Cyse200T

Cybersecurity-Technology-Society – Assignments Done During Class

Write-Up: The CIA Triad – Due 03/15                                  Ayomide Oyewoga

CYSE200T

The CIA triangle is a well-known information security paradigm that can help an organization’s actions and policies to keep its data safe. The “CIA triad” is made up of three letters that stand for confidentiality, integrity, and availability. These are used to identify weaknesses as well as strategies for solving problems and developing effective solutions. Information confidentiality, integrity, and availability are all critical to a company’s success, and the CIA triangle divides these three concepts into distinct emphasis points.

The efforts of an organization to keep data secret or private are referred to as confidentiality. Data should only be accessed or modified by authorized users and processes. Making sure that those who don’t have necessary authorization can’t access assets that are crucial to your company is an important part of protecting confidentiality. Confidentiality can be jeopardized in a variety of ways. This could include direct attacks aimed at getting access to systems that the attacker has no access to. It can also involve a direct attempt by an attacker to enter a program or database to steal or change data. You can classify and label restricted data, establish access control policies, encrypt data, and employ multi-factor authentication methods to protect against data breaches. It’s also a good idea to make sure that everyone in the company has the training and knowledge they need to spot and avoid threats.

Integrity refers to ensuring that your data is accurate and unaltered. Only original, accurate, and dependable data maintains the integrity of your data. Data must be kept in a correct state, and no one should be able to alter it wrongly, either mistakenly or maliciously. Non-repudiation, which refers to when something cannot be repudiated or denied, is a way for validating integrity. If your staff use digital signatures when sending emails, for example, the fact that the email came from them cannot be contested. Furthermore, the recipient is unable to deny receiving the email from the sender.

Even if data is kept secure and its integrity is preserved, it is often meaningless unless it is accessible to those within the business as well as the clients they serve. This means that systems, networks, and applications must all work properly and at the appropriate times. Individuals who have access to certain data must also be able to consume it when they need it and accessing the data should not take an excessive amount of time. Data should be accessible to authorized users whenever they need it. Organizations can utilize redundant networks, servers, and applications to assure availability. When the primary system is disrupted or broken, these can be designed to become available. You may also improve availability by staying on top of software and security system upgrades. As a result, you reduce the chances of a program malfunctioning or a new danger infiltrating your system. Backups and comprehensive disaster recovery plans also aid a company’s ability to quickly recover from a negative incident.

Any information security practitioner should be aware of these three principles. Considering them as a trio, on the other hand, forces security professionals to think about how they overlap and can sometimes conflict with one another, which can aid in defining priorities in the implementation of security policies. We’ll go over each of these concepts in greater depth later, but first, let’s speak about the triad’s origins and significance.

In terms of knowledge security, both authentication and authorization are used to ensure the safety of an automated data system. As part of its service infrastructure, each area unit terribly important themes usually associated to the internet. Each phrase, on the other hand, has an entirely different meaning and connotation. Even though they’re frequently used in the same situation with the same tool, they’re completely different. The process of verifying that you are who you say you are known as authentication. The act of granting permission to an authenticated person to perform something is known as authorization. It states what data you are permitted to access and what you are permitted to do with that data.

Write-Up – SCADA Systems – Due 03/20

As the systems that run them become more accessible, linked, and reliant on cyberspace, critical infrastructure sites are becoming increasingly vulnerable to hacking. The ability to monitor, identify, and defend against a wide range of threats to critical infrastructure has improved significantly. Unfortunately, as the defenders advanced, so did the attacker’s capabilities. To address the overall safety, reliability, and availability of real-time plant control systems and supervisory control and data acquisition systems, cyber security is becoming increasingly crucial. The government-owned organizational structures that serve as the backbone of any nation and include both vital and non-essential services are responsible for the risks associated with these critical infrastructure systems.

Daily, several confirmed and undocumented attempts have been carried out to compromise the security of such governmental data to retrieve important information. They devised a security policy that included a variety of security measures to ensure that they were protected from all risks and vulnerabilities. Confidentiality, integrity, accountability, and provenance must all be maintained. Real-world operations can be controlled and monitored remotely using a SCADA system. SCADA systems are utilized to increase the approaches quality and efficiency. The control of systems is a role that the SCADA program plays in mitigation.

There are a few things you can do to reduce these risks

  1. Staff Experience: The staff is filtering to get control of the SCADA system, and the team’s purpose is to appear to be at odds with security measures.
  2. Vulnerabilities in the Operating System: SCADA systems have all the same vulnerabilities as any other IT operating system. The SCADA system operator oversees a functioning system that is required to perform flawlessly.
  3. Authentication: The SCADA system uses a shared password, which makes things easier for the personnel but removes any feeling of authentication and accountability.
  4. Remote Access: Because of the costs of staffing control centers around the clock, SCADA systems are rarely designed for remote access.

Finally, the SCADA application software offers some security and other characteristics.

Discussion Board Write Up

As technology advances, fraudsters look for new ways to steal our information. Due to the rising number of cyber events, businesses are losing millions of dollars each year. Although cybersecurity is a critical issue, most firms, particularly small businesses, do not take it seriously. Businesses will suffer financial and reputational costs if they do not have a security policy that complies with NIST requirements. It is necessary to change the culture of fear of implementing security measures in firms’ regular cyber activity. Businesses are concerned about the cost of purchasing and tackling cybersecurity. A business’s cybersecurity program will cost a significant amount of money to implement, but it will pay off in the long term. Besides that, in order to have a comprehensive list of moral and ethical codes of dealing with electronic data, we must consider both current and future use of data. Whether we are collecting data, or our data is being collected, we need to consider asking these questions. The confidentiality and anonymity of the stored data need to be preserved to keep data privacy. Unethical use of personal information has negative impacts on a business’s reputation and is an obvious violation of the terms of consent. 1. Inappropriate use of data, 2. Keeping an individual’s personal data for longer than necessary, 3. Selling customers’ personal information to third-party firms for business purposes are some of the ethical difficulties that occur while preserving electronic information of persons. 4. Failing to disclose data breaches involving customers’ personal information. The lack of an ethical and professional culture in an organization dealing with personal information will have a detrimental influence on the company’s reputation. Ethical monitoring is also required to ensure that proper security measures are used when storing personal data. Ambiguity and confusion around data storage must be addressed, and clear principles and ethical guidelines should be communicated to people so that they are aware of the proper course of action.