errors or formatting issues on the site itself can be suspicious and a sign of a fake website. Most sites want to appear as professional as possible, so taking note of mistakes such as that may help you identify a bad site.

Journal Entry 7:

The first image is an example of someone working on servers. The caption relating to Parsimony works here because it could’ve made a difficult job much easier with a good summarized explanation of what the worker had to do. 

The second image is referring to Maslow’s Hierarchy of Needs, specifically the second level which is safety needs. Using a VPN can help protect your activity online from prying eyes, and are often vital in making sure people can feel secure when browsing the web.

The third image is a man completing yet another survey. Surveys are very popular among cybersecurity researchers, and the person in the image is tired of completing them due to how often they are sent out.

Journal Entry 8:

Most media portrayals of cybersecurity are generally inaccurate but do have some realism mixed into it. There’s often people simply typing on a keyboard and they successfully hack or locate a IP within only a few seconds. It is extremely simplified and does not give a accurate portrayal of what cybersecurity is really like. However, there are a few examples of media that take the time to make the scenes really accurate to cybersecurity.

One of the movies in the video includes a SSH exploitation method that was only discovered a month before the movie began filming. This is a extremely good portrayal and does give a good idea of what cybersecurity may look like.

Journal Entry 9:

I scored a 1 on the scale, as I said ‘yes’ to the question asking about whether or not social media is used as an escape. Generally, I don’t rely on social media that often to escape my problems, as I think sleeping on it works better for me. Regardless, it is the answer I would’ve been most likely to say yes to. I believe the items on the scale make sense and are applicable to a large amount of people, so I believe it can be a helpful tool assuming answers are chosen honestly. Different patterns can be found throughout the world because not every society is the same. Some places will have more or less access to social media, so answers are going to vary. Even more so depending on the individual person.

Journal Entry 10:

The control of information in regards to warfare has always been an interesting topic, and my response to it is that many of the concepts discussed in the article are entirely new to me. Things such as network maneuvering and community building are terms I were not aware of, but always had a slight idea in my head that it was happening in certain places of the world. Because social cybersecurity is becoming increasingly important in regards to national security, I believe that cybersecurity professionals should begin researching this topic specifically. There could be a chance that the government needs to enlist more workers, and knowing about the problem before you’d be assigned to handle it would be incredibly beneficial. 

Journal Entry 11:

During the presentation, it is possible to correlate the cybersecurity analyst job to the social behaviors and norms of cybersecurity. It is part of a culture that includes collaboration with other professionals and developing norms with your office community such as the prevention of tampering with analyzed data and the call to protect the core of the internet. Networking is mentioned in the video, and it is also vital for obtaining an analyst job in a difficult field. It is all part of the professional subculture of cybersecurity such as being paid legally, which is mentioned in the video with a salary of $117,000. 

Journal Entry 12:

Liability is a economic theory that can be applied here. Credit card information trusted to the website was obtained by hackers, and consumers would hope that the company takes liability for the potentially costly mistake. Cybersecurity Insurance can also be used here to prevent against extortion, which could be possible due to hackers obtaining debit and credit card details by force in the data breach notification.

Neutralization Theory can be applied here because the hackers would have reason to use denial of injury. Nobody was physically hurt in the attack, which is true, so it fits with the type of data breach. Personality Theories and traits can also be applied here, such as a openness to experience. This trait is closely related to black hat hacking, which is criminal hacking, and would fit the type of crime listed in the notification.

Journal Entry 13:

I believe the literature review is deeply educational in regards to data collected on companies of various wealth, what type of companies are frequently attacked, and that the value of bug bounties can be applied to virtually any company and would more than likely be worth the cost in the long-term. Bug-bounties are also similar to white hat hacking, so the research isn’t inherently confusing and may even be familiar to first-time readers. The mentions of policies involving drugs interfering with IT talent is something I was not aware of, so there’s still plenty to learn.

I also consider the conclusion to strengthen the review itself because it admits that their research had gaps and could not cover everything. This is stated in the conclusion of the article, but then transitions into establishing a future goal of identifying additional variables in regard to hacker supply, which involves the malicious targeting of supply chains.

Journal Entry 14:

I believe, in no particular order, that the most severe violations listed would be Cyberbullying, Sharing Addresses of Others, Identity Fraud, Illegal Searches on the Internet, and Collecting Information on People Younger Than 13. 

Cyberbullying is extremely mentally damaging and could lead to a loss of self-esteem, avoidance of social scenarios, and possibly even suicide. Sharing addresses of other people even accidentally could lead to the person at the address becoming in danger, as anybody can go there or harass someone if they know a exact address. Identity Fraud can be used for defamation and scams, which would definitely harm the older generation who are more susceptible to those tricks. Illegal searches for certain types of content or weapons is incredibly serious and can often be warning signs before the individual commits a crime. Lastly, collecting information on people younger than 13 is illegal because of the Children’s Online Protection Act and is generally of a more serious nature due to the age of the person in question that has their data collected.

Journal Entry 15:

I believe the speaker’s career in digital forensics relates to the criminology factor of social science. Forensics is closely related to evidence-gathering in relation to crimes, and criminology involves the studying of crime, criminals, and society’s response to the actions they take. It can also be considered under the criminal justice discipline, It also has a relation to archives, which would be records obtained from forensics work. 

The speaker’s pathway to his career was slow and steady. He started off in accounting, which is a field that is considered extremely similar to the economics discipline. From there, he worked his way up over a period of 17 years to the stable career he has now.