Article Review 1
Article Review #1 – How Cyber Aggression is Formed Through Perceptions and Environment between High School Students
Abstract
I chose the article “Contribution Threat Perception, School Climate, and
Prejudice as Mediator to Student’s Cyber Aggression” by Mardianto et al (2023). This
study was aimed at students coming into adolescence who actively used social media
daily, to determine if certain behavioral factors influence cyber aggression. The research
used the socio-ecological theoretical perspective of the cyber context. The study set
several predictive variables as risk factors and protective factors that have the most
potential to influence students’ cyber aggression (CA), such as perceived threats (PT),
school climate (SC), and prejudice (PJ).
Introduction
In Indonesia 2015, 671 reports were submitted to the “IT and cybercrime
sub-directorate of the special economic crime directorate of the National Police Criminal
Investigation Agency (Bareskrim Polri)” related to hate speech. Later in 2017, the
number of report was increased to 3325 cases.
Hate speech in Indonesia appeared with the intensive use of social media. Cyber
aggression is involved in children and adolescents both as perpetrators and as victims.
“The research of Maarif Institute team explained that fake news and ERR sentiments on
social media influenced the mindset and attitudes of younger generation, especially high
school students, so that they became intolerant and discriminatory toward different
groups [9].”(pp.1-2)
Research methods
The model tested in this study is the role of the perceived threat and school
climate on students’ aggression behavior mediated by prejudice. Data was collected on
web-based, self-reported personality scales. This study uses a quantitative approach
with structural equation modeling analysis, namely the structural equation model (SEM).
The subjects of this study were 1118 teenagers, mostly high school students who
actively use social media daily, residing in Indonesia.
Discussion
I can relate this phenomenon to “Psychodynamic Theory and Cyber Offending”
as well as “Behavioral Theory” as sources of learning as (a) schools, (b) peers, (c) mass
media, and (d) environmental influences.
In this study explains the significant relation between the perception of threat
(TP) to cyber aggression (CA) behavior, School Climate (SC) to CA behavior as well as
SC to CA behavior through Prejudice (PJ). Especially, students in the developmental
stages of adolescence are more likely to be prejudiced by peer groups, attitudes of
classmates, and social media as well as potential to become intolerant and
discriminatory toward different groups that hold different norms–conceiving them as
threats. “The perception of threats in adolescents makes them easily prejudiced against
individuals or groups”.(p.2). Hence, individuals withhold negative emotions which drive
them to aggressive behaviors in cyberspace.
Conclusion
“The vast characteristics of interactions and communications in cyberspace bring
new development in understanding perceptions.” (p.7). Meaning the interactions in
cyberspace is most likely textbased and anonymous. Internet interaction lacks
communications and often insufficient information affects students TP and PJ acts more
effectively as mediator, drives towards CA.
Especially in students who are in the developmental stages of adolescence are
easily affected by peer group norms, social groups etc. Negative experiences in the
school environment give strong influence. “Aldridge et al. [43] also found a statistically
significant relationship between aspects of SC and students’ self-reports of violence,
bullying, and student delinquency including cyberbullying.” (p.3).
Reseach suggested to design and develop intervention programs, to deliver
effective treatment in preventing and reducing students’ CA by controlling threat
perception and prejudice. A positive school environment and the authoritative actions of
teachers are effective in creating a more positive experience. I belive educators and parents should closely observe children’s behavior and give appropriate guidance instead of neglecting the risk factor.
Citation/Reference
Mardianto Mardianto, Niken Hartati, Farah Aulia, Zulian Fikry, Rahayu Hardianti Utami,
Elrisfa Magistarina, Contribution Threat Perception, School Climate and Prejudice as
Mediator to Student’s Cyber Aggression, Journal of Cybersecurity, Volume 9, Issue
1, 2023, tyac017, https://doi.org/10.1093/cybsec/tyac017
Article Review 2
Article Review #2 –Article Name: Valuing information security from a phishing attack https://doi.org/10.1093/cybsec/tyx006
Introduction
This article discussed complex relationship between internet users and information security, and explored the challenge in user motivations for adopting safer cybersecurity practice. The study investigated on how users assessed the “value of information security” against personal objectives—motivation. The research particularly focused on phishing and how users’ perception and prioritization for security relates against such risks.
Key Points
Traditional methods such as security training or security tools have been largely ineffective. Users either lack the skills to use these tools or fail to adopt safe habits. Concept of a “security premium.” This premium represents users’ willingness to prioritize security even at a cost to other factors. The experiment used a model based on the Technology Acceptance Model (TAM). Researchers created a decision-making scenario test where participants chose security products–anti-phishing filters, that differ in security, cost, latency, and productivity to quantitative results of users’ security trade-offs.
Results and conclusions
Results indicated that half of the respondents were willing to pay a premium between $9 and $11 per month, willing to wait between 8 and 9 additional minutes, and willing to forgo their access to 21–29 valid pieces of information, to obtain a more effective phishing filter (p 165).
The findings suggested that understanding these trade-offs can lead to more effective security measures tailored to user values and priorities since how users make security decisions varies based on the contexts and preferences. Hence, users placed a higher value on security premium when using social media. Author explains,
Users may be more familiar with, and perhaps feel more competent in handling spam messages than in dealing with social media phishing attempts, since the former are more familiar while the latter are a relatively new and emerging threat. (p 161)
The argument where users perceived more vulnerability when using social media was relatable for me as well. Especially concerning the number of ads and the privacy on the social media platform. It creates opportunities for easy target as theorized in Routine Activity Theory. Understandably, study showed that users were willing to accept higher costs in the context of social media. However, these findings only partially supported the idea that security values vary consistently across different contexts and revealed a complex interaction between security concerns and specific attributes. It is easy to assume that the relationship between perceived vulnerability and perceived benefit will determine the willingness to opt for enhanced security tools or safe online behavior. Although research did not find a strong effect between self-efficacy and averting consequences in perceiving the risk. As referenced in this research, Ng and colleagues applied the Health Belief Model to explain self-protective behaviors. Suggesting that further research is needed to establish the theoretical links in the Health Belief Model when it is applied to cyber behavior. (Ng et al., 2009, as cited in Nguyen, 2017). By applying “Health Belief Model’s role” interpreting as “perceiving vulnerability”, “perceiving threats—risk, cost” and “perceiving benefits–opt in countermeasures” may give more refined clues and future research topics for refining cyber-psychology with attributed contexts.
Reference
Kenneth D Nguyen, Heather Rosoff, Richard S John, Valuing information security from a phishing attack, Journal of Cybersecurity, Volume 3, Issue 3, November 2017, Pages 159–171, https://doi.org/10.1093/cybsec/tyx006
Ng B, Kankanhalli A, Xu Y.Studying users’ computer security behavior: A health belief perspective. Decis Support Syst 2009;46:815–25.
Career Paper
Career Paper: Security Awareness Officer
I would like to explore, how Security Awareness Officer relies on social science research and principles. Security Awareness Officer is still a relatively new field as opposed to security roles like incident response or penetration tester (SANS, 2024). Understanding the roles and responsibilities of departments and management teams and working alongside the security team. Awareness officers will become a bridge between senior management and identifying security risks stemming from human behavior and managing such risks.
To be a bridge between security teams and management teams, the role relies heavily on understanding humans, and possessing excellent communication skills plays a large role. One way to understand why awareness officers rely on social science principles is by looking at the theory of social behavior. Social learning theory is a cognitive learning behavior that takes place in social contexts. Individuals acquire new behaviors by observing others. As stated in Wikipedia,
Social learning theory is a theory of social behavior that proposes that new behaviors can be acquired by observing and imitating others. It states that learning is a cognitive process that takes place in a social context and can occur purely through observation or direct instruction. (Social learning theory, 2024)
This cognitive learning mechanism is implied in neurophysiology basis as mirror neuron. A neuron is a nerve signal from the brain that communicates between cells. Mirror neurons work by mimicking the behavior of others (Mirror Neuron, 2024). In sociology, it is widely believed that different customs and cultures affect one’s beliefs, values, mindsets, thus behaviors. The Security Awareness Officer is expected to develop a continuous and effective awareness program to manage these risks and promote a safer cybersecurity culture in the organization. Building a mature cybersecurity awareness program requires going beyond the technical setting and focusing on the weakest link. In order to better understand human behavior it is essential to have the knowledge of psychology and social science principles and think about why we are being targeted, and how could hackers penetrate the network, if employees are the weakest link then how can they be targeted. Looking into human behavior enables deeper insights into what type of training would be more effective. As well as incorporating the concept of reward vs punishment from a criminology. The keyword is humans are the weakest link as 85% of security breaches were involved with human error. Yet organizations still approach cybersecurity from purely technical concerns and that makes this role stand out. SAN’s senior instructor Spitzner explains,
Organizations can no longer take a purely technical approach to cybersecurity we must also address the human element. In fact, the VZ DBIR 2021 report identified people were involved in over 85% of all breaches globally. This is why organizations establish mature Security Awareness programs, to manage their human risk by changing organizational behavior (Spirzner, 2021)
Awareness officers require people skills more than technical skills and communicating with the leadership to identify and enforce problematic trends and behavior. Not only promoting a safer online environment, but awareness officers also play a large role in promoting a positive impact in the organization by mitigating the risks for the business itself.
References
Social Learning Theory. (2024, November). In Wikipedia. https://en.wikipedia.org/wiki/Social_learning_theory#
Mirror Neuron. (2024, July). In Wikipedia
https://en.wikipedia.org/wiki/Mirror_neuron
SANS Institute. (n.d.). 20 Coolest Cybersecurity Careers. Retrieved November 2024, from https://www.sans.org/blog/who-and-what-is-a-security-awareness-officer/
Lance Spitzner. SANS Institute. (2021, September 7th). Who and What is a Security Awareness Officer? Retrieved November 2024, from https://www.sans.org/blog/who-and-what-is-a-security-awareness-officer/
Lance Spitzner. SANS Institute. (2021, June 17th). 2021 Verizon Data Breach Incident Report Insights. Retrieved November 2024, from https://www.sans.org/blog/2021-verizon-data-breach-incident-report-insights/