{"id":231,"date":"2024-01-16T17:30:14","date_gmt":"2024-01-16T17:30:14","guid":{"rendered":"https:\/\/wp.odu.edu\/cyberimpact-template\/?page_id=231"},"modified":"2024-04-21T16:58:55","modified_gmt":"2024-04-21T16:58:55","slug":"ece-416","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/cbelf001\/ece-416\/","title":{"rendered":"Write-Ups"},"content":{"rendered":"

The Human Factor in Cybersecurity- April 22, 2024<\/strong><\/p>\n

\n
\n
\n
\n
In this write-up, we will introduce the meaning of CISO, its responsibilities, and how I, as a CISO, <\/span>would balance the tradeoff of training and additional cybersecurity technologies. Taking measures <\/span>such as employee training and implementing other technologies is a tremendously efficient way to <\/span>assure the security of a company.<\/span><\/em><\/div>\n
<\/div>\n
<\/div>\n
CISO <\/span><\/strong><\/div>\n
The Chief Information Security Officer (CISO) of a company has a very crucial role. In fact, the role <\/span>of a CISO is to supervise an organization and ensure the security of all its data and information. <\/span>Furthermore, just li<\/span>ke in the \u2018What is a CISO?\u2019 article, the chief information security officer <\/span>performs the role of executing, enforcing, and elaborating security policies. As a result, he can <\/span>guarantee the protection of a company\u2019s entire system.<\/span><\/div>\n

What are the responsibilities of a Chief Information Security Offic<\/strong><\/span>er?<\/strong><\/div>\n
As the \u2018Understanding CISO<\/span> Roles and Responsibilities: A Complete Guide? article says, a CISO has <\/span>many responsibilities, and his role could be considered pivotal for the organization\u2019s outcome. <\/span>Without a CISO, a company would be dishoriented and would lose all its power since it would be <\/span>considered easily attackable and vulnerable. Among the many responsibilities, a chief information <\/span>security officer needs to be capable of directing and handling the security team of an organization, <\/span>making vital business-related decisions, taking precautions against any form of cyber attack, and <\/span>finally being able to communicate efficiently with the different divisions of a company. By doing <\/span>so, all the eventual risks for a company can be reduced.<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n

What would a CISO<\/span>\u2019<\/span>s priorities with a limited budget be?<\/span><\/strong><\/div>\n
As stated in the \u2018How CISOs Prioritize Cybersecurity Spend\u2019 article, the estimated costs of <\/span>cybersecurity breaches are unduly expensive. Therefore, CISOs need to be extremely careful when <\/span>analyzing the potential risks and problems so that they can allocate their limited funds in a useful <\/span>and functional way. Personally, as the CISO of an organization with limited funds, I would give <\/span>prominence to employee training as well as investing in new cybersecurity technologies. A great <\/span>method suggested by the CSO article to give prominence to the last mentioned is the FAIR (Factor <\/span>Analysis of Information Risk) method. This framework allows the translation of cybersecurity <\/span>events, such as risks, into fiscal terms, making it easier for chief information officers to prioritize <\/span>risks and wisely choose the correct allocation of funds. Additionally, as a chief information security <\/span>officer, I would invest in cybersecurity technologies by implementing all types of firewalls, data <\/span>encryption methods, and monitoring systems that would allow me to promptly detect problems <\/span>and resolve them. Also, I would carry out employee training courses. With these training courses, <\/span>employees can learn many different skills, avoiding unvoluntary mistakes. In short, I would spend <\/span>my limited funds on cyber technologies, monitoring incidents, and employee training. I am <\/span>confident in the fact that all these measures can greatly contribute to promoting stable and <\/span>vulnerable-free organization.<\/span><\/p>\n
<\/div>\n<\/div>\n<\/div>\n
Conclusion<\/strong><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
Finally, the role of a chief information security officer is indispensable for the success, the <\/span>protection, and of the confidentiality, integrity, and availability of an organization.<\/span><\/div>\n
<\/div>\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
<\/div>\n
SCADA Systems- March 25, 2024<\/span><\/strong><\/div>\n

In this article we discuss about the SCADA System, how its term came to light, what it consists of, what its <\/span><\/em>vulnerabilities are, and how they can be diminished. The SCADA System is an excellent method because it <\/span><\/em>allows industries to work in a quicker and easier way whilst ensuring problem resolution<\/span>.<\/span><\/em><\/div>\n

When did the term SCADA come to light?<\/span><\/strong>
According to the article \u201cSCADA: Supervisory Control and Data Acquisition,\u201d t<\/span>he term SCADA was first <\/span>introduced in the 20th century because there was the necessity to control machinery so that workers <\/span>wouldn\u2019t have to control the equipment manually. For this reason, many manufacturing plants started <\/span>using timers. By doing this, there was the possibility to control and supervise infrastructure processes <\/span>without the need to dispatch staff members on-site and control the devices. With time, people realized <\/span>that the idea of using timers was working very well,<\/span> but these timers weren\u2019t very accurate. Thus, th<\/span>ere <\/span>was a need to have a more well-planned and effective system. In fact, from the 1950s onwards, computers <\/span>were used for industrial control purposes. Telemetry, a type of technology that allows to transmit and <\/span>measure data from remote sources, which then gets analyzed to monitor and control a system, laid its <\/span>foundations; and finally, in the 1970s, the SCADA System was introduced. <\/span>This was of great help because it <\/span>allowed the control of industrial processes.<\/span><\/div>\n

What is SCADA?<\/span><\/strong>
In accordance with<\/span> the \u2018SCADA System\u2019 article, the term SCADA is an acronym that stands for \u2018Supervisory <\/span>Control and Data Acquisition\u2019. This system is an accumulation of<\/span> software and hardware programs that are <\/span>designed to control infrastructure processes, industrial processes, and facility-based processes. <\/span>The controlling actions are made possible thanks to the RTUs, or Remote Terminal Units, and by a program <\/span>called Programmable Logic Controllers (PLCs).<\/div>\n
As a matter of fact, this program allows to control plants\u00a0 in a remote and local way, giving birth to control automated processes. The SCADA System is able to collect data, examine it, and process it in real time. When microprocessors like the Remote Terminal Units and Programmable Logic Controllers interact with the HMI (Human Machine Interface), and once the data is posted from processors to SCADA Systems, the human operators are able to take control. The HMI provides members of an industry with graphic information, and with a diagram, the personnel is able to view a representation of the plant in question. If the system has analyzed any problems, the operator can act remotely. In short, with this system, industries can control and monitor processes by recording, analyzing, and collecting data. This system is attached to sensors that monitor things like pumps, motors, and valves<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
(actuators). Then, the data can be reviewed, and based on the types of alarms given by the system, the <\/span>human operator can decide whether to take decisions or not, and if yes, what actions can be taken. <\/span>Because of its efficiency, many gas, oil, and water treatement industries utilize the SCADA System.<\/span><\/div>\n

Vulnerabilities and how can they be diminished?<\/span><\/strong>
Despite being one of the most efficient control systems, SCADA could make some improvements. Most of <\/span>the vulnerabilities are due to the lack of physical security, out-of-date devices, fleeble passwords, and weak <\/span>authentication methods. However, the biggest problems are the consequences of the absence of security <\/span>control protocols that allow unauthorized people to access and control everything. Another problem is due <\/span>to unauthorized people or viruses that make changes and affect the entire system. The \u2018SCADA System\u2019<\/span>article suggests that industries can overcome these vulnerabilities and avoid risks by implementing VPNs <\/span>(Virtual Private Network) and firewalls<\/span>. In addition, based on the \u2018One Flaw Too Many: Vulnerabilities in <\/span>SCADA Systems\u2019 article, industries as well as using VPN and<\/span> firewalls, should also implement strict policies <\/span>for connecting devices to SCADA Systems, prevent the use of unknown and untrusted devices, and use <\/span>endpoint protection.<\/span><\/p>\n
<\/div>\n<\/div>\n<\/div>\n
Conclusion<\/strong><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
Lastly, SCADA Systems are pivotal for monitoring and controlling industrial processes remotely and in real <\/span>time. Nevertheless, significantly important actions must be taken in order to maintain an efficient, <\/span>cyberattack-free system and in provide a strong and hermetic structure, which should be the top priority <\/span>for an industry.<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

 <\/p>\n

The CIA Triad- February 5, 2024<\/strong><\/p>\n

\n
\n
\n
\n
In this write-up, we talk about the CIA Triad, what it is, when it was created, what it stands for <\/span><\/em>and the important role it has. The CIA Triad, is the key to keeping all organizations and clients safe <\/span><\/em>from all the potential attacks of a system.<\/span><\/em><\/div>\n

What is the CIA Triad?<\/span><\/strong><\/div>\n
According to the Chai article, the CIA Triad also known as the AIC, so there are no mis-<\/span>understandings with the Central Intelligence Agency, is a model designed to protect all the <\/span>information from data breaches and therefore, it is fundamental in order to keep all organizations <\/span>safe.<\/span><\/div>\n

What is stands for<\/span><\/strong><\/div>\n
The<\/span> CIA<\/span> Triad,<\/span> is<\/span> an<\/span> abbreviation<\/span> of<\/span> C<\/span>onfidentiality,<\/span> I<\/span>ntegrity<\/span> and<\/span> A<\/span>vailability.<\/span> With<\/span>
confidentiality,<\/span> it is intended that all data and personal information are kept private or<\/span>
confidential. For example, a bank needs to take several different reforms to make sure that certain <\/span>data doesn<\/span>\u2019<\/span>t reach people or even employees that aren<\/span>\u2019<\/span>t authorized. To do that, it is crucial that <\/span>employees working in fields such as finance, are given specific roles inside the organization. Some <\/span>employees,<\/span> depending on their specialization,<\/span> should be allowed to have access to confidential <\/span>data others however, must be denied access. As a result, even though this doesn<\/span>\u2019<\/span>t ensure 100% <\/span>safety, it helps to decrease the amount of<\/span> \u201c<\/span>damage<\/span>\u201d<\/span> that can occur to organizations but also to <\/span>clients<\/span> of<\/span> the<\/span> organization<\/span> at<\/span> issue.<\/span> Basically,<\/span> it<\/span> prevents<\/span> unauthorized<\/span> personnel<\/span> and <\/span>cybercriminals from accessing data. Integrity. With integrity, all data must be accurate, consistant <\/span>and trustworthy during it<\/span>\u2019<\/span>s longevity. To fulfill this step, it is essential to carry out periodic backups <\/span>in the system. Updating data so that it keeps up with everything. Another thing which is also really important, is making sure that even though some documents can be read, they can<\/span>\u2019<\/span>t be edited. <\/span>Although it may seem basic, it is actually a huge step since thanks to this, we are able to keep data integrity. Lastly, Availability.<\/span> Availability is another major step. With this step, we are able to<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
understand whether data is available or accessible to all the authorized staff.<\/span> To accomplish the <\/span>availability of data, like the Chai article states, there needs to be a porper maintenence of all the <\/span>technical infrastructures and systems which keep data and display it.<\/span><\/div>\n

Who created it?<\/span><\/strong><\/div>\n
According to the CSO article, the CIA Triad doesn<\/span>\u2019<\/span>t have a single creator. Ben Miller, who is a Vice <\/span>President at Cybersecurity firm Dragos, thinks that confidentiality, one of the three concepts of <\/span>the CIA Triad was made official in a US Air Force study in 1976. Followed by the other concept of <\/span>the Triad, Integrity, which was layed out in a paper in 1987. This paper talked about the <\/span>importance of having to focus on data accuracy. Availability, the last component, was mentioned <\/span>in 1988 when the Morris Worm named after the creator (Robert Tappan Morris), infected many<\/span>
computers with a very strong virus, becoming one of the first malaware in history to have caused <\/span>such a wide diffusion in making computers inoperable. The Triad, was established in 1998. In <\/span>addition, Donn Parker, a researcher for the security of information and fellow of the Association <\/span>for Computing Machinery, in one of his books titled:<\/span> \u2018<\/span>Fighting Computer Crime<\/span>\u2019<\/span>,<\/span> suggested<\/span> to <\/span>extend the Confidentiality, Intergity and Availability Triad into six. In his model made up of six <\/span>components,<\/span> he<\/span> added<\/span> on<\/span> top<\/span> of<\/span> Confidentiality<\/span> and<\/span> Availability,<\/span> Posession<\/span> or<\/span> Control, <\/span>Authenticity and Utility.<\/span><\/p>\n
<\/div>\n<\/div>\n<\/div>\n
Today<\/strong><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
According to another article (Splunk article), specialists in the cyber field think that the CIA Triad <\/span>won<\/span>\u2019<\/span>t stop all the security problems whilst others say that the Triad needs to have more <\/span>components. On the contrary, Walter Haydock, a professional staff member for the House <\/span>Committee on Homeland Security who was also a Marine Corps Ground Intelligence Officer, <\/span>disagrrees. Reagrdless of the never-ending progression in technologyand threats, the CIA Triad still <\/span>shows it<\/span>\u2019<\/span>s effectiveness.<\/span><\/div>\n

Conclusion<\/span><\/strong><\/div>\n
To conclude, the CIA Triad<\/span> is a great model designed to protect personal information of clients <\/span>and organizations and is to this day, very efficent.<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The Human Factor in Cybersecurity- April 22, 2024 In this write-up, we will introduce the meaning of CISO, its responsibilities, and how I, as a CISO, would balance the tradeoff of training and additional cybersecurity technologies. Taking measures such as… Continue Reading →<\/a><\/p>\n","protected":false},"author":28443,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/pages\/231"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/users\/28443"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/pages\/231\/revisions"}],"predecessor-version":[{"id":323,"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/pages\/231\/revisions\/323"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/cbelf001\/wp-json\/wp\/v2\/media?parent=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}