- Opportunities for Workplace Deviance
There are multiple ways I feel as if cyber technology has created opportunities for workplace deviance. First starting off with, What is workplace deviance?. Work place deviance is when an employee or an individual is violating or breaking the rules in the company’s policy. Work place deviance can even consist of an employee stealing important information/ data, hacking into the company’s systems, violating company policies, and even bypassing the security measures. Cyber technology has created many opportunities for deviance in the workplace one of them being easy access, employees now have easy access in a way to important information with company data, finical data, and even customer information. Easy access can allow employees to steal company information. Another example can be increased in cyber crime. It can simply be one’s knowledge of the company and how the company operates can lead to potential hacking or phishing on customers, company’s network and even financial fraud.
2. Write-Up: The CIA Triad
What is The CIA Triad?
The Definition of what the CIA Triad , “A model designed to guide
policies for information security within an organization”. A definition written
by Wesly Chai, article titled “What is the CIA Triad? Definition, Explanation,
Examples”. CIA Triad stands for Confidentiality, Integrity, and Availability.
Those three components can be used to help secure systems/networks and
used to protect against Cyber hacking/threats.
Confidentially- “refers to protecting information from unauthorized
access”.
Integrity- “data are trustworthy, complete, and have not been
accidentally altered or modified by an unauthorized user”.
Availability- “data is accessible when you need it”.
The definition of these three components for CIA is defined by
Washington University in St.Louis, article titled “Confidentially, Integrity, and
Availability: The CIA Triad”.
Differences between Authentication and Authorization
Authentication- Its the process of verifying who a user is
Authorization- The process of verifying what they have access to
“To compare these to a real world example”, When you go through
security in an airport, you show your ID to authenticate your identity. Then,
when you arrive at the gate, you present your boarding pass to the flight
attendant so they can authorize you to board your flight and allow access to
the plane.” This definition of real world example between Authentication and
Authorization is written by an article named Auth0 by Okta. Article titled:
“Authentication Vs Authorization”
3. Write Up – The Human Factor in Cyber security
“During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats. Now, put on your Chief Information Security Officer hat. Realizing that you have a limited budget (the amount is unimportant), how would you balance the trade off of training and additional cyber security technology? That is, how would you allocate your limited funds? Explain your reasoning.”
The Human Factor In Cyber security
With being that Cyber security/ Cyber Technology is major in secured protection and it is a huge importance to make sure that you’re invested into your training with employees to make sure that their knowledge of defense strategy is on point, As a Chief Information Security Officer I would provide a more balanced approach. Making sure that I’m invested in cyber technology and in my employee training as well. 1. Employee training. I will make sure that the employee training is up to par with making sure that their awareness in phishing, password management, data protection and awareness of suspicious threats are good. I feel as if it’s a great balance of training employees’ weather than spending too much money on expensive high tech, when you can just train employees with great awareness that can do the same. 2. Balanced budget. Making sure I still have a good budget, I’ll be going half way balanced with human and technology deference. Making sure that everything’s covered. Going balanced with technology and human defense is a great way to get the best out of the trade off in my opinion. With Technology it can help with malware, firewall, advanced secured access and being able to maintain/protect drastic overall powered threats. With human training it can provide security awareness, emerging threats phishing, finance, etc. With having these to balanced it’ll allow me to still have a good amount of funds and budgeting