The article “To Share or Not to Share: A Behavioral Perspective on Human Participation in Security Information Sharing” delves into the critical issue of security information sharing (SIS) and its relationship with human behavior. Despite the growing need for SIS, individuals must be more open to sharing information on potential cybersecurity threats. This reluctance to share information is a vital concern as it can hinder efforts to prevent cyberattacks, which can seriously affect individuals, organizations, and even nations. The article states that human behavior is a significant factor contributing to the underutilization of SIS, aligning with the principles of social science, particularly psychology.

The researchers adopt an interdisciplinary approach to studying the relationship between human behavior and SIS. By employing psychological study methods, they analyze a unique sample of Information Sharing and Analysis Center members who engage in actual SIS activities. The study’s results reveal significant associations between human behavior and SIS, emphasizing the importance of understanding human behavior in the context of cybersecurity.

The article highlights social science principles, such as psychology and sociology, in shaping human behavior towards SIS. For instance, it discusses the role of trust, communication, and collaboration among individuals and organizations, which are critical components in exchanging security information. In addition, the study acknowledges the impact of social norms, group dynamics, and cultural factors on SIS, all of which are essential aspects of social science.

The article recognizes the importance of economic outcomes in understanding the underutilization of SIS. It extends the growing field of the economics of information security, which seeks to understand the trade-offs and decision-making processes that influence individuals’ and organizations’ cybersecurity investments. The study demonstrates the relationship between economics, psychology, and sociology in shaping information-sharing practices by examining the relationship between human behavior and SIS.

The article offers valuable insights for managers and regulators who aim to promote and shape institutions. By understanding the crucial role of human behavior in SIS, they can design policies and procedures that encourage individuals and organizations to share security information more effectively. Such strategies include creating a culture of trust and collaboration and providing incentives and training to improve SIS practices.

The study states that it is a comprehensive research agenda for future investigations on SIS. By highlighting the significance of human behavior in SIS, it encourages further exploration of the underlying psychological, sociological, and economic factors that influence individuals’ willingness to share security information. This could lead to the developing of more effective interventions and policies to address the underutilization of SIS.

It is stated in the Hans Jonas article that initially, the short arm of human power did not call for a long arm of predictive knowledge. An interpretation is that it does not take an elite level of knowledge to understand and carry out ethical actions in the short term, because it can’t determine the long term knowledge. It is argued that human good is the same for all time, and that this assumption can be a framework for ethics, and therefore policy.

With the implementation of modern technology, it is now argued that this stance on short arm ethics has changed. It is stated that since the influence of action in this new technological realm has such a broader and expanding effect, that we have to now take into account our actions because of its widespread implications. Another aspect laced into this is that with this new technological realm, there is also a greater number of people effected by this, and that now the group is responds in its own way where before this wasn’t the case. The example indicated in the Jonas paper is our effect on ecology, how our massive group of human may be affecting the planet. He applies this though to the new technological realm, the fact that this can be applied to what we know now as the internet, and the effects of social media is remarkable.

With this understanding from Hans Jonas, we have to take into account those arguments when developing policy in the cyber realm. Policy has to establish proper ethics of this newer realm. It has to take into account how one person may be able to affect a wide population of people or systems. A real world application of this may be how policy is formed regarding the cybersecurity of a power grid system. The policy has to take into account the potential impact on a single person on a wide spreading system.

In the interdisciplinary study of cybercrime, there is also the study of criminal justice in general as a baseline. It was noted that with in-person crimes between offenders and victims, that they would interact in a very specific way. The technological advancements in internet systems has impacted how offenders and victims interact. One of the ways is the physical distance between the 2 groups. Connected internet has given an avenue for a criminal to initiate a crime from a long distance, sometime all the way from other countries speaking another language with different laws. This is complicated even further when a cybercrime happens in a local US state, as some states have varying laws for some of the crimes like cyberstalking and harassment.

Another impact is the usage of possible identity theft to carry out the crimes on the internet. It is one thing to commit these criminal interactions online as the actual person to a victim, the next level is when a criminal has successfully stolen the identity of another person and contacting a victim and abusing their trust. An offender may use this identity to convince a victim to give them confidential information, and also steal their identity as well. This stolen information can be rolled into each other to gain access to a victims banking information, personal information such as a social security number, and possible access to their employment.

These technical advancements also allow some offenders to commit these attempts on a wider scale. More sophisticated attacks can use scripted programs to attack an organization from multiple methods, making it seem like many people are attacking when it is actually just one person or a small group. The victim in this case could be an energy grid system or a hospital network. Cyber technology is obviously used to help protect from such an attack, but sometimes there are technology savvy offenders that know how to use the technology to carry out the crime. They would have intimate knowledge of the systems, find weaknesses, and exploit those weaknesses to their advantage.

The 2 subjects of criminal justice and cybercrime overlap in many ways. Criminal Justice may be the foundational discipline of a cybercrime study. Criminal Justice studies what the crimes are, who commits these crimes, and why certain portions of societies are more susceptible to commit the crimes. In the study of Cybercrime, it builds off of the fundamentals of the study of criminal justice, and applies it to the specialty of crime in the cyber realm. It is stated that in the broad study of Criminal Justice, there may only be a very small section dedicated to cybercrime. There are studies that indicated that a significant portion of in-person crime is now shifting to the internet. These crimes can apparently fall under the category of white-collar crime. This implies that the people initiating these crimes have certain means, such as higher paying employment, and planning and pre-meditation. The overlap of the definition of white collar crimes to cybercrimes is that access to a computer with internet access shows the increase societal evolution of who commits these crimes.

The study as to why these groups carry out these cyber crimes overlaps into these other disciplines. Studying the emerging groups gets into a Sociological study about how society is evolving into more access to computers and connected internet. This also overlaps into Information Technology when discussing the equipment required to carry out the crimes. The study of criminology highlights how these groups of people use the technology, and can even study which countries these cyber crimes are coming from.

System security engineering is essentially laced with everyday utilities such as power grids and fiber optic internet services. These engineering systems can use the SCADA systems to monitor live readings from the systems, and analyze the data for the best practices for efficiency and safety. With the advancement of these systems utilizing RTUs that provide information to the SCADA systems, there is a massive benefit. The systems engineer would use the SCADA to observe the system, and make intelligent decisions on adjustment. In the Systems Security Engineering article, it is stated that the engineers must have a discipline to have a thorough understanding of a problem when they arise, and consider all of the feasible solution options before acting on the solution.

For a thorough analysis of an engineer to make a cyber network safer, they have to participate in all stages of engineering systems implementation. The obvious first encounter is when new systems are being set up. The engineer analyzes the feasibility of the new system in relation to the current engineering process, studies all of the alternatives, and analyzes the potential impact of the new system. The engineer at this stage provides proper security contribution at the concept level.

The other stage in the modification to the current systems. Engineers can participate to reactive modifications to the engineering systems when there are disruptions to the systems. When a cyber-attack happens to a system, the threat is assessed, along with the impact of the attack, then a solution to resume operations. This will make the cyber networks safer by potentially identifying threats and vulnerabilities, and attempting to provide a proper protection from the threat.

Engineers can also contribute to the safety of a cyber network by providing planned upgrades. These system upgrades can provide new capability for the system, with new ways to adjust the specifications of the systems, and provide new reactive methods for protection of the cyber networks.

The usage of computers have completely changed the landscape of the world. Single computational devices have assisted greatly in very specific tasks, and with the implementation of connecting the computer across the world, it has evolved the way everything is done, and how we all interact with each other. With this evolving technology, it has provided both safe spaces for systems, but also in some ways created new avenues for less safe world spaces.

One way that computer have made the world safer is immediate verification of identity. In the cyber security realm, this is confirming Who you are. With computers, they can store an identifying photo, and confirm the person somewhere else via a secure connection for verification.

Another example of computer making the world safer if by gathering immense amounts of data of criminal justice. With the usage of computers, there is extensive criminal science data being analyzed to pinpoint behaviors, and how to administer law enforcement more effectively.

Then another way that computer make the world safer is the electronic features certain financial transactions can take place. Applications that utilize digital transactions prevent people from carrying around cash all day, and have reduced the amounts of theft of cash.

Even though those are just a few of the many examples of how computer make the world safer, there are examples of how it has made the world less safe. One example is that computers have gathered such an immense amount of user data, that it attracts attackers to attempt to steal the information. People’s sensitive credit information has been leaked, creating an unsafe environment for their financial position.

Computers also make the world less safe for the fact that governments can carry out sophisticated cyber attacks on another country. The real world example is the Russian government attacked the Ukrainian power grid, which now has severe unsafe consequences.

Finally, another aspect of un safeness due to computers is the breach of security of information for people’s personal information for location and identity. There have been attackers on the internet that have pinpointed where people live, and figure out how to break into their homes for burglary.

Determining if your computer is safe is a complex assessment of the data integrity and authenticity. One observation of a safe computer is being aware of how healthy the computer performs and looks. Noticing that the computer is running smoothly can be a sign that a computer is safe because a computer that has been compromised can perform slower. Malware such as spyware and adware will slow down a computer or device. Adware will download advertising software on the computer that utilize resources such has the processing power and RAM percentage usage to slow everything else down. Noticing that browsers have ad-ons and excessive pop-ups are signs that adware has infected the computer. Observing that an internet browsing experience is swift and doesn’t have all of those advertising interruptions can be a sign that the computer is safe. The more sinister malware are computer viruses, trojans, spyware, and ransomware. Attempting to see the signs that the computer is infected is a way to see if the computer is safe. Spyware such as key loggers can severely impede secure data management, this effects personal computers at home and businesses all the time. If a computer has fallen prey to a phishing attempt, it may have accidentally installed a key logger that records all of the keystrokes that were done on the computer. This puts everything in a very vulnerable position because user identification and passwords can be stored and exploited across many accounts. One way to check in to see of the websites being visited in a browser is secure is making sure the http link in the browser has as certification verified. This is done through the process of cryptography in support of data integrity and authenticity. Certifications utilizing public and private key encryptions confirm that the website being visited in the browser is authentic, and safe to use.

The benefits of developing cybersecurity programs in businesses are justified in the costs. One type of investment in a cybersecurity program a business can do is implementing a program to train employees. They can employ in-house staff to develop these training programs, or hire a cybersecurity consultant contract to train staff on best practices. This can highlight any weaknesses that the employees may have when carrying out their tasks. It also provides guidance on some of the backbone practices of secure behavior. One of the studies indicated that there are differences in regions in how people decide what kind of identity management they adopt. Training employees good practices for using unique passwords, two factor authorization, and not writing down the passwords in a public area promote security.

In studies that evaluate surveys on training, there are guidelines on how to implement this training. In order for the costs of the training to be effective, there are guidelines such as making the training frequent, making it relevant to the employee (such as relevant to the employee’s job role), connecting the relevancy of how the human error can effect the security of the system, and mandating the training from the leadership level. This is also interlaced with a company culture of developing a cybersecurity environment. that maintains security complaince.

In the broad sense, the cost of cybersecurity programs are justified in business expenses. In one of the instructional videos, a Chief Security Officer has to relay to other members of leadership the importance of a cybersecurity program, and why it would be justified. Stating that the passive reassurance of the analogy of a parking lot full of cars prevents low level theft just isn’t enough. For a business, attackers are on a higher level of getting unauthorized access, in the analogy he uses an example of someone waiting for the car owner to open up the door, and then gain access. There is a stressing of the importance of a robust security program to prevent catastrophic business losses and downtime.

There is some focus on the relationship between white-collar crime and cybercrime. Both can be linked but not always. It is referenced that white-collar crime was introduced as a concept in 1939 by Edwin Sutherland, citing that this type of crime can happen in the sectors of healthcare, politics, securities, and the banking system. He specifically defines this behavior as “crime committed by a person of respectability and high social status in the course of his occupation.” It would later be stated that decades later technology was creating new types of crime.

Obviously in 1939, there was no robust network of connected computers, but the foundations of technological improvement were well on the way to develop the cyber environment. The article in the Harvard Business Review “Better Cybersecurity Starts with Fixing Your Employees’ Bad Habits” spotlights how human behavior can harbor cybercrime and/or white-collar crime through the usage of cyber technology. It points out that bad habits of the people using the technology made it easier for attackers to and leak user information for Equifax, and create a cyber environment for the ransome-ware attacks like “WannaCry”. It relays that IBM reported that 95% of all security incidents have human error as a factor in the crime. Examples of negligent behavior of the employees are falling for phishing attacks, clicking on bad links, using weak passwords, or not updating necessary security software updates. This created a situation where the employee may not necessarily be malicious, but the actions make it easier for an attacker to commit these cyber crimes.

There is also a focus on the fact that despite all of the technological advancements, human error will still cause security issues. One example is implementing a robust email spam filtering system on company computers. While it may prevent most, all it takes is a few emails to get through and one employee to fall for the attempt. The goal in finding a solution to these issues is constant updating and training of the employees.

C urate cutting-edge cybersecurity articles for continuing education

Y ouTube videos monetized for cyber security teachings

B ackup programs purchased and used to store important information

E ncryption coding implemented and sold to secure information

R isk management assessment programs implemented

S et up web and email filter programs

E valuation surveys for cybersecurity implementation for companies

C onsulting sessions for companies an organizations

R ecovery plans bought and in place for companies

I nsurace Policy adopting for organizations

T raining sessions for employees

Y early consult evaluations of systems