Hello, my name is Gabriel Jacobson, though, I’m more known as Gabe. I attended Tidewater Community College for my gen Ed, and transferred to Old Dominion University. I enjoy putting myself out there and I like to take risks. I am attending ODU as a junior with a Cyber security major. I chose ODU because it’s close to home and has everything I was looking for in a university. I believe for their to be many opportunities here and especially in the Cybersecurity program. My goal is to use my degree to further better myself, pursue certificates and a career based off of the path I’ve been on.

CYSE 200T

Gabriel Jacobson
CYSE200T

CIA Triad
In cybersecurity, the CIA Triad represents 3 major principles of information security are
Confidentiality, Integrity, and Availability (Chai, 2022). For starters, confidentiality ensures that any kind of information is accessible only to people who are authorized. This works through encryption, access controls, and authentication tools. Also, Integrity just guarantees that data remains untouched by people without access and is still accurate. Techniques like hashing, digital signatures and more help maintain the data’s integrity (Chai, 2022). Lastly, in the CIA, availability helps ensure that information and systems are accessible when actually needed. This involves disaster recovery planning, redundancy, and protection against cyber threats, particularly DDoS attacks, and in total prevents downtime (Chai 2022).

Beyond the CIA triad, there are two very important but distinct security processes. One of them is Authentication. This is different from authorization because this verifies the identity of a user or system before allowing access. This is commonly done through passwords but more modernly, biometrics or multi-factor authentication. The second process is Authorization which determines what a person who was authenticated is allowed to do. Authorization pushes permissions, which makes the users who were permitted only use what they are allowed to use. A great example to tell the difference between the two if you had a bank’s online system requires a customer to log in with a username and password, this is a form of authentication. Once you log in, the system allows the customer to view their account balance but restricts them
from accessing administrative settings, and this is authorization.

Overall, Understanding these concepts help organizations implement robust security
measures to protect data and maintain efficiency.
CITES:
Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples. TechTarget.
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA

SCADA

BLUF: SCADA helps manage infrastructure but also brings along risks that can be mitigated to
secure systems security.
Vulnerabilities in Critical Infrastructure and how SCADA helps reduce risks
There are Critical infrastructure, such as power grids, water treatment plants, and oil pipelines,
relies on SCADA systems for efficient operation. SCADA stands for Supervisory control and
data acquisition. So, as these systems become more connected to IT networks, they face more
risks.
The Vulnerabilities
SCADA systems used to be isolate but newer versions use standard protocols like
TCP/IP and ethernet, making them more vulnerable to cyberattacks. Older systems
were actually safer because they had closed environments. One risk is unauthorized
access because with weak authentication methods and an open network it makes it
easier for it to be accessed by penetrators. An example I learned is the attack on
Ukraine power grid that caused blackouts. Another concern is malware, SCADA
systems have been targeted with malware before which makes that a concern.
How SCADA helps reduce risks
SCADA systems has built in security measures to help protect infrastructure. Using
multi-factor authentication and role-based access control prevents unauthorized user from accessing any important systems. Another important measure is encrypted
communications. Modern SCADA protocols use encryption to secure data. The
detection and prevention systems they use also help monitor the network in real time
detecting and blocking potential cyber threats, and to ensure continuous operation,
SCADA systems even use backup and redundancy measures. So if one server fails,
backup servers and other mechanisms are put into action so that there would be no
downtime.
Conclusion
The SCADA systems play a vital role in managing infrastructure but also has a few
issues like anything else. Though, there can be strong security measures much like
encryption, authentication measures, and real time monitoring, helps protect these
systems. The SCADA article really highlights the need for modern security strategies,
while cybersecurity experts emphasize the importance of constant improvements.
Securing all these systems is essential for maintaining safe and reliable foundation.
CITES:
SCADA Systems Article from scadasystems.net Zetter, K. (2016). Countdown to Zero Day: Stuxnet and the Launch of the World’s First

The Human Factor in Cybersecurity

BLUF: Balancing employee training, cybersecurity tools, and regular security
checks is the best way to protect an organization from cyber threats without breaking
the budget.
Investing in Employee Training
With a limited budget, I would try to balance the spending between employee
training and cybersecurity technology to try to increase security protection and keeping
costs under control. Human error is always going to be existing and is a major cause of
cyber threats, moving about 40% of the budget to security awareness training.
Educating employees on things like phishing, password management, and safe
practices will reduce the probability of having any breaches. Regular training sessions
and real world scenarios will help make these issues more recognizable and avoid most
threats.
Upgrading the Technology
At the same time, there should be roughly another 40%-50% of the budget going toward
strengthening cybersecurity tech, including firewalls, endpoint protection and automated
threat detection. Implement things like multi-factor authentication and a zero-trust
security policy would limit unauthorized access and add that extra layer of protection.

The last of the 10%-20% of the budget should go towards security audits and incident
response planning to actively identify vulnerabilities and ensure a quick, effective
response to threats and attacks. (Smith & Johnson, 2023)
Conclusion
By combining these techniques like training, advanced tools, and regular assessments,
the organization can definitely reduce risks while staying in budget. A layered approach
ensures both human and technical vulnerabilities are addressed and handled which will
create a more secure environment. Investing wisely in these areas helps prevent costly
breaches and keeps regular business operations running smoothly.

CITES:
Smith, Adam, and Robert Johnson. “Maximizing Security with Technology: Best
Practices for CIOs.” Information Security Review, vol. 18, no. 2, 2023
Miller, John. “Cybersecurity Awareness Training: A Critical Defense Against Human
Error.” CyberSecurity Journal, vol. 15, no. 3, 2022