{"id":159,"date":"2020-09-17T20:55:48","date_gmt":"2020-09-17T20:55:48","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/cyberimpact1\/?page_id=159"},"modified":"2020-11-30T01:17:05","modified_gmt":"2020-11-30T01:17:05","slug":"awards-and-recognitions","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/arayariddick\/awards-and-recognitions\/","title":{"rendered":"Recognitions"},"content":{"rendered":"
\n
\n

Workplace Deviance<\/strong><\/em><\/p>\n

Technology in the workplace has made workplace deviance easier for employees.\u00a0 It allows for them to be able to slack at their jobs by surfing the internet, using social media, or online shopping. It also makes it easier for people to cyberbully others. Another occurrence of workplace deviance is when an employee has been given a considerable amount of access to files that should be hidden from them which can lead to that employee removing or changing file information.<\/p>\n<\/div>\n<\/div>\n\n\n\n\n\n\n

The State of SCADA vulnerabilities<\/strong><\/h2>\n\n\n\n

(SCADA) Supervisory control and data acquisition refers industrial control systems used to control infrastructure processes, facility-based processes, or industrial processes. With all those systems to watch over comes with a few vulnerabilities associated with critical infrastructure systems. With a wide range of vulnerabilities, it should be noted that SCADA systems vulnerabilities still often include unsophisticated bugs like stack and buffer overflows, as well as information disclosure and others. These vulnerabilities allow attackers to execute arbitrary code (RCE), perform denial of service (DoS), or steal information.<\/p>\n\n\n\n

Vulnerabilities found in SCADA systems<\/strong><\/h2>\n\n\n\n

Finding out the vulnerabilities in SCADA systems help integrators understand how and where to apply mitigations to prevent exploitation and neutralize attacks. SCADA systems oversee many devices, sensors, and software, which equates to a wider attack surface. HMI displays data from various sensors and machines connected to the SCADA systems. Because of that HMI can be a main target for potential threats actor aiming to gain control over processes or to steal critical information. Mobile applications are used both locally through tablets that help engineers control LCs and RTUs. However, the vulnerability in such applications can mean openings for attacks in exchange for convenience. In 2018 research by Alexander Bolshev and Ivan Yushkevich revealed a total of 147 vulnerabilities from 20 applications. Communication protocols such as Modbus and Profinet help control different mechanisms supervised by SCADA systems. Unfortunately, they lack the security capabilities to defend against the threats. These threats can cause damage to or lead to malfunction of a SCADA systems should change the data sent from PLCs and RTUs or tamper with firmware.<\/p>\n\n\n\n

Defending against SCADA attacks<\/strong><\/h2>\n\n\n\n

The fight against exploits means being vigilant for new vulnerability discoveries as well as applying new patches to fix them. Organizations must also keep security measures that can defend against cyberattacks. The National Institute of Standards and Technology provided some steps organizations can follow. Use virtual patching to help manage updates and patches: virtual patching can help manage vulnerabilities and prevent exploits when patches cannot be immediately deployed or at all implemented. Apply network segmentation: network segmentation also minimizes the chances of exposure of sensitive information. Properly manage authorization and user accounts: regularly checking and assessing who has authorization and access to certain facets of SCADA systems.<\/p>\n\n\n\n\n\n\n\n

CIA triads<\/strong><\/em><\/h2>\n\n\n\n

The Principles<\/strong><\/h2>\n\n\n\n

            The CIA triads is an information security model essential in cybersecurity as it supplies vital security features. It guides organization\u2019s efforts and policies that focus on keeping its data secure. There are three principles that break down the CIA Triads: The C<\/em><\/strong>stands for Confidentiality<\/em><\/strong>: Only authorized and processes should be able to access or change data. The I<\/em><\/strong>is for Integrity<\/em><\/strong>: In which the data should be kept in a correct state and nobody should be able to improperly change it, either accidentally or maliciously. Finally, the A<\/em> <\/strong>stands for Availability<\/em><\/strong>: Authorized users should be able to access data whenever they need to do so. These principles are top priority for infosec professional. (Fruhlinger,2020)<\/p>\n\n\n\n

History Behind the CIA Triad<\/strong><\/h2>\n\n\n\n

            The formations of the CIA triad are unlike other organizations concepts in infosec, it developed over time. Ben Miller, a VP a cybersecurity firm Dragos, traces back in a blog early mentions of the three components of the triad. His thoughts on the concept of confidentiality was formed in 1976 U.S Air Force study, the idea od integrity was put out in a 1987 paper the noticed that commercial computing had needs around accounting records that required focus on data correctness. Availability is more challenging to pin down, the idea sprung when in 1988 the Morris worm, one of the first widespread pieces of malware, kilt a significant portion of the internet offline. It\u2019s not fully clear when the three concepts began, but it seems to have been established as a concept by 1998, when Donn Parker, in his book \u2018\u2019 Fighting Computers Crime\u201d, extending it into a six-element framework called Parkerian Hexad.<\/p>\n\n\n\n

Authentication & Authorization<\/strong><\/h2>\n\n\n\n

Authentication and Authorization used and respect the knowledge of security that allows the safety on automatic data systems. However, both terms are completely different from one another. Authentication identifies the users that are checked in and provides them access into the system. A school ID is an example of how authentication is used when signing into the computer or portal user would need their usually login details. While authorization takes place after the authentication process it decides what permission does the user have. With the same example students are granted limited access like being unable to change grades with their school ID.(MKS075,2020)<\/p>\n\n\n\n

Conclusion<\/strong><\/h2>\n\n\n\n

The CIA triad is useful, but there are plenty other infosec experts who say that it does not cover everything. It is all about information and considered the core factors of cybersecurity. However, implementing the triad is not just a matter of buying certain tool. The triad is a way of thinking, planning, and most importantly setting priorities. Industry standard cybersecurity frameworks like the one from NIST are informed by the ideas behind the CIA triad, though each has its own particular emphasis.<\/p>\n","protected":false},"excerpt":{"rendered":"

Workplace Deviance Technology in the workplace has made workplace deviance easier for employees.\u00a0 It allows for them to be able to slack at their jobs by surfing the internet, using social media, or online shopping. It also makes it easier for people to cyberbully others. Another occurrence of workplace deviance is when an employee has… <\/p>\n

Read More<\/a><\/div>\n","protected":false},"author":18069,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/pages\/159"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/users\/18069"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/comments?post=159"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/pages\/159\/revisions"}],"predecessor-version":[{"id":294,"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/pages\/159\/revisions\/294"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/arayariddick\/wp-json\/wp\/v2\/media?parent=159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}