JOURNAL #1

Question: Think about how Ann’s behavior is related to the need for cybersecurity. In addition, pay attention to the way that technological changes increased cybersecurity risks. By watching the video you will see that cybersecurity requires an interaction between human behavior and technology.

After viewing the NICE Workforce Framework, I feel as though I would like to focus my career more towards the offensive side of cybersecurity such as ethical hacking or penetration testing. I’ve always found it fascinating that with the knowledge and understanding of multiple codes in order to bypass defenses. In comparison to the framework, I find another interest in the protect and defense section as well because I see it as beneficial if one not only knows offensive techniques, but also defensive techniques. The area that I find the least amount of interest towards is the oversee & govern portion, only because I don’t believe that I could handle the amount of stress that comes with having such a strong position.

JOURNAL #2

Question: Explain how the principles of science relate to cybersecurity

When people think about cybersecurity, they falsely believe that this field only deals with computers, hacking, and a whole bunch of zeros and ones. What people don’t understand fully is that the social science principles, including Relativism, Objectivity, Parsimony, Empiricism, Ethical Neutrality, and Determinism, can be used to help understand the field of cybersecurity through a social science perspective. These principles are beneficial when trying to grasp an understanding of how various fields are related and use cybersecurity technologies as well as a more thorough understanding as to why some actions were carried out. 

JOURNAL #3

Question: Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?

Researchers could use the data breach information to study breaches by picking out patterns. Websites, such as PrivacyRights.org, can provide adequate information for researchers that are studying the number of breaches as well as other information like how breaches are carried out and the damage that they have left. This information can help researchers understand the various patterns and techniques of how the hackers were able to infiltrate and evoke damage towards the company. 

JOURNAL #4

Question: How does fishing relate to cyber victimization? How does a doctor washing their hands relate
to cybersecurity?

In the digital realm, cybersecurity hygiene involves adopting practices that safeguard individuals and organizations from cyber threats. Just as doctors wash their hands to prevent infections, individuals practicing good cybersecurity hygiene regularly update their software, use strong and unique passwords, enable two-factor authentication, and stay informed about the latest security threats. This proactive approach helps mitigate the risk of falling victim to cyberattacks and keeps digital environments healthy and secure.

JOURNAL #5

Question: Rank the motives from 1-7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.

1. For money: Financially motivated attacks, such as ransomware and financial fraud, are prevalent and often yield significant profits, making them a highly rational motive.
2. Recognition: Some hackers aim to gain attention or status within certain communities or to make a statement. Although not financially driven, this motive still provides a sense of achievement and acknowledgment within specific circles.
3. Revenge: This motive is emotionally driven and often stems from personal vendettas or seeking retribution. It can be strong and intense, motivating individuals to conduct cybercrimes as a form of retaliation or to harm specific individuals or entities.
4. Political: This motive might aim to disrupt or promote certain causes, ideologies, or influence political events. It can be seen as rational from the perpetrator’s perspective, aiming to impact societal or political change.
5. Entertainment: While hacking for entertainment purposes might seem less impactful, it’s ranked higher due to the lure of thrill-seeking or the challenge of breaching security systems for the sheer fun or intellectual satisfaction.
6. Boredom: Although it might not seem as serious as the other motives, the idea of hacking out of boredom could still prompt individuals, especially younger ones, to engage in cybercrimes. 
7. Multiple reasons:  The complexity and ambiguity of multiple reasons make it challenging to pinpoint a specific driving force, hence ranking it as the least sense in terms of clear, distinct motivation.

JOURNAL #6

Question: Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?

• Phishing Site – “BankSecureLogin.com” – FAKE |(Chase.com) – REAL

What makes it fake: The URL might closely resemble a legitimate bank’s website but will likely have small misspellings or alterations, such as “BanckSecureLogin.com” or “BankSecurLogin.com.” These sites aim to steal user login credentials or personal information.

• Online Retail Scam – “DiscountElectronicsPalace.com” – FAKE | amazon.com – REAL
  • What makes it fake: Often, these sites offer significant discounts on high-end electronics or other items, but they either never deliver the goods after payment or provide counterfeit products. Lack of secure payment gateways, poor website design, or copied content might indicate its dubious nature.
• Misinformation – “HealthMiracleCures.com” – FAKE | mayoclinic.org – REAL
  • What makes it fake: Websites spreading false health claims or miracle cures without scientific backing. They might sell supplements or treatments with unverified benefits or exaggerated claims and may lack disclaimers or legitimate research to support their statements.

JOURNAL #7

Question: Review the following ten photos through a cybersecurity human systems integration framework. Create a meme explaining what is going on in the individual’s or individuals’ mind(s)

JOURNAL #8

Question: Write a journal entry about how you think the media influences our understanding about cybersecurity.

Typically, these visual mediums tend to sensationalize hacking, portraying it as a glamorous and highly exciting activity done by a lone genius working feverishly on a keyboard, usually within seconds, to break into highly secure systems. This exaggerated portrayal creates unrealistic expectations and misunderstandings about the complexity of cyber attacks, cybersecurity measures, and the time and effort required to breach or protect systems. It often oversimplifies hacking techniques, overlooking the technical intricacies or the ethical, legal, and moral implications of cyber intrusions.

The media’s representation of hacking often disregards the extensive research, planning, and diverse skill sets required for successful cyber intrusions or robust cybersecurity measures. This can lead to a romanticized and inaccurate perception of the field, potentially enticing individuals to engage in illegal activities or leading organizations to underestimate the actual threats they face.

JOURNAL #9

Question: Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

After going through the Social Media Disorder Scale, my score came out to be determined that I do not have any sort of addiction towards the technology that I use daily. The items in each question are a great representation of how social media has impacted the people of the world. The are different patterns across the world due to the fact that not everyone is going to show the same symptoms. Another fact to consider is the availability of technology that is at everyone’s disposal. When putting this statement into comparison, a child growing up in a third-world county is less likely to become a victim of addiction towards technology then a child growing up in a first-world country.

JOURNAL #10

Question: Read this and write a journal entry summarizing your response to the article on social cybersecurity.

The article discusses the emergence of social cybersecurity as a critical component of national security, emphasizing its impact on both conventional and unconventional warfare. Social cybersecurity involves understanding and forecasting cyber-mediated changes in human behavior, social, cultural, and political outcomes. It focuses on building the necessary cyber infrastructure to maintain societal integrity in a cyber-mediated information environment amidst social cyber-threats.

The narrative highlights the shift in warfare dynamics, with information warfare becoming an end in itself. State and nonstate actors exploit technology to manipulate the global marketplace of beliefs and ideas, influencing societies at the speed of algorithms. Information is used strategically to strengthen one’s narrative while undermining trust in national institutions, consensus on values, and international alliances.

JOURNAL #11

Question: Watch this video. As you watch the video https://www.youtube.com/watch?v=iYtmuHbhmS0, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

The role of a cybersecurity analyst is intricately connected to social behaviors as it involves safeguarding digital infrastructures against potential threats arising from human interactions within the cyber realm. The analyst must possess a nuanced understanding of social engineering tactics, recognizing that cyber attackers often exploit human vulnerabilities rather than solely relying on technical vulnerabilities. Social engineering involves manipulating individuals into divulging confidential information or compromising security measures through deceptive practices. Understanding social themes such as trust, influence, and psychological triggers becomes paramount in predicting and mitigating cyber threats. Moreover, the analyst must be attuned to emerging patterns in online communities, recognizing how misinformation, disinformation, and propaganda can influence social behaviors and impact cybersecurity. In a rapidly evolving digital landscape, where technology and human interactions converge, a cybersecurity analyst’s ability to comprehend and respond to social dynamics is crucial for effectively fortifying against cyber threats.

JOURNAL #12

Question: Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

1. Economic Theories:
   • Tragedy of the Commons: The letter reflects elements of the tragedy of the commons economic theory. In the digital realm, customer data is often treated as a shared resource. The intrusion into the platform provider’s systems represents a form of exploitation of this shared resource, where attackers compromise the security of personal information for their benefit. The delayed discovery of the breach and subsequent notification can be seen as a collective failure to safeguard this digital commons, requiring a coordinated response to mitigate the impact on affected individuals.
   • Market Failure: The incident also exhibits characteristics of market failure in the context of information security. Customers, as economic agents, may not have the necessary information about the true risks associated with sharing their data online. The delayed detection of the breach suggests a failure in the market’s ability to efficiently transmit information about the risks and vulnerabilities associated with the use of the platform. This lack of transparency could hinder the normal functioning of the market for online services, where consumers make informed decisions based on accurate information.
2. Social Sciences Theories:
   • Social Identity Theory: The letter touches upon social identity theory by addressing the customers directly and acknowledging the potential impact on their identities. The information compromise includes personal details such as names, addresses, and phone numbers, elements central to an individual’s social identity. The breach not only poses a threat to financial security but also challenges the integrity of customers’ personal identities within the social context.
   • Diffusion of Innovations: The diffusion of innovations theory is relevant to understanding the spread of information about the breach. The letter suggests that the company became aware of the intrusion in November but delayed customer notification due to law enforcement’s request to allow the investigation to proceed. This delay in information diffusion reflects considerations of when and how to disseminate information about an innovative (or in this case, intrusive) event within a social system, balancing the need for transparency with the imperative of an ongoing investigation.

JOURNAL #13

Question: Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/616843login=true and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings

This article discusses the evolving landscape of bug bounty programs in cybersecurity, highlighting their increasing importance in identifying vulnerabilities within corporate IT systems. The author notes a shift in attitudes, with a growing number of companies adopting vulnerability disclosure policies (VDPs) to encourage security researchers to report bugs without fear of legal repercussions. Bug bounty platforms, such as HackerOne and Bugcrowd, have gained prominence, offering freelance security researchers monetary rewards for identifying and reporting vulnerabilities. The paper emphasizes the limited empirical study of bug bounty programs, addressing this gap by analyzing data from HackerOne’s database. The findings suggest that companies of varying sizes and profiles can benefit from bug bounties, and there is price insensitivity among hackers. The article also explores industry-specific variations in bug reports and the impact of program age on the number of reports received. Despite making strides in understanding bug bounty dynamics, the article acknowledges the need for further research in this rapidly growing field. The layout includes background discussions, a detailed methodology, empirical results, implications, and potential avenues for future research.

JOURNAL #14

Question: write a paragraph describing the five most serious violations and why you think those offenses are serious.

In the realm of cybersecurity, the five most serious violations often revolve around unauthorized access, data breaches, malware distribution, system manipulation, and lack of vulnerability management. Unauthorized access compromises the integrity of systems and confidentiality of sensitive information, posing a direct threat to user privacy and organizational security. Data breaches, involving the unauthorized acquisition of confidential data, can result in severe financial and reputational damage. Malware distribution, whether through phishing or other means, not only jeopardizes individual devices but also facilitates broader cyber threats. System manipulation, such as unauthorized modifications to critical infrastructure or software, can disrupt operations and lead to cascading issues. Lastly, the absence of proper vulnerability management increases the risk of exploitation, allowing cybercriminals to capitalize on weaknesses within the system. These offenses are deemed serious due to their potential for widespread and lasting repercussions, impacting individuals, organizations, and even broader sectors.

JOURNAL #15

Question: Write a journal entry describing what you think about the speaker’s pathway to his career.
(416) Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube

Digital forensics investigators play a crucial role in the field of cybersecurity, specializing in the analysis and recovery of digital evidence to investigate and prevent cybercrimes. This career intersects with the social sciences in various ways, particularly in understanding human behavior in the digital realm. Investigators delve into the motives, intent, and patterns of individuals behind cyber incidents, drawing from concepts in psychology, sociology, and criminology. The social engineering aspect of cybercrimes, where perpetrators exploit human psychology to gain unauthorized access or manipulate users, requires a deep understanding of social dynamics. Digital forensics investigators may also analyze online communication patterns, social media interactions, and digital footprints to construct a comprehensive profile of individuals involved in cyber incidents. Moreover, they contribute to the development of cybersecurity policies and strategies by considering societal implications and the impact of cybercrimes on communities. In essence, digital forensics investigators bridge the technical aspects of cybersecurity with insights from the social sciences, offering a holistic approach to combating cyber threats.

ARTICLE REVIEW #1

After reading Victimization by Deepfake in the Metaverse: Building a Practical Management Framework, this article discusses how cyber criminals utilize the metaverse as their main platform for victimizing others and lists steps people can use to prevent themselves from becoming victims. The main focus behind this article is to explain what we can do to protect ourselves from becoming victims in the metaverse. When analyzing this topic through the perspective of the social sciences, the principles of ethical neutrality, determinism, and empiricism are the principles that are utilized when gathering data after research. The principle of ethical neutrality is displayed throughout the interviewing portion of the experiment, whereas the conductor of the interview must have permission from others to ensure the integrity of the interview and acknowledge the rights of the person being interviewed. The principle of determinism is shown throughout the data collected after the interviews, saying that offenders in their 20s are more susceptible to committing these crimes. It is also stated under the Theoretical Applications section, that psychological factors are the central importance when in relation to crime and how well we are able to control it, which analysts call  Eysenck’s theory of criminality. The article also states four different solutions that people could use as a way to mitigate the risk of becoming a victim. These solutions include policy, awareness, legal, and technical solutions. During one class discussion, we’ve addressed multiple ways on how we are able to protect ourselves from becoming victims whenever accessing the metaverse. By doing simple things such as not disclosing personal information to strangers and not opening suspicious links, these steps are more than enough for us to do to lower the risk of being victimized. The overall contribution of this article was to inform people about the dangers of the metaverse, and what we can do to protect not only ourselves, but our loved ones as well.

ARTICLE REVIEW #2

Harnessing Large Language Models to Simulate Realistic Human Responses to Social Engineering Attacks: A Case Study (bridgew.edu)
After reading through the article, it is clear to understand that the motive behind this article is to present the issue of how Large Language Machines (LLMs) can be ineffective against social engineering attacks like phishing emails. During a class discussion, we explained how social engineering attacks happen and some of the motives behind why they ruin countless lives. We also talked about the primary drawbacks that come from using AI, such as the use of emotion and a lack of consciousness. In order to gather information that can be documented, researchers performed an experiment that tested the Big Five human personality traits to see what types of people are more susceptible to these sorts of attacks. During the experiments, it is crucial for researchers to refrain from interjecting their thought and opinions towards the individuals being tested; this action can be defined as showing objectivity, a fundamental principle in social sciences. Researchers also rely on the principle of parsimony as a way to make all the information they receive as simple as possible when explaining this to others that have no prior knowledge. At the conclusion of the experiment, people that have traits such as high agreeableness, low conscientiousness, and high neuroticism are more susceptible to these attacks.  In contrast to what researchers found, traits such as openness to experience and extraversion displayed much resistance to these attacks. Studies such as this can be beneficial to the people of society by providing additional safeguards and warnings to other people that may share the same personality traits. This in turn, will most likely decrease the number of people that fall victim to the social attacks. In conclusion, this article hypothesized that AI technology is ineffective towards social engineering attacks. From the experiment, those with high amounts of agreeableness, neuroticism, and low conscientiousness are primarily susceptible to such attacks. As stated earlier, with these experiments being conducted, the data that researchers obtain can be beneficial to preventing others, that lack the knowledge of their traits, from falling victim.

CAREER PAPER

In the career field of cybersecurity, professionals are recognizing that the role of social science research and principles interfere in determining the outcome of their careers. Network engineering, a field traditionally associated with technical expertise, has evolved into a multidimensional domain where professionals increasingly recognize the importance of social science research and principles. In an era, where new technological discoveries are being made almost every day, network engineering can be looked at as a cornerstone, enabling the communication between two or more CPUs via a router, switcher, local area network (LAN) or wide area network (WAN). Individuals who have careers in this field must have knowledge about how each principle is applied to their jobs in order to effectively carry them out. 

One of the key areas where network engineers benefit from social science research is in comprehending user behavior. During one of our class lectures, we discussed how the principle of empiricism is the study of behavior that is real to the senses. Through the perspective of a network engineer, this principle is applied when engineers are required to make interfaces and systems as user-friendly as possible. Another key principle that professionals is the being able to tell others, those that lack the technical knowledge, what problem occurred and what some solutions may be; this principle is known as parsimony. According to CodeAcademy, network engineers are responsible for getting all networks back online and working properly during the occurrence of a power outage. In the instance this happens, professionals must be able to provide a summary explaining that all systems are back online. For example, if a school system were to lose all power the previous day, the IT professionals would be responsible for getting all the networks back up and running and explain to the superintendent that all systems are running. 

While this field does primarily focus more on the technical aspects of the world, network engineering intersects with the challenges faced by marginalized groups in various ways, shaping both the opportunities and obstacles within the technological landscape. According to CultureAlly, these groups include those with association with the LGBTQ+ community, women, people with disabilities, people of color, as well as those with a lower socio-economic status.  With being tasked to create networks available to those that need it, professionals in this profession must come up with inclusive and accessible network solutions to ensure that all users have access to all their needs via internet. Challenges such as those without the proper equipment must be faced in a different way. The digital divide is described as the division in the world where there are some that have access to the internet and those that lack access. Some solutions to this would be to establish internet providers and configure the networks out to these areas. This is possible, but each country has their own budget as to what they spend it on. Most countries would like to have these implementations but are restricted due to either geographical locations or the cost of doing so. 

In regard to how network engineering is related to society, it can be seen as one of the foundational fields in the world. This is due to the fact that the technological world is forever evolving, and with this evolution taking place, new systems will need to have the ability to cooperate with other systems in order to maintain the communication between each device. Without these connections in place, almost every aspect of our modern world would be affected. An example of an aspect that will be heavily affected by this would be the economic market. Business operations, financial transactions, and a majority of global trade rely on these connections in order to properly proceed. The absence of network engineering could lead to an economic chaos, like a disruption in the supply chain, the hindrance of transactions, and the impediment of e-commerce.

In conclusion, network engineering is considered to be a foundational field within society. With the technological world always evolving, network engineers will always have plenty of work to keep up with. Whether professionals work for the smallest business in a rural community or an urban skyscraper, their services will always be respected and needed in order to maintain order in this chaotic world filled with technology.