CYSE 201S

Cybersecurity & Social Science: Journal Entries, Discussions, Article Reviews, & Career Paper

Journal Entry Module 1: Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Two areas of the NICE Workforce Framework that I would want to focus on in my career path is the Operate and Maintain area and the Protect and Defend areas. I would want to focus on these areas in specific since they seem extremely interesting to work with as a full time career and as such would be very much self fulfilling. These areas in specific have always interested me when researching career paths with a degree majoring in Cybersecurity.

Two areas of the NICE Workforce Framework that I would be less inclined to focus on in my career path is the Collect and Operate area and the Oversee and Govern area. Although I would be less inclined to focus on these areas in specific in my career path, I acknowledge that most of the areas in the NICE Workforce Framework are present in a majority of Cybersecurity careers and as such am not opposed to the ideas and practices present in them, only less interested in comparison to the ones aforementioned.

Discussion Module 1: Describe the top three careers of social science graduates that you  would be interested in considering. What is it about those jobs that  you find interesting? 

The top three careers of a social science graduate that I would be interested in considering are Computer and Information Systems Manager, Computer Programmer, or Web Developer. I find these jobs interesting because they all work heavily with technology as well as other people and technology has always been extremely interesting to learn and operate.

Journal Entry Module 2: Explain how the principles of science relate to cybersecurity.

The principles of science directly flow over into the realm of Cybersecurity. Science seeks to divulge the objective truths of the world by following strict protocol and methodology, a principle that also defines Cybersecurity in its own right. Cyber security although also confined to the limits of its mediums is intended to seek objective results and is constantly building upon itself similar to the ever expanding pool of scientific knowledge. The development process for both Cybersecurity and scientific experimentation includes collaboration amongst various professionals and constant review and testing stages to ensure the integrity of systems and scientific discoveries.

Discussion Module 2: What do you think about the principle of determinism as it relates to computer hacking?

Determinism is the doctrine that all actions are ultimately determined by causes external to the will. In the case of computer hacking and other similar cyber crime, this would imply that criminals were never going to make a different decision per their circumstance. Determinism is often times used to shift blame that would otherwise fall upon human error or immoral action as unpreventable, which simply isn’t the case. Although there are almost always factors leading to the criminals decision, it would be ingenuine to imply that their was no free will present in the subject matter.

Journal Entry Module 3: Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

The website contains a plethora of helpful resources pertaining to privacy rights and general information concerning data breaches. Some of the larger resources found on the website include an extensive data breach timeline and a record of the data breach notification statutes for each state in the United States. Making use of the resources available on the privacy rights website would be extremely helpful to researchers. Access to an extensive data breach timeline such as the one available for download on the privacy rights website allows researchers to observe trends through the information found in the data base. Access to a record of the data breach notification statutes for each state in the United States would be vital in connecting the results found through the data breach timeline to State specific response statutes which define the various provisions associated with them. The website also contains other various resources although less applicable to the study of data breaches, are still relevant on the topic of privacy rights and could prove helpful in other manners.

Journal Entry Module 4: Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Maslow’s hierarchy of needs is a theory of motivation that states an individuals behavior is dictated by five main categories of human needs. In order from most important to least being: physiological needs, safety needs, love and belonging needs, esteem needs, and self-actualization needs. Technology has become deeply ingrained in the life of many people in the modern day world. When considering technologies relevance to this theory of motivation the connection is clear. Technology is used in many cases to indirectly access many of our physiological needs in society through online shopping and online banking. Technology is also used in many ways to maintain a feeling of safety not only only with our private information but also through online insurance to financially protect assets important to us. Technology is used commonly for expanding connections to other people on the cyber space often leading to personal relationships and bonds forming between people by use of online communications. Technology similarly is used in many cases to achieve statuses of fame and respect through social media and online enterprising. Technology, although not vital to the self-actualization of people as a whole, is often used to further peoples education and career opportunities and helps individuals work towards a better life.

Discussion Module 4: Apply the phrase victim precipitation to cyber victimization

The victim precipitation theory states that a crime can be precipitated by the characteristics of the victim. When applying this theory to cyber victimization it’s important to look at characteristics such as the system type the victim utilizes, the security measures in place to protect their system, and the victim’s technological habits. As per the theory it is possible to understand how and why the cyber victim was exposed to the cyber crime and what variables contributed to their applicable risk vector, by looking at the various aspects pertaining to the cyber victim and their system.

Journal Entry Module 5: Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.

1. Money – Money is the most likely motive behind any cyber crime, money is the most seemingly justifiable motive behind committing crime and cyber crime alike and therefore receives the highest ranking

2. Political – With the increasingly large influence of the internet on political events it stands to reason that politics are the second most sensical motive after money

3. Recognition – Cybercrimes are often committed with the sole purpose of pushing for recognition of an individual, group, idea, or issue in effort to raise awareness or notoriety

4. Multiple Reasons – This category contains many of the other rankings named within its descriptions of motives and therefore receives a middle of the pack ranking

5. Entertainment – Cyber crimes can sometimes be caused by a cyber criminals desire to occupy themselves or reach some level of satisfaction however it is less likely to be the main motive and therefore receives a below middle ranking

6. Revenge – Revenge is a strong motive for certain individuals to commit cyber crimes but is less likely to be the motive than the motives listed above and therefore receives the second lowest ranking

7. Boredom – Boredom is much less likely to be the main motive behind a cybercrime when compared to the previous 6 motives and therefore receives the lowest ranking.

Discussion Module 5: “Identify which theories you think best explain cybercrime and discuss what you like about that theory.

The theory that best explains cyber crime is cognitive theories. Cognitive theories suggest that the criminals know whether their actions are right or wrong but rationalize and justify their actions to themselves before hand. These cognitive theories contain the principles of the neutralization theory which attempts to broadly explain how the criminal’s rationalization and justification process occur. It elaborates on how criminals will deny the damages potentially caused by their actions, feigning responsibility, and appealing to higher moral priorities rather than taking responsibility for the crimes they committed.

Article Review 1

1. This topic relates to the principles of social science because the research pertains to predefined groups in society and their ability to discern certain cyber threats.

2. This study utilizes its research to question whether men and women differ in terms of brain activity when viewing security warnings and whether the color of a security warning influences how they are perceived, in terms of brain activity.

3. The research methods used in this study were electroencephalography (EEG), functional magnetic resonance imaging (fMRI), eye tracking, and cursor tracking.

4. The research was conducted on 61 participants (32 females, 29 males) by making use of the previously stated research methods and presenting participants with 20 unique screenshots and variations with the task of discerning between safe and warning sites. Data was collected by processing the information gathered from the various research methods via specialized technology and analyzing it accordingly. The two main types of information recorded and analyzed were brain wave level measurements as well as response time measurements with the proper offsets in place to more properly represent the information as intended. The results revealed that both brain wave levels and reaction times were, for the most part, equal between both genders. Similarly, the results also found that there was little to no difference between brain wave levels and reaction time when comparing colored and grayscale images.

5. Many concepts from the presentations relate to this article, including, but not limited to, experimentation, case studies, cyber crime awareness, risk vector, and social groups as they relate to cybersecurity.

6. This study directly researches and analyzes the differences between the genders in neural responses to experimentation regarding cyber safety awareness.

7. This study contributes to society through its findings regarding gender differences and color in distinguishing security warning and legitimate websites. It also contributes to society by demonstrating the value of applying neurosecurity methods to the field of cybersecurity and illustrates the potential of several avenues for future research.

Bonnie Brinton Anderson, C. Brock Kirwan, David Eargle, Scott R. Jensen, Anthony Vance, Neural correlates of gender differences and color in distinguishing security warnings and legitimate websites: a neurosecurity study, Journal of Cybersecurity, Volume 1, Issue 1, September 2015, Pages 109–120, https://doi.org/10.1093/cybsec/tyv005

Discussion Module 6:  After watching the video, post an entry in the discussion board describing what you think about the “human firewall”.

I think the “human firewall” is one of the most important yet overlooked elements of online security likely due to the general populace believing they aren’t naïve enough to fall for the sorts of social engineering schemes they’ve heard about before. The “human firewall” continues to be increasingly important with the increasingly harmless looking and often indiscernible ploys to steal information directly from online users without them knowing by making use of social media, gaming, and other entertainment platforms.

Article Review 2:

This topic relates to the principles of social science because the research looks into the effect of generational differences such as age and experience on their respective information security behaviors. This study’s research questions the differences in information security attitudes and behaviors of Generation Y Millennials and Generation Z adults and how these characteristics lead to potential differences in information security awareness and practices. This study utilized the Cybersecurity Behaviors subscale of the Online Security Behaviors and Beliefs Questionnaire (OSBBQ), which specifically displayed 9 questions pertaining to cybersecurity behaviors. The self-reported information was then gathered and processed before thorough analysis for trends and patterns found through the research’s findings.

The research was conducted on students from two public universities with varying degrees of cultural diversity with a total of 593 respondents, predominantly African American and Caucasian. The data collected through the Online Security Behaviors and Beliefs Questionnaire (OSBBQ) was then analyzed and observed for trends and patterns of information security behavior of the two generations respectively. This study found that Generation Y had a higher level of vigilance in some aspects of information security behaviors such as review of privacy policies, maintaining antivirus software, and noticing discrepancies in system performance. The study noted that some level of differences between the two generations’ information security behaviors could be attributed to the age difference of the two generations allowing for relatively higher levels of experience with information security.

Many of the concepts found in the presentations directly relate to this article, such as: experimentation, case studies, cyber security awareness, risk vector, and social groups as they relate to cybersecurity. This study directly researches and analyzes the differences between Generation Y and Generation Z pertaining to respective information security behaviors. This study contributes to the importance of efforts to mitigate negative effects caused by the generational gaps within information security behaviors as technology continues to be present in the modern era.

Debb, S., Schaffer, D., & Colson, D. (2020). A reverse digital divide: Comparing information security behaviors of generation Y and generation Z adults. International Journal of Cybersecurity Intelligence and Cybercrime, 3(1), 42-55. https://www.doi.org/10.52306/03010420GXUV5876

Journal Entry Module 7: Review the following ten photos through a cybersecurity human systems integration framework. Create a meme explaining what is going on in the individual’s or individuals’ mind(s). Explain how your memes relate to Human Systems Integration.

The individual represented in this image is thinking about posting to their public social media account which they believe to be a healthy and important aspect of their social life. This meme relates to Human Systems Integration as it feeds into the interaction between users and social media platforms as people continue to document more and more of their lives in online portfolios that can be easily accessed in most cases.

Journal Entry Module 8: After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.

Media has a large influence on most peoples view of cybersecurity. The medias habit to radicalize cybersecurity in large production films coupled with the overall lack of knowledge and understanding of cybersecurity by the general populous leads to further skewed views on the topic. Media would lead most impressionable people to believe that cybersecurity is something beyond the reach of most working class individuals. A sort of pseudo science that pushes the realm of fantasy, often appearing as science fiction in nature. As mentioned in the video, not only does cybersecurity often appear much more sophisticated, it often appears much easier to perform these complicated actions, and is often performed by a single individual rather than a team of professionals. As a general notion large production films and most other media platforms that are not specifically made for professional advice and informative excerpts are likely to represent professions in an unrealistic way in an effort to make the media more interesting.

Journal Entry Module 9: Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

After taking the test, I scored middle of the road upon first analysis. I think the items on the scale are appropriate although its hard to know for certain as to efficacy since they utilize terms such as regularly and often which can often lead to inconsistent answers for certain questions. In specific, questions that ask about regular discussion with peers and parents over social media usage are largely more dependent on the people that surround the person in question. For example, even if someone were to be addicted to social media, if their parents and peers are negligent their addiction, the question could be answered in a way that would suggest they didn’t have said addiction. Similarly someone who very clearly does not have a social media addiction could have peers and parents who constantly discuss social media usage regardless and in certain corner cases, in a negative light despite healthy standards being met for said usage. Patterns in social media usage are most likely to be found due to the abundance of users on social media platforms to date, caused by the increasing availability to smart devices which can allow access to social media platforms.

Discussion Module 9: Watch this video about a 12-year-old cyber security expert.  Pay attention to how he has embedded himself into the cybersecurity culture.  Also, pay attention to how the ideas of knowledge, technology, and secrecy relate to his expertise.  On the discussion board post an entry about how the video relates to something you read for this class – either from the readings or this module. 

This video relates to what I’ve seen about the negative connotations surrounding hackers. As shown in the video, the child takes part of ethical hacking which as the name suggest is a positive use of hacking as a tool to promote improvement in systems. The negative connotation surrounding hacking is most likely due to highly publicized breaches into major organizations by hackers which overshadow the efforts of ethical hackers that often go unnoticed by the public.

Journal Entry Module 10a: Watch this video.  As you watch  think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

Cybersecurity analyst have a variety of responsibilities that require them to interact with others in their workplace. Many of the responsibilities require cybersecurity analyst to either report their findings to other sectors of the company or their superiors, as well as working often times in teams to tackle cybersecurity needs in larger organizations, and sometimes even briefings to clients about the state of cybersecurity wellness of the organization. Each of these tasks require extensive social skills to properly cooperate with others as well as properly convey the necessary information to fulfill their roles in the organization.

Journal Entry Module 10b: Read this article and write a journal entry summarizing your response to the article on social cybersecurity. 

This article emphasized the importance of social cybersecurity. Information warfare has become the most common type of warfare and is used in a variety of ways to effect the economic, social, cultural, and political state of territories by outside actors in an attempt to weaken them. The article explains that information warfare is taking place already and that even though wars have not been declared, they have already begun. This is referring to cyber attacks online occurring between large nation states acting against one another even if there is no aggression between them.

Discussion Module 10: Identify two research questions that researchers might address related to the social aspects of cybersecurity.

1. What are the most vulnerable cybersecurity aspects of social media and what can be done to mitigate the risks?

2. How has social media contributed to the exploitation of personally identifiable information online?

Journal Entry Module 11: Describe how two different economics theories and two different social sciences theories relate to the letter.

One economic theory that relates to this letter is laissez faire theory which explains free market capitalism and opposes government intervention which relates to the actions that the company takes in which it notifies the individuals directly and the government doesn’t act as a middle man therefore reinforcing the opposition of government intervention. Another economic theory that relates to this letter is classical economic theory which relates to the actions that the company takes since they act self sufficient in explaining their technical troubles directly to individuals who have previously bought from their website. One social science theory that relates to this letter is the Marxism theory which focuses on the relationship between capitalists and the working class which relates to the relationship of the company and individuals who bought from them in this case. Another social science theory that relates to this letter is the functionalism theory which explains that all aspects of society serve a function which relates to the company acting as the messenger in this case and explaining to the individuals that the company has had a breach in the past.

Discussion Module 11: What does economics have to do with cybersecurity?

Economics has a lot to do with cybersecurity, from a business standpoint it is essential for most businesses now to be reliant on technology to some degree for the proper functioning of their business. With that being the case, many business have to devote funds to properly support a cybersecurity division, whether an internal or external team of experts, in order to ensure the safety of the companies technology which allows their business to run smoothly. Similarly cybersecurity companies which specialize in selling their protective services to other companies is a form of economic venture and has its own place within the economy as reliance on technology continues to grow.

Journal Entry Module 12: Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

The five most serious violations are, in no specific order, bullying, faking your identity, using other peoples internet networks, illegal searches on the internet, and sharing information that is not yours. Bullying is a serious violation even if done online as it is still done with the same malicious intent as if it was done in person. Faking your identity is a serious violation and is still identity theft in most cases even if committed online. Using other peoples networks is a serious violation as well and is theft nonetheless since the service isn’t your own. Illegal searches on the internet are a serious violation as in most cases are done with the intent to gain information that the perpetrator should not have access to. Sharing information that is not yours is a serious violation and goes against privacy rights in most cases.

Discussion Module 13: Why do you think individuals don’t report cybercrime victimization? 

Individuals often don’t report cybercrime victimization, this is due to a variety of factors such as being uninformed about the proper authorities to report it to, being unsure as to whether reporting the crime will help resolve the issue, and being at a loss for what happened, not knowing how to explain it even if they were to report it and sometimes believing they are at fault.

Journal Entry Module 14: Complete the Patchin and Hinduja’s cyber bullying survey. After completing the survey, discuss how you think criminologists might use the surveys to explore relationships between the different items.

Criminologists might use the surveys to understand what relationships exist between the different items such as the patterns and trends that are associated with them. One specific example would be the likelihood that one item is answered with a yes might have a statistical relationship with other items on the chart being answered similarly, most likely due to the similarity between them. Although the items cover different actions, they all fall under the same category of cyber bullying which could mean that someone exposed to one act has been exposed to a number of them.

Discussion Module 14: Explain what the video has to do with routine activities theory.

The video discusses the rise in black Friday and holiday shopping which subsequently led to the rise in scams and false advertisements which were utilized to steal money from vulnerable online shoppers. This is better explained through routine activities theory which suggests that when criminals like online scammers see vulnerable targets with little protection such as in the case of online holiday shoppers, they are more likely to take the chance to try and scam them of their money since they appear more vulnerable due to the stigma of holiday shopping as well as the increase in overall shoppers during those time periods.

Career Paper:

The cyber security field has a wide variety of job opportunities that all have their own important and often individualized roles. The cyber security job that was chosen for this paper was that of a cyber security analyst. After researching the roles and responsibilities of cyber security analysts in both large and small companies it is understood that cyber security analysts greatly rely on many important principles that fall under social science.  It was found that cyber security analysts in any company are largely interactive and sociable within their respective companies and are responsible for interacting with many different entities throughout any given day. This includes but is not limited to: clients, fellow employees, stakeholders, and field experts. As the name of the profession suggests, most cyber security analysts are also responsible for completing important tasks such as: monitoring network traffic for security incidents, investigating incidents, responding to security events real time, writing detailed incident response reports, installing and operating firewalls, encrypting programs, fixing vulnerabilities, developing and promoting best practices for information security, conducting threat research, and performing periodic risk assessment and penetration tests (Coursera, 2022). Many of these important tasks that cyber security analysts are responsible for involve interaction with fellow employees which is relevant to the CYSE 201S course in the way that professionals are expected to be able to work in a team environment to best fulfill their roles within the organization. Similarly, cyber security analysts are expected to keep up to date on trends, advancements, and best practices within the cyber security field (BrainStation, 2022). This is highly relevant to the content covered in the CYSE 201S course which discusses how media often inflates issues in order to reach larger audiences which can directly affect the public trust of cyber security and in some cases lead to hesitation from clients in the industry. On the other hand, media can be made use of by online entities to negatively impact or influence topic oriented communities such as that of cyber security experts through misinformation campaigns (Carley, 2020). This relates back to the human centered cyber security framework referenced in the CYSE 201S course as individuals working as cyber security analysts are responsible for seeing past attempts to misinform experts on upcoming events in the cyber security field. These misinformation campaigns often make use of bots and sophisticated formulas that allow for quick spread of content created with the intent to misinform groups of individuals on one or more media platforms. Ideas that seem to be possibly fabricated should be thoroughly researched by cyber security analysts before placing any trust into their credibility. Cyber security analysts that are part of specialized teams are not only required to have the cyber security skills necessary to complete their tasks but also the soft skills necessary to properly communicate and work efficiently within a team environment to fulfill their collective and individual goals. It is also important for cyber security analysts to be well versed in dealing with marginalized groups as clients and understanding the struggles they face in the cyber security field. A specific example of this would be of a cyber security analyst working in a banking company with a large number of clients who are senior citizens, the analyst must be capable of learning how to properly interact with those clients both formally and in other contexts, such as understanding and working around the notion that senior citizens are often more vulnerable to social engineering attacks which take advantage of their old age and oftentimes their inexpereince with cyber threats. As the cyber security field continues to grow it becomes increasingly important to understand how social interactions fit into the field of cyber security and grow with it.

BrainStation. (2022). What does a cyber security analyst do? (2022 guide). BrainStation. https://brainstation.io/career-guides/what-does-a-cybersecurity-analyst-do

Carley, K. (2020). Social cybersecurity: An emerging science. Computational and Mathematical  Organization Theory, 26(4), 365-381. https://oduprimo.hosted.exlibrisgroup.com/permalink/f/1ucqpjv/TN_cdi_pubmedcentral_primary_oai_pubmedcentral_nih_gov_7668017

Coursera. (2022). What does a cybersecurity analyst do? 2022 job guide. Coursera. https://www.coursera.org/articles/cybersecurity-analyst-job-guide