CYSE 200T

Introduction to Cybersecurity: Journal Entries.

Journal Entry #1: Why are you interested in cybersecurity technology?

I am interested in cybersecurity technology because it is a field that is both personally rewarding and important for modern society. Cybersecurity technology has a 0% unemployment rate and pays generously because of how important it is in the modern world. Not only is cybersecurity technology rewarding financially, it is also mentally rewarding due to how interesting the field is since it is always advancing. There is always new technology being developed which ensures the field continues to change. Cybersecurity technology is also an extremely important job for the inner workings of modern society as it ensures that organizations are able to run full time and provide for consumers as necessary. Professionals in the field are responsible for preventing most actions that would cause the organization’s vital computer systems to not work as intended. I always knew I would probably want to work in a field involving technology since I was young because of how much I enjoyed using it. I wasn’t sure which field until I took some cybersecurity and network management courses through a program at my highschool. I immediately realized that I was going to want to pursue a career in the cybersecurity field because of how much I had enjoyed my time in those classes. Not only was the course material extremely interesting and interactive, the teachers and students I had met along the way were extremely important in helping me decide that this field was right for me. Furthermore I had interned with a technology organization focused on helping the local community in providing computers for high level education which I enjoyed immensely. All my previous experiences helped me realize how interesting and important cybersecurity technology is and how it will continue to be so in the future and as such I decided to pursue an education in the cybersecurity field. 

Journal Entry #2: Select four other majors offered by ODU and explain how those majors relate to cybersecurity.

For this journal entry, engineering, computer science, biomedical science, and finance majors were selected as the examples. All of these majors have a notable reliance on technology in some or multiple of their respective fields and as such are inherently related to the field of cybersecurity as it pertains to the continued functioning of their unique systems which carry out a variety of differing tasks relevant to the field in question. Engineering relates to cybersecurity in a variety of ways, one specific example would be in mechanical engineering which focuses on the construction of large scale computer systems for a large organization to utilize. In this example the wellbeing of the computer systems’ functionality relies on the implementation of cybersecurity practices to ensure that cybersecurity events don’t negatively impact the computer systems ability to function as intended. Computer science is more closely related to cybersecurity, since the focus of the field is on the processing of computers and computer systems. As such, the computers and computer systems in question are reliant on cybersecurity practices to function as intended so that computer scientists are able to carry out their professional duties. Biomedical science relates to cybersecurity in a few ways, one specific example would be the use of technology in advanced biomedical treatments as well as medical databases containing confidential information. Both important health functions and confidential information are reliant on the technology found in this field and as such relies on the implementation of cybersecurity practices to ensure that cybersecurity events don’t negatively impact the technology present. Finance relates to cybersecurity in some large ways, one specific example would be the computer systems and databases that run modern banking systems. These computer systems functionality is reliant on the proper implementation of cybersecurity practices to ensure that cybersecurity events don’t negatively impact the computer systems ability to function as intended. 

Journal Entry #3: Describe four ethical issues that arise when storing electronic information about individuals.

Four ethical issues that arise when storing electronic information about individuals are privacy, security breaches, system implementation, and inaccurate data. Privacy is one of the largest ethical issues that is associated with storing electronic information about individuals. Privacy in this sense refers to an individual’s information remaining confidential unless explicitly stated otherwise by the individual. It is the responsibility of both the individual and the organization that stores their information to properly protect confidential information and can lead to various legal gray areas and room for interpretation depending on the privacy policies and laws in the given area of residence. Security breaches are another large ethical issue associated with storing electronic information about individuals. Security breaches can expose individuals affected to identity theft and personal information collection efforts by malicious entities. Similarly security breaches have a negative impact on the trust in the organizations that are affected. A problem that accompanies this is the overall transparency of organizations when it comes to security breaches and overall issues concerning confidentiality since although it is required by law that most organizations report these incidents to affected individuals, the time frame in which they report about them is oftentimes skewed and hard to track down because of the nature of the incident. Another ethical issue that is associated with storing electronic information about individuals is system implementation. This more specifically refers to the integration of electronic information storage systems in organizations and explains that there is a certain level of assets necessary to implement such systems. This can cause issues in an organization since a relatively large sum and time allotment is necessary to acquire the necessary system components and human resources to manage information storage systems while also accounting for the assets necessary to maintain these systems. A lack of knowledge when implementing these systems can lead to wasted funds and overall negative impacts on the organization internally and externally as a result. Inaccurate data is another ethical issue that is associated with storing electronic information about individuals. This is not an issue unique to online information systems but it is uniquely exasperated by the convenience features found in most modern user interface systems which allow for a more efficient input and output of information. These convenience features and overall layouts associated with modern user interface systems have a lot of potential to be useful but also lead to a large number of unintended consequences since small mistakes in adding individuals information are often overlooked because of how easy it is to input new information. Similarly, these factors, although useful, can be limiting as there isn’t always the necessary considerations for additional individual information that fits outside of standard data sets.

Journal Entry #4: Compare cybersecurity risks in the United States and another country.

The United States is one of the most technologically advanced countries in the world alongside the likes of the United Kingdom. Both countries are at constant risk of cybersecurity events occurring and causing large losses of service as well as potential harm to the country and its citizens. Both the United States and the United Kingdom have critical infrastructure facilities that are vulnerable to cybersecurity threats which could lead to these disastrous events occurring. As such it is important to each country that they do their best in promoting cybersecurity measures that properly protect their critical infrastructure facilities from cybersecurity threats in an attempt to prevent and mitigate the effects that they could have on the country. Both countries face huge risks to the life of its citizens through the loss of service in any variety of critical infrastructures such as electrical, water, transportation, etc. A loss of electrical service caused by cybersecurity threats in either country could immediately lead to casualties due to the accidents that would no doubt be caused, as well as the inability for certain facilities to properly function, such as hospitals and other medical treatment facilities. Similarly, a loss of water service, or tampering with the systems caused by cybersecurity threats in either country could immediately lead to loss of life caused by accidents but more predominantly the lack of water caused by it or the lack of water quality caused by the tampering. A loss of transportation service or tampering with the systems caused by cybersecurity threats in either country could have a huge loss of life caused by the numerous accidents caused by loss of traffic light system functionality, train brake or shifting malfunctions, as well as aircraft signal loss. Both countries face a number of large scale and small scale cybersecurity risks because of the reliance that both countries have on technology within their respective societies. 

Journal Entry #5: Use the letters of the word CYBERSECURITY to list legal ways to make money in cybersecurity.

Create a program that talks to people when they get lonely and sell it.

YouTube videos explaining cybersecurity topics to students and monetizing the channel. 

Batch file that gives reminders for general computer maintenance facts and sell it.

Engineer a program that assists students in staying motivated and sell it.

Respond to general cybersecurity questions on a monetized website you made.

Survey individuals regarding cybersecurity and monetize the results.

Emulate custom graphics for interactive stickers on computers and sell the program.

Cumulate a mass of knowledge in the field of cybersecurity and do paid speeches.

Undergraduate research for cybersecurity that has monetary incentives.

Report cybersecurity issues that you found to organizations with a bounty system.

Initiate a cybersecurity company.

Teach cybersecurity as a teacher at a University.

YouTube shorts describing different cybersecurity jobs and monetizing the channel.

Journal Entry #6: How has cyber technology created opportunities for workplace deviance?

Technology has created many opportunities for workplace deviance, one such example is the use of technology in the workplace in a distracting manner. This more specifically refers to any action using technology whether by employee or customers in a manner that would divert employees attention away from their job. More typically by the employees themselves using personal devices for entertainment when work is slow as a method to pass the time by despite still being on the clock. Another such opportunity that technology has created for workplace deviance is the use of technology to steal company information. This more specifically refers to the use of technology by employees to steal confidential information from a company by sending it online or obtaining it physically via a USB or the like in an effort to profit personally by selling the information or for personal gain in another manner. Technology in this instance is acting as an easily accessible reservoir of information that the employee was able to more efficiently siphon the desired information from in order to further themselves and in turn harming the company in some way. Another opportunity that technology has created for workplace deviance is the improper handling of technology leading to property or personal damage. This more specifically refers to the use of technology by an employee or consumer whether intentionally or unintentionally to cause damage in a heightened manner either to harm individuals or company property. Technology in this instance is acting as an easily accessible form of destructive force, typically through heavy machinery or power tools being mishandled or intentionally used for such purposes as destruction of personal or private property. Cyber technology has certainly created a large number of opportunities for workplace deviance, even more so than just the ones mentioned above, but it nonetheless has made work more efficient in a large number of fields and assuming it is used as intended will continue to be a positive force in businesses.

Journal Entry #7: What are the costs and benefits of developing cybersecurity programs in business?

The costs of developing a cybersecurity program in a business varies depending on the size of the company but all companies have to put aside a reasonable amount of financial resources into a variety of components. One such component is human resources such as cybersecurity specialists or operating teams. Another component is initial startup necessities such as proper hardware, branch expansions, building allotments, and software purchases. Then there are components like services such as electricity, recruitment, training, software memberships, management, hardware fixes, etc. Another lesser component is the legal cost of starting a cybersecurity program in a business, although this isn’t a traditional form of cost, it is important for businesses to understand the legal procedures necessary when implementing and integrating cybersecurity programs in their businesses. The benefits of developing a cybersecurity program are numerous, the main benefit being that the information and information systems affiliated with the business are being actively protected against detrimental cyber events. This protection provides numerous advantages to the business, for instance it greatly reduces the chances of a cyber attack being successful against the company assuming the program is acting as it should, and even in instances where the cyber attack is successful, the cybersecurity program aids in mitigating the effect that said cyber attack has on the business and its continued operation. Aside from that, having a cybersecurity program is also important in gaining the trust of the businesses’ customers, after all customers don’t want to have to deal with the aftermath of a data breach and the like. Despite the plethora of various costs associated with developing and integrating a cybersecurity program in a business, the benefits outweigh these costs significantly and the proper investment into cybersecurity measures is necessary for furthering almost any business. As such it is imperative that these businesses make sure to follow best practices and stay up to date with the current state of cybersecurity in business.

Journal Entry #8: How can you tell if your computer is safe?

There are a number of ways to try and discern whether or not your computer is safe. The first and most simple is by utilizing your computer’s built in security software or anti malware programs to check for anything suspicious that their detection scans find. Another way of telling if your computer is safe is by consulting a cybersecurity expert on the topic and looking for any common details that would possibly represent suspicious activity. Similarly, looking up videos that explain the best ways to check your computer’s safety would be beneficial in furthering your search for any potentially suspicious software or activity on your computer. Doing further personal research on the topic would be helpful in noticing any suspicious activity that is observable through the user interface, and understanding what actions can lead to your computer being exposed to malware would be helpful in backtracking ur previous actions online and figuring out if you have done anything that would make your computer vulnerable to such threats. Sometimes the safety of your computer can be jeopardized by outside factors like other individuals, ensuring that you know who has access to your computer system through physical means is similarly important. Making sure your other systems on the network and the network itself is secure is also important to ensuring the safety of your device since a single entry point could cause the entire network to be vulnerable to an attack. A combination of any number of these actions would be useful in determining whether or not your computer is safe, if there is any suspicious activity discovered while going through these you should look to escalate the situation in determining how to best deal with the situation by consulting a cybersecurity expert. Trying some common answer like running anti virus software would be a fine first step though, but ensure that proper experts are contacted then afterward.

Journal Entry #9: Describe three ways that computers have made the world safer and less safe.

One way that computers have made the world safer is by allowing for camera systems utilizing computers to protect residences and businesses from being robbed simply by existing or similarly by helping seek out the perpetrators of a robbery who are caught on camera. Another way that computers have made the world safer is by allowing for the automated use of much larger machinery which allows for a much safer time completing certain tasks for the human counterparts which previously fulfilled those tasks. A third way that computers have made the world safer is by allowing for advanced technology to be utilized in the medical field which has drastically improved the life expectancy overall for individuals with all kinds of diseases. One way that computers have made the world less safe is by acting as a platform for cyber warfare to occur in which an entity can attack a nation state by going after water, electricity, transportation systems, etc in a way that directly impacts the lives of citizens. Similarly, with the prominence of online banking and online shopping, computers have allowed for the theft of substantial amounts of money from individuals with minimal effort and in complete secrecy at times, which can be detrimental to their livelihoods. A third way that computers have made the world less safe is by allowing for mass identity theft through a multitude of different ways, such as phishing attacks, social engineering attacks, keyloggers, malware and the like. Computers have no doubt improved the lives of humans surrounding them but like most other things it has its drawbacks and should be used in moderation. Despite being responsible for many of the rapid advancements in technology, computers are similarly dangerous to humans and our society, as such the proper use of them should be taught in academic institutions and should be properly moderated by governments and organizations to best use them for good.

Journal Entry #10: How do engineers make cyber networks safer?

Engineers are marking cyber networks safer in a multitude of ways such as continuous and learned improvements, adopted and shared improvements, and general improvements. General improvements are the most simplistic of the three since they are typically large updates or upgrades in software or hardware components that have built in security features that improve on or work synergistically with the other present software and hardware. Continuous and learned improvements are more common and are employed typically by a team or advanced cyber program, both of which track cyber attacks on the network or affiliated networks and use the information they find from attacks as well as their responses and vulnerabilities to identify issues and improve upon areas that need improvement. These improvements are varied and typically depend on what areas are identified as the weakest and most causing of cyber events to take place within the network. Continuous and learned improvements can also include speculative improvements which are based on previous information which attempt to guess how future attacks might occur or how future events would transpire in the network and acting to improve the network in a way that makes up for the speculative attacks or speculated vulnerabilities. Adopted and shared improvements are vital to most cyber networks and their improved safety efforts as it is the accumulation of knowledge and advice from the cyber community. These improvements are typically adopted or shared on online forums meant for specialists and groups in the cybersecurity field which often have patches and typical guidelines for specific situations. These forums also tend to have useful code and software links that can aid in cyber security efforts. The utilization of all these different kinds of network improvements together is sure to keep networks up to date and as safe and secure as possible assuming the proper maintenance is in place.

Journal Entry #11: What is the overlap between criminal justice and cybercrime? How does this overlap relate to the other disciplines discussed in this class?

The overlap between criminal justice and cybercrime is its execution and literacy. More specifically, how the cybercrime translates over to the criminal justice system and is then carried out afterwards. The most important overlap between criminal justice and cybercrime is how the criminal justice system treats cybercrime. That is to say even though in most cybercrime, individuals are not being harmed physically, they are still very vulnerable to the effects that cybercrime can have emotionally, financially, and socially. As such the criminal justice system has adopted laws that reflect this, in that cybercrimes are treated with an ample amount of importance in light of how present they are in the modern world. With online banking and online shopping at an all time high, the effects that cybercrime can have on someone’s financial life is extreme. Similarly, with the rise in social media and general online networking, the effects that cybercrime can have on someone’s social and professional life is also extreme. With that in mind, the criminal justice system has acted in kind, and pushed new legislation that gives precedent for these sorts of crimes which previously did not have them. This allows for more relevant legal references which reflect the state of the modern world and subsequently allow for the proper punishment and reparations. These references are essential to the execution of cyber crime as a legitimate source of crime in the criminal justice system, as previously online information, accounts, and the like were not treated the same as physical personal properties. Now, after relatively recent legislation, the theft of online information of an individual can be treated the same as physical theft of an item in most cases. This is vital to the execution of the criminal justice system in bringing justice to cyber criminals and the victims of cyber crime. This also overlaps with all the other disciplines discussed in this class, as all were relevant to cybersecurity which is inherently there to protect entities from cybercrime in the first place and also general misuse. As such, it is important that criminal justice and cybercrime continue to grow with one another such that the criminal justice system is able to keep up with the advances in the cyber technology field and subsequently its crimes.

Journal Entry #12: How does cyber technology impact interactions between offenders and victims?

Cyber technology impacts the interactions between offenders and victims mostly through providing convenience by acting as a platform for online communications. This is to say that the most impactful change brought about by cyber technologies to offenders and victims is the ability for them to easily interact and converse online at all times and from essentially anywhere. This newfound method for offenders and victims alike to communicate makes it much more convenient for interactions between the two to occur, what this subsequently means is that the rate at which offenders are able to reach victims is drastically increased. Furthermore, this improved convenience for online communications also drastically increases the realistic range and abilities of offenders to interact and converse with victims since they are able to communicate with a much larger range of audiences from anywhere in the world at any time with the use of most online communication methods and social media platforms. Cyber technology has also impacted the interactions between offenders alike online since they are able to much more easily and discreetly meet online and share information on shared topics and ideas to further their offenses by working together. On a more positive note, victims have also increased abilities to communicate with one another and subsequently heal or work to go after these kinds of offenders online by making use of online communication and social media platforms. Cyber technologies have also allowed for a potential increase in anonymity for offenders and victims alike online. That is to say that victims are typically able to share their experiences and stories with others much more easily online without facing potential backlash in their own personal lives from letting such information out. On the other hand, offenders have the potential to commit offenses online and suffer little to no backlash legally if they take the proper steps to mask their online presence, essentially escaping the trackability from government organizations on smaller levels.

Journal Entry #13: How should we approach the development of cyber-policy and -infrastructure given the “short arm” of predictive knowledge?

Using the more closely understood and analyzed future based on a set of predictive knowledge is a completely acceptable method for approaching the development of cyber-policy and infrastructure. That being said, it is not the entire approach, utilizing predictive knowledge in a shorter lens to assist in the guidance of policy implication and basing infrastructure is certainly useful but should not be absolutely determinative, in that it overlooks other aspects or values that are necessary to be established. That is to be said, with all things moderation is the key, utilizing such an informational advantage, even if not entirely guaranteed, can grant a large amount of insight into what could happen and at the very least would grant some room for hypotheticals or potential outcomes that otherwise might go unnoticed. There is nothing inherently wrong with being cautious especially in a field such as cybersecurity, as such using predictive knowledge to assume what might happen in the future is a given but must similarly be cautious in how that information is being utilized. Especially in understanding that predictive knowledge is only just that, a prediction based on previous knowledge and should be treated as such. The overall approach for developing cyber policy and infrastructure is similar to that of most policies, covering what is already known, attempting to cover events that could occur in the future, and leaving the policies open ended such that they can be readily updated alongside the advancements within the field. A struggle certainly faced by such a policy would be the enforcement on areas not covered in the policy, which is why it is important to leave it open ended such that it can work somewhat proactively in disallowing events that are now understood and covered in the document without being unfair to those affected since they weren’t aware that such things were covered as they were. Utilizing short stints of predictive knowledge to attempt to cover currently unprecedented events is important in minimizing such occurrences but is something that must be done in moderation such that it doesn’t have a negative impact on the field as a whole.