NICE Framework
The two roles that sounded interesting to me on the NICE website are Secure Project Management and Systems Security Management. Secure Project Management sounded interesting to me because you get to build cybersecurity into every project and see how differently it’s implemented, not only that but you are also kind of the voice of the project to the organization. Systems Security Management also sounded interesting to me because you get to be in charge of cybersecurity as a whole over certain entities while also conveying the importance of cybersecurity to the organization. However Cybersecurity Legal Advice did not interest me because I don’t want to get into the legal side of it.
Principals of Sciences Relating to Cybersecurity
There are seven different principles of science that all relate to cybersecurity in different ways. Parsimony, Empiricism, Objectivity, Relativism, Skepticism, Determinism and Ethical Neutrality are the seven different principles of science each being important to implement in their own way. Implementing Parsimony in cybersecurity by first checking the simplest route and making sure the reasoning is in the simplest form. Empiricism is relying on the senses and experience to come to a final conclusion, in cybersecurity we want to implement empiricism because learning from past experiences i.e. different vulnerabilities and threats can help you know how to better handle and avoid those mistakes in the future. We want to always aim to maintain Objectivity in cybersecurity by not letting our personal feelings about a matter affect our research and conclusion. It is very crucial to implement skepticism in cybersecurity, skepticism means to not just believe something without follow up questioning and investigation. This is really important when being in charge of the security of systems and also just a normal user, by questioning you could avoid a major breach. Determinism means that everything is connected and directly affects each other, meaning in cybersecurity that if you know your system and past events well enough you can use that to mitigate future events. Maintaining Ethical Neutrality is crucial in cybersecurity, by not letting your personal opinions and ethics sway your conclusions. When practicing cybersecurity you should be implementing a mix of these different principals, rarely will you be in a position that you find yourself only using one of these principles of cybersecurity.
Privacyrights.org
Privacyrights.org or “Privacy Rights Clearinghouse” is an organization aiming to make data privacy more accessible by providing tools accessible to the public. Privacy Rights Clearinghouse has several tools researches can utilize. Some of these tools include allowing more access to information on data breaches with their “Data Breach Chronology 2.0” this is a database that draws information from government sources and shows the different aspects of things affected by data breaches such as the location, history and companies that have been affected. Privacy Rights Clearinghouse also makes policies readily accessible on their site making it easy for researchers and the public to stay informed on policies, laws and rights pertaining to data breaches. Through advocating and educating, Privacyrights.org offers many beneficial tools for researchers to use to study data breaches.
Maslow’s
Maslow’s Hierarchy of Needs is a psychological theory designed like a pyramid. There are five needs of Masons Hierarchy of Needs they are Physiological Needs, Safety Needs, Love and belonging needs, Esteem needs and self actuation needs. Each need corresponds to basic human needs i.e. Physiological Needs are things like basic human needs: oxygen, rest, reproduction. Safety Needs are basic security needs: self security, financial security, health security. Love and belonging needs are: emotional connections, friendships, partnerships, acceptance. Esteem needs are things like: self worth and worth from others. And the last need is self actuation needs, They are things like: becoming the best you by personal growth, achievements etc. If we take these needs and relate them to technology we can see that there are many ways they are intertwined. Physiological needs can relate to technology with the development of grocery orders, apps that can track your sleep and food delivery apps. Safety needs can relate to technology with things like: strong passwords, authentication apps and Family tracking apps. Love and belonging needs relate to technology by connecting people virtually ie Social media and dating apps. Esteem needs correlate to technology with a few examples like: online leaderboards, fitness apps and diet apps, online working and learning just to name a few. Lastly, at the bottom of the pyramid we can relate Self Actuation Needs to technology with: things like zoom for being able to connect with people worldwide, Online learning, content creation, digital art and so much more. As we can see, each need in Maslow’s Hierarchy of Needs relates to technology in the modern day.
Fake Websites
Hackers use fake websites to deceit people into clicking on them thinking they are the original
site. Many hackers will create dupes of popular sites like banking sites, email sites, AI sites,
retail sites and more. In the article cited, author Zach Lakovics gives several examples of recent
fake websites such as Nike, Chat GPT and paypal that were gaining popularity for tricking a lot
of people. A few ways to check that a website is legitimate is by checking the url, oftentimes
hackers will simply change the original website address ever so slightly so it’s hard to notice.
Checking things like the domain name, spelling and special characters in a url can help prevent
accessing a fake site. Having a firewall installed and the firewall settings adjusted can also help
mitigate harm from fake websites by blocking access. Another way you can make sure the site is
real is by checking that the certificate is up to date and legitimate. You can also check that it is a
secure https site which makes it significantly more likely to be real. Aside from the big things
you can look for you can also keep an eye out for things like grammar and spelling mistakes,
suspicious emails and wording and generally just keep your eyes open for suspicious hints while
surfing the internet
How Real Is It
After watching the video about how movies and TV show hacking, it’s obvious that media totally exaggerates what cybersecurity actually is. They make it seem super dramatic, like you just type really fast and boom, you’re in. But in reality, it’s way more methodical and time-consuming. Watching the expert break down the scenes really showed how much Hollywood gets wrong. I think this kind of portrayal gives people the wrong idea about what hackers do and makes it harder to take real cyber threats seriously. It also makes cybersecurity work look like a solo genius thing, when in real life it’s a mix of teamwork, strategy, and understanding human behavior, stuff we’ve talked about a lot in this class.
Meme’s
POV: You just accessed everyone’s data off the coffee shops unsecured wifi.
https://unsplash.com/photos/man-in-black-and-white-striped-polo-shirt-sitting-on-chair-in-front-of-silver-macbook-ICTKcvnXx_8
When the boss found out someone opened a suspicious email and now you have to go over
basic cybersecurity measures again.https://commons.wikimedia.org/wiki/File:Summer_school_GLAM_giorno_1_1.jpg
That moment when they post a “get to know me” trend and you screenshot their personal data 🙂 https://unsplash.com/photos/programmers-and-developer-teams-are-coding-and-developing-software-Ns_11CZWnYo
Social Media Disorder
I scored a 3 on the social media disorder scale. I thought that the test was straightforward and to the point and accurately depicted social media disorders/addictions. I think that there are different social media trends around the world because there are so many different people, places and cultures that influence day to day social factors. There are places that don’t have as good of internet connection or none at all and that definitely plays a role in people’s social media trends. I also think that the cultures who have more traits like pride and gloating have a higher chance of having social media disorders.
Social Cybersecurity
Reading the article on social cybersecurity really opened my eyes to how cybersecurity isn’t just about protecting data or networks, it’s also about protecting people’s beliefs and trust. The authors explain that social cybersecurity focuses on how information is used to influence behavior and decision-making, especially through social media and online platforms. This connects directly to what we’ve discussed in class about human factors and how attackers often exploit people, not just systems.
What stood out to me is how misinformation campaigns can weaken national security by creating confusion and division. It’s not just about hacking computers, it’s about hacking minds. This article made me realize that defending against cyber threats means understanding psychology, sociology, and communication, not just technology. It’s a reminder that cybersecurity is a truly interdisciplinary field.
Cybersecurity Analyst
This video talks about many of the aspects of the cybersecurity analyst job. From security
clearance and government jobs to graveyard shifts this video covers a variety of topics.
Cybersecurity analysts need to be very trustworthy to handle backing a business and protecting
it and its customers. If a company doesn’t have a good cybersecurity analyst they will lose trust
from their customers by being more susceptible to vulnerabilities. Another aspect this video talks
about is networking, cybersecurity analysts need to be good at working in teams as well as
networking with people in their field to learn more and get into a company. Cybersecurity
analysts need to also be everlearning, cybersecurity is an ever growing field with constantly
evolving threats if you are not willing to be constantly educating yourself you will not be a good
fit.
Bug Bounty
After reading the article on bug bounty policies, it’s clear these programs are a great example of how cybersecurity and social science connect, especially through economics. The literature review explained how companies use cost-benefit analysis to decide it’s more efficient to pay ethical hackers only when they find real vulnerabilities. That ties directly into what we’ve talked about in CYSE 201S: using human behavior (motivation, reward systems) to improve digital security.
The discussion section pointed out that while bug bounties are useful, they aren’t perfect. Too many low-quality reports or vague program rules can make them hard to manage. But overall, they work because they use the skills of outsiders to catch what internal teams might miss. This shows how policies can be shaped not just by tech, but by understanding people, something we’ve seen over and over in this course.
Illegal
There are alot of things people do in their day to day life on the internet that could be illegal and they don’t even know but there are many people who know that they are not legal. The top 5 offenses that people commit are bullying and trolling because it effects the mental health of individuals and could lead to self harm or suicide. The next is Collecting information about children. People are usually doing this for a negative gain such as sexual or financial. It’s also a serious problem on the adverse end of oversharing your children on social media. Next is Faking your identity. When people fake their identity it’s most likely for some kind of personal gain whether that be conning someone out of money or creating a fake personality and making someone else fall in love with someone who doesn’t actually exist. The next is illegal online searching this is bad because people are trying to go around the laws of what’s allowed on the internet and access potentially vulnerable or hurtful information and lastly extracting audio from youtube s harmful to the original creator of the audio because people will not credit them or give them the streams earning the artist money. No matter the type of illegal action done on the internet it almost always leads you to being in a more vulnerable situation and at more risk for data leaks or threats.
Digital Forensics
After watching Davin Teo’s TEDx talk on digital forensics, I realized just how much this career is about people, not just computers. I liked how honest he was about not having a straight path into cybersecurity. He mentioned wanting to be a chef at one point, and I think a lot of us can relate to not knowing exactly what we want to do right away. But what really stuck with me was how he talked about telling the “story behind the data.” That’s what digital forensics is, looking at what happened, how, and why. It’s way more than just pulling files off a hard drive.
This connects a lot to what we’ve been learning in class, especially about how cybersecurity ties into human behavior. Teo’s job uses a mix of psychology, criminology, and even sociology. He’s basically piecing together a puzzle made up of digital actions, but the end goal is to understand the person behind them. That really shows how important social sciences are in cybersecurity, especially when it comes to figuring out motives or patterns in someone’s behavior.
It made me think more about how most cyber issues don’t just happen from technical mistakes, they usually start with people. Whether it’s an insider threat, a phishing attack, or someone covering their tracks, there’s always a human side. Teo’s talk made that super clear. I think this field would be really interesting for anyone who’s curious about both tech and the reasons why people do what they do.
Article Review #1: Integrated Model of Cybercrime Dynamics: A
ComprehensiveFramework for Understanding Offending and
Victimization in the Digital Realm
Author: Troy Smith 9/16/24
Article Review: Sage Skaggs
February 20, 2025
Summary
This Article “Integrated Model of Cybercrime Dynamics: A Comprehensive Framework for
Understanding Offending and Victimization in the Digital Realm” by Troy Smith dives deep into
the interconnectedness of how behaviors and personality traits correlate to cybercrime both on
the offending and victim side. Mr.Smith’s framework is theoretical. Mr. Smith proposes multiple
theories to back up his framework such as the Routine Activity Theory (RAT) which is a
well-known theory Mr.Smith describes the concept as “spatiotemporal convergence of likely
offenders, suitable targets and the absence of capable guardianship can create criminal
opportunities”.and Social Learning Theory (SLT) which is a theory that suggests cybercrime is
based on Social environment and online communications. The author says both frameworks lay a
good foundation “but insufficient alone to constitute a comprehensive cybercrime framework”.
This is why he presents his theoretical Framework the “Integrated Model of Cybercrime
Dynamics (IMCD)” which dives into the “individual characteristics, online behavior,
environmental factors, and outcomes related to cybercrime offending and victimization” This
theory directly relates different personality traits to cybercrimes.
How this article relates to social sciences
The Author examines how behaviors and personality traits are directly linked to cybercrime. As
we have seen in class the psychological theories can relate directly to this study. Cognitive theory
corresponds to the author’s proposed framework. Cognitive theory suggests that offenders’
actions correlate directly to their emotions, offenders will separate themselves from a crime and
minimize the responsibility of their actions. The author states “Certain personality traits may
predispose individuals to engage in deviant behaviors or seek gratification through illegal
activities in cyberspace” We can see here that social studies apply directly. This is just one of the
many behavioral theories we can link to the author’s framework.
In week 5 we learned that psychological theories directly link to victimization. We can see that
the author proposed the idea that the Impulsivity trait and the Narcissism trait can directly link to
victimization with “low self-esteem” a narcissistic trait and impulsive tendencies being more
likely to “intimate photos, disclosing sensitive information, or downloading unknown files”,
proving behavioral and psychological theories.
The proposed framework shows a direct correlation to marginalized groups. People with
different behavior traits show different weaknesses that could lead them to be victims of cybercrime as well as people who had a rough childhood, are low income, and can’t protect
themselves in the cyber world.
Conclusion
Although the author’s framework is only theoretical, “more theoretical refinement is needed”.
The author gives several examples of ways his research and framework could benefit multiple
different sectors going forward and be the basis of something such as “Policy Application”,
“Research Applications”, “Victim interventions” and “offender management”.This article
directly relates to the social sciences and provides great examples of how behavior traits can
affect different cyber crimes and victims. The article used a lot of sources and theories that are
established but many were from a long time ago. I would have liked to see some more current
references.
REFERENCES
Smith, T. (2024). Integrated Model of Cybercrime Dynamics: A Comprehensive
Framework for Understanding Offending and Victimization in the Digital Realm.
International Journal of Cybersecurity Intelligence & Cybercrime, 7(2).
Article Review #2 “Digital Human Rights in Jordanian
Legislation and International Agreement”
04/11/25
Article
Definitions
Digital Rights – “the rights that enable individuals to connect to the Internet
and ensure their protection while engaging with it, whether through sharing, creating,
or receiving data”
Human Rights – “intrinsic entitlements that allow individuals to fully realize their
qualities, intelligence, talents, and self awareness while addressing their spiritual
needs”
Summary
The Article “Digital Human Rights in Jordanian Legislation and International
Agreement” by Fahad Yousef Al-Kasassbeh, Sadam Mohammad Awaisheh,
Mohammad Atef Odeiba, Salah Mohammad Aboudi Awaesheh, Lana Al-Khalaileh,
and Manal Al-Braiza, Is about how digital rights have become a fundamental human
right in this modern society (officially in 2016), specifically focusing on the laws in
Jordan. The authors believe that having laws both on an international and a local
level can help protect everyone’s digital rights. The authors look at how these laws
infringe on people’s digital rights and how “It is incumbent upon governments to
acknowledge, protect, and ensure these rights impartially”
Social Principals
One of the Social Principles that this article relates to is relativism. Relativism
means that “all things are related. From a systems perspective”. The authors state
“concerns about online security and hacking underscore the urgent need for an
effective legal framework to address these threat” showing Relativism relates to this
article because of the ever-changing digital world societies are having to shift and
adapt their laws/regulations to change to protect their citizens, this is a perfect
example of all things being interconnected. The authors did a good job of remaining
Objectivity, Skepticism, and Parsimony throughout the article. The authors provided
both the pros and cons of digital rights internationally and locally in Jordanian law
providing the reader with both the positive things that Jordanian lawmakers are
accomplishing as well ashighlighting the areas that need improvement, maintaining
objective and free of bias. The authors applied skepticism when questioning what
lawmakers can do to make digital rights widespread and why certain countries like “
Russia, China, Saudi Arabia, India, and South Africa” opposed certain clauses about
digital rights. The authors made sure that the article was laid out with headings and
many different studies showing the argument from different perspectives to make
sure that everyone could understand the points they were sharing.
Research Methods Used
From the five different research methods we have been over, Surveys
Experiments, Archival Research, Field Studies, and Multimethod research, the
research method used in this article is Archival Research. From international and
local laws and treaties from sources like the United Nations to reports, legal studies
and sources archival research is the research method. The main analysis method used
is qualitative legal. To improve further research I believe this article would greatly
benefit field studies in different cultures on how infringement or lack thereof affects
their digital rights.
Class Concepts
This article relates to the module on sociological perspectives. The three
sociological perspectives we went over in class were Structural functionalism, Conflict
Theory, and Symbolic interactionism. Structural functionalism refers to “How
cybersecurity at the societal level meets important societal functions”; this relates
directly to the article, the article shows how international and local Jordanian law
protect their citizens from infringement on free speech and protection from
cybercrimes and personal data loss. Conflict Theory refers to “How people in power
can use that power to create inequality through the use of digital technology” The
article speaks directly on how different laws about digital rights create inequality.
Symbolic Interactionism refers to “how individuals interact in the digital world.” This
article talks about how different laws about digital rights affect people and their
safety. If there are no solid laws about digital rights then things like “encryption
protection” and “Informational loss prevention” are useless because without them it
will change the way people interact in the digital world, with weaker laws leading to
increased risk of vulnerabilities.
Conclusion
As the digital world is growing every day this article is great at bringing
awareness to digital rights as a fundamental human right, it also brings awareness to
the infringement, lack of access, and inequality on some face about their digital rights.
Some marginalized groups such as minorities, women, and the elderly may be more
likely to face unjust digital rights. This article encourages equal digital rights and
digital access for all people stating “Many countries have implemented legal
frameworks to guarantee internet accessibility” and put responsibility in the hands of
both local Jordanian law as well as International lawmakers saying “States and
governments are not obligated to compensate individuals if these rights are
restricted without proper justification.” Implying that states and governments need to
be held accountable.
Resources
(n.d.).
Digital Human Rights in Jordanian Legislation and International Agreement
[Review of
Digital Human Rights in Jordanian Legislation and International
Agreement]. International Journal of Cyber Criminology; K. Jaishankar. Retrieved
April 10, 2025, from
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/318
/97
CYSE201S Module 8 Diwakar Yalpi
Career Paper
The Role of Privacy Officers: Applying Social Science
Principles in Cybersecurity and Data Ethics
Sage Skaggs
CYSE 201S
04/17/2025
Career Paper
Introduction
In today’s world where technology is so prevalent data protection has become
a huge concern. Data Protection Officers (DPOs) are at the forefront of protecting
personal data within organizations and corporations by enforcing laws and ethics
about data and technology. Many people do not receive the same access to data
protection as others because of many different factors creating a vast Data Protection
Divide (DPD) within marginalized groups. The social science principles are
intertwined into the role of a DPO and help with everything from enforcing policies
to protecting everyone’s data equally.
DPO Job Description
DPO is a critical job considering according to a study done by Pew Research
“79%” of Americans are concerned with what’s being done with their data outside of
government data and “64%” are concerned about governmental data. The same study
also says that “70%” of Americans feel that their data was safer 5 years prior. A
DPO’s role is to protect the personal data within an organization complying with data
protection laws and regulations of any state/country that the organization has data
from. A few of the laws that DPOs have to comply with are the Health Insurance
Portability and Accountability Act (HIPAA), General Data Protection Regulation
(GDPR), and California Consumer Privacy Act (CCPT). A DPO role is filled by
someone who has a good knowledge and experience of information technology and
data regulations, a DPO needs at least five years of experience as well as needing to
be well versed in awareness training so they can effectively spread awareness and
train employees on data protection. A DPO is not monitored by the organization they
are enforcing compliance on and DPOs only report to the highest management as
GDPR emphasized: “The controller and the processor shall ensure that the data
protection officer is involved, properly and in a timely manner, in all issues which
relate to the protection of personal data.” Their responsibilities include monitoring
compliance andcreating data policies that adhere to as well as teaching those policies.
They also conduct and “provide advice regarding Data Protection Impact Assessments
(DPIAs)”. Many of these duties of a DPO require social science principles.
Social Science Application
The social science principles are Relativism, Objectivity, Parsimony, Empiricism,
Skepticism, Ethical Neutrality, and Determinism each one of these principles relates to
the DPO role. To talk about a few starting with objectivity which is to study in a
biased way free of preconceived emotions. DPOs have to protect every stakeholder’s
data and make sure it is being stored and handled in a compliant manner no matter
their race, background, or any factor about them. Parsimony is to explain things most
simply so that everyone can understand them, a DPO has to take all the compliance
regulations and laws and make sure that all the stakeholders agree and adhere to
them DPOs also have to make policies about data protection and they need to do that
in a way that every staff and patron can understand. Empiricism means doing the
research and not relying on opinions or hunches. DPOs have to maintain empiricism
constantly and rely on data streams and DPIAs to produce their policies and ensure
they are maintaining compliance. Arguably the most important principle of the role
of a DPO is ethical neutrality meaning they must adhere to ethical standards. A DPOs
job is to make sure that all stakeholder’s data is being handled and upheld to the
highest ethical standards.
Marginalized Groups and Society
Access to data protection is not all created equally, many factors contribute to
vulnerable data privacy marginalized groups are affected the most whether it’s
because of the lack of funds for devices with privacy regulations already implemented
or from lower intellect and understanding of how to safeguard their data on the
internet. “different levels of privacy are afforded to different sections of society. This
further promotes social inequalities and impedes access to fundamental rights” For
example the American Civil Liberties Union sued 7 agencies over social media
surveillance stating “risks chilling expressive activity and can lead to the
disproportionate targeting of racial and religious minority communities, and those
who dissent against government policies.” As highlighted in Module 10, fake news
and disinformation disproportionately harm vulnerable communities impacting
health, safety, and public trust. Privacy Officers play a key role in limiting the
collection and misuse of personal data that enables such targeted manipulation,
especially through social media. DPOs also play a key role in protecting everyone’s
data, not discriminating against marginalized groups, and maintaining ethical
neutrality.
Conclusion
DPOs are far more than legal regulation enforcers. They are ethical guardians
and social advocates within the digital world. By embedding social science principles
like objectivity, empiricism, parsimony, and ethical neutrality into their work, DPOs
navigate the complexities of data governance with a balanced, people-centered
approach. Their role is especially vital in addressing systemic gaps in data protection
that disproportionately affect marginalized groups. As digital technologies and
surveillance capabilities evolve, the importance of socially aware and ethically
grounded Privacy Officers will only grow. Their commitment to fairness, transparency,
and justice ensures that data rights are preserved for all equally and ethically.
References
GDPR. (2018).
GDPR Archives – GDPR.eu. GDPR.eu. https://gdpr.eu/tag/gdpr/
ENISA. (n.d.). Www.enisa.europa.eu. https://www.enisa.europa.eu
Britzky, H. (2019, January 17).
ACLU sues 7 government agencies over social
media surveillance. Axios.
https://www.axios.com/2019/01/17/aclu-sues-7-government-agencies-social-medi
a-surveillance?utm_source=chatgpt.com
Kedmey, D. (2014, November 12).
9 in 10 Americans Feel They’ve Lost
Control of Their Personal Data. TIME; Time.
https://time.com/3581166/privacy-personal-data-report/?utm_source=chatgpt.co
m
Dubal, V. (2019, May 30).
San Francisco was right to ban facial recognition.
Surveillance is a real danger. The Guardian; The Guardian.
https://www.theguardian.com/commentisfree/2019/may/30/san-francisco-ban-fac
ial-recognition-surveillance?utm_source=chatgpt.com
Addressing the Digital Privacy Divide: The Need to Redefine Digital Equity.
(2022). Cyberpeace.org.
https://www.cyberpeace.org/resources/blogs/addressing-the-digital-privacy-divid
e-the-need-to-redefine-digital-equity
Degeling, M., Lentzsch, C., Nolte, A., Herrmann, T., & Loser, K.-U. (2016).
Privacy by Socio-Technical Design: A Collaborative Approach for Privacy
Friendly System Design. 502–505. https://doi.org/10.1109/cic.2016.077
Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M., & Turner, E. (2019,
November 15).
Americans and Privacy: Concerned, Confused and Feeling Lack
of Control over Their Personal Information. Pew Research Center.
https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concer
ned-confused-and-feeling-lack-of-control-over-their-personal-information/
ICO. (2023, July 27).
Data protection officers. Ico.org.uk.
https://ico.org.uk/for-organisations/law-enforcement/guide-to-le-processing/acco