Journal Entry#1
Sarah Bennett
Week 1 Journal Entry
I reviewed the NICE workforce framework for cybersecurity that Professor Yalpi posted
on Canvas. One of the most interesting areas that caught my eye while reading is (investigation.)
This resonated with me because I want to pursue a cybersecurity job that relates to something
investigative. The roles that were mentioned in the framework, were Digital Forensic Analyst &
Cyber Crime investigator. These jobs fully resonated with my interest in the investigation and
forensics field. These jobs go into depth with analyzing digital resources and evidence to support
and help law enforcement figure out criminal cases.
However, the least appealing thing to me after reviewing the framework was the
particular area of “Oversee and Govern.” This topic seems very crucial for organizing and taking
on the initiative of select planning this area did not fully explain any governance or policy
regarding risk management. With that being said, this isn’t as appealing because it does not
relate to investigations or cybercrime solutions.
Journal Entry #2
The principles of science within empiricism, determinism, parsimony, and objectivity are very crucial towards the foundation of cybersecurity. Firstly Determinism is the principle of science that behavior is caused or influenced by preceding events. For example, this principle suggests that cyber attacks or incidents happen because of a specific cause and effect situation. Empiricism means that the social scientist can only study behavior which is real to the scenes, such as taste, smell, touch, hearing, and sight. Scientists also agree that our knowledge in our disciplines must come from empirical research. Parsimony is the principle of science that means that scientists should keep their levels of explanation as simple as possible. For example, protocols and designs make systems easier to manage. Objectivity is a way that scientists study topics in a very value free manner and science does not exist to promote an option ion or point of view. In conclusion all of these principles that I have mentioned truly all use Somme sort of systematic way of cybersecurity to make it thrive as the field progresses each day. Here systems enable companies and organizations to help protect and mitigate the systems that they have put in place for their company. These strategies will help in the long run.
Journal Entry #3
Individuals can see a comprehensive database visible to the public that shows data breach information, which many researchers can use to analyze many trends, causes, and most importantly security incidents and their impacts. While studying these breach reports, researchers can quickly identify vulnerabilities, vector attacks, and company weaknesses due to many different data exposures. The information in this reading helps assess the effectiveness of cyber security measures, incident strategies, and most importantly compliances that happen regularly. Researchers can also track the frequency of breaches within many different industries, which evaluates sectors that are mostly targeted. The data also allows the full understanding of how cyber threats evolve. Then again, researchers can also examine how organizations publicly state how breaches and languages are used, which contributes to insights into worldwide crisis communication and customer and consumer trust following a recent attack or incident.
Journal Entry # 4
Maslow’s Hierarchy of Needs fully outlines five levels of human needs that relate to my
experiences with cyber security technology.
1. Physiological Needs~ Depending on internet & electricity are crucial for accessing
information getting access to information and communicating, like essentials such as
food and water.
2. Safety Needs~ Many Cyber requirements, such as strong passwords and antivirus
protection software, help mitigate and protect personal and financial data to ensure fully
protected and safe online experiences.
3. Esteem Needs~ Networking that is on a professional level, such as online sites like
LinkedIn, Facebook marketing, and so much more like that. These apps allow me to
professionally message and contact individuals to further pursue my professional career.
4. Love and Belonging~ Social media and messaging apps allow me to connect socially
with my family and friends.
5. Self-Realization ~ Having the help of technology and continuously learning how to
research mitigations procedures for the development of cyber security skills or my future
career in cyber forensics.
Throughout this entire read, each level of human needs is enhanced by different digital
experiences and shaping my life daily as an aspiring cyber forensic analyst!
Journal Entry # 5
This ranking considers the impact and prevalence of each motive, emphasizing that while some
reasons might be more understandable, none justify illegal activities.
Below, I will rank the articles linked to a motive from 1 to 7.
1. For Money: Financial gain continues to be a primary driving force for cybercriminals.
The HP Threat Research article highlights what many cybercriminals partake in and how
they spend their illegal earnings on luxury items.
2. Political /Politics: Hacktivism has seen a huge rebuttle as far as youth hackers targeting
entities to promote political agendas, mainly bad. The Economic Times talks about this
new ripple of politically motivated cyberattacks and crimes.
6. Multiple Reasons: Some cyber criminals have complex motivations, which include
financial gain, political beliefs, and most importantly, personal grievances. Infosecurity,
which explores multifaceted drivers.
7. Boredom: Engaging and interacting in cybercrimes out of boredom is the least justifiable
motive because it shows a disregard for the potential harm caused to victims.
The rankings above show the initial impact and prevalence of each motive that was listed,
which shows how some reasons might be more understandable, and none truly justify
illegal activities that are done
3. Revenge: Individuals having personal vendettas, which leads to malicious online
activities. Many news outlets from Wales report on victims of revenge porn which they
feel let down by law enforcement, making aware of the personal motives behind such
crimes.
4. Recognition: Many individuals seek notoriety through cyber exploits. A British individual
who had conducted a DDoS attack on a political candidate’s website did so to possibly
seek attention.
5. Entertainment: Some hackers claim to act out of boredom or fun; however, howeve4r the
consequences they will endure are very severe. For example, an individual scraped 700
million LinkedIn profiles “for fun” yet sold the data online.
Journal Entry # 6
The rise of many new websites allows a pathway for fraudulent websites targeting vulnerable
online users.
The first website that I encountered was amaz0n.con. At first glance, it looked like a
credible website, however, if you look again and more times, you will be able to notice some
key discrepancies. Firstly, there is a 0 instead of an o within the name. Secondly, instead of it
ending in .com it ended in .con. This was a major red flag for me because usually, credible
websites end to end in .com.
However, amazon.com which has no red flag at first glance and is a credible source
shows that it ends in an official URL such as .com and uses proper grammar. That the fake
website did not have.
The second website that I encountered was microsoft-support.net at first glance, this
does not seem like a credible website at all. The domain uses an unofficial URL such as .net
instead of a more official URL like .com or support. It also isn’t as professional as many other
websites handle, especially with using a – between the sentences.
However, the real website, Microsoft.com/support looks credible and is credible. It
displays a secure HTTPS connection uses proper grammar and is credible.
The third false website that I encountered was londoninsider.co.uk, as I stated earlier
the URL doesn’t have an official ending such as .com, and is hard to believe that it is real.
However, the real comparable website bbc.com/net uses a proper and official URL and
doesn’t have any red flags at first glance, and once you press on the website, it shows that it is
credible.
Journal Entry # 7
Journal Entry # 8
Based on the video that I watched, Prof. Yalpi instructed us to watch it. The media
usually overexpress how hacking works. This makes it look very easy or overly dramatic to
viewers, creating false interpretations about cybersecurity. During the video, cyber expert Elzari
expresses and asses different hacking scenarios. These different scenes within the video show
how big of an influence how people view the protection aspect of cybersecurity. Many people
think that hacking is a simple skill, and others believe it to be on the harder and more
complicated side. Even though the media is very educational and can be for entertainment
purposes, it expresses an inaccurate misconception of how serious cyber threats and attacks
are and doesn’t know the full value and security within cybersecurity.
Journal Entry # 9
How did you score?
On the social media scorer, I scored 3 yes, 6 nos. I am labeled under risky usage.
What do you think about the items on the scale?
I think that they were okay, I think the questions were more on the vaguer side, rather than having a full circle of questions that could properly identify the key pinpoints to individuals’ social media disuse.
Why do you think that different patterns are found across the world?
I think it is based on the environment you are in/around. Many parents allow their children to be on social media or websites because it keeps them occupied. However, the detrimental side-effects that reflect too much social media influence clearly show between children who do it and those who don’t. Adults like myself use social media as many different outlets. Blow off steam, educational/ learning purposes, negative usage, and so much more. There are many different reasons people use social media, the majority is for positive and enjoyment purposes, and others, unfortunately for negative use.
Journal Entry # 10
While reading this article, I believe I endured a brand new perspective on the values of
the future of cybersecurity. I normally would think of cybersecurity as a broad spectrum of
network security, malware/phishing attacks, data analytics, and so much more. However, while
reading this article, I was able to see cybersecurity differently. It shows how individuals and
society are always being targeted for information through manipulation from information
online.
The authors go into detail about the definition of social cybersecurity and how society
needs to be protected from the harmful online experience. This involves, disinformation,
manipulation, misinformation, and organized campaigns for influence. The article also goes into
depth on how social media plays a huge play within the exploitation and manipulation of users
online.
The main thing that stood out to me the most would have to be how attackers simply
just spread false information, which creates online division and manipulates individuals. It
shows how critical and well needed, is for digital literacy for all online and offline individuals, to
make aware of how dangerous and critical this topic is.
Overall, I view cybersecurity way differently after analyzing and reading through this
document. Cybersecurity’s job isn’t only protecting the systems from online and cyber threats,
but it is also how can we defend individuals and society from the online manipulation especially
if one is not acclimated to digital literacy.
Journal Entry #11
The video above highlights several aspects of social themes that endure the role that
cybersecurity analysts have. The main theme that the video focuses on is the emphasis on
collaboration and communication. Cyber analysts truly must have complex skills and effectively
convey security concepts, like training teams of technical and non-technical, ensuring that all
security regulations are implemented across the entire business or organization. These are very
necessary within a cyber analyst’s career, and takes hard work and dedication to have the
ability to communicate these things among co-workers and others who need such information.
Additionally, Cyber analysts are also responsible for training and raising awareness
amongst co-workers and employees about the importance of security measures and the
importance of education with digital literacy. They also work in teams (teamwork) and have to
develop concepts and enforce security practices to effectively do their job properly.
Journal Entry # 12
Two Economic Theories:
1. Negative externalities are a data breach that affects the company and costs customers about identity theft, and financial losses. These negative externalities are the actions of the company that have been unintended when someone recognizes these negative externalities it is shown to emphasize the importance of implementing high security measures to mitigate attacks and breaches among consumers/individuals and maintain their trust.
2. Gordon-Loeb model: this model addresses the investment that should be made in information security to help mitigate and protect its data. This model shows that investing insecurity measures up to a substantial amount where the cost of an additional investment equals the marginal benefit and reduced expected loss from said breaches.
Two Psychological Theories:
1. Risk perception theory: this theory shows how individuals understand and respond to risk. When individuals are notified about a data breach, some individuals may feel anxiety or become scared because of the feeling of their information being breached this causes individuals to be stressed and lose confidence in a company or a business ability to protect their personal and financial data.
2. Trust repair mechanism: after a breach when it comes to reestablishing trust within customers, it is crucial. Studies have shown that when companies are transparent, have good communication, and take full responsibility for the mistakes that have happened about breaches within personal information. This builds a certain bond and trust among customers, which makes them feel better about where they are choosing to keep their data.
Journal Entry # 13
When it comes to bug bounty policies and invites, ethical factors identify security flaws all while exchanging for rewards that align with economic and cost-benefit propositions. This article highlights the effectiveness of a high amount of skill to find certain vulnerabilities that internal teams could discard or overall miss. Additionally, it shows that the programs are cost-efficient, diverse, and most importantly have good proactive threat detection. Somehow they do require careful management, reassurance, legal boundaries, and proof of resources. In conclusion, the bug bounty program provides an honorable and valuable source of cyber security, but when it comes to their effectiveness and success, it solely depends on how clear the rules are and how the organization can handle certain reports and implement certain rules and regulations.
Journal Entry # 14
The five most serious violations that the author Clario talks about in his online article are :
1. Using Unofficial Streaming Services- Many individuals like to take the easy way out and watch shows and movies on illegal sites or unofficial streaming services. When someone goes through an unauthorized site to watch shows, this goes behind the copyright laws and regulations that are put in place and can often cause potential malware and sometimes even legal consequences.
2. Collecting Information about Children under 13- This as a whole is unacceptable whatsoever. Having and gathering videos for a minor, especially with no parental consent, violates many laws, but most importantly, the COPPA. The Children’s Online Privacy Protection Act.
3. Bullying and Trolling- When an individual indulges in online bullying and harassment, it can not only cause civil lawsuits, but it can instantly turn into criminal charges. It is best to be nice and use kindness while on the Webb, for being mean only gets you to a dark place.
4. Sharing passwords, address, or photos- Posting someone’s personal information including photos without their consent is illegal. It is illegal to take pictures of someone without their knowledge or post someone’s private information online. This goes against the Invasion of Privacy Act, and can cause civil/criminal charges against an individual who participates in this.
5. Faking your identity online- Committing fraud by using someone else’s information is very illegal. When you use someone’s information and it is not your own, you are not only committing fraud, but you have created a persona within this person’s identity without them even knowing. It isn’t fair to them and is outright just not fair at all. When an individual does this on social media, they are violating the ” terms of use” within the platform’s policies, which they consented to before signing up.
Journal Entry # 15
After watching and reviewing Davin Teo’s TEDx talk provided by Prof Yalpi, I was able to understand his view on digital forensics, and I was so positively intrigued by Teo’s pathway within his career and how it exemplifies success between social sciences and technology. He first began his career with a background in finance and commerce management. However, he then transitioned into digital forensics, which is a big leap and a career field. He is now the lead of the Forensic Technology team across Asia. He works around high-stakes legal files, data breaches, fraud, and investigations regarding digital forensics.
I was intrigued by how he carried himself throughout his career. he is a huge inspiration for me as I go through my cyber career. He had personal motivation and emphasized the knowledge of understanding the principles of social sciences. I am very glad I watched this video and learned a lot about his career and journey within the technology field.