{"id":133,"date":"2026-02-10T18:26:58","date_gmt":"2026-02-10T18:26:58","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/cyberimpact1\/?page_id=133"},"modified":"2026-05-03T19:37:46","modified_gmt":"2026-05-03T19:37:46","slug":"it-cyse-200t-2","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/about-chrisean\/it-cyse-200t-2\/","title":{"rendered":"IT\/CYSE 200T"},"content":{"rendered":"\n<p><strong>SCADA<\/strong><\/p>\n\n\n\n<p>Chrisean Pritchett<\/p>\n\n\n\n<p>4\/7\/2026<\/p>\n\n\n\n<p>Professor Duvall<\/p>\n\n\n\n<p>SCADA IS?<\/p>\n\n\n\n<p>BLUF: SCADA is a type of software used to control and manage large infrastructures.<\/p>\n\n\n\n<p>Background<\/p>\n\n\n\n<p>SCADA stands for Supervisory Control and Data Acquisition. It is a type of software created to control and monitor threats in infrastructure systems. SCADA Collects data through using PLC or RTC to collect and create status reports for humans to read and act upon. To allow for human activity SCADA is linked to Human Machine Interfaces that let SCADA share it data to the human operators in the form of schematics, diagrams, ect.<\/p>\n\n\n\n<p>Vulnerabilities: The main threat to SCADA is unauthorized access to software, Viruses, and Packet control hacks. Any unauthorized access is a huge risk as SCADA is often vital infrastructure that hackers can threaten, such as water systems. Viruses are much the same problem, but packet attacks have very high chance to take control of SCADA due there being less security that blocks access to SCADA hosts.<\/p>\n\n\n\n<p>Mitigation<\/p>\n\n\n\n<p>Scada vendors have created hosted remote platforms offering SCADA services so other user don\u2019t have to install it on their systems allowing the vendors to work as a VPN against hackers.<\/p>\n\n\n\n<p>Conclusion<\/p>\n\n\n\n<p>Inconclusion SCADA is a software that is used to control many type of infrastructure on&nbsp; a large scale do it data communicative abilities,&nbsp; but is vulnerable to packet attacks and unauthorized users.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Source: Using SCADA to Protect Critical Infrastructure and Systems(ARTICAL)<\/h1>\n\n\n\n<p>Chrisean, Pritchett<\/p>\n\n\n\n<p>3\/4\/2026<\/p>\n\n\n\n<p>Professor Duval<\/p>\n\n\n\n<p>Firewall Policy<\/p>\n\n\n\n<p>BLUF: The firewall policy for Egg Teck Industries is made up of five questions what to deny, what is allowed, what is recorded, who is alerted, and how are auditing the fire wall.<\/p>\n\n\n\n<ul>\n<li>What to deny: The default deny for Egg Teck is that all incoming traffic is denied unless permitted by the organization.<\/li>\n\n\n\n<li>What is allowed: Every allow rule requires business justification, a named owner for responsibility, and an expiration date for when to stop allowing a partnered organization from going past the fire wall.<\/li>\n\n\n\n<li>Mandatory logging: All traffic going in and out of fire wall must be recorded in order to understand where a problem could have occurred. Additionally, any request to access the firewall must be recorded as employees are also a vulnerability.<\/li>\n\n\n\n<li>Alerts: The system must be able to alert security personnel immediately of any attempts to breach the firewall, unpermitted traffic and personnel that don\u2019t have the authority to access the firewall.<\/li>\n\n\n\n<li>Audits: Weekly audits must take place in order to check for hidden security threats not alerted by the system and one before every update.<\/li>\n<\/ul>\n\n\n\n<p>Conclusion<\/p>\n\n\n\n<p>Inconclusion Egg Teck Industry firewall policy is centered around what to let in, what to keep out, and how maintain security within the company to execute security measures if faced with a threat.<\/p>\n\n\n\n<p>Chrisean, Pritchett<\/p>\n\n\n\n<p>2\/22\/2026<\/p>\n\n\n\n<p>Framework Editorial<\/p>\n\n\n\n<p>Prompt:<em> <\/em><strong><em>I need a one-page synopsis of the differences between the NIST Cybersecurity Framework 1.1 and 2.0<\/em><\/strong><\/p>\n\n\n\n<p>BLUF: The <strong>NIST Cybersecurity Framework (CSF)<\/strong> version 2.0, released in February 2024, represents a significant evolution from version 1.1 (released in 2018). It addresses evolving cyber threats, broadens applicability, and strengthens governance while maintaining the voluntary, flexible, risk-based approach.<\/p>\n\n\n\n<p><strong>Key Structural Differences<\/strong><\/p>\n\n\n\n<ul>\n<li><strong>Core Functions<\/strong> \u2014 CSF 1.1 had <strong>5 functions<\/strong>: Identify, Protect, Detect, Respond, Recover.<\/li>\n\n\n\n<li>CSF 2.0 adds a sixth: <strong>Govern<\/strong> (placed centrally, influencing all others), resulting in <strong>6 functions<\/strong>: <a>Govern, Identify, Protect, Detect, Respond, Recover. <\/a><a href=\"#_msocom_1\">[CP1]<\/a>&nbsp;Govern emphasizes leadership, strategy, policy, roles, oversight, and alignment with enterprise risk management.<\/li>\n\n\n\n<li><strong>Categories and Subcategories<\/strong> <a>\u2014 CSF 1.1: 23 categories, 108 subcategories. CSF 2.0: 22 categories, 106 subcategories (slight reduction for clarity\/consolidation, with refined wording and reorganization).<\/a><a href=\"#_msocom_2\">[CP2]<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Major Substantive Changes and Enhancements<\/strong><\/p>\n\n\n\n<ul>\n<li><strong>Expanded Scope<\/strong> \u2014 CSF 1.1 primarily targeted U.S. critical infrastructure sectors. CSF 2.0 applies to <strong>all organizations<\/strong> globally (any size, sector, public\/private), removing infrastructure-specific language for universal relevance.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Governance Emphasis<\/strong> \u2014 CSF 1.1 focused mainly on operational\/technical outcomes. CSF 2.0 elevates governance as a foundational element, integrating cybersecurity into business\/enterprise risk management, requiring senior\/executive involvement, and addressing organizational context, risk strategy, and accountability.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Supply Chain Risk Management (C-SCRM)<\/strong> \u2014 CSF 1.1 acknowledged supply chain risks minimally <a>(e.g., scattered references). <\/a><a href=\"#_msocom_3\">[CP3]<\/a>&nbsp;CSF 2.0 significantly expands dedicated guidance, incorporating it prominently (especially under Govern), reflecting lessons from high-profile supply chain attacks.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Implementation Support<\/strong> \u2014 CSF 1.1 offered general guidance. CSF 2.0 introduces <strong>&#8220;Implementation Examples&#8221;<\/strong> for subcategories (practical, actionable ways to achieve outcomes), plus improved references to other NIST resources (e.g., Privacy Framework, Secure Software Development Framework, NICE Workforce Framework).<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Profiles, Tiers, and Measurement<\/strong> \u2014 Both versions use Profiles (Current\/Target) and Tiers (Partial \u2192 Adaptive rigor). CSF 2.0 enhances these with better guidance on creating\/using them, plus stronger focus on <strong>measuring outcomes<\/strong> (quantitative\/qualitative metrics) to assess effectiveness and progress.<\/li>\n<\/ul>\n\n\n\n<p><strong>Summary<\/strong><\/p>\n\n\n\n<p>CSF 2.0 is not a complete overhaul but a refinement and expansion: it builds on 1.1&#8217;s strengths while addressing gaps in governance, supply chain security, broad applicability, and practical usability. Organizations using 1.1 can transition by mapping existing programs to the new Govern function and updated subcategories (NIST provides transition\/change analysis spreadsheets). The update promotes cybersecurity as a <strong>strategic, enterprise-wide priority<\/strong> rather than solely a technical IT concern.<\/p>\n\n\n\n<p><a>For official details, refer to NIST&#8217;s CSF 2.0 document and the 1.1-to-2.0 core transition changes overview on nist.gov<\/a><a href=\"#_msocom_4\">[CP4]<\/a>&nbsp;<\/p>\n\n\n\n<p>Not Mentioned in comments<\/p>\n\n\n\n<p>Background Differences:<\/p>\n\n\n\n<ul>\n<li>I added more spacing between each point.<\/li>\n\n\n\n<li>I added a BLUF Title to the first two sentences.<\/li>\n<\/ul>\n\n\n\n<p>Large Deleted Fluff:<\/p>\n\n\n\n<ul>\n<li><a><strong>Other Improvements<\/strong><\/a> \u2014 Greater emphasis on integration with broader risk management; clearer language and abstraction levels; better alignment with international standards (e.g., ISO\/IEC); and a suite of supporting resources (quick-start guides, mappings, community tools).<a href=\"#_msocom_5\">[CP5]<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p><a id=\"_msocom_1\"><\/a><\/p>\n\n\n\n<p>&nbsp;<a href=\"#_msoanchor_1\">[CP1]<\/a>You should delete this, because when you were the core function of CSF 1.1 you already listed the others out. All you want to do here is explain govern.<\/p>\n\n\n\n<p><a id=\"_msocom_2\"><\/a><\/p>\n\n\n\n<p>&nbsp;<a href=\"#_msoanchor_2\">[CP2]<\/a>This is a slight Nitpick, but instead of using the colons just put (has) as you say how many categories and sub categories each version has. For example (CSF 1.1 has 23 categories, 108 subcategories.).<\/p>\n\n\n\n<p><a id=\"_msocom_3\"><\/a><\/p>\n\n\n\n<p>&nbsp;<a href=\"#_msoanchor_3\">[CP3]<\/a>I don\u2019t understand how this this adds to supply chain risk management.<\/p>\n\n\n\n<p><a id=\"_msocom_4\"><\/a><\/p>\n\n\n\n<p>&nbsp;<a href=\"#_msoanchor_4\">[CP4]<\/a>This is helpful,but I&#8217;m unsure if this needed due to this being a separate source. On the other hand more sources are usually always helpful and this could be away for the AI to credit it findings.<\/p>\n\n\n\n<p><a id=\"_msocom_5\"><\/a><\/p>\n\n\n\n<p>\u00a0<a href=\"#_msoanchor_5\">[CP5]<\/a>This part wasn\u2019t specific enough to be relevant to the report and some of these improvements were mentioned in earlier parts. Such as guides and international standards.<\/p>\n\n\n\n<p>Chrisean, Pritchett<\/p>\n\n\n\n<p>2\/15\/2026<\/p>\n\n\n\n<p>Ms. Duvall<\/p>\n\n\n\n<p>The Importance of CIA<\/p>\n\n\n\n<p>BLUF: The CIA Triad is important to cybersecurity specialists because it is the core principles and guidelines that are used for creating secure systems.<\/p>\n\n\n\n<p>Confidentiality<\/p>\n\n\n\n<p>To start Confidentiality Is making sure the end user information is private and only they have access. For example, the thousands of messages you get are usually for you and only you due to the work of the cyber security system maintaining your privacy. The importance is crucial for maintaining the trust user has in the system and often utilizes password to verify authorization.<\/p>\n\n\n\n<p>Integrity<\/p>\n\n\n\n<p>Next Integrity is different from confidentiality as it focuses on maintaining the end user information. The message you get should be exactly what the sender sent without any tampering. To implement this cyber security system, check the data once it is sent and when it arrives to verify the authenticity of the data.<\/p>\n\n\n\n<p>Availability<\/p>\n\n\n\n<p>Lastly, Availability Is the how easy it is for the end user to access their data. Password should be complicated, but it shouldn\u2019t take an hour to get to an email. Finding the fine line between accessibility and security is the importance of Availability for cyber security specialists.<\/p>\n\n\n\n<p>Athorization vs Authentication<\/p>\n\n\n\n<p>Additionally, authorization is how end user gains the authority to access their data, while authentication is the security of how the end user accesses their information. For example, when creating a account you give your email and phone number to gain authority of your account as they check you. Authentication utilizes passwords to maintain security to stop other people from using your authority to mess with your information.<\/p>\n\n\n\n<p>In Conclusion the CIA triad is important to cyber security specialist because it protects privacy, authenticity and ease of use; also, that authorization is different from authentication because one is your authority and the other is your security.<\/p>\n\n\n\n<p>Sources-<\/p>\n\n\n\n<ul>\n<li>Chai Article<\/li>\n\n\n\n<li><em>What is the CIA triad and why is it important?<\/em> Fortinet. https:\/\/www.fortinet.com\/resources\/cyberglossary\/cia-triad<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>SCADA Chrisean Pritchett 4\/7\/2026 Professor Duvall SCADA IS? BLUF: SCADA is a type of software used to control and manage large infrastructures. Background SCADA stands for Supervisory Control and Data Acquisition. It is a type of software created to control and monitor threats in infrastructure systems. SCADA Collects data through using PLC or RTC to&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/about-chrisean\/it-cyse-200t-2\/\">Read More<\/a><\/div>\n","protected":false},"author":32110,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/pages\/133"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/users\/32110"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/comments?post=133"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/pages\/133\/revisions"}],"predecessor-version":[{"id":314,"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/pages\/133\/revisions\/314"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/about-chrisean\/wp-json\/wp\/v2\/media?parent=133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}