CYSE 201S | sripragna-aditha

Journal Entry 1

Areas of Interest:
1. Cybersecurity Workforce Management – It is a critical area within cybersecurity that
focuses on planning, developing, and managing the human resources required to maintain
and enhance an organization’s cybersecurity posture. Since I believe I have strong
organizational and management skills which makes me interested in this role. I also enjoy
contributing to the long-term success of an organization through workforce management.
2. Security Control Assessment – It involves conducting independent assessments of
security controls within a system to evaluate their effectiveness. This role is crucial for
ensuring that security measures are functioning as intended and providing the necessary
protection against threats. This role requires a deep understanding of security controls and
their effectiveness, which can be intellectually stimulating. I enjoy analyzing complex
systems and identifying areas for improvement, I believe this role would be appealing to
me.
Areas of Lesser Appeal:
1. Communications Security (COMSEC) Management – It involves overseeing the
resources and practices related to securing communications within an organization. This
role is critical for protecting sensitive information and ensuring that communications
systems are secure against unauthorized access or breaches. The role involves working
with complex encryption technologies and communication systems. I prefer roles with
less technical detail and find dealing with highly specialized equipment less engaging.

https://niccs.cisa.gov/workforce-development/nice-framework

Journal Entry 2

The principles of science significantly shape cybersecurity. Determinism suggests that
cyberattacks occur due to specific causes, such as system vulnerabilities, allowing professionals
to identify and mitigate risks. Relativism acknowledges that security solutions must be tailored to the unique context of each system. Parsimony promotes simplicity, encouraging streamlined,
efficient security measures. Ethical neutrality ensures unbiased risk assessments, focusing on
facts rather than subjective values. Objectivity allows for impartial evaluations of threats, crucial
for effective decision-making. Empiricism drives cybersecurity through data collection and real-
time analysis, helping to develop stronger defenses. Finally, skepticism encourages ongoing
questioning and testing of security systems, ensuring that no assumptions go unchallenged, and potential vulnerabilities are continuously explored. Together, these scientific principles enhance the understanding, prevention, and response to cyber threats.

Journal Entry 3

The website provides extensive resources for understanding data breaches, including the
“Chronology of Data Breaches,” which lists incidents of exposed consumer information dating
back to 2005. Researchers can use the data available on PrivacyRights.org to gain insights into
the prevalence, causes, and effects of data breaches. The website’s database provides detailed
information about the types of breaches such as hacking, insider threats, or loss of physical
documents and the types of organizations affected like healthcare providers, financial
institutions, or educational entities. By analyzing this data, researchers can identify trends over
time, determine which industries are most vulnerable, and assess the effectiveness of regulatory measures like breach notification laws. Moreover, the data can be used to understand the personal impact on victims, especially in terms of identity theft risks and the exposure of sensitive information. Such analyses can ultimately inform the development of stronger cybersecurity policies and preventative measures to reduce future breaches.

https://privacyrights.org/

Journal Entry 4

Maslow’s Hierarchy of Needs is a psychological theory proposed by Abraham Maslow that
explains human motivation in terms of a five-tier model of needs. These needs are often
represented as a pyramid, with the most basic needs at the bottom and the higher-level needs at the top. Maslow’s Hierarchy of Needs connects deeply to my experiences with technology. At the physiological level, technology supports basic needs like online food delivery, grocery
shopping, or health apps for monitoring well-being. For safety, digital tools like two-factor
authentication and antivirus software provide security for personal data and online transactions.
Social needs are met through social media, video calls, and messaging apps, allowing me to
maintain relationships despite physical distance. The esteem level is reflected in sharing
achievements on professional platforms like LinkedIn, where recognition from peers builds
confidence. Finally, at the self-actualization stage, technology offers endless learning
opportunities through online courses and resources, helping me pursue personal growth and
career goals.

Journal Entry 5

1. For Money
https://threatresearch.ext.hp.com/sex-drugs-and-toilet-rolls-how-cybercriminals-spend-
their-money-infographic/
Reason for Ranking: Financial gain is one of the most logical and common motives behind
cybercrime. The article highlights how cybercriminals often profit significantly from their
activities, spending money on luxury goods and illegal substances. This motive makes the most
sense because it directly correlates with a tangible reward, which can drive individuals to engage
in sophisticated cyberattacks or fraud.
2. Political
https://economictimes.indiatimes.com/magazines/panache/new-generation-of-angry-
youthful-hackers-join-the-hacktivism-wave-adding-to-cyber-security-
woes/articleshow/81707844.cms
Reason for Ranking: Political motives are a powerful driving force for cybercrime, especially
in the form of hacktivism. The article illustrates how individuals and groups hack to support
political ideologies, protest injustices, or influence political outcomes. This makes sense as a
motive, given the high impact and publicity that political hacks can achieve, which can align
with an individual or group’s beliefs and goals.
3. Recognition
https://www.theregister.com/2021/06/30/bradley_niblock_election_ddos/
Reason for Ranking: Many hackers seek fame and recognition within their communities. The
article discusses how individuals, especially younger hackers, often carry out attacks to
demonstrate their skills and gain status. The desire for recognition can be a powerful motivator,
especially in the competitive world of hacking, where reputation matters.
4. Revenge
https://newsfromwales.co.uk/revenge-porn-victims-in-wales-often-feel-let-down-by-the-law-
as-cybercrime-slips-through-the-net/
Reason for Ranking: Cybercrime motivated by revenge can be highly personal and emotionally
driven. The article explains how cybercriminals use digital platforms to harm others as a form of
retaliation, such as in cases of revenge porn. This motive makes sense as emotions like anger and
the desire to “get even” can push individuals toward illegal actions in the digital sphere.

5. Multiple Reasons
https://www.infosecurity-magazine.com/news/what-drives-hackers-to-a-life-
of/?__cf_chl_jschl_tk__=pmd_c1d89a4695edbd23f2bceb54d70f35ce5e536e86-1626721164-
0-gqNtZGzNAfijcnBszQi6
Reason for Ranking: Hackers often have a mix of motives, including money, recognition, and
political beliefs. This article suggests that the motivation for cybercrime is not always
straightforward but can involve a combination of factors. This makes sense because human
behavior is complex, and people can be driven by various interconnected motives. However,
because it’s less specific, it ranks lower than motives with a clearer primary drive.
6. Entertainment
https://9to5mac.com/2021/07/19/man-behind-linkedin-scraping/
Reason for Ranking: Some individuals engage in cybercrime for entertainment or personal
amusement. While the article shows how some attacks are not driven by financial or political
reasons, the idea of cybercrime as mere entertainment is less common and logical compared to
motives like financial gain or political impact. However, it can be a factor for some, especially
those testing their skills for fun.
7. Boredom
https://www.heraldlive.co.za/news/2021-05-31-cyberbullying-and-online-sexual-grooming-
of-children-on-the-increase/
Reason for Ranking: Boredom seems to be one of the least compelling motives for cybercrime.
While the article discusses how children and teens might engage in cyberbullying due to
boredom, this motive does not seem as justifiable or strong as financial gain or political beliefs.
It’s more indicative of impulsive, low-stakes activities rather than serious, planned cyber
offenses.

Journal Entry 6

1. Fake Website #1: www.amaz0n-support.com
Comparison with Real Website: Real Amazon URL is “www.amazon.com.”
What Makes it Fake:
o Misspelled URL: The zero (‘0’) replacing the letter ‘o’ in “amazon.” Phishing websites
often use slight misspellings or variations of official URLs to trick users.
o Unsecure Connection: Fake sites may lack a secure HTTPS connection. A padlock
symbol and “https://” should be in legitimate sites’ URL bar.
2. Fake Website #2: www.palypal-secure.net
Comparison with Real Website: The Real PayPal URL is “www.paypal.com”
What Makes it Fake:
o Imitation of Official Name: Uses a name similar to “PayPal,” but with extra words like “-
secure” and “.net” to appear legitimate.
o Urgency and Pressure: Fake PayPal sites often include messages that rush users into
taking action, like “Your account has been locked!” or “Immediate action required!”
o Generic or Nonexistent Contact Information: Fake websites usually have incomplete or
generic contact information, unlike real websites which provide proper support channels
and verified contact details.
3. Fake Website #3: www.googIe-services.com
Comparison with Real Website: Real Google URL is “www.google.com.”
What Makes it Fake:
o URL Spoofing: In this fake URL, the lowercase ‘L’ is replaced with an uppercase ‘I,’
making it look almost identical to the real URL. These types of typo squatting techniques
are common in phishing attempts.
o Unusual Requests: Fake Google sites may prompt users for passwords, credit card
numbers, or other sensitive information without proper context.
o Pop-Ups and Ads: Fake sites often have excessive pop-up ads, banner ads, and intrusive
surveys that legitimate websites would not employ.

Journal Entry 7

1. Person sitting front of a laptop:

Meme: When you’re trying to log in, but the CAPTCHA asks if you’re a robot…and now
you are not so sure.
Explanation: This meme highlights the frustration many users experience with
CAPTCHA systems. Human-centered cybersecurity would minimize these frustrations
while ensuring security, potentially through more user-friendly verification methods like
biometrics.

2. Brown and white long-coated small dog wearing eyeglasses on black:

Meme: My humans: ‘Dogs can’t be hackers.’ Me: ‘Hold my chew toy

Explanation: This meme humorously highlights how even unexpected users (like pets)
could interact with technology. In cybersecurity, this can be analogous to emphasizing
awareness that threats or vulnerabilities can come from anywhere, even where you least
expect them.

3. A woman in a white button-up shirt holding a silver iPhone 6:

Meme: When the app asks for your location for ‘better experience,’ but you just wanted to order pizza.

Explanation: This meme points out the overreach of apps requesting unnecessary
permissions. A human-centered approach would emphasize user consent and better
education about why these permissions are needed.

Journal Entry 8

In today’s journal, after watching the video “Hacker Rates 12 Hacking Scenes in Movies and
TV,” I reflected on how media shapes our understanding of cybersecurity. The video highlights
that Hollywood often exaggerates hacking for dramatic effect, portraying it as a fast, glamorous,
or overly simplistic process. This distortion creates misconceptions, making the public believe
hacking is either a superhuman skill or something anyone can do with minimal knowledge. For
example, movies frequently show hackers typing furiously at a keyboard while complex code
flies across the screen, and within minutes, they’ve bypassed the most secure systems. The
reality, as pointed out in the video, is far more nuanced. Real-world hacking involves a lot of
research, trial and error, and often time-consuming efforts that don’t translate well to screen
drama. This media portrayal can influence how people view cybersecurity professionals and the
dangers of hacking. It can trivialize the seriousness of cyber threats or mislead people into
thinking that hacking is easy to carry out or defend against. As a result, the public may develop a
false sense of security, underestimating the need for robust defenses or overestimating the
capabilities of cybersecurity teams.

Journal Entry 9

After completing the SMD scale, I realized I met a few criteria, mainly in areas like
preoccupation and escape. The scale’s questions, especially those about using social media to
deal with negative feelings or feeling dissatisfied with time limits, made me think about how
integrated social media is in my daily routine. It’s eye-opening to see how these behaviors
overlap with addictive patterns.
The global differences in social media patterns could stem from various factors. For example, in
regions where technology access is high, people might develop more intense relationships with
social media. Meanwhile, in areas with a stronger emphasis on face-to-face interactions, people
might be less likely to experience some of these addictive behaviors. Cultural norms around
openness about mental health and social pressure to stay connected might also play a role.

Journal Entry 10

After reading the article on social cybersecurity from Military Review, I found its exploration of
cyber threats in a social context to be both eye-opening and relevant. The article highlights the
concept of “social cybersecurity,” which focuses on the intersection of traditional cybersecurity
and social influence. This approach examines how hostile entities can manipulate social
networks and information to influence public opinion, create division, and erode trust in
institutions. Social cybersecurity thus emphasizes protecting data and the social fabric from
manipulation.
One of the core insights I took from the article is that cybersecurity is no longer just a technical
issue; it has evolved to encompass social dynamics and psychological influence. This shift means
that defending against cyber threats now involves understanding human behavior and cultural
factors as much as technical defenses. The article details how misinformation campaigns exploit
social networks and public trust to spread disinformation, making individuals more vulnerable to
manipulation and shaping collective perceptions in ways that destabilize societies.
This article underscores the importance of public awareness and resilience. Educating individuals
about recognizing and resisting misinformation is just as critical as having robust technical
defenses. I am particularly drawn to the call for a multi-layered defense that integrates
technological tools with education and community initiatives to foster resilience against social
cyber threats.
In conclusion, the article suggests that a broader, more interdisciplinary approach to
cybersecurity is essential. Addressing the social aspects of cybersecurity could mitigate the
impact of cyber campaigns targeting public perception and trust. This broadened perspective
resonates with the evolving landscape of cybersecurity challenges today, where maintaining a
secure environment means guarding both information systems and the social contexts they
operate.

Journal Entry 11

In the video, the role of a cybersecurity analyst is described as both technical and socially
significant. A key social theme is the analyst’s responsibility to protect not just data, but the trust
and safety of users and organizations. Cybersecurity analysts must anticipate how people might
react to threats, educate users on secure practices, and communicate risks effectively. This role
highlights the importance of understanding social behaviors, as analysts need to counteract
human tendencies that may lead to vulnerabilities—like weak password practices or
susceptibility to phishing. Thus, the job involves bridging technical solutions with awareness of
human factors to foster a secure digital environment.

Journal Entry 12

The Sample Data Breach Notification letter highlights multiple economic and social science
theories dimensions. Here’s how two of each relate:
Economic Theories:
1. Transaction Cost Economics: This theory emphasizes the costs of participating in
economic exchanges, such as monitoring and enforcement costs. The data breach
illustrates an unanticipated increase in transaction costs, as customers now need to
monitor their financial accounts closely and may incur costs replacing cards or managing
fraud risks.
2. Behavioral Economics: This theory explores how psychological factors affect decision-
making, particularly under conditions of risk and uncertainty. The letter addresses
customer anxiety and provides instructions to mitigate identity theft, aiming to restore
trust. It acknowledges how customers might behave irrationally, possibly fearing
continued service use without reassurance.
Social Science Theories:
1. Social Contract Theory: This theory suggests that businesses and customers have an
implicit contract where businesses protect customer data in exchange for loyalty and
trust. The breach letter indicates a violation of this “contract,” as customer data security
was compromised, highlighting the company’s responsibility to rebuild this trust.
2. Risk Society Theory: Sociologist Ulrich Beck developed this theory, which proposes
that modern society is increasingly preoccupied with preventing and managing risks,
especially technologically mediated ones. The letter reflects this societal focus on data
security and the increased need for businesses to address potential identity theft and fraud
due to cybersecurity threats.

Journal Entry 13

Bug bounty programs have emerged as a pivotal strategy in cybersecurity, enabling
organizations to leverage external expertise for identifying vulnerabilities. The article “Hacking
for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” delves
into the economic dynamics of these programs, offering insights into their efficacy and
challenges.
Literature Review:
The literature review underscores the evolution of bug bounty programs, tracing their origins to
early initiatives by Netscape and Mozilla. It highlights the proliferation of platforms like
HackerOne and Bugcrowd, which have facilitated substantial financial rewards for ethical
hackers. The review emphasizes the dual benefits of these programs:
• Enhanced Security: Organizations can uncover vulnerabilities that might elude internal
teams by tapping into a global pool of security researchers.
• Cost-Effectiveness: Bug bounties often present a more economical alternative to
traditional security assessments, as payouts are contingent upon the discovery of valid
vulnerabilities.
However, the review also notes potential drawbacks, such as the risk of attracting malicious
actors and the challenge of managing a high volume of submissions.
Discussion of Findings:
The study’s findings, derived from an analysis of HackerOne data, reveal several key insights:
• Incentive Structures: The effectiveness of bug bounty programs is closely linked to the
design of their incentive models. Higher rewards tend to attract more skilled researchers,
leading to the identification of more critical vulnerabilities.
• Submission Quality: A significant portion of submissions are either duplicates or non-
issues, necessitating robust triage processes to manage the influx efficiently.
• Economic Impact: The financial outlay for bug bounties is generally lower than the
potential costs associated with security breaches, underscoring the economic viability of
these programs.
The article concludes that while bug bounty programs are not a panacea, they serve as a valuable
component of a comprehensive cybersecurity strategy. Their success hinges on well-structured
incentives, effective management of submissions, and integration with other security measures. In summary, the article provides a nuanced examination of bug bounty programs, highlighting
their economic rationale and practical considerations. It offers valuable insights for organizations
contemplating the adoption or optimization of such initiatives.

Journal Entry 14

Andriy Slynchuk identifies five online activities as particularly serious due to their legal and
ethical implications. First, using unofficial streaming services to access copyrighted content
without permission constitutes a violation of intellectual property rights. This offense is serious
because it undermines the livelihoods of content creators and companies, leading to financial
losses and disincentivizing innovation in media production. Second, using torrent services to
download or share copyrighted material compounds the issue of intellectual property theft by
facilitating the widespread distribution of protected content. This practice can lead to significant
legal consequences and damage the integrity of creative industries. Third, using copyrighted
images without permission violates the creator’s rights and disregards the legal frameworks
protecting intellectual property. Such actions may result in lawsuits, monetary penalties, or
reputational harm for the violator. It is particularly concerning because it disrespects the effort
and ownership of artists, photographers, and designers, weakening the foundation of creative
collaboration and respect. Fourth, sharing personal information of others without consent, such
as passwords, addresses, or private photos, breaches privacy laws and can lead to identity theft,
stalking, or harassment. This offense is serious as it endangers individuals’ safety and erodes
trust in digital communication platforms. Finally, cyberbullying and trolling are serious offenses
that can cause emotional trauma, reputational harm, and even physical consequences for victims.
Engaging in such behavior is not only unethical but also illegal in many jurisdictions, with serious penalties including fines or imprisonment. These activities are particularly harmful as
they exploit the anonymity of the internet to harm others, creating a hostile online environment.
Each of these offenses is serious because they violate fundamental rights, such as intellectual
property, privacy, and personal dignity while eroding trust and safety in the digital space.

Journal Entry 15

After watching the video, I gained a deeper appreciation for how the career of digital forensics
investigators uniquely bridges technology and the social sciences. Digital forensics is not just
about analyzing bytes and code; it’s about understanding the stories behind digital evidence and
how he connect to human behavior, societal patterns, and legal systems. The speaker’s career
pathway illustrates this integration beautifully. The speaker began his career with a strong
technical foundation, likely in computer science or information technology. This technical
background enabled him to master the tools and techniques necessary for recovering and
analyzing digital evidence. However, his journey didn’t stop in the technical realm. He
recognized that digital forensics is as much about people as it is about technology. By exploring
fields such as criminology, psychology, and sociology, the speaker broadened his perspective,
equipping them to interpret digital evidence within the broader context of human behavior and
societal norms. This interdisciplinary approach is essential because cybercrimes are often rooted
in human motivations and societal structures. For example, understanding why someone might
engage in hacking or digital fraud often requires insights from psychology or sociology.
Similarly, analyzing how cybercrimes impact victims or society requires knowledge of social
science principles. The speaker’s ability to draw from these diverse fields allows them to not
only investigate crimes but also provide context for his findings, making them invaluable in legal
and societal discussions.
One aspect of the speaker’s pathway that stood out to me is his emphasis on the human element
in digital forensics. He highlighted how digital evidence is rarely self-explanatory; it requires interpretation within a legal and social framework. For instance, a recovered email or chat log
isn’t just data, it’s a window into the motivations, intentions, and relationships of the people
involved. The speaker’s ability to connect these dots demonstrates how digital forensics relies on
critical thinking and an understanding of human behavior, skills deeply rooted in the social
sciences. I also appreciated how the speaker’s career reflects the evolving nature of digital
forensics. As technology advances, so do the methods criminals use to exploit it. Digital
forensics investigators must continually adapt, staying ahead of trends in both technology and
societal behavior. This adaptability further underscores the importance of a multidisciplinary
approach, as it equips investigators to tackle emerging challenges from multiple angles. Overall,
the speaker’s pathway to his career in digital forensics is inspiring. It shows that success in this
field requires more than technical expertise; it demands curiosity about human behavior, a
commitment to justice, and the ability to see the bigger picture. His journey also serves as a
reminder of the vital role social sciences play in technology-driven careers, making it clear that
interdisciplinary education is key to understanding and addressing the complexities of our digital
world.