Cybersecurity is typically conceived as a technical topic. In reality, the topic is multidisciplinary, and some aspects of the topic are best understood through a social science lens.  This course addresses the social, political, legal, criminological, and economic dimensions of cybersecurity through a social science framework.  Students are introduced to a human-factors approach to understanding cybersecurity threats.  Attention is given to the social factors that contribute to cyber incidents and the political and legal mechanisms that are developed to control the behaviors of those who create risks cybersecurity incidents.  The class also explores how cybersecurity is studied by social scientists in psychology, political science, criminology, economics, sociology, international studies, and other social science disciplines.

Journals

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

The area that appeals the least to me would be Operate and Maintain. The reason being is that under specialty areas it shows Customer Service and Technical Support. I would be fine doing Technical Support within an organization, however I do not see myself getting into a career that relates to customer service since I do not like interacting with individuals who are uncooperative and ungrateful. Areas that do interest me would be Protect and Defend. Also possibly investigate. I have not really thought about Digital Forensics but I can possibly find myself being and to use problem solving and critical thinking that is required in that field. I would also choose Protect and Defend since that is one of the main reasons I chose to major in cyber security since that is what is usually thought of when hearing about this career.

Explain how the principles of science relate to cybersecurity.

Principles of science is important in cybersecurity. It helps understand, analyze, and to defend against the evolving threats online. Ethical neutrality relates to cybersecurity in an idea that professionals should maintain and neutral when it comes to ethical decisions. They must be able to respect privacy of individuals and organizations and making sure that their confidential information is safeguarded. It is also necessary that they are not swayed by personal biases when making decisions on enhancing security. Relativism shows how much system development can affect many other systems. It explains how all things are related to one another. If one change happens in any type of system, it would eventually cause a change in cybersecurity. Objectivity shows the unbiased approach when responding to threats and vulnerabilities. It makes sure that all decisions are based purely on evidence and facts rather than opinions.

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?

The site PrivacyRights.org shows data breach information such as from cards, hackings, and physical breaches. There is an interactive map showing exactly where the location of the breach was and how many there was. There is also information on what type of organization that got breached. The amount of records impacted is also shown. When a certain breach is selected, it will show the date of the breach and the date it was reported on. The classification of the breach and organization is shown. There is also a description on what might of happened, what caused it, and what might of been stolen. Researchers are able to use this information to find out how to prevent breaches from happening. If a certain method of breaching is mostly used, all of the effort can be mainly focus on securing from that specific method of breaching. They can also find out the impact that breaches cause such as financial damage and reputational damage. Most importantly, researchers can release their findings to the community to help spread public awareness on how to prevent breaches from happening.

Review Maslow’s Hierarchy of Needs and explain how each level relates to you experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Abraham Maslow’s hierarchy of needs suggests that all humans have needs that exist on a hierarchy. The lower-level needs are usually met first and then the higher-level needs are focused last. The first level is physiological needs and those include food, water, warmth, and rest. Food and water can be ordered online and delivered. Warmth and rest can be found by renting an apartment by looking for available ones online. The next level is safety needs which includes security and safety. I have experienced this by using Ring which uses camera surveillance and also detects if doors or windows have been opened. Next is belongingness and love needs like intimate relationships and friends. Social media can help this out by allowing individuals to socialize and find groups where they share the same interests. The next level is esteem needs like prestige and feeling of accomplishment. This can be obtained through social media where others can get social validation through likes, comments, and shares. There are also sites that can help enhance knowledge and expertise which can lead to accomplishment. The last level is self-actualization which is achieving one’s full potential including creative activities. Technology can be used to express creativity and exploration of interests. Some platforms allow individuals to share their art for anyone else to see.

Review the articles linked with each individual motive. Rank the motives from 1 to 7 as the motives that you think are the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.

  1. Money
  2. Multiple Reasons
  3. Revenge
  4. Political
  5. Boredom
  6. Entertainment
  7. Recognition

I ranked money as number one since money is almost everything in society. It is a main goal to have money to be able to do anything you want, and also it is important to have money if you want to live. Those who are in desperate need of money might commit crimes in order to save themselves or someone else. Multiple reasons would be number two since it could be a mix of many different things. The article mentions socioeconomic factors and psychological drivers and when those two factors combine it could be a major driving factor. Number three would be revenge since it is a strong emotion that could make people do things they wouldn’t do if they were thinking straight. Sometimes it could be in the heat of the moment. Political reasoning is number four since it could be used for intelligence like surveillance. It can also be used to disrupt infrastructure which can be motivated by political agendas. Boredom is number 5 since it can cause individuals to seek out new things making them more vulnerable. Entertainment is number six since entertainment can be used to fix boredom. When individuals have nothing to do, they might just turn to something criminal just for fun. I find recognition last since there are many other reasons that can drive individuals to commit crimes.

How can you spot fake websites? Compare three fake websites (don’t access those sites, of course) to three real websites. What makes the fake websites fake?

Real Websites:

https://www.amazon.com

https://cnn.com

https://coursera.org

Fake websites:

https://amaz0n-deals.com

http://cnn-news.com

https://courseraspecialoffers.net


One way to spot a fake website is to check the URL for any spelling errors. This could be that they replaced a letter with a number that looks similar. Another way to spot a fake website would be that their page is very different from the real one. This could be that it is very messy and unprofessional. It is also important to check if the website is secured using the HTTPS protocol. Many fake websites try to make individuals click on them using special deals and discounts. If these words are included in the URL without being in the directory (example amazon.com/deals instead of amazon-deals.com) then it has a high chance of being fake.

Review the following ten photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the Individual’s or individuals’ mind(s). Explain how your memes relate to Human-centered cybersecurity.

This meme shows how some people might not see how dangerous using public WIFI can be. Individuals could accidently connect to a criminal’s hotspot which can show a fake banking page. When someone logs into that fake page, the criminal will be able to log the credentials used which then results in them gaining access to their bank accounts.

This meme shows an individual thinking they won a free PS5. Instead they fell for a phishing scam and tried logging into a fake page which stole their credentials.

This meme shows how there can’t be a flaw in human factor if there is no humans at all.

All three memes relates to human-centered cybersecurity since all it takes is one person to fall for something and everything could be compromised. It is also the most costly and most avoidable. There are many different scams that humans can fall for like fake websites and phishing so training should be a requirement.

After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.

Cybersecurity in movies usually show them using different words to make the scene look dramatic. They might include visuals that don’t happen when actually doing what they are showing. There might be an inaccurate representation of what the film is trying to show with their hacking scene. This can cause people to associate that with the term hacking when in reality it is much different. Media mostly focuses on large scale cyber attacks like data breaches from large corporations or government entities. This impacts how individuals see the severity and implications. It might also lead to individuals to think that they aren’t important enough to become a victim. Media also portrays hackers and nefarious people who lurk in the shadows. This ends up creating stereotypes and misconceptions about what hackers actually are.

Complete the Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

On the Social Media Disorder scale, I scored a two. I found that all of the items in the scale are to be negative attributes to the use of social media. Most of the questions seemed to appear that there is a problem with their use of social media. These problems include withdrawal symptoms, preoccupation, frequency, and consequences. There are many different patterns because there are different factors for everyone. Some places might have different cultures about the use of technology which can influence how much they use social media. Countries where many people can access technology can allow almost anyone to use social media. There is also popularity trends of different social media platforms which can influence usage patterns.

Read this and write a journal entry summarizing your response to the article on social cybersecurity.

Social cybersecurity is becoming necessary due to national security. It focuses on fields like political science, sociology, communication, psychology, and computer science. There is a current rise of information warfare. This is shown with Russia’s propaganda campaigns. Information is being shown as a critical part of national power. Information used to be controlled with print, broadcasts, and televised news. Now information can be shown on blogs, social networks, and social medias. This is where most of the world gets its information from. This can allow anyone to show anything because of the anonymity and the financial rewards by being viral. Individuals now need to fact check everything at the user level instead of the journalist level. Those who grew up where news are trusted are not ready to gather news in an era where anything can be true or false. There is also social-cyber maneuvering. Information maneuvering is manipulation the flow or relevance of information. Network maneuvering is manipulation of an actual network. There is also the rise of bot accounts on social media that can spread malicious content or to manipulate people with false information.

Watch this video. As you watch the video think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

One social theme about how cybersecurity analyst job relates to social behaviors is the trust within social networks. They often deal with protecting sensitive information which requires maintaining trust among users and employees. It also talks about human behavior and the impact it has on cybersecurity. Social engineering attacks is where perpetrators explain human psychology to gain unauthorized access. This shows social behaviors like trust and curiosity that can be manipulated for malicious purposes. It is important to also create a culture of security in an organization. One way of doing this is by promoting cybersecurity awareness and compliance among employees. Cybersecurity analysts involves understanding and navigating social dynamics to mitigate cyber risks.

Read this sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

One economic theory shown is the Marxian economic theory. It is based of that those with power exploit those without power for economic gain. The company was breached and disclosed no further details about what was breached. This causes the individuals to not know how severe the data breach is so they might continue on with the service. Another economic theory is that the company provides the information about the breach and the steps to take which can be considered the “supply”. This creates “demand” of further action from the customers. One social theory is Social Identity Theory which can make the notification not only server as information of the data breach, but also make the individual acknowledge their membership in a community of users affected by the incident. Crisis Communication Theory shows how organizations communicate with stakeholders during times of crisis to maintain trust. The breach notification letter shows the communication by promptly notifying affecting individuals of the breach.

Read this article and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

The article shows bug bounty policies and showing its growing popularity as a proactive approach to cybersecurity. Ethical hackers are able to use their knowledge and skills to help enhance cyber resilience by minimizing the risk of data breaches. There is an economic rationale behind bug hunting policies by showing the cost and benefits. Organizations offer financial incentives for vulnerability discovery to help align the interests of ethical hackers of their cybersecurity objects. There is issues with cope definition, vulnerability disclosure, and incentive structures. The effectiveness of bug bounty policies depends on careful design and implementation. There is also ethical considerations surrounding incentivizing hacking. Bug hunting policies can help with crowdsourcing cybersecurity expertise and have a chance to help find vulnerabilities before it can be used by someone with malicious intent.

Andriy Slynchuk has has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

The most serious offense I believe on the list is illegal searches on the Internet. This is such a broad statement but it can include searches of illegal content such as child pornography, hiring criminals, and questionable terms like how to make a bomb. Number two would be collecting information about children. Children are very vulnerable and may not fully understand the consequences of sharing personal information online. If they were to share their information, it could potentially lead to various risks like exploitation and online predation. Number four would be sharing passwords, addresses, or photos of others. This is a major privacy concern because some passwords might allow individuals to access very important and sensitive information. Lastly, number five is bullying and trolling. This can include harassment, intimidation, hate speech, discrimination, and cyber stalking. These actions can cause emotional distress, fear, and physical harm.

Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

The speaker mentions how there was no courses to study and that the only way in was to be put into it. He started with a small account career and was put into an IT job. He had no clue what digital forensics was but was invited to be part of one. This shows that almost anyone can join that field if they have the interest in doing so. I find it amazing how it is never to late to switch professions if you have the drive to do so. He was moving his way up from being an accountant at a small job to one at a major firm. He basically risked all of that by accepting the invitation to being a digital forensics even though he mentioned that he had no clue what that career actually is besides having the words digital and forensics. Now he has been at that job for over 17 years and never regretted his decisions to follow his desires.

Article 1

In 2024, Abelson et al. stated that it is essential to secure communication and devices for almost everything because of the increasing amount of use for digital technologies. A new technology called client-side scanning (CSS) is used to find targeted information and reveal it to agencies if found on a device. One of the social sciences this topic relates to is ethical neutrality. When using CSS, users’ data is being searched even if it is encrypted. Also, sometimes it is unknown to the users if that data is being saved onto a database or being sent to third parties. Organizations should implement CSS that aligns with ethical standards with the users and protect digital privacy and security. Relativism can be used to explain how these new technologies being created can change many things such as future policies and laws related to scanning users’ data. It can also show that how new types of methods can be created to bypass CSS or potentially change the algorithm of finding something dangerous. Lastly, objectivity can be used to determine if users should have their data scanned on their device.

Abelson et al. stated for their research question that CSS neither guarantees successful crime prevention nor prevents surveillance. This would mean that CSS is not effective at finding specific data and does not break any privacy with its users.

This article mostly used research methods of analyzing client-sided scanning. Abelson et al. first analyzed the privacy risks by asking how much information someone can learn about a target by getting into a CSS system. The article moves to the next question by considering the security risks of CSS. It was found that client-sided scanning can have security vulnerabilities by having bugs within the service. Abelson et al. also used experimental research by using CSS and showing false positive attacks and how it can be used.

This article shows that promising technology can sometimes not be effective at all and instead cause harm. One of them being user privacy. No one would like to have their data being scanned and monitored at all. It is also known of who is seeing this data since it could be sent to third party organizations. Client-sided scanning can have many vulnerabilities that makes it easier for others to view this data. This would require the users to constantly update their devices to fix these problems. Not everyone updates their devices, and some might have theirs be out of date making them targets.

By using client-sided scanning, it can affect many types of groups. For example, the algorithm used for the CSS can introduce bias and discriminate certain groups. Also, CSS can expose sensitive information which can lead to potential harm. Lasty, people may be susceptible to privacy violations by having client-sided scanning being used on their device.

Overall, this article shows that there are many qualities needed for a successful creation of technology to be used. By understanding the vulnerabilities that can be caused it shows how important it is to protect the infrastructure and sensitive information. This article also shows privacy concerns associated with analysis of user data. This can help create ethical guidelines for users’ privacy while also implementing security measures.

References

Abelson, H. et al. (2024). Bugs in our pockets: the risks of client-side scanning. Journal of

Cybersecurity, 10(1), 1-18. https://doi.org/10.1093/cybsec/tyad020

Article 2

During the COVID-19 pandemic, many careers changed to remote working to allow people to keep working while preventing the spread of this virus. Being able to work remotely has a huge impact when looking at cybersecurity since there are many effects it can have on a person, thus affecting the human factor. There are many factors such as psychological and sociological influence that affected employees’ cybersecurity factors during COVID-19 remote work. One potential hypothesis is that many remote workers did not know much about cybersecurity practice, so as they transitioned to remote working, they were exposed more which creates a greater risk. 

Remote working can affect human behavior in many ways. It introduces new challenges which can cause employees to become more susceptible to phishing attacks. Instead of being in a formal office, they are instead working at home where there is decreased awareness due to this informal setting. In the article, it states that cyber risks increased because employees were more exposed to threats. New attacks and exploits were created during COVID-19 such as COVID-19-based phishing. There are also privacy concerns relating to remote working. There is no set boundaries between personal and professional life. Lastly, with remote working, there is a digital divide among employees. Not all of them have the same amount of access to technology or have the same digital literacy. This unequal access to resources could contribute to cybersecurity risks.

The type of research method Whitty et al. used was an interpretative phenomenological analysis. This method is where psychologists use to understand an individual’s “lived experience”. It mainly focuses on how they make sense of their surroundings and what the experience means for them. There is also a hermeneutic approach which requires data to be continually returned to ground the interpretation of the themes. This research method aims to provide insights on how the employees perceive and understand a given phenomenon.

There are many concepts related to social sciences in this article. One of them being the human factor, which is the weakest link in cybersecurity. According to Module Four, there are psychological factors that affect this. Transition to remote working can be very stressful for some individuals which could make them become more likely to be victimized. Module Six can explain the risk triangle and how remote working can cause there to be a less “confidentiality” of data which could allow someone to access it. With remote working, there is less awareness which could cause individuals to be victims of social engineering attacks such as phishing as explained in Module Ten.

These results can be used in the future to help ease the transitioning process of remote learning and helping employees have the necessary technology and assistance to prevent potential cybersecurity threats. Many jobs are now offering remote working and those employers can use these recurring themes to help protect their employees. They can also find better methods to help train employees to use better cybersecurity practices that are more common in an environment when remote working.

References
Whitty T. M., Moustafa N., & Grobler M., (2024). Cybersecurity when working from home
during COVID-19: considering the human factors. Journal of Cybersecurity, 10(1), 1-11.
doi.org/10.1093/cybsec/tyae001

Career Paper

How does this career depend on social science principles?

Common task jobs for Cybersecurity Analysts includes monitoring for security breaches, investigating cyberattacks, and writing reports. They use social sciences to help find user behavior in an organization’s network. With this user behavior, they are able to find anomalies that can indicate any security breaches or insider threats. By understanding human behavior, they are able to detect suspicious activities and respond to potential threats more swiftly. Also, during any cybersecurity incidents, Cybersecurity Analysis can use behavior analysis to understand the reasons and tactics of attackers. They can find patterns of their behavior to anticipate against future attacks based on historical data. Cybersecurity Analysts have an important job at training employees of cyberthreats. Since human factor is the weakest factor in an organization’s security, they must have a strong social engineering defense. Cybersecurity Analysts use social sciences to recognize common social engineering tactics to develop strategies against them.

Key concepts learned in class and how it relates to this career.

            One example of a concept learned in class is that it can not be assumed that individuals know enough about cybersecurity. Since it is a Cybersecurity Analyst’s job to educate and train employees about the dangers of cyber threats, they must make sure that everyone is educated about this. They can raise awareness of common threats and then train employees on how to protect information. Cyber threats are also evolving all the time so training should never stop with both existing and new employees. They are also responsible for threat analysis which is assessing potential security risks and vulnerabilities. Cybersecurity Analysts can use individual motives and cognitive theories to find any potential reasons behind attacks and look for those behaviors within an organization. Cognitive theories can also help finding the process behind human error in cybersecurity incidents. This post-incident analysis can be used to implement measures to reduce the chance of similar errors in the future. Another concept shows that human factor plays a large role in cybersecurity and how it is considered the weakest link. This is another reason on why being able to train employees to be able to stand against these attacks is important.

Relationship between career and marginalization.

            There is a digital divide which includes low-income communities, individuals with disabilities, and much more, that face barriers to accessing cybersecurity education and resources. Those in the career of Cybersecurity Analysts can fix this divide by advocating for accessible and inclusive cybersecurity solutions. They can ensure that policies consider the needs of marginalized groups and also promote digital literacy programs. They are also disproportionately affected by surveillance and privacy violations. This can lead to an increased risk of discrimination and exploitation towards those individuals. Cybersecurity Analysts can support privacy preserving technologies and policies to protect the rights of individuals which ensures that these measures do not interfere with existing inequalities or vulnerabilities.

Career connection to society.

            New vulnerabilities are being created constantly and Cybersecurity Analysts must adapt to these changes. Examples of these new emerging technologies are artificial intelligence, Internet of Things, and cloud computing. These changes also affect professionals in many other fields and also in society. There are also complex ethic and legal challenges between cybersecurity and human rights. Cybersecurity measures are supposed to protect against cyber threats. They may infringe upon individual’s privacy and their fundamental rights. Cybersecurity Analysts also plays and important role in promoting cybersecurity awareness. They can collaborate with schools and the community to help raise awareness which builds digital literacy skills to help create a culture of security within society. Lastly, Cybersecurity Analysts prioritizes risk awareness and threat mitigation, so they constantly address human factors such as cognitive biases and security hygiene practices. They play an important role in protecting society’s digital infrastructure which creates a safe and secure cyberspace for everyone.

References

A day in the life of a cybersecurity analyst. 180 Engineering. (2023, June 26). https://180engineering.com/a-day-in-the-life-of-a-cybersecurity-analyst/

Bresler, S. (2023, August 9). A day in the life of a cybersecurity analyst. Masterschool. https://www.masterschool.com/magazine/a-day-in-the-life-of-a-cybersecurity-analyst/

Gawn, A. (n.d.). What has cyber security got to do with Gender Equality and Social Inclusion? What has cyber security got to do with gender equality and social inclusion? | Social Development Direct. https://www.sddirect.org.uk/blog-article/what-has-cyber-security-got-do-gender-equality-and-social-inclusion#:~:text=Some% 20people%20%E2%80%93% 20notably%20women%2C%20girls,women%2C%20girls%20and%20marginalised%20groups.

How does cybersecurity benefit society? (2022, December 10). Careerera.com. https://www.careerera.com/blog/how-does-cyber-security-benefit-society

Simmons, L. (2022, December 8). A Day in the Life of a Security Analyst. Cyber Degrees. https://www.cyberdegrees.org/careers/security-analyst/day-in-the-life/#:~:text=A%20day%20in%20the%20life%20of%20a%20security%20analyst%20varies,penetration%20testing%20and%20installing%20software.