Journal Entry #1
Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.
The categories that I would like to focus my career on are protecting and defending, investigating, securely provision, and overseeing and governing. The reason why I would like to focus my career on these categories is because I want to become an intelligence analyst for the FBI and you will have to use these categories while doing this job. Protecting and defending identifies, analyzes, and mitigates threats to internal information technology systems and networks. The specialty areas for protecting and defending are cyber defense, infrastructure support, incident reporting, vulnerability assessment, and management. When investigating you investigate cybersecurity events or crimes related to information technology systems, networks, and digital evidence. The specialty areas for investigating are cyber investigation and digital forensics. Securely provision conceptualizes, designs, procures and builds secure Information with responsibility for aspects of the system and or network development. The specialty areas for securely provision are risk management, software development, systems architecture, systems requirement planning, technology and R and D, and test evaluation. Overseeing and governing provides leadership, management, direction, development, and advocacy so the organization may effectively conduct cybersecurity work. The specialty areas for overseeing and governing are cyber management, executive cyber leadership, legal advice, advocacy, program/project management and acquisition, strategic planning, policy, training, education, and awareness.
Journal Entry #2
Explain how the principles of science relate to cybersecurity
In the social order, Robert Bierstedt argued that social sciences cohere to the same principles as the natural sciences. Bierstedt concluded that the social sciences are just as scientific as natural sciences. This means these principles can be applied to the study of cybersecurity through a social science framework. The social sciences are criminal justice/ criminology, sociology, economics, political science, psychology, and leadership. When studying cybersecurity as a social science, you must always use the principles of Relativism, Objectivity, Parsimony, Empiricism, Ethical Neutrality, and Determinism. Relativism means that all things are related. We use this to understand that cybersecurity through a social science aspect requires that we recognize how broader technological changes influenced behavior cal dynamics, economic decisions, policy making, and social processes. Objectivity refers to the way that scientist study topics in a value-free manner. Science is not opinionated, instead, science exists to objectively advance knowledge. It is extremely important that those studying cybersecurity from a social perspective be objective in doing their research. Parsimony means that scientists should keep their levels of explanation as simple as possible. Empiricism means that social scientists can only study behavior, which is real to the senses which means that you can taste, touch, see, hear, or touch it. Ethical neutrality refers to the fact that scientists must adhere to ethical standards when they conduct research. It includes protecting the rights of Individuals we study and being willing to empirically and objectively study topics. Determinism means that behavior is caused, determined, or influenced by preceding events.
Journal Entry #3
Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.
From the information retrieved from PrivacyRights.Org I think that researchers may use the information to look at the trends in the breaches. Some of the trends I recognized are the years that the breaches occurred. In 2012 there were 2,139 breaches. Which is the year that the most breaches occurred, researchers may want to research why so many breaches happened during this year. From looking at the data I noticed how there was an increase in breaches in 2006, before the year 2006 there were only hundreds of breaches but then 2006 came and it turned into thousands, I’m sure one of the reasons for that is because more technology has been made but a researcher might want to see why there is such a dramatic change because there could be different reasons for why the change is so dramatic. Another trend that a researcher may want to research is why so many breaches happen in California and how to limit the breaches. Something interesting about the breaches is that some of the businesses are unknown, so they may want to do research to find out why the business is unknown and try to find out what type of business it is. The business that has the most breaches is Healthcare, Medical Providers and Medical Insurance Services, one of the main reasons for this is to obtain private information from patients to steal their identity. Researchers may want to find ways to protect patient records, so their identity is not stolen. There are so many more interesting things that you can research with the information provided by the Chronology of Data Breaches like the types of breaching that are being done, the reason behind why data breaches are happening, and much more! It was very interesting to see the common trends in data breaches, so I am very glad that I was able to explore this information.
Journal Entry #4
Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.
Maslov’s Hierarchy of Needs suggests that all humans have needs that exist on a hierarchy. His theory suggests that once our lower-level needs are met, we then focus on meeting our upper-level needs. Our behavior is determined by what we consider our needs to be, and those needs can change over time. Maslov states that all people strive for self-actualization, but few ever meet that need. The basic needs are considered physiological needs which are food, water, warmth, and rest. Other basic needs are safety needs which are security and safety. The physiological needs are belongingness and love needs which are intimate relationships and friends, there are also esteem needs in this category which are prestige and feeling of accomplishment. The top section is self-fulfillment needs which is self-actualization and that is achieving one’s full potential, including creative activities. Maslov’s Hierarchy of Needs relates to my experience with technology because technology has made such an impact on my life it has covered my basic needs, my psychological needs, and even some of my self-fulfillment needs. Technology has helped me with my basic needs because I am able to order food online if I am unable to go out at the time or even if I just want to order something in advance because I don’t have time to wait. Without technology, there would be no heat flowing the vents right now so that I am able to be warm and comfy. Being warm also helps me to have a goodnight sleep so technology even helps me rest. Technology helps with my safety needs too because I am safe inside of my house because of security systems and locks on my doors. Technology has also helped with my psychological needs because I have found the love of my life through mutual connections on social media, and I am also able to keep in contact with my friends and family because of technology. Technology has helped me with my esteem needs because I recently created a website for my clothing brand and I feel like that is such a huge accomplishment. I feel like I have met some of my self-fulfillment needs because I have my own clothing brand and I wouldn’t have been able to make that happen without technology. I feel like technology has a huge impact on everyone’s life and I don’t know what I would do without it.
Journal Entry #5
Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think make the most sense(being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
Entertainment: I ranked the motive of the man behind LinkedIn scraping a 7 because I don’t understand how exposing the data of 700 million users could be fun. If anything, I would think his motive would’ve been financial gain because he was selling the data.
Political: I ranked this motive a 1 because the hackers are angry about how the world operates and upset about the role of tech companies in spreading propaganda. Youth are only trying to make things right, which is why instead of it being called activism it’s called hacktivism.
Revenge: I think revenge porn isn’t right at all because the person posting the porn is potentially ruining the victim’s life. However I do understand why they might want revenge so, I rank this motive a 3.
Boredom: Bullying & Cyberbullying is unacceptable especially when you’re just doing it because you’re bored. I ranked this motive a 7 because you should never bully someone just because you’re bored or bully them in general.
Recognition: I could understand why someone may want to hack into a website to get recognized because they may feel like they’re never seen. This is attention-seeking behavior, so I would like to rate this motive a 4.
Article Reviews
The first article I will be reviewing is called “Exploring Fraudsters Strategies to Defraud Users on Online Employment Databases”. The author of this article is Tessa Cole, and she went to Georgia State University. Tessa states how online fraud is increasing and how it is never going to stop. Tessa Cole says that fraudsters use a variety of platforms, like online employment, and classified data advertisement databases, to defraud unsuspecting users. The article suggests that fraudsters achieve this by imitating legitimate individuals and organizations to deploy their Social Engineering characteristics and tactics for the purpose of gaining users’ personal, sensitive, and financial information for their own personal gain (Cole, 2022). This relates to criminology, psychology, and sociology because fraudsters are committing cybercrimes and we know why they are committing the crimes and how they learn how to commit the crimes. The research uses reports and scholarly articles for credibility. The research question is “How to defraud users on an online employment database?” (Cole, 2022). The concepts from the PowerPoint presentations relate to this article because it has to do with social engineering and criminology which falls under social sciences.
The second article that I will be using is called “Classifying social media bots as malicious or benign using semi-supervised machine learning”. This article is written by Innocent Mbona and Jan H P Eloff. The research questions for this article are “1. Can the same features used in previous studies to successfully distinguish between malicious bots and humans be useful in classifying benign and malicious bots? 2. What features found in the metadata of OSNs indicate anomalous behavior between benign and malicious bots? 3. Can semi-supervised machine learning (ML) models be used to classify malicious and benign bots, given a limited labeled dataset of such bots?” (Mbona and Eloff, 2023). Mbona and Eloff used state-of-the-art research that demonstrates that bots can be broadly categorized as either malicious or benign. Eloff and Mbona said “From a cybersecurity perspective, the behaviors of malicious and benign bots differ. Malicious bots are often controlled by a botmaster who monitors their activities and can perform social engineering and web scraping attacks to collect user information”. This relates to social sciences and behavioral theories because in the PowerPoint it says that cybercrime is learned which is proven in this article. Mbona and Eloff talk about how they focus on identifying meaningful features of anomalous behavior between benign and malicious bots. They said that the effectiveness of their approach is demonstrated by evaluating various semi-supervised machine-learning models on Twitter datasets. Which I find to be very cool.
References
First Article: Cole, T. (2022, December) View of Exploring Fraudsters Strategies to Defraud Users on Online Employment Databases. (n.d.-b). https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/90/28
Second Article: Mbona, I., & Eloff, J. H. P. (2023, January 5). Classifying social media bots as malicious or benign using semi-supervised machine learning. OUP Academic. https://academic.oup.com/cybersecurity/article/9/1/tyac015/6972135
Journal Entry #6
Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?
The first fake website I found was http://nios-ac.in I knew that this was a fake website because the copyrights were out of date. It doesn’t use a proper domain extension. The website claims to be from India and claims to be a National Institution of Open Schooling. The browser bar also says the network isn’t secure. The second website was http://old-nios-ac.in/ when I clicked on this website porn actually came up and it was trying to get me to turn on my camera. The website doesn’t use a proper extension. The browser bar also says the network is not secure. A bunch of ads also appeared on the website. The third website was http://ww1.vxpujdxvufbg.com/ this URL is gibberish, and it doesn’t have 3 w’s in www it only has 2. There are no copyrights or trademarks. There is no title to the website. The browser bar also says the website isn’t secure.
Journal Entry #7
Journal Entry #8
How do you think the media influences our understanding of cybersecurity.
In the media, everything about cybersecurity isn’t real. Some of the things about cybersecurity that are presented in the media are real. That being said don’t believe everything about cybersecurity that you see/hear in the media. In “Mr. Robot” S3EI (2017) the episode mentions real facts such as CTF which stands for capture the flag which is a type of hacker game. The episode also uses the real def con Logo, def cons the world’s largest hacking conference. Everything about this episode was very realistic except for the amount of time it took the hackers to crack the code. In Ocean 8 the hacker is using a physical box that allows her to unlock a password on a computer, but the box doesn’t really exist for computers but they do for phones. In”The Matrix Reload”(2003)the hacker uses NMAP which is a legit network scanning and mapping tool that hackers use all the time. When watching this media I realized that is so much true information but yet so much false information. When cybersecurity or hacking is used in media a lot of the facts are true but however, but there are some things in media that aren’t true at all, so you have to be cautious with what you choose to believe.
Journal Entry #9
Complete the Social Media Disorder scale. How did you score? What do you think about the items on the scale? Why do you think that different patterns are found across the world?
The Social Media Disorder scale is used to see if you have a social media disorder. If you do have one, then you are obsessed with social media. The Social Media Disorder scale consists of 9 yes/no questions about feelings toward social media. If you answer 5 or more of the questions with yes, then you have a Social Media Disorder. I took the test, and I ended up getting 9 no’s which means that I do not have a Social Media Disorder. In fact, I passed with flying colors.
Some of the questions that are on the scale are very concerning because I don’t think anyone should be thinking about anything else but the moment that you will be able to use social media again. I also don’t think that you should neglect other activities such as hobbies and sports because you want to use social media. You should never have serious conflicts with your family because of your social media use.
I think that there are different patterns found across the world because there are different demographics such as beliefs, religions, and financial status. Some people have different beliefs and don’t allow their children to engage in social media. Others may not have the money to purchase devices for their children to use social media. That is why I think the patterns are different all across the world.
Journal Entry #10
Read this and write a journal entry summarizing your response to the article on social cybersecurity.
https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/
While reading this article I learned a lot about social cybersecurity. Social cybersecurity is focused on the science to characterize, understand, and forecast cyber-mediated changes in human behavior, social, cultural, and political outcomes, and to build the cyber-infrastructure needed for society to persist in its essential character in a cyber-mediated information environment under changing conditions, which are actual or imminent social cyber-threats. Social cybersecurity is also an emerging subdomain of national security that will eventually affect all levels of future warfare, which are both conventional and unconventional, with strategic consequences. The article talks about how technology today is enabling both state and non-state actors to manipulate the global marketplace. Which involves beliefs and ideas at the speed of algorithms which is changing the battlefield of all levels of war. While looking through the lens of hybrid warfare, information warfare is becoming an end to itself. Information wars are said to be the main type of wars. In these wars information is used to strengthen your narrative while attacking, disrupting, distorting, and dividing the society, culture, and values. By weakening trust within the national institutions, actors can win the next war before it has even begun. The difference between traditional cybersecurity and social cybersecurity is that traditional cybersecurity involves humans using technology to hack technology. Social cybersecurity involves humans using technology to hack other humans. Social cybersecurity emerges theories and blends political science, sociology, communication science, and organization science, marketing, linguistics, anthropology, forensics, decision science, and social psychology.
Before reading this article I didn’t even know that social cybersecurity was a thing and I think this article did a good job explaining what social cybersecurity is. There are so many different categories that are involved with social cybersecurity, and I thought that was very interesting. Although it is a lot to keep track of. There were so many new things that I learned while reading this article so I am glad that I took the time to learn everything.
Journal Entry #11
Watch this video. As you watch the video https://www.youtube.com/watch?v=iYtmuHbhmS0, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.
During the video, the lady was describing what it means to be a cybersecurity analyst and what you would have to do on the job. One of the things that she mentioned was having to do lots of paperwork and research, on the presentation, one of the social dimensions of cybersecurity also mentioned that you will need writing skills for this job. Another thing that was mentioned in the video was providing training and guidance for user awareness, the presentation also mentioned that you will need communication skills for this job. So, in order to do the training, you will need communication skills. When you are a beginner in this field you will need to work with other people, so another good skill to have is being able to work with others. The main qualities that you will need for this career is critical thinking and problem-solving because you will need to know how to fix problems or how you should respond to something. Examples of this are responding to incidences and identifying flaws in a company’s security system.
Journal Entry #12
Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.
One of the economic theories used in this letter was rational choice because the company mentioned that their platform provider has been working with a leading cybersecurity firm to remove any malware systems and is actively monitoring the platform to safeguard personal information. The reason why I say that rational choice is used in this letter is because rational choice states that individuals/businesses make choices in their best interest. This is in their best interest because they are trying to fix their website since it was hacked. The second economic theory that relates to this letter was Keynesian because the company allowed law enforcement to investigate the data breach.
The two social sciences that relate to the letter the best are economics and psychology. The reason why I say that economics relates to this letter is because when there are data breaches in companies it affects multiple people which takes away money from not only them but also the economy. The reason why I picked psychology was because when hackers commit crimes or when people commit crimes in general scientist study their minds and behavior to figure out why they committed the crime.
Journal Entry #13
Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
While reading this article I learned about bug bounty programs. Bug bounty programs help companies identify bugs in their code base that they aren’t aware of. An axiom in programming is the more eyes that examine a software product the more vulnerabilities are remediated. They also provide companies that lack to cachet to recruit top-tier talent with an outlet to engage freelance hackers. However, there have been a lot of problems due to a lack of research. Past bug bounty research has been hindered by limited publicly available data and has struggled to establish causality. This resulted in researchers not yet to definitively establishing the effects that a company’s revenue, industry, and brand profile have on the number of reports that their programs receive.
This article has a lot of findings. First, it finds that hackers are price insensitive—with an elasticity at the median of between 0.1 and 0.2—indicating that companies with limited resources can still derive value from bug bounties. This was actually the first time the hacker price elasticity has been estimated in the academic literature. Second, it finds that a company’s size and profile do not have an economically significant impact on the number of reports it receives, reinforcing the value of bug bounties for smaller, less prestigious companies. Third, it finds that finance, retail, and healthcare companies receive fewer reports, all else being equal, than companies in other industries, though researchers should amass more data to generate industry coefficient estimates with greater statistical significance. Fourth, it finds that new programs have a statistically insignificant impact on the number of reports that companies receive. If these results hold in the future, then companies will continue to derive benefits from bug bounties even as the number of new programs multiplies. Fifth, we find that programs receive fewer reports as they grow older. This age effect may be ameliorated if a program expands its scope—the attack surface which bugs bounty security researchers are eligible to hack. Sixth, we underscore how much research on bug bounties is still required: our regression only accounts for 40% of the variation we observe in the data. I was really surprised that they found so many findings and I believe that this is very impressive.
Journal Entry #14
Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.
I believe that the five most serious violations are bullying and trolling, collecting information about children, faking your identity, illegal searches on the internet, and using copyrighted images. The reason why I said bullying and trolling is one of the most serious violations is because it can cause depression or cause someone to commit suicide and it is very wrong and hurtful to other people. The next violation that I chose was collecting information about children, this is very trifling, and you have no idea why the person is collecting information on these children and what they are going to do with the information, so this is very dangerous. I also chose faking your identity because it is very wrong to fake it, especially if you’re using someone else’s identity because you can be using it to steal money or to commit other crimes. Illegal searches are also very wrong because it can get you into a lot of trouble if the government looks at your activity. The last thing I said that was a serious violation was using copyrighted images, if you use copyrighted images you can get charged which will result in you paying a huge amount of money.
Career Paper
The cybersecurity career that I chose is a cybersecurity analyst. The reason why I chose this career is because it is the career that I would like to potentially work in. It is my dream to become a cybersecurity analyst for the Federal Bureau of Investigation. In this paper, I will be discussing how cybersecurity analyst requires and depends on social science research and social science principles.
Before I get started with explaining how cybersecurity analyst require and depend on social science research and principles, I will explain what cybersecurity analyst do. Cybersecurity analyst are trained professionals who specialize in network and IT infrastructure security. They thoroughly understand cyberattacks, malware, and the behavior of cybercriminals, and actively seek to anticipate and prevent these attacks (What Does a Cybersecurity Analyst Do?, 2022). As said above cybersecurity analyst need to understand the behavior of cybercriminals. So, therefore, they need to study the behavior of cybercriminals and how they think, so that they can know how to stop cybercriminals from committing cybercrimes. The most important things that cybersecurity analyst can learn from behavior and social sciences is how to characterize and evaluate its analytical assumptions, methods, technologies, and management practices (Council et al., 2011d).
Cybersecurity Analyst research victims of cyberattacks and figure out why they are being attacked. According to Malwarebytes “The Demographics of Cybercrime” which is a detailed report on how consumers experience cybercrime worldwide, shows that it does not impact everyone equally, in fact, cybercrime makes a larger impact on marginalized groups (Hurst, 2022). The analysis of the data in the report suggests that disadvantaged groups facing barriers in society feel less safe about online experiences, are more likely to fall victim to an attack, and occasionally report experiencing a heavier emotional burden when responding to cyber-attacks. The study shows that women are more likely to experience cyber-attacks than men (79% compared to 73%), it also shows that more black people experience social media hacking than white people (45% vs 40%) (Hurst, 2022). The data shows that people ages 65+ are more likely to get their credit card data stolen (Hurst, 2022). 21% of black participants said they faced instances of identity theft, compared to 15% of white respondents (Hurst, 2022). As more people use technology, cyber threats will continue to grow, and it will become more dangerous for under-resourced communities.
Cybersecurity in general is vital for society and the world. As technology grows cybercrime grows even faster so that is why cybersecurity is a need. As of recently, hackers have become more sophisticated, and unlike the corporate world that protects Intellectual Property (IP), hackers gleefully share their tools and tricks with other cybercriminals (Conradie, 2022). This means any that any beginner hacker can easily find the tools online for free to plot a cyber-attack online. Cybersecurity can prevent cyber criminals from committing crimes by using prevention and response. Prevention involves implementing tools such as behavior analytics, endpoint management, incident management, vulnerability scanning, penetration testing, firewalls, and security monitoring tools, to help build your defenses (Conradie, 2022). Response relates to building cyber resilience and this is about how you respond once a breach occurs (Conradie, 2022).
References
What Does a Cybersecurity Analyst Do? (2022, April 30). Western Governors University. https://www.wgu.edu/career-guide/information-technology/cybersecurity-analyst-career.html#close
Council, N. R., Education, D. O. B. a. S. S. A., Sciences, B. O. B. C. a. S., & Security, C. O. B. a. S. S. R. T. I. I. a. F. N. (2011d). Intelligence Analysis for Tomorrow: Advances from the Behavioral and Social Sciences. National Academies Press.
Hurst, A. (2022, December 1). Women and marginalized groups hardest hit by cybercrime — Malwarebytes. Information Age. https://www.information-age.com/women-marginalised-groups-hardest-hit-by-cyber-crime-malwarebytes-18762/
Conradie, G. (2022, October 18). Why Cybersecurity is Important for a Modern-day Society – Enhalo. Enhalo. https://enhalo.co/must-know-cyber/why-cybersecurity-important-for-modern-day-society/