Week 1
All of the NICE framework areas interest me, but Protection and Defense, as well as Investigation, are probably the two most interesting to me. Protection and Defense is the area that appeals to me the most because I enjoy computer science and thinking outside of the box, so searching networks and systems to find unintended vulnerabilities is a way for me to combine those two interests. Investigation appeals to me primarily because cybercrime is a relatively obscure yet growing field within the law, so working as a lawyer utilizing my knowledge of cybersecurity and the law to prosecute cybercriminals would amount to a career that allows me to utilize the out-of-the-box thinking that I enjoy to adapt to new cases and set precedent for the future. I think the area that I would enjoy the least is Cyberspace Effects, simply because it is less hands-on and more analysis-focused.
Week 2
The principles of science are relativism, objectivity, parsimony, empiricism, skepticism, ethical neutrality, and determinism. These principles are used both in the social sciences and natural sciences to explain the root causes of events and behaviors. Therefore there are two main applications of the principles within the realm of cybersecurity, understanding the functions of networks and technologies, and explaining the behaviors of people who use those networks and technology. The usefulness of the former application is fairly apparent, as understanding how a technology/network functions is paramount to figuring out vulnerabilities and how to defend against them, however, the latter application is just as important as, human error is the easiest vulnerability to exploit, so spotting and correcting the behaviors and oversights that hackers exploit is just as, if not more important than technological vulnerabilities. On top of this, understanding the background of hackers’ behavior can aid in spotting/catching them.
Week 3
Privacyrights.org contains information on the Data Breach Chronology Archive, a database that records and measures publicly available Data Breaches in the United States. The purpose of this is to provide researchers, journalists, and anyone else interested with data that explains what organization or organizations were breached, what data was leaked, and how the breach occurred. The data is sorted by tags referring to the type of organization and method of access and then entered manually or by AI. This data is useful because trends in breaches may indicate where and how future cybercriminals are most likely to attack, allowing cybersecurity professionals to strengthen potential weaknesses in at-risk organizations.
Week 4
Maslow’s Hierarchy of Needs categorizes all human needs as being in one of five categories, survival, safety, love and belonging, self-esteem, and self-actualization. The internet has affected how I interact with these needs in various ways. For survival, I have used various apps to order/pay for food and water, but I have also lost sleep staying up late online. For safety, my family uses security devices to ensure our safety, and I have scheduled in-person and telehealth doctor’s appointments online. For love and belonging, I use technology to stay connected with friends and family. For self-esteem, playing games and online school have both provided me with sources of achievement and fulfillment, however, the time I spend online has probably made me miss other opportunities to grow. For self-actualization, the internet has connected me with the rest of the world, giving me a greater worldview and empathy.
Week 5
After reading the articles on seven possible motives for cybercrimes, entertainment, political, revenge, boredom, recognition, money, and multiple reasons, I think that the motives in order of most likely to least likely are multiple reasons, money, political, recognition, revenge, entertainment, and boredom. My reasoning for this is that humans are complicated beings and more often than not we have multiple reasons for everything we do, whether we realize it or not. Money and Influence (political and recognition) are also common reasons for crimes, need-based crime and terrorism are good examples of both. Revenge is also a powerful motivator, as many crimes have some element of victim precipitation, and even though the victim may not have wronged their attacker, the attacker may see it that way. Finally, entertainment and boredom are the weakest motivators in my eyes, as typically only extreme narcissists, sociopaths, and psychopaths would resort to harming others for entertainment, and those groups make up a small percentage of the population. That being said I understand that this may not be as much of a problem for cybercriminals, as they are more removed from their victims due to the online nature of their actions
Links:
Entertainment: https://9to5mac.com/2021/07/19/man-behind-linkedin-scraping/
Recognition: https://www.theregister.com/2021/06/30/bradley_niblock_election_ddos/
Week 6
Fake website links come in many different forms, but they are almost always visibly different from the real website’s link. One way that a fake website may differ is through the domain extension where instead of amazon.com, you may be sent a link to amazon.net. Another difference may come from misspelled words or words that are broken up by punctuation, for instance you may see a link for youtub.com instead of youtube.com or go.ogle.com instead of google.com. Finally, fake links may use a legitimate looking link that contains no errors, but is different from the actual site, take chase.bank.com instead of the actual website chase.com
Week 7
For this Weeks Journal Entry I was tasked with creating 3 memes that relate to human-centered cybersecurity. To do this, all of my memes revolve around how people and their choices interact with cyberspace. The first one is a picture of a meeting with PowerPoint slides, the caption reads “Welcome to the company’s mandatory cybersecurity training.” “Don’t click on sketchy links.” “That’s all, thanks for coming.” This meme has two meanings, the first of which is that a large number of data breaches and security issues, while viewed as an undetected or silent threat due to depictions of hacking in popular media, can be prevented through vigilance and common sense on the part of an organizations members. The other way it can be perceived is as making fun of the lack of emphasis many organizations put on routine training for members, which is vital to maintaining a safe and secure workspace. The second meme is a picture of a puppy behind a computer with the caption, “My Grandma entering all of her financial information onto www.freemoney.com.” The goal of this meme was to satirize the concept that many scammers or cybercriminals target vulnerable groups uneducated on safe internet conduct like elderly people, who are portrayed as a defenseless puppy in the meme. The third meme is a picture of a laptop and a person throwing their hands up in exasperation. The caption I chose for this one was “My reaction when I find my credit card information on a black market website (The Nigerian prince never existed).” I made this meme to satirize the sometimes outlandish strategies scammers use when targeting people online, while also emphasizing the importance of online vigilance.
Week 8
In my opinion, popular media has a large influence on the public’s understanding of cybersecurity, mostly in a negative way. For example, movies and TV shows often overemphasize the presence of “traditional” hacking and underrepresent the usage of social engineering in cyber attacks, as it’s easier to film and more appealing to audiences. However, in the real world, 98% of cyber attacks involve social engineering. This causes problems because if people are expecting cyber crime to come in the forms that it is most commonly presented, it will be harder for them to pick out and prevent the attacks that they are more likely to face.
Week 9
My score on the Social Media Disorder Scale was 0/9. The different items on the scale were preoccupation, tolerance, withdrawal, persistence, displacement, problems, deception, escape, and conflict. All of the items on the scale seemed drastic to me as I don’t spend much time on social media, probably due to my parents not allowing me to use it until I was in high school. The differences in social media trends around the world could be due to cultural differences such as family structure, where extended families are closer knit and spend more time together, as opposed to the US standard of the nuclear family, where only the parents and children live together. This lack of close relationships could create feelings of isolation and a need for belonging, which pushes people to social media for social interaction.
Week 10
Entry 1:
The article given for the first journal entry focuses on the increased importance of social cybersecurity in national security, citing the increase in social hacking techniques like cognitive hacking and information blitzkrieg. Cognitive hacking refers to the usage of online spaces to control and influence the flow of information. One form of this is information blitzkrieg, which is a mass effort to spread false information online to sway the tide of public opinion. Overall I think that it is vital to understand and combat these new techniques, as future conflicts will probably be fought online using the spread of misinformation. The article cites the collaboration between government and private sectors to create educational initiatives as well as strong online communities to combat these threats, which I think is a solid first step. In addition, greater moderation of online spaces would greatly serve to protect against misinformation.
Entry 2:
The video for the second entry describes the role of a cybersecurity analyst in the cybersecurity workforce. The social themes within the video include teamwork, critical thinking, and communication. The aspect of teamwork is apparent from the beginning, as working as an analyst within an organization requires you to work closely with others, not only in your department but also in assisting workers in other parts of the organization. Critical thinking is a vital part of being a cybersecurity analyst as problem-solving is one of the key roles of the job, from brainstorming ways to better protect a company to graveyard shifts responding to breaches in an organization. Finally, communication is probably the most important aspect of a cybersecurity analyst, as it encompasses the previous two, being vital to teamwork and allowing you to present your ideas formed through critical thinking. In addition, some analyst positions involve training employees on proper cybersecurity practices, and lackluster communication can completely nullify any benefits from training.
Week 11
Entry 1:
For the first part of this week’s entry, I read a sample notification of a data breach notification sent out from a fake company to its customers notifying them that their data had possibly been stolen, and was tasked with finding two economic theories and two social science theories that apply to it. The first economic theory that I feel applies to the notification is Laissez-faire, as with government regulation, the platform provider of the company may have had stricter security measures, which could have prevented the breach. The second economic theory that I think relates is Marxian theory, as the victims of the attack were the consumers, many of whom probably can’t afford to have their data leaked, lending to the idea that those without power are the ones who suffer the most under our economic system. One social science theory that could relate to this situation is general deterrence theory, which states that criminals engage in crime by assessing the rewards, the likelihood of getting caught, and the severity of punishment. In this case, the cybercriminal likely knew of an easy-to-exploit vulnerability in the platform provider and decided to act on it, stealing users’ data. Another social science theory that applies to this scenario is the social self-preservation theory, which states that feelings of shame and guilt only result from behaviors we perceive as a threat to our social standing. Within this scenario, it is not unreasonable to assume that the company only made its statement to preserve its public image, not out of genuine concern for its customers, as the company seems to throw its platform provider under the bus, even though they were the ones who chose a platform with presumably lackluster security.
Entry 2:
For the second part of this week’s entry, I analyzed a research article about the effectiveness of bug bounty policies. The article identifies how bug bounty programs utilize economic incentives to meet the cybersecurity needs of a company by offering rewards to ethical hackers for reporting vulnerabilities. Proponents of these programs state that by offering financial rewards to third-party hackers, companies can reduce their overall security costs and may avoid malicious attacks that would cost them extreme amounts of money. The findings in the article are in line with this, stating that a well-designed bug bounty attracts skilled testers and results in significant identification of vulnerabilities, though this might be modified by program scope, rewards, and transparency. Overall while I have not participated in any yet, I agree with the findings that bug bounties are overall beneficial, as the people I know who have participated have said positive things about them.
Week 12
Week 15
For this week’s journal entry, I was tasked with watching a TEDx talk by Davin Teo on his career in digital forensics and reflecting on the path he took to get there. Davin began as an accountant doing IT work for his company on the side and eventually joined the first digital forensics team in Australia. In addition, he credits his father for influencing his career trajectory. I think that Davin’s story is reminiscent of many in the cybersecurity and IT field, as many people in the space were influenced by a family member who got them started working with or on computers at an early age. In addition, especially earlier on in the history of the field, many people who work in IT may not have had much, if any formal education on the topic, instead relying on personal experience working with technology.