Individual Assignment #3 Instructions:  Hacker Culture and Mitigation Course Objective:   Examine hacker culture and related psychological and cultural aspects of cybersecurity from both the malicious actor and user's perspectives. Competencies:   Critical thinking, communication skills Each student may choose one of the following organizations (e.g., a private company or a government agency), attack, or perpetrator and should identify a significant past incident in cybercrime or cyberwarfare related to it. The student will fully discuss the specifics of the cyber incident and analyze the motivation of the threat actors/attackers. Analyze the possible motivations of those who worked to defend assets against disruption, and describe motivations of any possible third-parties that may also have been involved. The student will also suggest methods for the organization to discourage hackers or intruders with similar motives and suggest management, policy or technology controls to protect the organization against similar attacks.   Organizations, Attacks, and Perpetrators: Home Depot Target Sony Office of Personnel Management Saudi Aramco  Turbo Tax  NASA Operation Aurora  US Bureau of Justice Statistics Stuxnet and Flame (US Government?) Dupont Chemical Boeing  Johnson & Johnson Pfizer  4Chan Tricare Medical Opi Israel Sony News of the World Motorola Omega Engineering   Syrian Electronic Army  Njrat  The Jester  Blue Army   Project Chanology  The Estonian Cyberwar Shamoon (Iran?) Your paper should describe the type of incident and the actors: personalities, motivations, and other contributing cultural or psychological characteristics. You will find Module "Psychological Aspects of Cybersecurity" helpful with this assignment. Link your analysis to previous readings, interactive modules, and discussion topics, with appropriate citations. At a minimum, the questions you must address are listed below:  a. What  descriptive labels might apply to this type of threat/incident? b. Regarding the threat actors: What sort of people would go after this information? Why would they want it? What will/can they do with it? How would they get it? How would potential attackers be identified? c. How would the organization try to discourage, or reduce the incentives that could attract possible threat actors? d. How would the organization protect against, or reduce damaging effects due to attempted attacks?  Length 5-7 pages, due at the end of Week 8. Prepare your paper in Word format. It should be double-spaced with one-inch margins all around. The citations and the reference list in the paper should be formatted in accordance with APA 6th edition guidelines.  Papers must include: cover page, table of contents, introduction, section headings and subheadings, conclusions, APA compliant in-text citations and list of references, and page numbers. The page count begins with the introduction and ends with the conclusions.  The questions asked in the assignment sho.

1. Individual Assignment #3 Instructions: Hacker Culture and
Mitigation
Course Objective:
Examine hacker culture and related psychological and cultural
aspects of cybersecurity from both the malicious actor and
user's perspectives.
Competencies:
Critical thinking, communication skills
Each student may choose one of the following organizations
(e.g., a private company or a government agency), attack, or
perpetrator and should identify a significant past incident in
cybercrime or cyberwarfare related to it. The student will fully
discuss the specifics of the cyber incident and analyze the
motivation of the threat actors/attackers. Analyze the possible
motivations of those who worked to defend assets against
disruption, and describe motivations of any possible third-
parties that may also have been involved. The student will also
suggest methods for the organization to discourage hackers or
intruders with similar motives and suggest management, policy
or technology controls to protect the organization against
similar attacks.
Organizations, Attacks, and Perpetrators:
Home Depot
Target
Sony
Office of Personnel Management
Saudi Aramco
Turbo Tax
NASA
Operation Aurora
US Bureau of Justice Statistics
Stuxnet and Flame (US Government?)
Dupont Chemical
Boeing
Johnson & Johnson

2. Pfizer
4Chan
Tricare Medical
Opi Israel
Sony
News of the World
Motorola
Omega Engineering
Syrian Electronic Army
Njrat
The Jester
Blue Army
Project Chanology
The Estonian Cyberwar
Shamoon (Iran?)
Your paper should describe the type of incident and the actors:
personalities, motivations, and other contributing cultural or
psychological characteristics. You will find Module
"Psychological Aspects of Cybersecurity" helpful with this
assignment. Link your analysis to previous readings, interactive
modules, and discussion topics, with appropriate citations.
At a minimum, the questions you must address are listed below:
a. What descriptive labels might apply to this type of
threat/incident?
b. Regarding the threat actors:
What sort of people would go after this information?
Why would they want it?
What will/can they do with it?
How would they get it?
How would potential attackers be identified?
c. How would the organization try to discourage, or reduce the

3. incentives that could attract possible threat actors?
d. How would the organization protect against, or reduce
damaging effects due to attempted attacks?
Length 5-7 pages, due at the end of Week 8.
Prepare your paper in Word format. It should be double-spaced
with one-inch margins all around. The citations and the
reference list in the paper should be formatted in accordance
with APA 6th edition guidelines.
Papers must include: cover page, table of contents, introduction,
section headings and subheadings, conclusions, APA compliant
in-text citations and list of references, and page numbers. The
page count begins with the introduction and ends with the
conclusions. The questions asked in the assignment should first
be outlined (the outline is not included in the document), then
the outline should be used to create the Table of Contents and
the document sub-headings. The Introduction should briefly
preview each sub-heading in the document.
Individual Assignment #3 Grading Rubic
Criteria
Excellent A (90+)
Satisfactory B (80-89)
Needs Improvement (below 80)
Content (80%)
Clarity of cyber threats
(25%)
The incident is thoroughly developed and clearly stated.
The incident is adequately developed and clearly stated.
The incident is neither adequately developed nor clearly stated.
Analysis of motivation
(20%)

4. Analysis of actors’ motivation is thorough. Various actors
(attackers, defenders, third-parties) are included.
Analysis of actors’ motivation is adequate. Motivation of
attackers and defenders are included.
The analysis presented is incomplete.
Clarity of methods of organizational response
(25%)
Methods organizations can use to discourage actors and similar
attacks are thoroughly discussed and logical presented.
Methods organizations can use to discourage actors and similar
attacks are adequately discussed and logically presented.
Methods organizations can use to discourage actors and similar
attacks are not adequately discussed or logically presented.
Quality of documented support
(10%)
The discussion in the paper is based on a thorough review of the
literature, which is not limited to news articles, but also
includes scholarly resources such as studies or reports from
agencies or organizations.
The discussion in the paper is based on an adequate review of
the literature.
The scope of the research presented in the paper is inadequate.
Heavy reliance on reference material (e.g. Wikipedia, exam
prep books, “Dummies” guides).
Form (20%)
Organization
(10%)
The Table of Contents (TOC) and the document sub-headings
reflect a careful outline of the questions asked in the
assignment. The content is well organized with clear transitions
among major subtopics.
The content is generally well organized with some improvement
possible in transitions among subtopics.
The organization of the content is confusing without clear
transitions among subtopics.
Writing style

5. (5%)
The introduction is written to give a preview of each sub-
heading topic. Graduate-level writing is reflected throughout
the paper, including accurate spelling, punctuation, grammar,
and sentence structure.
Writing is acceptable, with a few errors in spelling,
punctuation, grammar, and/or sentence structure.
Writing does not meet graduate standards. Unacceptable number
of errors in spelling, punctuation, grammar and/or sentence
structure.
Use of proper APA formatting
(5%)
In-text citations are in proper APA format and all sources are
identified in the reference list and cited in proper APA format.
Minor errors in citation identification and/or APA format.
Unacceptable number of errors in citation identification and/or
APA format.
Your Grade:
Additional Comments: