Blessed Votio
CYSE 200T
September 20, 2024
CIA TRIAD
The CIA triad consists of three letters which stands for Confidentiality, Integrity, and Availability. The CIA triad is a recurrent model that shapes the basis for the buildout of security systems. Confidentiality, integrity, and availability are all crucial for the operation of a business, and the CIA triad segments the three ideas into separate focal points (Fortinet, 2023).
Confidentiality, integrity, availability
Confidentiality: It is designed to protect privacy. It intakes the prevention of sensitive information from being in the hands of unauthorized people (chia, 2022). Confidentiality can also be referred to as the efforts that an organization puts in to make sure that data is kept secret or private. To make this possible, the access of information must be controlled to prevent the unauthorized the sharing of data, this includes intentional or accidental access (Fortinet, 2023)
Integrity: It makes sure that your data is trustworthy and it is free from being tampered with (Fornitet, 2023). It should be maintained in a correct state, kept so that it may not be tampered with, and should be correct, authentic, and reliable (Fasolu, 2021).
Availability: In the same way that unauthorized users are kept out of an organization’s data, this data should be available to the authorized users whenever they require it. This involves keeping systems, networks and devices up and running (Fasolu, 2021).
All the above mentioned are very vital on their own to security professionals of all kinds. This brings us to the question of why is the CIA triad important?
Why is the CIA triad important?
The CIA triad bestows organizations with a coherent and comprehensive checklist to evaluate their incident response plan in the event of a cyber breach. It is also vital because it helps navigate sources of vulnerabilities and helps discover what might have gone wrong after a network has been compromised (Fasolu, 2021).
What is an example of the CIA triad?
Think of logging into an e-commerce website to check your orders and to make an additional purpose. This website uses the three principles of the CIA triad in the following ways:
Confidentiality: When someone tries to log-in, they are asked for a password. If it has been a while since the person last log-in, they may be asked to input a code that has been sent to them or some other form of two- factor authentication (Fasolu, 2021).
Integrity: Here, data integrity is provided by making sure that the person’s purchases are being reflected in their account and it is allowing them to contact a representative if there is discrepancy (Fasolu, 2021).
Availability: In this instance, the person can log into their account whenever they want, and they may even be able to contact customer support at any time of the day or night (Fasolu, 2021).
On a deeper level, this is ensured by rigorously sustaining all hardware, performing hardware repairs immediately when needed (Chai,2022). This builds customers’ confidence as they can always get access to their site or their content whenever they need it.
Special challenges for the CIA triad
The CIA alone is not enough to keep data secured.
Big data constitutes challenges to the CIA paradigm due to the sheer volume of information that organizations need safeguarded. Disaster recovery plans and duplicate data sets can multiply the already-high costs. Due to the fact that organizations are concerned in collecting big data and making useful interpretation of this information, there is a lack in responsible data oversight (Chai, 2022)
Internet of things privacy: It protects individuals’ information from being exposed in an IoT environment. Data transmitted by a given endpoint might not bring about any privacy issues on its own; however, when even fragmented data are being assembled, collated and analyzed, it can submit sensitive information (Chai,2022)
Internet of things security: IoT consists of many internet-enabled devices besides computers, this often goes unpatched and are often configured with default or fragile passwords. This is why is vital to review security in product development (chai, 2022)
How to implement the CIA triad
Confidentiality: Data must be managed according to the organization’s privacy requirements. Data should be encrypted with two- factor authentication (2FA). Ensure that access control lists and file permissions are regularly updated (Chai,2022).
Integrity: Make sure employees are well-informed about compliance and regulatory requirements to reduce the risk of human error. Utilize backup and recovery software. To maintain data integrity, implement version control, access controls, security measures, data logs, and checksums (Chai, 2022).
Availability: Implement preventive measures like redundancy, failover systems, and RAID. keep systems and applications up to date. Utilize network or server monitoring tools. Establish a data recovery and business continuity (BC) plan to address potential loss (Chai, 20220
Differences between authentication and authorization
Authentication is the method of verifying the identity of a consumer or system to ensure they are who they claim to be. It involves checking credentials which include usernames, passwords, or biometric information like fingerprints or facial recognition. This step is vital for securing access to systems, programs, and sensitive records. By confirming identities, authentication saves you from unauthorized entry and protects you against safety breaches (GeeksforGeeks, 2024).
Authorization is the method of figuring out and granting permissions to a demonstrated user or system, specifying what assets they can access and what actions they are allowed to carry out . It comes after authentication and guarantees that the authenticated entity has the proper rights to use certain data, ap;llications, or services. This step is important for implementing protection guidelines and controlling access within the system, thereby stopping unauthorized activities (GeeksforGeeks, 2024).
When a student wants to log-in to his or her ODU portal, a username and password is required to verify their identity when logging into a system. This is referred to as authentication.
Once authenticated, authorization determines what resources or actions the student is allowed to access, such as whether they can view or edit specific files.
In summary, the CIA triad comprises confidentiality, integrity, and availability; this serves as a fundamental framework for establishing security within organizations. Each of them is fundamental in preventing sensitive information from unauthorized access, making sure data remains trustworthy, and guaranteeing that there is access by legitimate users. Even though the CIA triad offers great grounding for security practices, it does, on the other hand, have challenges in relation to big data and IoT. The application of the CIA triad can only be realized through the adoption of an all-rounded organizational strategy that incorporates encryption, frequent updating of applications and systems, training of employees about security issues, and providing a disaster recovery plan. This helps an organization build more trust among users in ensuring the security postures of their digital environments.
Citation
GeeksforGeeks. (2024, July 24). Difference between authentication and authorization. Retrieved from https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Fasulo, Phoebe. “What Is the CIA Triad? Definition, Importance, & Examples.” SecurityScorecard, 1 Sep. 2021 https://securityscorecard.com/
Fortinet. (2023). What is the CIA triad? Definition, explanation, examples.
Chai, Wesley. “What Is the CIA Triad? Definition, Explanation, Examples.” Website Name, 28 June 2022
Blessed Votio
CYSE 200T
October 26, 2024
Vulnerabilities in Critical Infrastructure Systems and the Role of SCADA Applications
BLUF
Critical infrastructure systems face significant vulnerabilities which are mostly due to the increasing interconnectivity and due to complexity. This is where the SCADA (Supervisory Control and Data Acquisition) comes in; it plays a vital role in attenuating these risks by enforcing robust measures and enhancing monitoring capabilities. It is also very important for organizations to prioritize employee training to address human error, this enables them to strengthen theri overall cybersecurity posture.
Introduction
The critical infrastructure systems fall in the major roles in functionality of the society, especially through the water treatments, energy distribution, transport amongst others. These systems are increasingly becoming vulnerable due to the development of cyberattacks, natural disasters, and human mistakes. According to the SCADA Systems article, for this infrastructures monitoring and control in place, there shall be an employment of SCADA application while the security challenges relate to their use (SCADA).
Interconnectivity and Complexity
One of the prime vulnerabilities is that of interconnectivity, which SCADA systems represent. The article mentions that SCADA systems consist of a collection of components consisting of Remote Terminal Units or RTUs and Programmable Logic Controllers or PLCs using a network to control and monitor processes. Interdependence implies risks that, even though one component is compromised, it might affect the whole system in case such a component malfunctions (SCADA). For example, even one RTU is attacked in a cyberattack; the operations may be disrupted at multiple sites.
All this adds to the complication of the security of SCADA systems. According to the article, “almost all control actions are done automatically by the RTUs or PLCs, and human operators at a supervisory level only intervene in exceptional circumstances.” In that case, this is dependent on automated systems, which, when there is a slightest weakness, say, in terms of software being outdated or weak controls for access, could have significant impacts. This would lead to the failure of critical services if some malicious actor were to gain unauthorized access and manipulate the system controls (SCADA).
Vulnerability Overview
SCADA Central Sistema is a kind of SCADA intended to monitor and perform control functions in various industrial processes, while it also serves critical infrastructure. ARDERG reported that the SCADA system’s login page runs an unauthenticated blind SQL injection attack. This can be manipulated by an attacker to perform certain actions in the logic of the SQL query and allow him to retrieve sensitive information or unauthorized actions in the database. In such a context, the indicated vulnerability could provide the attacker with options for executing arbitrary SQL queries through the login page. This might lead to unauthorized access, leakage of information, or even disruption of critical industrial processes (CISA).
Security Measures in SCADA Systems
These are some of the reasons why various types of inbuilt security measures are instituted into the SCADA systems. The article emphasizes secure communication protocols and security based on the philosophy of layers. Most of the SCADA systems use specific firewalls and VPNs that protect unauthorized access to the system. Application whitelisting prevents unauthorized changes to the software of the systems and reduces the chances of cyber intrusions in SCADA systems (SCADA).
HMIs are also some of the critical components in running a SCADA system. HMIs, as explained in the article, present operators with graphical representations of processes for real-time monitoring and control. This aspect is very important in making decisions in a short period, particularly during emergent situations. The article warns that HMIs are open to cyber threats if security is not properly put into place. Trained operators must identify potential security gaps and declare relevant responses (SCADA).
Security Awareness and Training: Provide periodic security awareness and training to developers, administrators, and other staff concerned with managing and operating the SCADA system regarding risks and consequences of SQL injection vulnerabilities. Provide recommendations on secure coding practices, proper input validation, and best practices for secure interaction with databases (CISA).
Regular Security Assessments: Routine security assessments should be carried out, which may include, but are not limited to, penetration testing and code reviews, for the identification and addressing of any vulnerability in the SCADA system. This may include periodic internal security audits to assess overall security posture and to find weaknesses that could be exploited through SQL injection by an attacker or other attack vectors (CISA).
Conclusion
While SCADA systems form a critical part of their operations, they are also perceived to be a source of certain vulnerabilities. Rigorous security protocols will need to be implemented, operators will have to be trained, and regular assessments will be conducted to help organizations minimize risks and protect these very important systems. Undoubtedly, this will be an ongoing battle, as cyber threats evolve day by day and require active vigilance and adaptation in terms of how we protect our infrastructure.
References
SCADA systems http://www.scadasystems.net
CISA ARDEREG Sistemas SCADA | CISA
Stuxnet raises the spin
Blessed Votio
CYSE 200T
November 10, 2024
Balancing Training and Technology Investment in Cybersecurity
BLUF
With a very limited budget to spend on cybersecurity, the balance must be effective between training employees and providing technological defences. Both are needed, but employee training has to be front and centre since human error ranks at the top of the primary reasons for security breaches. Technology solutions should then be deployed to reinforce and support trained personnel.
Introduction
My main responsibility as the CISO is to ensure that the cybersecurity posture of an organization is robust since the threat landscape is changing day in and day out. Since only a finite budget would be available, making strategic decisions about resource investments between employee training and cybersecurity technology becomes very important. What I will try to do in this write-up is explain how I would belance investments in training versus technology, while proving my rationale in light of current cybersecurity trends, the nature of the cyber threats, and organizational needs.
The Role of Employee Training in Cybersecurity
It seems almost daily that a major breach in data or some other type of malicious attack is occurring. As these cyber-attacks continue to be more frequent, it becomes very important for businesses to take critical measures to safeguard themselves. Training workers in cybersecurity best practices is one of the most critical ways to protect your company.
Every organization should have an in-depth cybersecurity program. Without training, there is a very real possibility that employees will either not properly apply policies or grasp the risk exposure when protocols are not followed. Even innocent-looking actions such as clicking a suspicious link or downloading an untrusted file may result in your organization being exposed to a wide range of cyber threats (Bhardwaj).
The only sure way to safeguard your business against cyberattacks is through training. One can invest in a full cybersecurity training program in order to assist in the creation of a security culture-a place where employees are aware of the associated risks and ways to protect against them (Bhardwaj).
Otherwise, cybersecurity training for your workers will help them gain insights into the data privacy and security concerns; if not, the workers may not pay due heed to the protection of confidential information or commit some mistakes that may lead to a data breach.
Increased security awareness: The cybersecurity training will make the employees very aware of data privacy and how to identify potential threats and respond to them.
Improved compliance: Training informs and makes the staff members follow company policy regarding data protection. This may reduce certain risks of cyber-attacks.
Reduced liability: Good training can reduce the legal and financial liability that follows a data breach (Bhardwaj).
Better employee performance: With security training, workers understand their job and responsibilities toward securing company data, hence improved outputs at reduced costs.
Confidence booster for employees: Cybersecurity training can also make employees confident enough to take up the task of information protection that could result in increased morale and job satisfaction among them (Bhardwaj).
Time and money saved: Spending on cybersecurity training saves time and money for the businesses because the data leak or malignant attack prevents them from being costly. Also, when the employees are trained, it will not take that much time to understand and deal with the cyber attacks (Bhardwaj).
Gain customer trust and retain it: Proper cybersecurity training helps a firm safeguard customer data for building and maintaining trust (Bhardwaj).
Balancing the Budget
With a limited budget, a two-tier strategy would be adopted to balance the investments between training and technology.
Investment in training: First of all, I am going to put in place a setting where 60% of the budget will go into employee training and awareness programs. These efforts will be channelled into the training of employees to recognize and react to phishing attempts, lessons on password security practices, multi-factor authentication, the use of different passwords for different accounts, and reporting strange activities as soon as possible to cut response time and limit potential damage. I will institutionalise periodic refresher courses that help keep learning retained and awareness high.
Investing in Technology: I’ll use the rest 40% for cybersecurity technology, which, although indispensable to a certain extent, one needs to be on his toes to stay abreast with. I would ensure antivirus and anti-malware software that is up-to-date, firewalls, intrusion detection systems, network segmentation, are used to limit any possible attacks to spread across; and also use encryption and data protection tools that ensure sensitive data is encrypted in rest and in transit.
Conclusion
In any case, while employee training and cybersecurity technology are the two equally critical elements of good security posture, I would focus on employee training in view of the significant part that human error has played in most security breaches. Investing in a well-trained and alert workgroup can help deter many of the common cyber-attacks; thus, there is still a need to utilise technology by offering additional layers of defence against other more sophisticated methods of attack. While weighing human investment with technology, 60% for training and 40% for technology-this is the way to make our cybersecurity strategy, not only human but also technological.
References
Bhardwaj, Pranav. “The Importance of Cybersecurity Training for Employees.” MakeUseOf, 19 Apr. 2023, The Importance of Cybersecurity Training for Employees Accessed 10 Nov. 2024.