Category: Cybersecurity and the Social Sciences (CYSE 201S)

Cybersecurity and the Social Sciences (CYSE 201S)

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles.  Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true Links to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

I find the use of Bug Bounty Policies in businesses to be a great thing. The more eyes you can get on a project to look for errors leads to better outcomes. I found it interesting, but not surprising, that the article mentioned that as a bug bounty program ages, it gets fewer reports unless the scope is widened. I see that as a testament to the usefulness of bug bounty programs. It’s obvious that as it goes on, there are fewer reports. Assuming bugs are being fixed correctly and not introducing new bugs, then as time goes on, all bugs are going to be dealt with and it will become harder to find new ones.

Cybersecurity and the Social Sciences (CYSE 201S)

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

Economic Theories

Marxian Economic Theory

Marxian Economic Theory, when relating to cybersecurity, explains how massive companies with power hoard and exploit the data of those without power over them (their consumers). With the way data is monetized, companies should be forced to better protect the data they store and better inform their consumers when a breach occurs. Due to the immense power these companies typically have, the consumer ultimately suffers by simply being offered services like Identity Monitoring. If the power wasn’t with the company but was with someone with vested interest in the security of the data, letters like this would be unnecessary.

Keynesian Economic Theory

Keynesian Economic Theory emphasizes the role of institutions and government in stabilizing economic activity. In relation to cybersecurity and this letter, by notifying consumers, the company is following legal obligations as the company operates within a regulated framework put in place by the government to support consumer confidence. It reflects the idea that public intervention (like mandatory breach reporting laws) can help correct market failures and protect the broader economy.

Social Science Theories

Trust Theory | Sociology

The letter is a communication tool with the intent to rebuild and maintain consumer trust after it’s been damaged. Offering identity protection services and expressing regret aligns with the idea that trust can be repaired through transparency, responsibility, and sincere concern.

Risk Perception Theory | Psychology

This theory helps explain how clear, calming language and concrete actions (like credit monitoring) shape public response. How individuals interpret and react to the breach depends on their perceived risk. By explaining what happened and the steps being taken, the company attempts to manage fear and anxiety in hopes the consumer perceives this with minimal risk.

Cybersecurity and the Social Sciences (CYSE 201S)

Watch this Video. Complete the Social Media Disorder scale. How did you score?  What do you think about the items in the scale?  Why do you think that different patterns are found across the world?

I scored a 2 out of 9 on the Social Media Disorder scale. I have been trying to limit my social media usage lately and it has actually been going pretty well. It feels ridiculous to have such a thing as Social Media Disorder and the questions initially seem ridiculous, but when actually thinking about it, it is not ridiculous at all. Social Media hits the brain like a drug, and if that is the case, then it makes as much sense as a drug use disorder. I would say different patters are found across the world because different countries have implemented different measures to try and prevent things such as Social Media Disorder. Many countries require you to be a certain age, some require that children have their parents consent to sign up. As different places have different laws and regulations, we will see different behaviors as a result of that.

Cybersecurity and the Social Sciences (CYSE 201S)

Review the articles linked with each individual motive in the presentation page or Slide #3.  Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7).  Explain why you rank each motive the way you rank it.

1) For money
The desire for money is strong amongst many, especially when living in a capitalist society that revolves around money. It makes sense to me that this would be would be the top motive for engaging in cyber crime.

2) Multiple reasons
This article touched on a couple reasons as to why individuals may choose to do this, including socioeconomic and psychological factors. I have written about this before, and feel this goes along with the motive “For money” as those who need more money (not necessarily just have a desire for more), find cyber crime to be a “safe” and easy way to obtain more money when compared to something like robbing a bank or convenience store.

3) Political
As outlined in this article, and by many events in other countries, political cyber crime has proven to be an effective means to sway an election. While I don’t agree with the act, it makes sense as a tool to accomplish this task.

4) Recognition
Due to the rise in social media, many children and young adults believe that gaining followers is a good thing. While it is not inherently bad, it can lead to doing bad things like cyber crime in an attempt to gain recognition. Many strive to have their name well known, even if for bad acts, as it gives them that dopamine hit that desperately crave.

5 & 6) Entertainment and Boredom
I rank these together as humans want to be entertained, and if they’re not, that leads to boredom. I don’t think committing cyber crime is the right way to stay entertained (or provide entertainment when bored) as there are much more responsible and beneficial ways to attain this.

7) Revenge
This is the motive that makes the least sense to me. For the most part, getting revenge just doesn’t make sense to me. I don’t understand why people feel the need to inflict pain and conflict onto others just when it has been done to them. The famous quote “An eye for an eye makes the whole world blind.” perfectly personifies this for me. Getting revenge does nothing to solve the problem, it only multiplies it.

Cybersecurity and the Social Sciences (CYSE 201S)

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Regarding physiological and safety needs, or basic needs, I have used technology to help me remember to drink water and to help me wind down to get rest. This inclusion of technology in many aspects forced it to be the main means of safety and security as well. Safety technology like rear-view backup cameras are now mandated by law in all new vehicles in the US which has helped me parallel park on numerous occasions. The inclusion of technology into security spawned the cybersecurity sector, to which I was employed as support personnel. When branching into psychological needs, such as “belongingness and esteem”, I have found technology to be implemented in a way that brings me and my friends closer through video games and social media, when we otherwise may have drifted apart due to moving around to different geographic locations. The gamification of many processes, such as virtual training in my work, changed the process to boost my self-esteem by bringing a feeling of accomplishment to this very mundane task. Bringing all of this together leads to the top of the pyramid, the self-fulfillment needs and self-actualization. Reaching my full potential is something I hope to do one day, and I cannot imaging that happening without technology. Technology has allowed my friend and I to experience things that we wouldn’t have before, such as playing DnD for the first time with ChatGPT being the Dungeon Master. We’ve never had the opportunity to be a part of a community where we can do this so technology has brought new experiences to our lives. The more we are able to do things we want but that we wouldn’t have otherwise been able to do is what allows us to reach out full potential and be our truest self.

Cybersecurity and the Social Sciences (CYSE 201S)

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

Per PrivacyRights.org, there are many different types of information available about data breaches. In their database for Data Breach Notifications, you can find info about the Organization Name, Breach Type, Total People Affected, Residents Affected, Breach Location, and the Source of the breach. This information can be used in many ways. Data could be used to see if a specific “source” tends to use specific “breach types” or targets specific types of organizations more than others. This could also be used to see if specific breach types affect more or less people than other types. Additionally, this data could be used to see to see if breaches happen more or less during specific times of year. This data could be used in a variety of ways, even nefarious ways as you could see if specific organizations have more breaches, which would let you assume that their security is not a robust as others.

Cybersecurity and the Social Sciences (CYSE 201S)

Explain how the principles of science relate to cybersecurity.

The principles of science can relate to cybersecurity in many ways. For example, hacking isn’t objectively bad, but what you do while hacking can lead to issues that can be looked at through a subjective lens. As hacking is simply gaining access to a system that you weren’t meant to access, this can be done in ethical or malicious ways. I don’t really believe that Empiricism relates to cybersecurity as it is a digital thing. We can obviously “see” systems set up to provide cybersecurity, but I wouldn’t necessarily say it is something we can use our senses to judge. Determinism plays the largest part in cybersecurity as cybersecurity arose out of need to protect systems from nefarious actors. The experience that businesses or individuals have had with others accessing their systems without their consent lead to the need for cybersecurity to prevent these things from happening in the future. Regarding Ethical Neutrality, I also think this can relate to cybersecurity in a large way. Cybersecurity systems should simply act in the same way that physical security acts, for example, a gate or fence to keep someone out. Cybersecurity systems should do no more than keep someone from accessing a system. When these systems collect additional information to use for other purposes, it loses its ethical core. Parsimony could go along with this as cybersecurity should be kept as simple as possible to achieve its overarching goal.

Cybersecurity and the Social Sciences (CYSE 201S)

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

I am particularly interested in focusing on areas such as Cybersecurity Instruction, Program Management, or Technology Program Auditing. My previous experience supporting Palo Alto Networks has provided me with a foundation in instruction, where I developed training materials for the support team. This role allowed me to enhance my technical knowledge and teaching skills. Additionally, my interest in Program Management and Auditing stems from my desire to oversee the execution and evaluation of technology programs, ensuring they align with organizational goals. On the other hand, I am less interested in Cybersecurity Legal Advice, as I feel that legal processes, while clearly defined, can be interpreted in various ways. This variability could potentially lead to unintended consequences, benefiting some but hindering others, which is an area I prefer not to engage with.