Journal Entry # 1 –
The least interesting field that I would want to work in would be investigation. From what I have seen working for the Government the folks that have to do investigations tend to do a lot of paperwork. I am not big on having to fill out tons of paperwork and forms when other people mess up. Also, your hours can be crazy depending on if the company you work for is 24/7 or not. I also am not big on traveling, and some of these investigator jobs can have you traveling a lot of the time. Now I know it is an important job, just not one I am personally interested in. I am interested in Implementation and Operation. I would like to do system administration or network operations. I enjoy maintaining systems and working/troubleshooting network devices and issues.
Journal Entry # 2 –
The principle of Empiricism enhances the effectiveness of cybersecurity practices by using proven knowledge, data gathering and testing systems to effectively fix security issues and prevent issues from happening. Using this principle will allow someone to compare their system or systems to the current security standards. This will help keep it secure as well as be able to fix any security issues properly according to what is published as the most up to date and correct. Research, testing and gathering of data will also allow strategies and further development of security implementation to be created based on what is happening in the cyber field.
Journal Entry # 3 –
Privacyrights.org provides valuable data for researchers to help them forecast future data breaches and trends. It covers laws, policies, actual breaches, and tons of other articles that are good research material. The database provides detailed information such as breach type, the organization affected, location, and number of records exposed. This allows researchers to track trends in each organization and location based off the severity and frequency of breaches. Thus, being able to predict potential breaches before they occur based off the data gathered on this site. The data gathered may not be exact but used correctly can still be a strong tool for research purposes and forecasting breaches in the future.
Journal Entry # 4 –
How Maslow’s Hierarchy of Needs relates to my experiences with technology:
Physiological needs: For this need I have worked in network infrastructure and as a systems administrator. These roles have allowed me to keep people connected to the network and perform their daily jobs so that they could do the things they needed to complete.
Safety needs: Since employees would be able to do their job this would allow them to get a paycheck and take care of themselves and whatever else in their life. The same would go for me, since without doing my job, I wouldn’t be able to take care of and provide for my family.
Love and Belonging: Working in IT has helped me start a family and have two beautiful kids. It has also helped me make friends for life and have a sense of belonging with the people I have worked so closely with.
Esteem: I have focused on getting the job done and let the achievements from it come naturally. I started as an IT in the Navy and just worked hard. This allowed me to get a job in network infrastructure when I transitioned out. Then after doing that for some time, I was able to continue moving up in my career and work as a system/network administrator.
Journal Entry # 5 –
- Money
To me if you are going to commit a crime there should be a good reason for it. You shouldn’t do it but at least have a reason. So doing it for a better life finically or paying for bills and groceries isn’t the worst reason.
- Recognition
So, recognition isn’t a bad reason when doing it like the hacker did against NASA. It helped them see these vulnerabilities and even thanked them. This is an example of good recognition, unlike the British hacker who did it for twitter likes.
- Multiple Reasons
Since these reasons can be a mix of money, recognition and other things from this list it isn’t the worst on here. It usually also isn’t rooted in a completely selfish motivation.
- Political
This is the part where I am choosing based on what isn’t too bad since the rest of the motives aren’t good reasons. Political can have its reasons based off what government backed group is involved and why. If it is beneficial to the US I can lean towards agreeing with it more but if not, then I won’t. I also disagree with smearing another’s image.
- Curiosity
When it goes too far like it did with Johnathon’s story I cannot agree with curiosity as motivation. In some capacity it can be a way to learn and even let a company know of potential weaknesses. But when you cost a facility millions and then it spirals from there it isn’t worth doing it.
- Revenge
Revenge is a bad motive for me because it shows the ugly side of humanity. Especially based on the articles. Putting videos and images out there because of revenge is gross, especially since the victims trusted that wouldn’t happen. As well as deleting irreplaceable photos and videos out of revenge.
- Boredom
The last two are almost self-explanatory. Hacking from boredom is dumb and a waste of time. Committing crimes because you are bored is something that should never be done.
- Entertainment
Like boredom this is not a good motivator. Hacking shouldn’t be don, at least in an illegal sense, especially because someone wants a little entertainment in their lives. Read a book, exercise, play a game, watch TV, etc. Don’t hack.
Journal Entry # 6 –
Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source].
Compare the three fake websites to three real websites and highlight the features and similarities that identify each fake website as fraudulent.
Real Website #1 – https://www.apple.com/support/
Fake Website #1 – http://appletirepaircenter.com/
They look similar but the fake website is a http not https, the spelling on it is incorrect if you take the time to read it, and apple has a /support after the .com, while the fake website makes it seem the support is its own site.
Real Website #2 – https://www.instagram.com/accounts/login/
Fake Website #2 – https://instagrom.com/login_redirect
Instagram is misspelled in the fake website; it uses an o which is like an a so if one isn’t paying close attention, it could trick them.
Real Website #3 – https://www.fedex.com/en-us/tracking.html
Fake Website #3 – https://www.fedex-delivery-hold.us/
The fake website ends is .us and not .com and having delivery hold creates a sense of urgency for the person trying to find the correct URL. Also, if this was sent in an email the person receiving it may click on it because of the wording of the link.
Whenever looking for a website or receiving a URL in an email verify that the structure of it makes sense. Verify the URL has HTTPS in the beginning, that it is spelled correctly, and that the sender of the email is legit. There are also websites you can use to check the integrity of a link if you are unsure.
Sources:
https://www.identityguard.com/news/how-to-tell-if-a-website-is-fake
https://www.arcyber.army.mil/Resources/Fact-Sheets/Article/3301745/fraudulent-websites/
Journal Entry # 8 –
The media and Hollywood influence the world of Cybersecurity in a confusing and sometimes negative way. Movies tend to portray these hacking scenes in a way that a single person can sit in front of a screen and press a few keys, boom, hacked. But that just isn’t the case. It can take days, weeks or even longer sometimes to find the right vulnerability to exploit. It undermines any real security and defenses because they tend to just show one big exploit and that’s usually it. It also sets unrealistic expectations because there isn’t any real effort put into what happens on the screen. At the same time, I understand, it needs to be fun and engaging for the audience. If a movie or show made it realistic it would probably end up putting most of the audience to sleep.
Journal Entry # 9 –
- No
- No
- No
- Yes
- No
- No
- No
- No
- No
Score – 1.
I thought the questions that were asked were interesting. While I do use social media quite a bit, it’s because I’m bored most of the time. I would much rather be playing a video game, listening to music, go outside, whatever else really. I don’t think about social media like that, and I never sit down and just need it. I think that different patterns are found across the world based on how advanced a country is, financial situations, how prominent being seen online is for some people and cultures.
Journal Entry # 10 –
Social cybersecurity is a necessary field because it addresses attacks that exploit human interactions, such as cybercrime and cyberbullying. It also shows that the largest vulnerability isn’t the system but usually the user on the system. But we need to not always blame the user but the environment that doesn’t protect that user. The biggest takeaway from the article is its focus on detection and prediction models. It is not as simple as people being the weakest link. We need ways to predict and mitigate socially engineered attacks. The article shows that the future of defense lies in advanced techniques that can analyze human behavior within social networks.
Journal Entry # 11 –
There are a few social themes that arise in the presentation. One of them being user awareness and education. An analyst’s job is not purely technical; sometimes they have to provide guidance for others and create training for people. They are also described as the first line of defense from attacks such as phishing. Which would be socially themed since it involves trust from others and human psychological vulnerabilities. A large part in the cyber field as well is professional networking. This helps when you have questions at work, making or editing a resume, getting a job, etc. So being social with others at your job and in your field goes a long way in progressing in your career.
Journal Entry # 12 –
Economic Theories –
- Theory of Negative Externalities –
This theory relates to the letter because the platform provider failed to secure its systems properly and in turn cost the customer. Their data got stolen and had to get a new card or cards.
2. Agent Theory –
The agent (third party platform) didn’t invest in security enough causing this breach. The principal (glasswasherparts) needed them to be more secure and they were not.
Psychological Social Sciences Theories –
- Risk Perception –
The letter attempts to calm the customer by stating that they are unaware of any actual misuse of the customer’s information. However, they would still be stressed out by the letter because their information was stolen and they were advised to contact their bank and get new cards.
2. Social Trust –
The company tried to maintain their trust and legitimacy through the letter by saying how they found out about the failure and who they worked with on it. But they still took too long to find out and still delayed telling the customer about the breach even after finding out.
Journal Entry # 13 –
https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true
The study in the article shows that bug bounty programs are a great way to find security flaws for a decent price. It works so well because these hackers are in it for more than a paycheck. These ethical hackers are driven by other reasons, like building their reputation, learning new skills, and just being part of the community. This helps companies that can’t afford to pay a lot of money to find and fix these flaws since ethical hackers don’t cost too much. The article also shows the playing field is more even, everyone has a fair chance. The size or fame of the company doesn’t necessarily put them over smaller companies when it comes to the quality bug reports they receive. The study confirms that programs get less useful over time. Once the easier bugs are found, hackers have to spend more time and effort to find any new ones.
Journal Entry # 14 –
1. Collecting information about children
2. Bullying and Trolling
3. Sharing passwords, Addresses, or Photos of Others
4. Faking your identity online
5. Recording a VoIP call without consent
I think these 5 are the worst out of the list of 11. None of them are ethical or legal but to me these are the worst. Obviously, anything that can harm children is heinous, same with bullying. Faking your identity can kind of tie with the first two, but deceiving people is wrong as well as potentially hurting someone’s image or reputation. Sharing passwords is a big no no, as well as addresses, photos and any other personal information that isn’t yours to share. Lastly, recording anything without consent is wrong. Especially something that could be considered sensitive or personal.
Journal Entry #15 –
The ethical questions that the presentation raised for me are erosion of trust and the problem of accountability in automated crime. Since AI is getting better at making videos and deepfakes it hurts trust when watching videos online. It also hurts trust when using videos as evidence since it is becoming so much easier to fake them. We should address these concerns by making them more public. Teaching others what to look for in these fake videos. Anything with AI is to just make others aware, especially when some of these scams are meant to go after certain groups and potentially profit from them. We also need to find a way to handle AI within the court of law and limit some of what it is allowed to do. If that is at all possible.
Leave a Reply