The speaker claims that he used to be an accountant though he found his way to cyber forensics. This shows that any person can enter the world of forensics; however, I strongly believe that it depends on the timing and availability of position.

The career of a digital forensics investigator utilizes more scientific approach than technical skills such as programming or technical support. Looking at the video from the lens of social science factor, the company requested the speaker to investigate the incident that happened at their office and made the ethical choice deciding not only to pay the fine but also further investigated the root issue. Proved their commitment to maintaining credibility as an organization and the public trust. 

During the process of investigation the speaker underwent, requiring cooperation with the higher management team necessitates communication skills and helps determine which area within the organization needs investigation. In this case, the whole  IT department was corrupted meaning that the company’s cybersecurity culture is in need of change.

Bug bounty 

Bug bounty is a way that companies get notified of vulnerabilities in their system by independent security researchers. Each company holds own Vulnerability Disclosure Agreement or Vulnerability Disclosure Policy. The policy has two main purposes; to promote cybersecurity of the company and; to protect security researchers from facing legal actions. Simply put, if the company puts this policy in place, the third-party researchers who found bugs in their system can report to the company. The company can place the appropriate measures to fix the issue and the researcher can get compensation, sounds like a win-win deal. Flip-side is when the company does not have this policy, can act against the researcher for violating the law for accessing unlawfully to company’s system. From the economic aspect, smaller companies could benefit from this bug bounty system because it may be less expensive than hiring a dedicated security professional. Return on investment may be high. However, the credibility of the report remains questionable, is the security researcher credible? Is the report genuine? Organizations can participate in bug bounty programs in two ways: public and private. Public program is prone to have more invalid reports. Utilizing private program is more cost-efficient than public program as researchers are invited based on their skill sets thus making the credible and rational choice for the company.

One of the economic theory that explains this letter is “Reputation Management Theory.” It is a concept of protecting companys’ reputation. Being open about mistakes and fixing them is believed to have positive effects in order to rebuild trust with consumers.

Another economic theory that explains this letter is Information Asymmetry. In this case, the company knew about the data breach prior to consumers. Companies are required to notify consumers about the data breach by law for the purpose of further prevention. Both consumers and companies to have aligned understanding of the risks. Companies should install measures to prevent risks and consumers will learn to protect themselves by changing passwords or adding extra authentication methods.

Social cybersecurity is a growing field within national security. Focusing on the
use of cyber technology to influence human behavior, social and political outcomes, and
maintain societal stability under cyber threats. Unlike traditional cybersecurity, which
protects information systems from digital attacks, social cybersecurity targets human
psychology and social structures to manipulate beliefs and disrupt social cohesion.
Social cybersecurity draws on diverse disciplines—political science, sociology,
psychology, and computational social sciences.

Adversary takes advantage of human behavior. These techniques enable targeted
information campaigns that can have significant, widespread effects on national and
global stability. This concept is called “cognitive hacking,” contrary to “traditional
hacking”–breaching information systems. Cognitive hacking, enables both state and
non-state actors to erode trust in institutions and weaken societal values.
Key actors like Russia, view information warfare as a primary form of warfare. Russia
has been waging information warfare “blitzkrieg,” using cyber tools to divide societies
without traditional military engagement. Making information a core aspect of national
power alongside diplomacy, military and economy.
Importance of term social cybersecurity is attributed to socio-technological
changes and in the “forms of social cyber maneuver.” Adversaries can manipulate
information and the network. The key idea is called the “BEND form of maneuver”
which describes how adversaries can manipulate the beliefs, ideas, and information. The
tactics allow adversaries to exploit the social-cyber domain to influence public opinion
and weaken the targeted society.
It is believed that the new type of warfare is driven by information and
psychology aimed to depress opponents’ armed forces and population morally and
psychologically. Because of this, it is not the external manipulation that depresses the
societal structure and military organization at once, but the internal manipulation will
create weaknesses.
In this article, military leaders must understand the impact and the
concept of social cybersecurity to educate members and society on how the modern
information structure, including decentralized information can elicit threats to our
country.

I scored 1/9 on the scale. One item that I answered “yes” to was number 8. “Often used social media to escape from negative feelings?” It means that I have a tendency to use social media as an escape. And yes, I do use them as an escape when I feel sad, tired, or in need of distraction. Mostly, watching funny dog videos or watching funny football related contents.
Reflecting the module 9, I believe that the reason why there are different patterns across the world, is largely influenced by the culture to which the individuals belong. Culture impacts their behavior in life and is formed by social groups who makes the environments meaningful by sharing rules, memories, customs, beliefs, collective knowledge, etc. Identities are developed through interactions within the social group and sustain great value on individuals. Imagine if you belong to a subculture puts heavy usage on social media, you wouldn’t be able to think anything else but social media. You will feel valued and develop a feeling of being understood and accepted while interacting on the sites. However, there are many variables such as age, gender, geography, and occupation to be able to explain the difference in the score.

Media influences on cybersecurity raise awareness. Both positively and negatively. Of course, those are movies and dramas. The creators dramatize and make it epic in the portrayals of hacking scenes.
What if individuals lack morals or ethics? How about children or teenagers? Without proper guidance, distorted impressions given by the media will raise ethical issues.

For example, “Spear Phishing Scene” is probably effective in raising awareness of victimization or will it feed your own nefarious plots?
All those hacking scenes looked so quick and impulsive. Dramatically, some are heroically pictured in the movies. It could make hacking look cool or scary. Some people might view cybersecurity as less serious matter. What If someone learning networks and learning codes, cluelessly thought it would be interesting to try out some of the methods they learned on screen? What if individuals who are responsible for cybersecurity in the organization may find it less significant in fortifying security measures, with the wrong impression that hackers only target larger companies, and even not put the optimal cost in cybersecurity?

https://drive.google.com/file/d/1rVLbBszM84iYOI0xRHz1cPbvMD3neyks/view?usp=sharing

I rank individual motives as follows. 1) Multiple reasons, 2) For money, 3) Recognition, 4 Political), 5) Revenge 6) Boredom, and lastly 7) Entertainment.
If cybercrime was just another means to survive in this world, hackers are biologically humans as well, thus they will have socio-economical needs. From this perspective, the most assuring motive among listed above is “Multiple reasons”. They may have a family to support. They may perform hacking to earn respects or to gain reputations. All of that, maybe a rational reason for them. The entertainment factor least makes sense under this assumption. Performing the hacking for the sole purpose of entertainment is not a rational choice since hacking necessitates certain risks and requires resources. The case when entertainment purpose makes sense would be minor cybercrimes such as cyberbullying, cyberstalking, and minor fraud.

Maslow’s Hierarchy of Needs theorizes 5 human’s psychological needs in a pyramid
scheme. From the bottom of the hierarchy upwards, the needs are: physiological, safety,
love and belonging needs, esteem, and the top of its pyramid is self-actualization.
To familiarize this idea with my own experiences with technology, I would like to bring
up “digital payments.”
Physically, I have a cell phone with google wallet which is presumably secured by
google. Stored credit card information is only citable via my biometrics authentication.
With the ease of use, I can purchase a present for my husband which fulfills the third
hierarchy of the pyramid –”love and belonging.” Also, fulfilling my self-esteem by being
able to go shopping without my wallet or purse. Reaching to the level of
self-actualization is not easy in general. Nonetheless, the idea that I am utilizing such
digital technology into simple everyday errands, makes me feel like I am right on the
track, catching up with the 21st century.

PrivacyRights.org is a public database collection. Researchers can use such information of
reported data breaches to analyze trends and patterns.
Researchers can also utilize the chronological database to understand and compare what
type of cyberattack method was favored, and which industry was targeted by years.
Enables researchers to further understand and help investigate the shift in targets.
Understanding of targets can contribute to the reinforcement of security policies and take
appropriate action within the organization. Such research should play a large role in
developing more robust cybersecurity framework recommendations aimed at protecting
their data. Helping organization to establish best practices for breach prevention.

Principles of sciences are Objectivity, Determinism, Ethical neutrality,
Skepticism, Empiricism and Parsimony.
From the lens of these disciplines, social science research helps explain behavior related
to cybercrime. For an easy example, “Relativism” can explain; cybercrime developed as
technology developed, as technology evolved cybercrime has evolved. This means that online shopping created opportunities for cybercriminals to steal credit card information.
In my view of “Determination”, a person becomes a hacker, growing up by watching close
someone works as a hacker.
Cybercrime did not exist before computers developed. However, there were crimes before
computers without association with computers, such as stealing, robbery, human
trafficking, murder, etc. Cybercrime is simply done via online versus in person as such,
actions are still done by people. Since these actions are done by people, principles of
science relate causally to understand criminal behavior.

I am yet to decide what area I should focus on. I feel like what I imagine as
cybersecurity professions require and prioritize more skilled and experienced people over
college graduate. When I graduate and attain a Cybersecurity degree, what will I qualify
for?
In the NICE Framework, “Oversight and governance”, is the area I least focus on at this
point and I may be completely misunderstood. I merely feel that this area is for
experienced personnel.
These are some areas I would love to step into – “Protection and Defense (PD)”, which
includes “Digital Forensics”, “Defensive Cybersecurity” and “Threat Analysis”. The reason is
because I am good at problem-solving and enjoy looking for evidence to support it. I have
started to realize that I can enjoy the work more when I can problem-solve and help provide
solutions.