Assignment 1: Going on a job-hunt
https://docs.google.com/forms/d/e/1FAIpQLSfRjQg-xASJ6pyn2FoohENWVV9H74q8vCI0lJfF-vbzWGYWUw/viewform?usp=sharing
This was a simple assignment with a Google Doc link that needed to be filled out regarding searching for a job and acquiring information. This gave me a start to research findings in technology.

Assignment 2: Discussion Board: The NIST Cybersecurity Framework
“One thing that comes from this framework that I believe is useful is enhanced security posture. This enables companies to protect better and identify threats. I would use this at my future workplace to help gather information on future existing cybersecurity practices and compare them to find room for improvement. This would link to the other way I would this enhanced security posture which is to assist me in creating a cybersecurity strategy. This would help me create a plan that molds to the security system to fend off attacks and protect the software.”
this assignment was intended to help me learn about the basics of Cybersecurity framework.

Assignment 3: Write-Up: The CIA Triad
file:///C:/Users/sophi/Downloads/annotated-cia.pdf
This was my first write up for the class, and this assignment was practically difficult because I was lost at first of where to begin my research on the CIA triad. But after reading over the rubric, it became clear, this assignment turned into one of the most intriguing subjects to me.

assignment 5: cyber roles and responsibilities

I Choose the role of authorizing official also known as AO
One of the important aspects of an AO is risk acceptance and knowing what position you are putting your company into with your information system. The next part connected to this job is interlinking with management, and it’s the aspect of defending against risk. Implementing a good security and authorization system hence the name. Ensure the right people have access to the correct information and sound security systems are in place. An AO has to make sure that they are following government and company guidelines/ laws concerning their systems and information. This is one of the most important parts of this job since If any are broken it puts you and your whole system at risk. The final part of this job that stood out to me is the constant monitoring of information, you must keep a diligent eye so that nothing goes under the radar. They also need to be quick decision-makers, for example, if faced with a security problem they need to be able to make a split-second decision. 
What do you need to become an AO? You ideally wanted a PHD or advanced degree but a bachorles are the standard. The final thing you need is to acquire any certifications.  
In conclusion, this role is imperative to a team of cybersecurity, with some personality traits that fit this job title. Are creative, vigil, honest, and cooperative; these are just some that match the job description. Without this position, the security of an information system is at a much greater risk. Authorizing individuals in what can stand in between a weak security system and a strong one.
This assignment gave me a deeper look at the different career paths in cybersecurity which was very interesting.

Assignment 6: creating policy’s
This policy is created for backup and recovery policies for SOPHIA INC.
Scope
This policy applies to all employees and systems within the organization that handle sensitive or
critical data.
Procedures
1. Backup Frequency
○ Critical Data: Backups must be made every day.
○ Non-Critical Data: Weekly backups are acceptable.
○ Full System Backups: It’s necessary to perform full system backups every
month.
2. Backup Methods
○ On-Site Backups: Local backups to secure servers.
○ Off-Site Backups: backups that are routinely planned for an off-site location or
cloud service.
○ Incremental Backups: Utilize backups between full backups to optimize
storage.
3. Data Verification
○ At least once a month, backups must be checked for accuracy and
completeness.
○ create automated checks to ensure data is correctly backed up.
4. Storage Management
○ Maintain multiple copies of backups in different locations to reduce risks.
○ Use encryption for both in-transit and at-rest backup data to increase security.
5. Retention Policy
○ Essential backups should be preserved for a year and stored for at least six
months.
○ Regularly review and delete outdated backups connected with data retention
laws.
6. Recovery Procedures
○ Documentation: Maintain clear documentation of recovery processes and
contact information for IT personnel.
○ Testing: Conduct bi-annual recovery drills to ensure all staff understand the
recovery procedures and systems are functioning correctly.
○ Restoration Priority: create a priority list for data recovery based on critical
business functions.
7. Roles and Responsibilities
○ Design a Backup Administrator responsible for enforcing and monitoring the
backup procedures.
8. Compliance and Review
○ Regularly review and update this policy to stay within legal limits
○ Conduct an annual backup and recovery processes audit.
Enforcement
Failure to comply with this policy may result in disciplinary action, up to and including
termination.
This taught me a lot about what goes into the pollical and rules of a single software program and how much it takes to run one.

Assignment 7: Protecting availability
As a CISO for a publicly traded company, some protections I would implement would be redundant systems and failover mechanisms. Implementing this is to guarantee that another system can take over without interruption if one fails. In doing so, downtime is reduced, and service availability is preserved. The next protection I would create is load balancing, which helps ensure all work is disrupted across servers to help improve performance and stability. Another way I would continue to try and protect the company is by making sure I have mandatory staff and employee training. This is essential to make sure everyone is up to date on the software and current threats. Some benefits are improved security and availability of the software. This goes hand in hand with the next protection which is constant monitoring and incident response. This is a very simple protection but also incredibly important. The primary goal is to identify problems early on, and an incident response that is clearly stated guarantees that any threats to system availability are quickly addressed. And for my final protection, I have chosen high-availability clustering. In summary, this is to ensure that critical applications are always available by using multiple servers that can take over if one fails. Some of the benefits of this protection are minimizing downtime and reliability, this is important to my company in a multitude of ways. In conclusion, these are the current protections that I would implement that I believe would benefit my company and keep my employees and software safe.
This have me insight to how a security system works and how to keep myself and others safe while navigating the internet.

Assignment 8: Hacking Humans Write up
The takeaway I got from this article was the possible dangers of digitizing our DNA. The main concern in this article is the ethical dilemma of whether or not we should be digitizing DNA, with the main risk being hackers. DNA mapping is being generalized for the public, which can be very useful for genetic mapping and understanding diseases etc. This article also touches base on how personal is too personal when it comes to DNA. For example, as stated in the article some employers will ask for your genetic makeup to see if you are fit for a job. The main point was how hackers are interested in DNA genetic digitalization because of the potential financial gain. It might be hard to stop hackers from accessing your DNA, but they can slow them down. The individuals that are performing DNA digitalization are required to know what the risks are behind it even though they are unknown in some ways. These risks include their DNA being stolen and being used. Their DNA could be used in many ways, including for criminal purposes. One of the examples that was given that put into perspective how dangerous is how its DNA is similar to your social security number. Your social security number can be stolen and your identity can be stolen, but you can get the law involved and there is a set protocol set. When it comes to DNA if it is stolen and used there isn’t much that can be done, since DNA cannot be changed it is stuck with you. Since it is so new there are no laws in place to help the victims if their DNA is stolen and used.
This was a fun assignment because it combined two different aspects of cyber security and its morals in the genetics field. I am very interested in genetics, so seeing this side of cybersecurity was interesting.

Assignment 9: ethical dilemmas
Some of the ethical dilemmas that are included within these topics are simple breaches of personal privacy, while this seems like a given it is so engraved into our everyday lives. We live daily with our DNA, which is not changeable; it is a part of who we are. If someone steals that from you and uses it, they are not just committing a crime that is horrifically invading your privacy to a biological level. The other ethical standpoint is whether we should even be giving these hackers the chance to take our information. With where cybersecurity is now in the world it is secure but there is still a large risk of stolen DNA, which is terrifying, why even give them the chance? For example, they are taking some precautions such as the article that was provided to us, which states that malicious codes are written into DNA when seen on a computer. There are two sides to this ethically, one being that they are attempting to help keep DNA secure. But when is it doing more harm than good? What if software infects the researchers and you lose the DNA of that person forever? I truly believe that at this point it is too risky to be storing DNA where it can be stolen and used. I do understand that science development on DNA is life-changing, but not always for the positive. If someone’s life can be ruined with stolen DNA I believe that out way all of the benefits. There are other ways to study DNA and at this point, it is too risky.

Assignment 10: SCADA write up
file:///C:/Users/sophi/Downloads/annotated-write_20up_20cs.docx.pdf
This was written in formal APA format, on SCADA. The research part of the paper was fun and interesting, while the citations were my least favorite part.
I learned a lot through this paper such as how to write about cybersecurity in a professional paper.

Assignment 11: Exploring Attacks on Availability

An attack on availability can be defined as having difficulty accessing information systems and processes necessary to run your business. Some examples of this are ransomware attacks, which are defined as malware that holds a victim’s sensitive data or device hostage. Often this is exchanged for money. One of the largest ransomware attacks recently was the Colonial Pipeline ransomware cyber-attack. On May 7th, 2021, that colonial pipeline which was a gas and jet fueling pipeline was attacked through a cyber ransomware attack. It was attacked through the computerized systems that were in charge of maintaining the pipeline. They attempted to counter this attack and they stopped all operations of this pipeline. The FBI became involved and paid the ransom amount of 4.4 million dollars. Once it was paid the attackers gave back the system through an IT tool. Although they were able to restore it took a long time to get it back to fully functional. The implications of this attack were huge, it affected millions of people for multiple months because someone was able to get past a security system. Jet fuel and car fuel prices went up for some time after because of the decrease in availability. But in general, these types of cyber-attacks are sadly common. But there are ways to counter ransom attacks, some of these include implementing fire walls and backups. Obviously, for huge corporations, there are more steps to protect their assets. Overall, there are many forms of an attack on availability and all of them can be detrimental to a system and the people that rely on the system.

Assignment 13: Opportunities for Workplace Deviance
Even though workplace deviance is generally less severe than cybercrime, it still poses significant risks. One example is cyberloafing, which involves spending excessive amounts of work time on non-work-related internet activities. Although this might not seem very serious, it can lead to mistakes when employees are not attentive. More severe forms of deviance include the unauthorized copying or distribution of copyrighted digital content using company resources, which can cause extensive damage to a company. Without technology, these opportunities for deviance would not exist, and their impact can be very harmful to a company. Now employees have sensitive information at their fingertips at all times. And it is incredibly difficult to track down due to the facts that it’s an issue within the company. This is why security checks are so important in this line of work. The annual percent for workplace deviance is increasing 15% every year.

assignment 14: The “Short Arm” of Predictive Knowledge
Jonas argues that traditional ethics and values are incapable of dealing with modern technological challenges. He introduces the concept of a “short arm” to illustrate our lack of capacity for predicting the future consequences of our actions and technological advancements. In addition to this predictive limitation, contemporary technology has a large impact on global risks. Therefore, it is important to develop cyber-policy with a cautious approach, prioritizing long-term risk mitigation for individuals. From the beginning of the development process, ethical considerations should be incorporated and revisited regularly.

assignment 15: From Verbeek’s writing (Mod 6, Reading 4) Designing the Public Sphere: Information Technologies and the Politics of Mediation
Verbeek warns against the transformative impact of rapid technological development, especially the integration of artificial intelligence and other technologies in everyday life. As a result of this evolution, he argues that human-computer interaction will be transformed, effectively reinventing society. In his discussion of how to regulate this new societal environment, Verbeek emphasizes that traditional regulations are not enough to accommodate modern technology’s capabilities. A key goal of Verbeek’s work is to reduce conflicts between humans and technology by regulating the markets, businesses, groups, and individuals that are creating technological advancements. As a result of the loss of political power in individual states, this also prevents businesses from using regulatory gaps, which protects consumers.