Cybersecurity, Technology, and Society
This section features coursework completed during my time in this class. As part of the course requirements, I’m showcasing a selection of my writing pieces
Cyber Roles & Responsibilities
An important role in a cybersecurity team is the system administrator. This is a critical role as they are responsible for setting up, maintaining and ensuring functionality of the system and network of an organization.
System administrators are considered information system (IT) professionals. Their main job is ensuring the correct settings and network configuration on the company’s system. This also includes overseeing back ups, installing and updating hardware and software on computers. This means they have a good understanding of hardware and software as a whole. This is a technical role, as the administrator have to overlook the whole system and network.
As previously mentioned , system administrators are an important role for a cybersecurity team. System maintenance and updates are considered a task for system admins. Cyber security threats often happen when software is not updated regularly. Threats can exploit bugs that may exist in older versions of the software. When one does not update software, these bugs continue to exist on current servers or systems. This leaves them vulnerable to threats, just waiting for a potent criminal to take advantage. This is why it is important for a system admin to ensure everything stays updated to the latest version.
They also manage user accounts. These accounts are password protected and help ensure only authorized users can accuse the system. System admins set the credentials needed to log in. This helps ensure threats stay out, this is another reason why they are a part of the team.
The CIA Triad and Security Concepts
Confidentiality
Confidentiality refers to the protection of sensitive information. This concept ensures your
personal data can stay private and not accessible from unwanted viewers. An example of
confidentiality “aspects of training may include strong passwords and password-related best
practices” (Chai, 2022, p. 2). This is important because one would not want sensitive information
of any sort to be accessible to anyone, especially to someone with the intent of criminal behavior.
Integrity
Integrity focuses on maintaining trustworthiness of data throughout its lifecycle. If a company
does not have good security guidelines implemented. They can risk data being breached or
accessible to unwanted users. If data is breached this means a company does not have good
integrity. This concept ensures that integrity is maintained within a company, particularly when it
comes to securely storing personal information.
Availability
Availability ensures that information is accessible when needed. This principle concept involves making sure systems are up and running, and users can access required resources.
Authentication and Authorization: Definitions and Differences
Authentication
Authentication is the process of identity of a user or device. It is the first step in ensuring that
only authorized individuals can access sensitive data. For example some common authentication
methods include biometrics, two-factor authentication, and digital certificates.
Authorization
Authorization occurs after authentication. It determines what an authenticated user is allowed to
do. Authorization grants permissions to an authenticated user for certain resources. The best
example that helps me remember this is how school computers are set up. Students have access
to the internet but are only granted permission to websites that help educationally. Websites such
as netflix.com or Target.com would most likely be blocked.
Key Differences
While Authentication and Authorization are related, they serve different purposes in the security
framework. Authentication ensures the individual is who they claim to be, while Authorization
manages the actions they are permitted to perform. Another example is the analogy where
Authentication is like showing your ID at the door of a bar, while Authorization is the permission
to enter and drink based on the ID check.
Conclusion
In conclusion, the CIA Triad, which refers to confidentiality, integrity, and availability. These
“three concepts, when viewed together as an interconnected system rather than as independent
concepts, can help organizations understand the relationships between them” (Chai, 2022, p. 1).
These principles work together to ensure that sensitive data is protected, trustworthy, and
accessible only to those authorized to access it. Understanding the difference between
authentication and authorization further strengthens security measures. Organizations can create
secure principles to keep their data protected.
References
Chai, W. (2022, June 28). What is the CIA Triad? Definition, explanation, examples. Retrieved
from
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view?usp=sharing
The Human Factor in Cybersecurity
What if role as Chief Information Security
As a Chief Information Security Officer (CISO), one of the main responsibilities is to
ensure the security of the organization. This includes the networks, data and staff training. While
being mindful of the organization’s budget, one should consider how complex cyber threats are.
There needs to be a careful balance of investing in the training of employees and the update of
technology. Both elements are important, but how I allocate resources would depend on several
factors. The factors that need to be considered are the organization’s risk profile, and the current
cybersecurity infrastructure.
Is the company high profile and prone to receive cyber attacks? Perhaps the company is a
small start up company with few employees. Regardless of the size of the company, the best way
to ensure security with a budget in mind is training employees. I believe this is the most cost-
effective way to reduce the human error of cybersecurity risks. Many threats like phishing
attacks, social engineering, and password issues are caused by human error. A well trained
employee can recognize suspicious emails and know how to handle sensitive information. This
can only be achieved with the right training within the organization. This will create better
awareness and lower the chances of incidents happening within the organization. The growing
knowledge and teaching in a group setting should also help promote healthy and good cyber
habits.
References
Payne, Brian K., Brittany Hawkins, and Chunsheng Xin. “Using Labeling Theory as a Guide to
Examine the Patterns, Characteristics, and Sanctions Given to Cybercrimes.” Journal Name, vol.
XX, no. X, 2018, pp. XX-XX.
Payne, Brian K., and Lora Hadzhidimova. “Cybersecurity and Criminal Justice: Exploring the
Intersections.” International Journal of Criminal Justice Sciences, vol. XX, no. X, Year, pp. XX-
XX. https://ijcjs.com/menu-script/index.php/ijcjs/article/view/227.