Informatics PLO (core competency) C: Demonstrate strong understanding of security and ethics issues related to informatics, user interface, and inter-professional application of informatics in specific fields by designing and implementing appropriate information assurance and ethics and privacy solutions.
Cybersecurity is a big part (four courses) of my Informatics journey. Two of my specialization courses and two of my core courses are in Cybersecurity. And for good reason. As more of our lives and finances move online, lucrative opportunities for bad actors increase. According to U.S. Identity Theft: The Stark Reality—a study by Aite Group—”identity theft cases cost $502.5 billion in 2019 and increased 42 percent to $712.4 billion in 2020” (iii.org, n.d.). The study went on to forecast that losses would increase again in 2021 to $721.3 billion (iii.org, n.d.).
By nearly any measure, across numerous studies, the conclusion is the same: cyberthreats are increasing and cybersecurity is as important as ever. In addition to the threats and costs to consumers, the WannaCry ransomware attack of 2017 affected the National Health Service (NHS) so badly that hospital equipment—including computers, MRI scanners, and blood-storage refrigerators—was shut down in many facilities throughout England and Scotland (Wikipedia, 2021). A few years later in 2021, gasoline prices soared when the Colonial Pipeline suffered a randomware cyberattack that impacted computerized equipment managing the pipeline (Wikipedia, 2021).
By studying Cybersecurity as part of my Informatics training at San Jose State University, I am gaining the tools to be able to fight the good fight against these bad actors to aid whatever company I end up working for after this. My training has been two-fold:
- Research and methodology to determine the existence and scope of threats
- INFM 208: Risk Assessment Part I – Asset Identification https://docs.google.com/document/d/1wxqvIG_OXx61c7bEtxHkiqpJtIoan63U/edit?usp=sharing&ouid=115650387420842736404&rtpof=true&sd=true
- In this exercise, I perform a thorough risk assessment of my apartment and apartment building based on risk assessment methodology established by the United States Federal Government in FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
- INFM 208: Risk Assessment Part I – Asset Identification https://docs.google.com/document/d/1wxqvIG_OXx61c7bEtxHkiqpJtIoan63U/edit?usp=sharing&ouid=115650387420842736404&rtpof=true&sd=true
- INFM 202: Cybersecurity Evaluation based on Verizon’s 2020 Data Breach Investigations Report (DBIR) https://docs.google.com/document/d/13G4mZ4d4Lm7ngwhiM0zwssaZNWsbfkzu/edit?usp=sharing&ouid=115650387420842736404&rtpof=true&sd=true
- In this evaluation, I pour over the DBIR to answer questions about who is behind cyberattacks, what motivates bad actors, and how those cyberattacks are carried out.
- Designing and implementing appropriate information assurance and ethics and privacy solutions and preemptive measures
- INFM 208: Risk Assessment Part II – Controls https://docs.google.com/document/d/1I6wOrAYEUyzDQRrtgyVPfnnz_ctbSvTh/edit?usp=sharing&ouid=115650387420842736404&rtpof=true&sd=true
- A continuation of Risk Assessment Part I, this document continues the methodology outlined in Federal Information Processing Standard (FIPS) 199 by including threats, vulnerabilitiesm, and proposed threat-mitigation strategies for assets, information assets, and information technology assets.
- INFM 208: Risk Assessment Part II – Controls https://docs.google.com/document/d/1I6wOrAYEUyzDQRrtgyVPfnnz_ctbSvTh/edit?usp=sharing&ouid=115650387420842736404&rtpof=true&sd=true
- INFM 203: Taking the law into our own hands: Effective data security through user education: https://docs.google.com/document/d/1cMjDcGeDCkYqx50sEdWibrgKQ4ClugeT/edit?usp=sharing&ouid=115650387420842736404&rtpof=true&sd=true
- My research paper about how businesses can improve their cybersecurity and mitigate potential risks through employee education. This paper also covers ethical questions surrounding privacy and security which were brought to light during the Facebook Cambridge Analytica scandal.
References
Insurance Information Institute. (n.d.). Facts + statistics: Identity theft and cybercrime. III. Retrieved October 17, 2021, from https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime.
Wikimedia Foundation. (2021, July 21). Colonial pipeline ransomware attack. Wikipedia. https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack.
Wikimedia Foundation. (2021, August 24). Wannacry ransomware attack. Wikipedia. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack.
Informatics portfolio 