CYSE 201S | Samuel Ayala

Journal Entry 1

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

My Response: The areas/categories that appeal the most to me would be Implementation and Operation (IO), and Oversight and Governance (OG). In the category IO, the Systems Administration role is the most interesting to me as I do thoroughly enjoy hands on implementation like setting up hardware and software and then the updates on a system to ensure continuous effectivity. For OG the role that most interests me would be Cybersecurity Instruction as I would be able to work closely with my team members to ensure that they are all practicing safe cyber skills and not doing anything risky with organization information. The category that interests me the least would probably be Design and Development, mostly due to my lack of experience in designing cybersecurity plans for systems.

Journal Entry 2

Explain how the principles of science [Empiricism, Determinism, Parsimony, Objectivity etc.,] relate to cybersecurity?

My Response: Cybersecurity uses empiricism by depending on things like data-driven threat detection and evidence-based risk assessments instead of plain guessing what the issue might be. Determinism is used so issues that occur are determined to have identifiable causes, aiding forensic analysis. Parsimony offers simple, efficient security solutions to lessen how complex something is and its vulnerabilities. Objectivity calls for an unbiased assessments, leading to clear observation of issues. Ethical neutrality makes enforcement of security policies purely need based so nothing is done unreasonably. Skepticism makes one want to prove how good something is, preventing blind trust in systems. Relativism acknowledges that security measures vary across contexts, calling for adaptation for ever-evolving threats and organizational needs. These principles, together, enhance cybersecurity’s effectiveness in protecting digital assets against threats.

Journal Entry 3

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?

My Response: Researchers can use the website PrivacyRights.org to analyze the different trends in data breaches. This can lead to identifying common attack strategies, the different affected industries, and the scale of each attack incident. Then, by studying the different breach reports, they can figure out how security failures most often occur, evaluate regulatory compliance, and determine the effectiveness of different kinds of cybersecurity measures over time. This data can then be used by researchers to help in the developing of risk mitigation strategies, improving overall security policies that should be standard, and to be able to help forecast possible threats that are to come. Additionally, researchers can also examine the impact of these breaches on individuals and organizations, and use them as examples for what can happen, should security not be up to par, to help guide recommendations for better data protection practices and awareness campaigns.

Journal Entry 4

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

My Response: For Physiological needs, I would need a laptop, reliable internet, and access to a power source to complete my assignments for class. For Safety needs, I would need secure passwords and two factor authentication like how our ODU account is set up, in order to keep my information safe. For Love and Belongingness, I would need messaging apps like Instagram and my Playstation in order to stay in contact with my family. For Esteem needs, I’d need more certifications to better boost my confidence in the cybersecurity field, and I’d need good grades to make sure I’m on track in my academics. Then, lastly, for Self-Actualization, pursuing my goals and sending out applications for the job I would want in cybersecurity to get to where I want to be.

Journal Entry 5

Review the articles linked with each individual motive in the presentation page or Slide #4. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.

My Response: I would rank the motives from most reasonable to least as: Recognition, Political, Revenge, For Money, Entertainment, Boredom, and lastly Multiple reasons. The reason I rank recognition as most reasonable is simply because when someone chooses to commit to an act whether good or evil, I would like to think they wouldn’t be so cowardly as to try and hide that they did it, so someone who does do something such as a crime and trying to gain recognition from it to showcase their skills, is more reasonable than, lets say, someone who would do it just out of boredom. I put multiple reasons as the least reasonable simply because it encompasses too broad a spectrum of reasons and since there’s no one motivation, then I can’t really say if it was reasonable to do something for that reason. Political and Revenge take up ranks two and three because they are both heavy motivators, one being to act against someone or something that had acted against yourself and the other to manipulate politics. These are both really interchangeable to me since they are strong reasons, although I am not advocating for either of them. Money sits in the middle at rank number four because while getting compensated for an act is a good motivator, I feel as though morals should be the reason people do things rather than just because they are being paid to do it. Entertainment and Boredom take ranks five and six because I don’t really agree with doing things out of boredom, since that can lead to under estimating consequences and not planning an act accordingly, so it doesn’t seem like a reasonable motivator to do something, at least to me.

Journal Entry 6

Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source]. Compare the three fake websites to three real websites and highlight the features that identify them as fraudulent.

My Response: The kind of websites I’ll use are shopping websites like Amazon, Walmart, and Best Buy, which all have features like: secure payment methods, clear return policies, verified customer reviews, and official domain names like .com .org etc. They also use HTTPS for security and display professional, consistent branding throughout their websites. Fake websites, on the other hand, like scam discount stores, scam electronics sites, and counterfeit sellers, usually have deals that are often too good to be true, grammar issues, and unusual domain names like .shop, .xyz etc. They also may not have customer service contacts or easy to spot “bot” reviews. That’s why it’s always good to check for HTTPS, actually go through customer feedback, and see secure payment options to verify whether or not a website is legit. When in doubt, do research on the website before committing and putting in your information

Journal Entry 7

Review the following photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s).

My Memes: https://docs.google.com/document/d/1CKeCiz7pUB_poikSRDFMyyXrZBLe1jg6hhHPcXOafvM/edit?tab=t.0

Journal Entry 8

Watch this video and pay attention to the way that movies distort hackers. Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It? – YouTube. After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity

My Response: Media both helps and hinders our understanding of cybersecurity by both portraying it in a way that spreads the threat it can have, and also in a way that isn’t really the most realistic. Hackers in movies for example are almost always just really smart “techy” who can breach a firewall with just one or two clicks and then they download everything they need from a server, but realistically most hacks/cyberattacks take place in much more simple ways such as sharing passwords with someone you shouldn’t or even downloading malicious packages on accident. This makes it hard for the public to understand just how easily they can become the victim of cyberattacks due to them not understanding how little it takes to breach your information.

Journal Entry 9

Watch this Video: Social media and cybersecurity Complete the Social Media Disorder scale How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

My Response: I scored a 4/9, so while I wasn’t technically considered to have a social media disordered, I will admit that I am going to have to go back through and examine my social media usage to better be able to go throughout my day without it. I think that most of the items on the scale are a little bit crazy for people to actually do, but others can go unnoticed by most. I think when it comes to the patterns found around the world, then a factor that comes into play is the kinds of technology that different areas are able to access. This difference in availability, I think, would be the most obvious reason, and another might be how different cultures raise their kids to handle technology usage.

Journal Entry 10

Read this and write a journal entry summarizing your response to the article on social cybersecurity https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b

My Response: In “Social Cybersecurity: An Emerging National Security Requirement,” Lt. Col. David M. Beskow and Dr. Kathleen M. Carley talk about the rise of social cybersecurity as a key factor in national security. They define social cybersecurity as “the study of cyber-mediated changes in human behavior and societal outcomes,” and emphasize its role in modern cyber warfare. They also talk about how state and nonstate agents exploit technology to manipulate public opinions and then go on to destabilize societies, they then go on to cite Russian information operations as their prime example. They advocate for multidisciplinary approaches and policy reforms to defend against emerging threats and protect societal integrity.

Journal Entry 11

Watch this video. As you watch the video, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

My Response: The video describes the role of a cybersecurity analyst as enveloping a number of social themes like trust, responsibility, and team-work. Cybersecurity analysts also play a big role in maintaining digital trust by protecting different kinds of important information from cyber threats, which can directly impact individuals and organizations on many levels, one of which is public trust in their systems. Their work also comes with a strong level of responsibility, since they have to stay vigilant against cyber risks that continue to evolve year after year. On top of that, teamwork is essential, since analysts collaborate with IT teams, law enforcement, and other security professionals to be able to better address threats effectively and efficiently. The profession also underscores how digital security isn’t just a technical challenge but also a social responsibility that affects everyone since it’s their data being gambled with.

Journal Entry 12

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different psychological social sciences theories relate to the letter.

My Response: For economic theories: Rational Choice Theory which is shown by the company choosing to delay notifying customers, and instead choosing to focus on cooperation with law enforcement over transparency to minimize legal risks since the law enforcement asked them to wait in order to help in their investigations. This showcases a calculated and rational choice since the company probably noticed that cooperating with the authorities would best align with their interests. Another economic theory would be Information Asymmetry, in which the company had knowledge of the breach for months before they chose to inform their customers, which prevented them from taking action to defend themselves. This shows Information Asymmetry since the company had more information than the customer, and that allowed more exposure to greater risk due to their negligence in allowing the customers to have proper knowledge of the incident in a timely manner for their own defense. Psychological Social Science Theories: Social Contract Theory which is customers choosing to trust companies to protect their data. However, the breach and delayed disclosure to its customers violates this trust, in turn harming consumer confidence between the company and its consumers. Over time, this can cause heavy damage in the company’s reputation, costing it an innumerable amount. Then there’s neutralization Theory where the company decides to shift the blame to a third-party provider and law enforcement, which is it deflecting responsibility in order to maintain its own reputation. The letter, however, illustrates how the company weighed risks, manage public perception, and handle its crises while still balancing ethical and economic considerations.

Journal Entry 13

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453 write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

My Response: Bug bounty policies enable ethical hackers to have reason in helping to identify security vulnerabilities, which can offer organizations a cost-effective and adaptive cybersecurity strategy to defend against the growing issue of the advancements of malicious attack strategies. The literature highlights their role in addressing shortage of cybersecurity talent and in improving vulnerability detection through a diverse force of experts. Since findings show that hackers are not solely motivated by monetary gain, that helps make these programs accessible even to smaller companies with not much to provide bug bounty hackers, but instead give them reason to work for the “good guys” to show their skill perhaps. Additionally, the size of a company and their brand reputation usually have a minimal impact on the volume of reports. However, industries like finance and healthcare do happen to receive fewer reports, and programs see less and less returns over time as initial vulnerabilities become addressed over time. Overall, bug bounty programs are an effective way to enhance security, but organizations must be willing and able to adapt incentives and scope if they want to maintain its long-term effectiveness as a strategy.

Journal Entry 14

Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

My Response: In the article, Andriy Slynchuk goes over different online activities that are done by people, but are actually illegal. From the eleven that they went over, the five that stood out the most as what I would consider serious are as follows. First is sharing others’ passwords, addresses, and/or photos without their consent due to it being an invasion of their privacy, and how it can potentially lead to identity theft especially because of the password sharing. Second, collecting information about people that are under 13 years old which not only violates the Children’s Online Privacy Protection Act (COPPA), but is also just a weird thing to do. As an adult, I just can’t imagine a reason someone would go about their day stalking a child’s profile or information unless it was for malicious intent. Third, faking your own identity online because it can enable fraud and manipulation, which undermines the trust someone else would have in you. Also because there’s no real reason I can see someone faking an identity online for since once they’re caught then everyone will know who they really are anyway, so unless they don’t intend to be caught what else was their purpose if not malicious? Fourth, recording VoIP calls without the other person knowing and consenting is an attack on one’s personal privacy and the idea that you’re unable to speak privately with someone because it can be used maliciously ends up harming more than just one person, I believe. Lastly, cyberbullying and trolling would have to be the biggest due to the psychological harm it can have, sometimes even leading to tragic outcomes like suicide which is a terrible thing to be the cause of. All of these are in some way terrible on their own, and can seriously impact a person’s safety, privacy, and overall well being.

Journal Entry 15

Watch this video – YouTube and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.