Cybersecurity, Technology, and Society

Course Material

Write-Up Assignments
The CIA TriadIn this paper, I will research the “CIA Triad” and what it means in the field ofInformation Technology. The goal is to be able to understand and explain each term and how itplays a role in cybersecurity. While doing this, I will also become familiar with the differencebetween authentication and authorization.What is the CIA TriadIn the context of information technology, the term CIA stands for Confidentiality,Integrity and Availability (Chai, 1). The function of the CIA Trias is to create a foundation for ITagencies to successfully protect a company’s systems. The term Confidentiality in the Triad is theaction of keeping things private from outside sources (Chai, 1). This prevents the system frombeing a victim of attacks. The term Integrity in the Triad is the action of effectively keepingthe information in your systems between internal sources (Chai, 1). This assures that companyworkers are trustworthy and reliable. The term Availability in the Triad is to ensure internalsources of your company have access to information systems (Chai, 2). This can include makingsure the hardware and software of your systems are intact and working properly.
Authentication vs. Authorization
Authentication is the process of making sure the individual who is trying to accesssensitive information is who they claim to be (Weatherston, 2). Some types of authentication areSingle Factor Authentication, 2-Factor Authentication, and Multi-Factor Authentication(Weatherston, 5). They all have the same purpose of verifying that the user is who they are.However, the difference is in the amount of security that goes into it. Single FactorAuthentication is the least secure, and Multi-Factor Authentication is the most secure. Anexample of Authentication is the fingerprint you use to unlock your mobile device.Authorization is the process of making sure you are certified to access the information ortechnology (Weatherston, 22). In the company, there are tiers of positions and roles that areassigned a certain amount of information. Some positions are meant to know more than others,which is why Authorization is used to make sure internal sources are only able to haveaccess to the information they are supposed to have access to. While Authentication is morehardware-based, Authorization is mostly software-based. For example, after an individualverifies themselves with Authentication, usually the same system has implemented Authorizationto look over the individual’s credentials to ensure that they are qualified enough to accessinformation (Weatherston, 26).
ReferencesChai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples.TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Weatherston, G. (2022, September 29). Authentication vs Authorization – What’s the Difference?FreeCodeCamp. https://www.freecodecamp.org/news/whats-the-difference-between-authentication-and-authorisation/

1 Leave a comment on paragraph 1 0 The Human Factor in Cybersecurity

2 Leave a comment on paragraph 2 0 If my company had financial issues with supporting my cyber team, I would use the following tactics to properly allocate my resources and money while also supporting my team. First, I would need to conduct a thorough analysis of my organization’s current cybersecurity posture to determine which areas need the most attention. By evaluating the current state of cybersecurity in my organization, I can determine if my employees have good integrity and are reliable, and see if investing in training programs may be more beneficial than purchasing new equipment, technology, etc. 

3 Leave a comment on paragraph 3 0 It is also important to identify the more significant threats to my organization. If my company deals with a lot of sensitive information, threatening this could cause corruption in my company. Therefore, if my company deals with data, I prioritize my funds on data encryption technology.  These training programs will help employees stay relevant to the latest cybersecurity practices.

4 Leave a comment on paragraph 4 0 If I am the CISO of a big company, it is important to look into long-term benefits and impacts. I would focus my funds solely on technology. It is important to provide good-quality training programs for my employees. This could even be more cost-efficient than investing in better technology. And as a CISO, allocating costs and funds and saving as much money takes top priority.

5 Leave a comment on paragraph 5 0 SCADA System 

6 Leave a comment on paragraph 6 0 Critical infrastructures can often fall victim to virus attacks. Depending on the form of critical infrastructure, the breach of the information can cause some serious economic damage and even cost someone’s life. Some of the vulnerabilities that are associated with Critical infrastructures are virus infections, as mentioned before, vulnerabilities to cyber-terrorism and attacks, and unauthorized access to the software used for these critical infrastructures. 

7 Leave a comment on paragraph 7 0 SCADA can help improve critical infrastructures by making sure its systems are secured and well-managed. The systems of critical infrastructures are often not made to protect themselves from vulnerabilities because the designs are outdated most of the time. By implementing some form of encryption or authentication, SCADA can provide a better security system for these infrastructures.

8 Leave a comment on paragraph 8 0 These implementations can also help people who seek to breach critical infrastructures to perform some kind of cyber-terrorism attack. The authentication that would be required to access the controls of these critical infrastructures will mitigate the risk of hackers and cyber-terrorists

9 Leave a comment on paragraph 9 0 In conclusion, SCADA provides critical infrastructures with the necessary rearrangements in security measures that could prevent the breach of information that controls their functions.

10 Leave a comment on paragraph 10 0 Bibliography 

11 Leave a comment on paragraph 11 0 DPS Telecom. “How SCADA Systems Work: An Overview of SCADA Technology and Security.” DPSTele.com https://www.dpstele.com/scada/how-systems-work.php 

12 Leave a comment on paragraph 12 0 Infosec Institute. “SCADA Security of Critical Infrastructures.” Infosec Resources, Infosec Institute, 16 July 2021, https://resources.infosecinstitute.com/topic/scada-security-of-critical-infrastructures/ 

13 Leave a comment on paragraph 13 0 “SCADA Systems – Everything you wanted to know about SCADA Systems.” SCADA Systems, n.d., http://www.scadasystems.net/