Cyberpsychology – Individual Report

114 views 8:37 am 0 Comments May 17, 2023

Faculty of Science and Technology
Department of Computing & Informatics

Unit Title: Cyber Psychology (COMP7059)
Assessment Title: Cyberpsychology – Individual Report
Unit Level: 7 Assessment Number: 1 of 1
Credit Value of Unit: 20 Date Issued: 30/01/2023
Unit Leader: Duncan Ki-Aries Submission Due Date: 12/05/2023 Time: 12:30 PM
Other Marker(s): N/A Submission Location: Turnitin (+ large file submission box)
Quality Assessor (QA): Melanie Coles Feedback Method: Brightspace

This is an individual assignment which carries 100% of the final unit mark.
ASSESSMENT TASK
AIMS
It is essential to
expand upon what you have learned from the Cyberpsychology lectures by consulting and referencing
academic material such as text/e-books, peer-reviewed journal and conference papers, and other research reports. The
aim is for you to extend and demonstrate your knowledge towards the relevance of cyberpsychology to cyber security and
related topic areas, and to
provide critical analysis and evaluation regarding those concepts and related topics. Your
account of the real-word example should
illustrate how cyberpsychology contributes to your understanding of the
scenario.
You will need to do your own research in order to produce a well-researched and evidenced report, supported with
references (in BU Harvard format). The report must demonstrate your structured critical analysis and evaluation of
the subject area that substantiates your understanding of the problem, and subsequent considerations and
recommendations towards addressing the problem.
SCENARIO
Social engineering continues to be a common attack type used as a foundation for many scams. Although there are
technological elements to the attacks, many of the attacks rely on exploiting a human. People continue to unwittingly fall
for these attacks, which consequently have a negative impact upon victims and the wider society. These types of attacks
could potentially be reduced by raising awareness of the tactics and techniques used, and ways in which the scam attacks
may be avoided.
One such attack that could be avoided in the future relates to Vishing and Smishing (Twillo 2022).
TASKS
As a Security Consultant working with an IT Communications company, your first task is to investigate the Vishing and
Smishing scam to identify elements of the attack and the consequential impacts (Twillo 2022). The example scenario can
be accessed from the following website –
https://www.twilio.com/blog/august-2022-social-engineering-attack.
In your next tasks, your research, critical analysis, evaluation, and findings of the scenario should be clearly structured.
From the findings, you are to devise a psychology-based awareness approach using psychological theory that could be
applied towards reducing risks of this attack type (e.g. security, privacy, and safety risks) by promoting and raising
awareness towards this attack type. The psychology-based awareness approach should be specifically focused towards
changing attitudes and behaviours, and motivating that change in a typical IT Communications company. You will need to
create a video presentation to present your psychology-based awareness approach to potential stakeholders.
Jan 2023 – v2 – preEE **
Page 1 of 5
APPROVED_L7_COMP7059_2022-23_sub_brief

STRUCTURE
The report and video should cover the following areas (using the following underlined text as headings for each section):
Introduction (10% worth of assignment mark – ILO4):
Your report must clearly introduce the assignment’s topic/problem area providing background to the topic, with an
indication about what that actually means and why we should be concerned. You should provide a clear indication
towards the structure of the rest of your report and what it aims to address. There
should be a primary focus towards
cyberpsychology concepts throughout
, and where applicable, supporting concepts and topics, e.g. security, privacy,
safety.
Anatomy of the Attack (30% worth of assignment mark – ILO1, ILO2):
Your investigation of the scenario should identify a timeline of events, from point of inception and the continuation of
events by the attacker(s). Each step taken by the attacker(s) must be aligned with Cyber Kill Chain framework and their
stages of attack introduced in lectures, whilst detailing the motivations, goals, and skill level of the attacker. Then, identify
psychological and technical tactics used, including the psychological aspects exploited in the victim(s). The stages of the
attack should be presented in a table, whilst using the main body words to summarise the key aspects of the attack,
although this table may be added within an Appendix as evidence of your work.
Impact Analysis (20% worth of assignment mark – ILO2-3):
Continuing with your investigation of the scenario and timeline of events, based on your evaluation, present and detail the
main risks identified in your scenario, being clear to indicate the related threats and vulnerabilities of each risk. Risk data
can be presented within a table, whilst using the main body words to summarise the risks, and related impacts. Your
impact analysis must analyse and discuss any identified impacts (e.g. to data, systems, victims). This must include
psychological as well as physical effects, and any wider knock-on effects to other people, businesses, the economy or
nation(s).
Recommended Approach and Conclusion (30% worth of assignment mark – ILO1-4):
VIDEO PRESENTATION: Based on your critical analysis and evaluation, clearly summarise the main risks identified from
your investigation that your approach aims to address. You are to introduce and discuss your recommended psychologybased awareness approach towards how awareness could be raised [within your specified target audience] to reduce
these risks. To achieve this, you must include psychological theories and approaches introduced in lectures towards
motivating behaviour change.
You must provide examples of why and how each theory or approach could be used
within your awareness strategy towards reducing risk and creating change
(e.g. do not simply indicate which theory
could be used – be very specific why and how the company should implement the theory within your awareness
approach). Provide a short conclusion.
Style, Structure, and References (10% worth of assignment mark – ILO3):
The report must be clearly structured and professionally written. The report should be free from spelling, punctuation, and
grammatical errors. Moreover, there should be sufficient correctly formatted references from credible academic or
industrial sources to support the report. This should aim to be at least 20. Academic quality is important.
REFERENCES
Twillo, 2022. Incident Report: Employee and Customer Account Compromise[online]. USA: Twillo Inc. Available from:
https://www.twilio.com/blog/august-2022-social-engineering-attack[Accessed 01/12/2022].
Jan 2023 – v2 – preEE **
Page 2 of 5
APPROVED_L7_COMP7059_2022-23_sub_brief

SUBMISSION FORMAT
Please submit only one PDF file via Turnitin Assignment, and which does not exceed 2,000 words.
Then,
submit one video presentation to the additional large files submission box, in MP4 format.
Note
The word limit in the report is 2000 words, which excludes Figures, Tables, and References.
The video presentation will be representative of 1000 words.
The presentation should be at least five minutes,
but no more than ten minutes.
Please ensure the readability of figures and tables in the submitted file, and reference them where required. An
illegible image or table cannot be marked. Large tables and figures should be added to an Appendix.
You are expected to provide reputable evidence to support and illustrate your argument. Evidence should be
evaluated for the reader; do not merely describe it and assume that the conclusion to be drawn from it is obvious.
Relevant psychological theories have been considered in the lectures, with further suggested reading given. It is
essential to expand upon what you have learned from the Cyberpsychology lectures by referencing academic
material such as text/e-books, peer-reviewed papers and research reports. Evaluation of original journal articles is
an important academic skill, and will help you to achieve higher grades.
VIDEO PRESENTATION GUIDELINES
The video should:
be viewable on a University Windows 10 PC using VLC media player;
be of at least 720P in quality;
follow the requirements of the Recommended Approach and Conclusion section above
MARKING CRITERIA
The following criteria will be used to assess the assignment:
Please refer to the ‘Cyberpsychology Assessment Marking Criteria’ document (below) for further details on how
your work will be assessed.
When evaluating the answers, the following provides a high-level overview of the criteria used:
To achieve a Distinction (70+): You will demonstrate an excellent understanding of cyberpsychology concepts. You will
have critically analysed and evaluated the role of cyberpsychology, in particular, how these align towards other concepts
such as cyber security, privacy, and safety. Evidence of original thinking is present.
To achieve a Merit (60-69): Your work will be fluent, analytical, and rigorous. There will be a good attempt at critical
evaluation with some depth. You will have drawn upon valid cyberpsychology theory and concepts, and demonstrated a
good understanding of how these align towards cyber security, privacy, and safety. Some evidence of original thinking is
present.
To achieve a Pass (50-59): You will demonstrate a basic understanding of cyberpsychology. There is little critical
reflection or depth of understanding that may be overly descriptive, and may be incomplete. There is minimal evidence of
original thinking.
INTENDED LEARNING OUTCOMES (ILOs)
This unit assesses your ability to:
1. Critically evaluate a range of theoretical approaches and methods from psychology in the context of digital
technology.
2. Critically evaluate the role of human psychology in people’s use of online services and secure systems.
3. Demonstrate a range of transferable skills relating to promoting responsible user behaviour.
4. Apply an understanding of theoretical approaches and methods from psychology to real systems and examples.
QUESTIONS ABOUT THE BRIEF
The material used within each of the lectures and related seminars will help provide the foundations towards completing
the required assignment tasks, and guide students towards further reading to support the correct application of techniques
and considerations to be applied within the assignment. Questions and clarifications will therefore be addressed during
the lectures and practical exercises during seminars, and within a dedicated online Q&A area in Brightspace.
Jan 2023 – v2 – preEE **
Page 3 of 5
APPROVED_L7_COMP7059_2022-23_sub_brief

Specific feedback on the answers to the assignment tasks during the term will not be provided. Feedback can be provided
for answers to an alternative scenario where applicable during sessions. Feedback on assignment drafts will be given
within an assignment support seminar.
Unit Leader Signature Duncan Ki-Aries
Jan 2023 – v2 – preEE **
Page 4 of 5
APPROVED_L7_COMP7059_2022-23_sub_brief

Help and Support
Postgraduate Coursework Assessments
If a piece of coursework is not submitted by the required deadline, the following will apply:
1. If coursework is submitted within 72 hours after the deadline, the maximum mark that can be awarded is 50%. If the
assessment achieves a pass mark and subject to the overall performance of the unit and the student’s profile for the level, it
will be accepted by the Assessment Board as the reassessment piece. This ruling will apply to written coursework and
artefacts only; This ruling will apply to the first attempt only (including any subsequent attempt taken as a first attempt due to
exceptional circumstances).
2. If a first attempt coursework is submitted more than 72 hours after the deadline, a mark of zero (0%) will be awarded.
3. Failure to submit/complete any other types of coursework (which includes resubmission coursework without exceptional
circumstances) by the required deadline will result in a mark of zero (0%) being awarded.
The Standard Assessment Regulations can be found on
Brightspace or via
https://www1.bournemouth.ac.uk/students/help-advice/important-information (under Assessment).
Exceptional Circumstances
If you have any valid exceptional circumstances which mean that you cannot meet an assignment submission deadline and you
wish to request an extension, you will need to complete and submit the online Exceptional Circumstances Form together with
appropriate supporting evidence (e.g. GP note) normally
before the coursework deadline. Further details on the procedure and
links to the exceptional circumstances forms can be found on
Brightspace or via
https://www1.bournemouth.ac.uk/students/help-advice/looking-support/exceptional-circumstances. Please make sure that you read
these documents carefully before submitting anything for consideration. For further guidance on exceptional circumstances please
contact your Programme Leader.
Referencing
You must acknowledge your source every time you refer to others’ work, using the BU Harvard Referencing system (Author Date
Method). Failure to do so amounts to plagiarism which is against University regulations. Please refer to
https://libguides.bournemouth.ac.uk/bu-referencing-harvard-style for the University’s guide to citation in the Harvard style. Also be
aware of Self-plagiarism, this primarily occurs when a student submits a piece of work to fulfill the assessment requirement for a
particular unit and all or part of the content has been previously submitted by that student for formal assessment on the same/a
different unit. Further information on academic offences can be found on
Brightspace and from
https://www1.bournemouth.ac.uk/discover/library/using-library/how-guides/how-avoid-academic-offences
Additional Learning Support
Students with Additional Learning Needs may contact the Additional Learning Support Team. Details can be found here:
https://www1.bournemouth.ac.uk/als
IT Support
If you have any problems submitting your assessment please contact the IT Service Desk – +44 (0)1202 965515 – immediately and
before the deadline.
Disclaimer
The information provided in this assignment brief is correct at time of publication. In the unlikely event that any changes
are deemed necessary, they will be communicated clearly via e-mail and Brightspace and a new version of this
assignment brief will be circulated.
Jan 2023 – v2 – preEE **
Page 5 of 5
APPROVED_L7_COMP7059_2022-23_sub_brief

Cyberpsychology
ASSESSMENT MARKING CRITERIA

Marking Criteria Criterion First 70+ Good (2:1) 60-69 Reasonable (2:2) 50-59 Failing 40-49 Poor Fail 40 below
Introduction (10% worth of
assignment mark):
Your report must clearly introduce the
assignment’s topic/problem area
providing background to the topic, with
an indication about what that actually
means and why we should be
concerned. You should provide a clear
indication towards the structure of the
rest of your report and what it aims to
address. There should be a primary
focus towards cyberpsychology
concepts throughout, and where
applicable, supporting concepts and
topics, e.g. security, privacy, safety.
The report is very clearly
introduced and the structure is
well sign-posted throughout.
The attack type and
background provides excellent
clarity about the problem area,
and the need for addressing
the problem. The report begins
with a clear focus towards
cyberpsychology concepts,
and where applicable,
supporting concepts and
topics, e.g. security, privacy,
safety.
[10-7pts]
There is a clear introduction
that sign-posts the structure of
the report. The attack type and
background provides some
clarity about the problem area,
and the need for addressing
the problem. The report
begins with a focus towards
cyberpsychology concepts,
and where applicable,
supporting concepts and
topics, e.g. security, privacy,
safety.
[7-6pts]
There is an introduction that is
too vague or does not provide
sufficient detail of the structure
of the rest of the report. The
attack type and background
provides some information
about the problem area, and
the need for addressing the
problem. The report begins
with some focus towards
cyberpsychology concepts,
and where applicable,
supporting concepts and
topics, e.g. security, privacy,
safety.
[6-5pts]
There is a very limited
introduction that does not sign
post content, key points, or the
structure of the report. The
attack type and background
provides little clarity about the
problem area, or the need for
addressing the problem. The
report begins without a clear
focus towards
cyberpsychology concepts, or
where applicable, supporting
concepts and topics, e.g.
security, privacy, safety.
[5-4pts]
Work is incomplete, or it is
lacking a suitable
introduction. There is no
suitable focus towards
cyberpsychology concepts,
or where applicable,
supporting concepts and
topics, e.g. security, privacy,
safety.
[<4pts]
Anatomy of the Attack (30% worth of
assignment mark):
Your investigation of the scenario
should identify a timeline of events, from
point of inception and the continuation
of events by the attacker(s). Each step
taken by the attacker(s) must be aligned
with the Cyber Kill Chain framework and
their stages of attack introduced in
lectures, whilst detailing the motivations,
goals, and skill level of the attacker.
Then, identify psychological and
technical tactics used, including the
psychological aspects exploited in the
victim(s). The stages of the attack
should be presented in a table, whilst
using the main body words to
summarise the key aspects of the
attack, although this table may be
added within an Appendix as evidence
of your work.
There is a comprehensive,
critical, and rigorous
background analysis of the
timeline of events. This
includes a detailed description
of how the attack(s) occurred,
specific tactics used, by
whom, what, where, and their
motives. All analysis is
rigorous and systematic
through its application of
cyberpsychology theories,
models, or frameworks, with
supporting concepts and
topics, e.g. security, privacy,
safety. The analysis presented
is supported with more than
sufficient evidence.
[30-21pts]
There is sufficient background
and critical analysis of the
timeline of events. This
includes a good description of
how the attack(s) occurred
with some discussion of tactics
used, by whom, what, where,
and their motives. All analysis
considers the application of
cyberpsychology theories,
models, or frameworks, with
supporting concepts and
topics, e.g. security, privacy,
safety– but may not use them
systematically or consistently.
The analysis presented is
supported with sufficient
evidence.
[21-18pts]
There is some background of
the timeline of events, and
tactics used, although the
detail may be overly
descriptive, rather than
critically analytical. There is
some focus and alignment of
cyberpsychology concepts,
with supporting concepts and
topics, e.g. security, privacy,
safety. There may be a lack of
supporting evidence, or a lack
of contextualisation.
[18-15pts]
The timeline of events, and
tactics used are presented in
very broad terms. The
discussion is overly
descriptive, and makes
several assumptions or
generalisations that are not
sufficiently supported. There
is very little focus of
cyberpsychology concepts, or
supporting concepts and
topics, e.g. security, privacy,
safety. There is a lack of
evidence, analytical
discussion, or
contextualisation.
[15-12pts]
Work is incomplete, or
entirely descriptive with no
evidence or analysis. There
is no suitable focus towards
cyberpsychology concepts,
or supporting concepts and
topics, e.g. security, privacy,
safety.
[<12pts]
Impact Analysis (20% worth of
assignment mark):
Continuing with your investigation of the
scenario and timeline of events, based
on your evaluation, present and detail
the main risks identified in your
scenario, being clear to indicate the
related threats and vulnerabilities of
each risk. Risk data can be presented
within a table, whilst using the main
body words to summarise the risks, and
Based on related risks, there
is a comprehensive critical
analysis of the scenario
identifying the psychological
and physical effects. There is
a comprehensive analysis of
wider knock-on effects to other
people, businesses, the
economy or nation(s). All
analysis is rigorous and
systematic through its
Based on related risks, there
is critical analysis of the
scenario, identifying the
psychological and physical
effects. There is sufficient
analysis of wider knock-on
effects to other people,
businesses, the economy or
nation(s). All analysis
considers the application of
cyberpsychology theories, with
Based on related risks, there
is some critical analysis of the
scenario, identifying
psychological and physical
effects. There is some
analysis of wider knock-on
effects to other people,
businesses, the economy or
nation(s). There is some focus
considering the application of
cyberpsychology theories, with
Based on related risks, the
presentation of the scenario,
identifying the psychological
and physical effects is
primarily descriptive, with very
little analysis. There is very
little analysis of wider knock
on effects to other people,
businesses, the economy or
nation(s). There is very limited
focus considering the
Work is incomplete, or
superficially descriptive, or
completely lacking evidence
or analysis. There is no
suitable focus towards
cyberpsychology theories, or
how they align with
supporting concepts and
topics, e.g. security, privacy,
safety.
[<8pts]

Cyberpsychology
ASSESSMENT MARKING CRITERIA

related impacts. Your impact analysis
must analyse and discuss any identified
impacts (e.g. to data, systems, victims).
This must include psychological as well
as physical effects, and any wider
knock-on effects to other people,
businesses, the economy or nation(s).
application of cyberpsychology
theories, with supporting
concepts and topics, e.g.
security, privacy, safety.
[20-14pts]
supporting concepts and
topics, e.g. security, privacy,
safety – but may not use them
systematically or consistently.
[14-12pts]
supporting concepts and
topics, e.g. security, privacy,
safety, although the detail may
be overly descriptive, rather
than analytical.
[12-10pts]
application of cyberpsychology
theories, with supporting
concepts and topics, e.g.
security, privacy, safety.
[10-8pts]
Recommended Approach and
Conclusion (30% worth of
assignment mark):
Based on your critical analysis and
evaluation, clearly summarise the main
risks identified from your investigation
that your approach aims to address.
You are to introduce and discuss your
recommended psychology-based
awareness approach towards how
awareness could be raised [within your
specified target audience] to reduce
these risks. To achieve this, you must
include psychological theories and
approaches introduced in lectures
towards motivating behaviour change.
You must provide examples of why and
how each theory or approach could be
used within your awareness strategy
towards reducing risk and creating
change (e.g. do not simply indicate
which theory could be used – be very
specific why and how the company
should implement the theory within your
awareness approach).
Provide a short conclusion.
Clearly detailed risks,
prioritisation and rationale are
introduced, and
recommendations towards
reducing the likelihood and
severity of this type of attack
occurring again are provided,
addressing the localised
psychological and physical
effects with the wider knock-on
effects to other people,
businesses, the economy or
nation(s). Recommendations
made are realistic and are
informed by contextual
analysis, and includes a self
evaluative discussion of
conflicts and trade-offs
towards changing behaviours.
An evaluative consideration is
given to the practicalities and
limiting factors affecting the
implementation and
effectiveness of these
recommendations. All
evaluations and the
recommended approach are
clearly aligned with
cyberpsychology theories,
models, or frameworks, with
supporting concepts and
topics, e.g. security, privacy,
safety.
[30-21pts]
Risks, prioritisation and
rationale are introduced, and
recommendations towards
reducing the likelihood and
severity of this type of attack
occurring again are provided,
addressing the localised
psychological and physical
effects with the wider knock-on
effects to other people,
businesses, the economy or
nation(s). Recommendations
made are realistic and are
informed by contextual
analysis, and includes some
self-evaluative discussion of
conflicts and trade-offs
towards changing behaviours.
Some consideration is given to
the practicalities and limiting
factors affecting the
implementation and
effectiveness of these
recommendations. All
evaluations and the
recommended approach are
aligned with cyberpsychology
theories, models, or
frameworks, with supporting
concepts and topics, e.g.
security, privacy, safety.
[21-18pts]
Some risks and rationale are
indicated with
recommendations made that
are vague towards how they
will help in reducing the
likelihood and severity of this
type of incident occurring
again, or the localised
psychological and physical
effects with the wider knock-on
effects to other people,
businesses, the economy or
nation(s). Most
recommendations made
appear realistic and are
informed by some contextual
analysis, but includes limited
self-evaluative discussion of
conflicts and trade-offs
towards changing behaviours.
There is limited consideration
of the cost-benefit or context
surrounding the effectiveness
of these recommendations.
The evaluations and the
recommended approach are
not clearly aligned with
cyberpsychology theories,
models, or frameworks with
supporting concepts and
topics, e.g. security, privacy,
safety.
[18-15pts]
Risks or recommendations
that are made may not be
clear or come across as vague
and generic towards reducing
the likelihood and severity of
this type of incident occurring
again. The localised
psychological and physical
effects with the wider knock-on
effects to other people,
businesses, the economy or
nation(s) are not clearly
addressed. There is little or no
consideration of the cost
benefit or context surrounding
the effectiveness of these
recommendations, which may
be unrealistic due to several
factors. There appears no
evaluation, and the
recommended approach is not
closely aligned with
cyberpsychology theories,
models, or frameworks, with
supporting concepts and
topics, e.g. security, privacy,
safety.
[15-12pts]
Work is incomplete, or
recommendations are
obviously inappropriate
towards the context of the
chosen incident and method.
There is insufficient focus
towards cyberpsychology
theories, models, or
frameworks, with supporting
concepts and topics, e.g.
security, privacy, safety.
[<12pts]
Style, Structure, and References
(10%):
The report must be clearly
structured and professionally written.
The report should be free from spelling,
punctuation, and grammatical errors.
Moreover, there should be sufficient
correctly formatted references from
credible academic or industrial sources
to support the report. This should aim to
be at least 20. Academic quality is
important.
Excellent structure and
coherent style of writing. Work
is extensively referenced with
credible sources (>25) using
the correct format.
Professional presentation.
[10-7pts]
Good level of writing and well
referenced with credible
sources (>20) using the
correct format. Work well
structured and well presented.
[7-6pts]
Adequate level of writing and
referencing with credible
sources (<20). Structure of
work and presentation is
reasonable.
[6-5pts]
Work is badly structured.
Unprofessional presentation.
Weak level of writing and
limited referencing (<10).
Limited or no evidence of
proofreading.
[5-4pts]
Poor structure, referencing
(<5) and presentation; report
is incoherent.
[<4pts]

Cyberpsychology
ASSESSMENT MARKING CRITERIA