Article Review #1

Victoria Sanderson
2/8/2024

Mitigating Risk in the Supply Chain

Going through articles listed, I decided to choose the research article titled “Mitigating Ransomware Risks in Manufacturing and the Supply Chain: A Comprehensive Security Framework” by Abdulaziz Aljoghaiman. This article discusses various types of data, research methods, contributions, and questions addressed in the study. With this journal it aims to provide an overview of all those aspects of the article. To start off, it’s to mention the research questions addressed in this study revolve around understanding the impact of ransomware in the manufacturing and supply chain industry and developing a comprehensive security framework to mitigate these risks. The researchers seek to identify the types of ransomware attacks that commonly target this industry, explore the challenges faced by organizations, and propose effective countermeasures to prevent and respond to such attacks.

            The article shows that the author primarily focuses on the threat of ransomware in the supply chain industry. This study requires lots of research to understand what’s going on the inside of the supply chain industry, so for the author to understand more of the impact of this issue, the used research utilizes different types of data. The data they analyze consists of both qualitative and quantitative data to gain a comprehensive understanding of the subject matter. Qualitative data, such as interviews and case studies, allow the researchers to explore real-world scenarios and gain insights into the challenges faced by organizations in these sectors, while quantitative data is obtained through surveys of numerous people. Both of these data sources help in understanding the severity of ransomware attacks. This then goes along with the research methods, the research methods used in this study involve data collection and analysis. The researchers collected data from various sources, including industry reports, academic papers, and expert opinions. They also conducted interviews with professionals in the manufacturing and supply chain industry to gather firsthand information.

Now to go on to the challenges faced by the author making this article, one of the main challenges faced in this research is the dynamic nature of ransomware threats. As ransomware attacks continually evolve and adapt, it becomes challenging to provide an accurate and up-to-date security framework. Additionally, obtaining access to sensitive information pertaining to ransomware attacks can be challenging due to their illegal and covert nature. With there contributions made they were able to face these challenges also. The contributions made by this study are significant in the social sciences field. By identifying the risks and vulnerabilities specific to the manufacturing and supply chain industry, the researchers provide valuable insights into ransomware threats. The comprehensive security framework proposed in the article serves as a resource for organizations in these sectors to enhance their cybersecurity practices and mitigate ransomware risks effectively.

Citation:

Aljoghaiman, A. (2023, July 2). Mitigating Ransomware Risks in Manufacturing and the Supply Chain: A Comprehensive Security Framework. cybercrimejournal. https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/214/81

Journal Entry 4

This Journal entry is about “Maslow’s Hierarchy of Needs”, which is a model that divides into 5 stages. These stages are physiological needs, safety needs, love and belonging, Esteem, and Self- actualization. When talking about technology I can say that each one does fit my experiences with tech.

Physiological needs – Like my basic needs, I believed when I first started using an ipod for music I was gonna need it for the rest of my life which I have since I was 3.
safety needs – For this, the first thing that comes to mind is security cameras, because my family installed these when I was at a very young age
Belongingness and love needs – Social media is the main thing to come to mind, because without it I wouldn’t be able to talk with half my friends that are long distance.
Esteem needs – video games, after you win a game you tried so hard on makes you feel accomplished.
Self-actualization – using the internet as a whole, because when you are on it, the possibilities are endless as data is everywhere.

Journal Entry 3

While reviewing the site Privacy Rights I noticed it had a lot of useful information to keep your personal information safe. It also listed info about data breaches that happened in 2023, that right there is enough to keep people informed of what been happening in the IT world. This little bit of information teaches them what to look out for and how to minimize the problem.

The website is very diverse in it’s choosing as its not just breach notifications its also pointers on how to help you with phishing attacks that can lead to a breach in your privacy. It also teaches you the importance of security and how to keep everything updated and why its important.

Journal Entry 2

Victoria Sanderson
1/18/2024

Analyzing the chapter’s PowerPoint covering the 7 principles of science, this overviews the psychological aspects of cybersecurity. While skepticism, implying some knowledge is impossible, seems least crucial for cybersecurity because the field demands acknowledging potential threats from unexpected sources. Ethical neutrality and relativism mirror understanding, crucial for comprehending one’s team in the cybersecurity field. Parsimony aids in understanding cybersecurity occurrences, as this advocates for the simplest fitting option. Objectivity aligns with “Need to know biases” as this is a principle in cybersecurity, which means information can’t be tainted by others. Determinism, which was talked about in the discussion board for the class. It aligns with cybersecurity’s focus on learning from past breaches for network fortification against future threats.

CYSE201S Journal entry 1

Victoria Sanderson
1/13/2024

Reading over NICE workforce framework that overview cyber security fields, I have chosen three that fit in the criteria I’m working in and interests me for the future. The first one being Analyze, that is because that’s where I am now. I analyze networks for activity and isolate the problem if the situation is deemed necessary. The second one being investigated, because after I find the problem, I got to figure out why I need to isolate it. These two are the most important things in a cyber security career, I believe that’s the case because it was all over the CYSA+ certification exam. Not just that but it’s also something you need to do no matter where you are in security. The final thing I believe that is the most interesting to me is oversee and govern, that’s because I’m getting my degree to become a supervisor over cyber security fields as it’s a recommendation to have one.

Write Up – The Human Factor in Cybersecurity

When allocating limited funds for cybersecurity, it is important to consider training and
additional technology. Training is essential for ensuring that employees are aware of the latest
security protocols and can recognize potential threats when they arise. This will help them learn
additional technology, such as firewalls, antivirus software, and intrusion detection systems,
which can help protect against malicious attacks.
The best approach to balancing the tradeoff between training and additional technology is
to allocate a portion of the budget to each. A good starting point would be to allocate half of the
budget to training and the other half to additional technology. This will ensure that employees
are properly trained in security protocols while also providing the necessary tools for protecting
against malicious attacks.
It is also important to consider the specific needs of the organization when allocating
funds. For example, if an organization has many remote workers, it may need more robust
security measures than an organization with only on-site employees. Additionally, organizations
with sensitive data may need more advanced security measures than those without said data.

To conclude then, it’s about the approach you take in the situation, as when it comes to
cybersecurity you always got to be on your toes. In this case you must be able to properly
balance your budget and prioritize what needs to be their the most without neglecting the other.
Two mainly important things when it comes to these kind of things in training and addiction
cyber security technology.

Discussion Post 2 (Ethical Gene Editing)

When It comes to Ethical Considerations of Gene Editing and bio cybersecurity it’s about the amount of information given and how important it is. Gene editing can be used for many ethical things such as changing birth defects from a child. In other words this can change human kind itself, if this could work all human kind could be “perfected”. If its possible to do that then there needs to be some sort of protection, this is because many people would want to get their hands on this sort of data. That is when Cybersecurity comes in to protect the systems data that will keep everyone’s personal information in there. Now when it comes to bio cybersecurity it would have to protect this kind of project from being exposed from people that wish to corrupt it. Ethical matters to take into consideration of this project would start with asking for consent for the DNA, then promise that it will be contained in a safe environment. When the DNA is collected is to be sure that whom ever you collected from knows what you are doing at all times, and do not make any major changes without their permission. If the data were to be corrupted, their should be back ups made all the time, and their should be workers to check if any of their work was altered. 

Discussion post 1 (NIST framework)

When it comes to the NIST framework it is a standard almost everywhere internationally when it comes to businesses. This standard framework allows it’s employed to be better prepared for any cyber risk to occur. This is because NIST brings up different kinds of procedures that allow everyone to have an understanding of what to do if an attack were to occur. I would abuse this framework by making sure every employee is given a quick test to see if they understand the basics of this, but only if I was the one in charge. If I was just a simple employee, I would of course keep studying this, and make sure I keep up to date if it were to get any changes. It would be best to learn this quickly before working for IT or any form of business because one mistake can make the whole place come crashing down. There are no downsides to this framework, it only benefits due to having every step needed to prevent any incident to occur.