Week 1 – Journal Entry 1

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

The main group that I want to focus on in my Cyber Security career is the Protection and Defense (PD) Work role category. I love working on a computer to defend it against attacks, analyzing the data produced from the cybersecurity tools, and working with investigators on the crimes related to each attack. My favorite job areas in the Protection and Defense field are Defensive Cybersecurity and Digital Forensics. I’m interested in analyzing the information gathered by all the Cyber Security tools and understanding what they mean. Plus, with the ability to gather data from attacks and preserve it can be used as Digital Forensic evidence that can be useful in finding who attacked it and what vulnerabilities they used. 

The least appealing area of the Protection and Defense (PD) work category is the Vulnerability Analysis. It’s a field of cybersecurity that works on a lot of ensuring policies and maintaining them from deviation. It’s mostly a complex field of making sure the structure of all the policies is protected from all forms of vulnerabilities. This is a hard line of cyber engineering that requires perfection for the effectiveness of the policies to work.

Fields like Design and Development are the least interesting fields to work on. The field focuses on cyber engineering and development which is the kind of work I don’t like working on. There’s lots of coding, constant research, requirements for perfection, and constant failure to ensure success.

Week 2 – Journal Entry 2

Explain how the principles of science relate to cybersecurity.

When it comes to Cybersecurity and scientific principles, new technology has brought an age of new behaviors to cyber criminals. It’s stated that the social sciences are equally scientific as natural sciences. Scientific principles like relatives, objectivity, parsimony, empiricism, skepticism, ethical neutrality, and determinism. Relativism, for example, refers to how technology creates change in the social system and our current social drive in technology. As people get more used to technology, criminal behavior also changes to the point where there’s a pattern of how they commit crimes through non-physical contact means. Determinism points out that all the outcomes of new technology have influenced the behaviors of criminals by introducing new crimes that can be committed.

Week 3 – Journal Entry 3

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

Researchers can use this website to gather lots of quantitative data on the different types of breaches and news stories that can’t be found anywhere else. The data offered allows researchers to study the information about each unique or similar breach without the fear of it being biased. The information on these reports of data breaches provides lots of data graphs and facts that contribute to the critical information in understanding why data breaches occur. The data can even be separated to display what companies are impacted by these breaches the most and what branch of business/government/financial institution was severely affected by the breach. This can provide lots of data for researchers to understand why criminal organizations are attacking these places, what state is affected the most, and what pattern it shows in their behavior. 

Week 4 – Journal Entry 4

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Maslov’s theory is very relevant to my experiences with technology. I’ve become so reliant on technology that if I were separated from it for even some time, I’d start getting very anxious. Even when I have all my basic needs, psychological and self-fulfillment needs like social media tend to take over and make it feel like a basic need. One time I lost my phone somewhere and started to get angry because I couldn’t remember where it went. It took me so long to realize it was in my bed because I always looked at it before going to bed to talk with my friends. Social media has essentially made it feel like I had a place to be so if I was separated from it, I’d feel like I lost an essential need. 

For basic needs, physiological needs like a computer and iPhone became my basic needs with safety like updated security and protection. Social media on technology has become belongingness and love needs as I love staying with my friends online while esteem needs also apply since I feel accomplished having friends to talk with online. Self-fulfillment takes priority over my self-actualization needs. When I play video games on these technological devices, I feel like I’m doing my best with my creative activities even tho it’s not essential or unleashing my full potential, it makes me addicted to it to feel positive being around it. Given my digital experience with technology, Moslaw’s hierarchy of needs correlates with my psychological behavior and how technology is an essential need for me.

Week 5 – Journal Entry 5

Review the articles linked with each individual motive in the presentation page or Slide #4.  Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7).  Explain why you rank each motive the way you rank it.

  • 1 – Money: Many cyber criminals hack to gain money for themselves or a group of people they’re working for. They know how easy it is and how less risky it is to rob people online. This was ranked #1 because I think it’s the primary reason why people commit these crimes for financial gain.
  • 2 – Political: Supporters or anti-supports of political parties hack to fight against the other party. Russians were known for interfering with the US election by hacking Hillary Clinton’s email to expose her emails and lost popularity during the election. They also do this for monetary or political gain for themselves and their parties. This was ranked #2 since many people want to see their favorite president or electoral senator win so they hack in their name of letting them get an advantage in the political race.
  • 3 – Recognition: Sometimes hackers will hack because they want to be recognized by others for their ability to break into computers and do damage. Many anonymous users tend to do this to scare people and make them recognize the dangers of these activities while also making sure they remember what they’re capable of. I ranked this #3 since many hackers like to gain attention for their damages so they can feel fulfilled by being infamous.
  • 4 – Entertainment: Usually, hackers sometimes commit cybercrimes because they find it amusing to damage or hurt other people from their actions. Most of the time, hackers would react to the people being in shock, pain, or anger by their attacks. This was ranked #4 because while not the most common, it tends to be done for the sake of watching people suffer like how victims of swatting are affected and they laugh at the effects of their work.
  • 5 – Revenge: Out of spite, a person would commit a cybercrime against an individual or corporation because they had a vendetta against someone who ruined their life or reputation. I rank this #5 since not many people hack for vendetta purposes but they do sometimes do this as a way to get back at a person online that they can’t interact with in person.
  • 6 – Multiple reasons: Mostly, while there is one goal for a criminal hacker, they sometimes are motivated by multiple or other reasons since they seek more than what they want. A hacker might want revenge against a company that ruined the people around them so they hack them for financial as well. This was ranked #6 because I don’t think many people have multiple reasons for hacking but they sometimes do as it can be a part of their goal.
  • 7 – Boredom: Lastly, a hacker may be motivated to commit cybercrimes because they feel very bored so they do it for fun. A hacker might be a grey-hat young person who attacked a website because they wanted to test their skills in seeing what websites are vulnerable or create spam bot accounts on an online game to watch them wreak havoc against real players. I rank this #7 since I don’t think many people would hack out of boredom but some people would like teenagers since they find the idea of doing damage from the internet to be fun.

Week 6 – Journal Entry 6

Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?

  1. A website can be fake if the host link at the top is spelled wrong or similar to it. A malicious website will try to pose as the website and use a fake link to make users into thinking it’s legit. An example is apple.com vs appIe.com. Notice how they look very similar but the second link is a capital i instead of a lowercase l indicating that it’s a malicious site attempting to pose as the real one.
  2. Fake websites tend to have lots of errors in the design of their website. Fake websites tend to be in low quality, have bad grammar spelling, low resolution photos, missing links, difficult navigation, and missing business details/sections. When the fake website is compared to the real website, you can tell how much of a difference the bad website is compared to the real one.
  3. A way to check to see if a domain is fake is based on how old the domain is and who owns it. Sometimes newly made fake domains will pose as legit ones. If you were to check the age and ownership of the domain, you’d be able to see who owns it and figure out if it’s legit or fake. If a very well-known home domain like Walmart.com was created a few weeks/months ago that has a different ownership name, then it’s most likely a fake one since the Walmart website was registered in 1995 

Week 7 – Journal Entry 7

Review the following ten photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s). Explain how your memes relate to Human-centered cybersecurity.

Trained human-centered cybersecurity professionals create human-centered designs to expose the real objectives of understanding the cognitive workload, emotional changes, and modified mental models professionals don’t take into consideration.

Human-centered cybersecurity positions humans as the important element of cybersecurity and information security that helps reduce human-enabled error.

Human-centered cybersecurity helps construct the foundation of an in-depth comprehension of how human behavior works and the rationality of human decisions when interacting with an information system.

Week 8 – Journal Entry 8

Watch this video and pay attention to the way that movies distort hackers. After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity

As computers developed, many people took an interest in the field of cybersecurity and began to create entertainment that talked about it. Some movies like The Matrix, Hacker, or Mission Impossible began to make scenes where characters used a computer to hack into a system, disable security systems, or even use techniques used by black hat hackers. Sometimes they use real-world examples in cybersecurity to educate people about how people can commit cyber attacks and what examples they use to show the different types without them knowing what it is.

The media depicts cybersecurity as a skill and an ethical or unethical tool that can be used in the real world to help attack or defend anything that uses technology. People can be fascinated or even inspired by the media’s take on cybersecurity and may take a career path in it.

Sometimes media depictions of cybersecurity hacking are unrealistic and misrepresented in popular media like Hollywood movies. Hacking is often oversimplified or dramatized beyond the point of how it works using computer jargon words without explaining what it does. Sometimes they even make hacking as easy as pushing a button when in reality, it might take a lot of time to type up the commands or execute a piece of code. It takes a lot of typing, coding, and work to make a hacking attack look realistic. 

Week 9 – Journal Entry 9

Complete the Social Media Disorder scaleLinks to an external site.. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

For the test, I got 6/9 yeses and 3/9 noes. I have a diagnosis of Disordered Social Media User because I exceeded the score of 5 for the test. 

I find the items in the test’s scale interesting because they discuss how someone addicted to social media can threaten cyber security. People who are addicted tend to share lots of information that criminals can exploit to know where you work, what you do daily, and use any opportunity to use your posts to breach a workplace’s security. 

The items in the scale speak to how someone can neglect their duties or family which could cause mistakes to happen especially in their workplace. Different patterns of people are different across the world because it all depends on a country’s economic and social structure. Some poor countries don’t have enough phone users which can dramatically impact how many people aren’t affected by Disordered Social Media User or have access to social media easily. This is different compared to rich countries which have phones as a common item. 

Week 10 – Journal Entry 10

Read this and write a journal entry summarizing your response to the article on social cybersecurity: https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/Links to an external site.

The journal article discusses the rise of social cybersecurity becoming a subdomain of national security could affect all levels of future warfare, whether conventional or unconventional. Social cybersecurity is the focus of the science to characterize, understand, and predict cyber-mediated changes in human behavior, and social cultural, and political outcomes. Information allows actors to manipulate the global marketplace and use information to strengthen, divide, disrupt, or disrupt society’s culture, values, and trust.

Social cybersecurity involves humans using technology to “hack” other humans also known as “Cognitive hacking”. It uses computational social science techniques to identify, counter, and measure the impact of influence campaigns to learn and then inoculate the risks against these campaigns. If social cybersecurity is not implemented, then an information blitzkrieg can occur where lots of information can manipulate people and hack them into creating distrust between society and institutions as well as civil leadership.

Week 10 – Journal Entry 11

Watch this video. As you watch the video, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

In the job of cybersecurity analysis, it involves monitoring the network and defending it against attacks. It’s about analyzing the behaviors of the attacks to predict what they’ll do next. Monitoring the behaviors of text and network activity can pinpoint how the person behaves and what methods they use to breach a system. They can also utilize the remediation of breaches to allow the cyber analysis to understand what is and isn’t vulnerable. It’s very social involving lots of work looking at patterns of people to understand the behavior of how they attack, what they do to understand the problem, and the effects that these can cause and how they can be fixed.

Week 11 – Journal Entry 12

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

Rational Choice relates to the letter because it involves the business making the choice to inform their customers about a breach that could expose their information. This was done to inform their customers and reassure them that everything will be fixed so business can continue.

Risk Assessment relates to the letter because it involves assessing what systems that were compromised were most vulnerable and having someone hired to monitor the personal information to reduce the risk of theft.

Laissez-faire relates to the letter since it involves the government intervening to protect the individual’s information rights only after the breach. It was done to have their platform providers contact federal law enforcement to protect their customer’s data and enforce the protections against attackers.
Provider has also contacted and offered its cooperation to federal law enforcement.

Keynesian relates to the letter as it involves calling the government to invest in it to protect their interests and implement stronger security as it hopes to reduce the costs of any attack that occurs as well as prevent economic downfall from breaches that occur.

Week 11 – Journal Entry 13

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

Many firms back then were skeptical about the reports of cybersecurity vulnerabilities from third-party researchers because 93% of them didn’t have a vulnerability disclosure policy that stipulates how researchers will submit bug reports to organizations without legal trouble. IT prevented companies from learning about the possible blind spots in their cybersecurity backbone. Then the US government began implementing laws that enforce agences to create a VDP due to the financial losses. As new VDPs were being enforced, bug bounties were becoming a new thing where freelance hackers could submit reports of vulnerabilities and bugs for profit.

Companies invested in this kind of financial strategy because it allowed them to identify bugs in their code base that they weren’t aware of as oversight issues are easy to miss. Plus, it provides companies that lack experience in the field of hacking free-lance hackers who have tons of experience in patching bugs. Bug bounty hackers also help mitigate the costs that are caused by security breaches, prevent major losses from attacks that could occur, and protect small businesses from being shut down by a breach. Plus, it costs way less to hire a bug bounty hacker to patch these vulnerabilities than to let a breach cause major losses.

Week 12 – Journal Entry 14

Andriy Links to an external site.SlynchukLinks to an external site. Links to an external site.has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

The article discusses 11 illegal things that people can do unknowingly on the Internet and discusses them with the reader. The five illicit things that will be discussed are faking identity, collecting information about children, bullying and trolling, sharing addresses and passwords online, and illegal searches on the internet.

Faking identity on the internet by using someone else’s information is dangerous since it can be used to decieve people and defraud them into doing something that they aren’t expecting or to ruin the reputation of the user the criminal is impersonating.

Gathing and using data from children under 13 is unethically illegal because it’s a violation of the Children’s Online Protection Act and can be used by child predators to know more about the activities of the child. (Though many sites like YouTube promote this kind of stuff and get away with it)

Bullying and trolling are unethical and can be punishable by website app owners since it involves hurting someone’s morality online. It can even be punishable by law if something bad were to happen due to the bullying like suicide.

Sharing the addresses of people online can endanger them because it can lead them to be vulnerable to doxxed, swatters, hackers, and social engineers, which can allow them to be put in danger or hurt by these criminals.

Searching for illegal things online can raise some red flags for police and government agents involving your activity. Some search terms could even land you in jail because they involve acts of conspiracy to commit a crime or find highly illegal items like illegal porn, drugs, or how to make a dangerous device/weapon.

Week 15 – Journal Entry 15

Digital Forensics | Davin Teo | TEDxHongKongSalon

Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

The career of digital forensics revolves around using social science to solve crimes in cyber forensics. Digital forensics uses the collection, analysis, and reporting of various electronic data reporting that can be used in a court of law. Social science is used in digital forensics to capture the illegal activity of human behavior to analyze and lead back to the source of the crime. In the video, they analyzed the human activity involving an IP address that was used by five users to find out that it had virtual servers used to host torrent sites. After analysis, it was found that the website was internal and the IT department was involved in the crime.

I found it fascinating that Davin’s journey into the field of digital forensics. Davin started in the accounting field, then learned that his workplace needed IT people and realized his experience in tinkering with computers allowed him to realize that he could be defined to work in that department and apply to the demands they’re looking for.