1
Summary Cyber Threats
,2
Table of Contents
Lecture 1 - Introduction ................................................................................................................................................ 4
Cyber security for beginners – Meeuwisse 2017 ................................................................................................... 4
Lecture 1 – notes ...................................................................................................................................................... 4
Course lab 1.............................................................................................................................................................. 7
Lecture 2 – What is the internet and how does it work .............................................................................................. 10
Private traits and attributes are predictable from digital records of human behaviour - Kosinki et al 2013
................................................................................................................................................................................. 10
An overview of security and privacy issues for internet of things – Youm 2017 ............................................. 11
Understanding mobile internet continuance usage from the perspectives of UTAUT and flow – Zhou 2011
................................................................................................................................................................................. 12
The New Chicago School – Lessig 1998 ............................................................................................................... 13
Lecture 2 – Notes ................................................................................................................................................... 14
...................................................................................................................................................................................... 15
Lecture 3 ...................................................................................................................................................................... 18
Vulnerabilities and cyberspace: a new kind of crisis – Van den Berg & Kuipers 2022 .................................. 18
Lecture 3 – Notes ................................................................................................................................................... 19
Lecture 4 ...................................................................................................................................................................... 25
Inventing internet governance – Mueller & Badiei 2020 ................................................................................... 25
Polycentrism and democracy in internet governance – Scholte 2017 ............................................................... 26
Lecture 4 – Notes ................................................................................................................................................... 27
Lecture 5 ...................................................................................................................................................................... 34
The history of digital ethics – Müller 2022 .......................................................................................................... 34
Lecture 5 – Notes ................................................................................................................................................... 35
Lecture 6 ...................................................................................................................................................................... 38
Cognitive psychology - Tverksy & Kahneman 1974 .......................................................................................... 38
The theory of planned behaviour – Azjen 1991 .................................................................................................. 39
Understanding information systems security policy compliance – Ifinedo 2011 ............................................. 41
Lecture 6 – Notes ................................................................................................................................................... 42
Course lab 2............................................................................................................................................................ 46
Lecture 7 ...................................................................................................................................................................... 48
Employee rule breakers, excuse makers and security champions – Beris et al. 2015 ..................................... 48
Shadow Security – Kirlappos et al. 2015 ............................................................................................................. 50
Information security culture – Niekerk & Soms 2010 ....................................................................................... 51
,3
Lecture 7 – Notes ................................................................................................................................................... 52
Lecture 8 ...................................................................................................................................................................... 58
A typology of cybercriminal networks – Leukfeldt et al. 2017 .......................................................................... 58
Notes – Lecture 8 ................................................................................................................................................... 59
Course lab 3............................................................................................................................................................ 66
Lecture 9 ...................................................................................................................................................................... 67
Ransomware harms and the factors that influence the victim organization’s experience – Mott et al. 2024
................................................................................................................................................................................. 67
Vulnerabilities and cyberspace – Van den Berg et al. 2022 ............................................................................... 68
Notes – Lecture 9 ................................................................................................................................................... 69
Lecture 10 .................................................................................................................................................................... 70
Hacktivism: conceptualization, techniques, and historical view – Romagna 2020 ......................................... 70
Notes – Lecture 10 ................................................................................................................................................. 71
Lecture 11 .................................................................................................................................................................... 74
Misinformation and its correction – Lewandowsky et al. 2012......................................................................... 74
Rumors, false flags, and digital vigilantes - Mason et al. 2014 .......................................................................... 76
The spread of true and false news online – Vosoughi et al. 2018....................................................................... 77
Notes – Lecture 11 ................................................................................................................................................. 78
Lecture 12 .................................................................................................................................................................... 83
The Hacker and the State – Buchanan 2020 ....................................................................................................... 83
Centrality and power: The struggle over the techno-political configuration of the internet and the global
digital order – Phohle & Voelsen 2022 ................................................................................................................. 85
Charting the Contours of the Geo-Tech World – Seidl 2024 ............................................................................. 86
Notes – Lecture 12 ................................................................................................................................................. 87
Lecture 13 .................................................................................................................................................................... 88
Cyber and international law in the 21st century – Wright 2018 ........................................................................ 88
Position paper of Austria ...................................................................................................................................... 89
Cyberdiplomacy video........................................................................................................................................... 91
Notes – Lecture 13 ................................................................................................................................................. 92
, 4
Lecture 1 - Introduction
Cyber security for beginners – Meeuwisse 2017
Core themes and frameworks à We are now critically reliant on digital devices, creating a
Darwin effect where individuals and organizations that leverage connected technologies thrive but
also face immense risks if those technologies are not secured. To address these risks, the book
utilizes a core framework consisting of five stages:
- Identify à Assets of value
- Protect à Using appropriate security
- Detect à Intrusions or compromised accounts
- Respond à Quarantining and identifying countermeasures
- Recover à Restoring or fixing assets
A primary focus of the text is security by design which argues that proactive measures
(identification and protection) are significantly more cost-effective than reactive measures (detect,
respond, recover)
The human and technical factors
People are the weakest link in the cybersecurity chain. The author notes that technology does not
fail without human involvement whether through social engineering, inadequate subject
knowledge, or poor organizational culture. The book explores the attack surface (the sum of all
points where an unauthorized user can try to enter or extract data and technical defences such as
firewalls, anti-malware and encryption). It also covers evolving threats like ransomware, phishing
and DDoS attacks.
Risk management and case studies
The book introduces risk-based cybersecurity, focusing on the concept of stacked risks – the toxic
accumulation of separate, seemingly minor issues that, when leveraged together by an attack, result
in a major breach: 3 high-profile case studies
- Target (2013) à Demonstrates how breaches result from a long list of security gaps rather
than a single failure
- Edward Snowden (2013) à Highlights insider threats and the accumulation of domain
knowledge and privileges
- Sony (2014) à Show how combined human and technical factors can create devastating
consequences, particularly in state-sponsored attacks
Lecture 1 – notes
Introduction to cybersecurity
Summary Cyber Threats
,2
Table of Contents
Lecture 1 - Introduction ................................................................................................................................................ 4
Cyber security for beginners – Meeuwisse 2017 ................................................................................................... 4
Lecture 1 – notes ...................................................................................................................................................... 4
Course lab 1.............................................................................................................................................................. 7
Lecture 2 – What is the internet and how does it work .............................................................................................. 10
Private traits and attributes are predictable from digital records of human behaviour - Kosinki et al 2013
................................................................................................................................................................................. 10
An overview of security and privacy issues for internet of things – Youm 2017 ............................................. 11
Understanding mobile internet continuance usage from the perspectives of UTAUT and flow – Zhou 2011
................................................................................................................................................................................. 12
The New Chicago School – Lessig 1998 ............................................................................................................... 13
Lecture 2 – Notes ................................................................................................................................................... 14
...................................................................................................................................................................................... 15
Lecture 3 ...................................................................................................................................................................... 18
Vulnerabilities and cyberspace: a new kind of crisis – Van den Berg & Kuipers 2022 .................................. 18
Lecture 3 – Notes ................................................................................................................................................... 19
Lecture 4 ...................................................................................................................................................................... 25
Inventing internet governance – Mueller & Badiei 2020 ................................................................................... 25
Polycentrism and democracy in internet governance – Scholte 2017 ............................................................... 26
Lecture 4 – Notes ................................................................................................................................................... 27
Lecture 5 ...................................................................................................................................................................... 34
The history of digital ethics – Müller 2022 .......................................................................................................... 34
Lecture 5 – Notes ................................................................................................................................................... 35
Lecture 6 ...................................................................................................................................................................... 38
Cognitive psychology - Tverksy & Kahneman 1974 .......................................................................................... 38
The theory of planned behaviour – Azjen 1991 .................................................................................................. 39
Understanding information systems security policy compliance – Ifinedo 2011 ............................................. 41
Lecture 6 – Notes ................................................................................................................................................... 42
Course lab 2............................................................................................................................................................ 46
Lecture 7 ...................................................................................................................................................................... 48
Employee rule breakers, excuse makers and security champions – Beris et al. 2015 ..................................... 48
Shadow Security – Kirlappos et al. 2015 ............................................................................................................. 50
Information security culture – Niekerk & Soms 2010 ....................................................................................... 51
,3
Lecture 7 – Notes ................................................................................................................................................... 52
Lecture 8 ...................................................................................................................................................................... 58
A typology of cybercriminal networks – Leukfeldt et al. 2017 .......................................................................... 58
Notes – Lecture 8 ................................................................................................................................................... 59
Course lab 3............................................................................................................................................................ 66
Lecture 9 ...................................................................................................................................................................... 67
Ransomware harms and the factors that influence the victim organization’s experience – Mott et al. 2024
................................................................................................................................................................................. 67
Vulnerabilities and cyberspace – Van den Berg et al. 2022 ............................................................................... 68
Notes – Lecture 9 ................................................................................................................................................... 69
Lecture 10 .................................................................................................................................................................... 70
Hacktivism: conceptualization, techniques, and historical view – Romagna 2020 ......................................... 70
Notes – Lecture 10 ................................................................................................................................................. 71
Lecture 11 .................................................................................................................................................................... 74
Misinformation and its correction – Lewandowsky et al. 2012......................................................................... 74
Rumors, false flags, and digital vigilantes - Mason et al. 2014 .......................................................................... 76
The spread of true and false news online – Vosoughi et al. 2018....................................................................... 77
Notes – Lecture 11 ................................................................................................................................................. 78
Lecture 12 .................................................................................................................................................................... 83
The Hacker and the State – Buchanan 2020 ....................................................................................................... 83
Centrality and power: The struggle over the techno-political configuration of the internet and the global
digital order – Phohle & Voelsen 2022 ................................................................................................................. 85
Charting the Contours of the Geo-Tech World – Seidl 2024 ............................................................................. 86
Notes – Lecture 12 ................................................................................................................................................. 87
Lecture 13 .................................................................................................................................................................... 88
Cyber and international law in the 21st century – Wright 2018 ........................................................................ 88
Position paper of Austria ...................................................................................................................................... 89
Cyberdiplomacy video........................................................................................................................................... 91
Notes – Lecture 13 ................................................................................................................................................. 92
, 4
Lecture 1 - Introduction
Cyber security for beginners – Meeuwisse 2017
Core themes and frameworks à We are now critically reliant on digital devices, creating a
Darwin effect where individuals and organizations that leverage connected technologies thrive but
also face immense risks if those technologies are not secured. To address these risks, the book
utilizes a core framework consisting of five stages:
- Identify à Assets of value
- Protect à Using appropriate security
- Detect à Intrusions or compromised accounts
- Respond à Quarantining and identifying countermeasures
- Recover à Restoring or fixing assets
A primary focus of the text is security by design which argues that proactive measures
(identification and protection) are significantly more cost-effective than reactive measures (detect,
respond, recover)
The human and technical factors
People are the weakest link in the cybersecurity chain. The author notes that technology does not
fail without human involvement whether through social engineering, inadequate subject
knowledge, or poor organizational culture. The book explores the attack surface (the sum of all
points where an unauthorized user can try to enter or extract data and technical defences such as
firewalls, anti-malware and encryption). It also covers evolving threats like ransomware, phishing
and DDoS attacks.
Risk management and case studies
The book introduces risk-based cybersecurity, focusing on the concept of stacked risks – the toxic
accumulation of separate, seemingly minor issues that, when leveraged together by an attack, result
in a major breach: 3 high-profile case studies
- Target (2013) à Demonstrates how breaches result from a long list of security gaps rather
than a single failure
- Edward Snowden (2013) à Highlights insider threats and the accumulation of domain
knowledge and privileges
- Sony (2014) à Show how combined human and technical factors can create devastating
consequences, particularly in state-sponsored attacks
Lecture 1 – notes
Introduction to cybersecurity
