Author: cpark020

As the CISO of a publicly traded company, I would implement virus protection, backup sites, and physical security precautions to ensure availability for my systems. Therefore, guaranteeing access to clients whenever it is needed.

Virus protection is essential in order to prevent malware or other viruses from preventing system or network availability. Having a reliable virus protection service that is updated on time will alarm systems if a know virus is being installed onto a system.

If virus protection fails and a system or network failure occurs, backup sites are the best possible last resort. Although backup sites are expensive and require a lot of work to maintain, backup sites allow you to keep systems available while the original systems are being fixed. With backup sites, the second your systems go down, the backup site takes over with the last working backup of your original system.

One of the most basic but most important protections necessary is physical security. Machines and servers must be kept in a safe environment with doors that are locked when the site is unattended. Security cameras are also necessary for deterring braking and entering and for catching those who may have attempted to break in. These implementations of physical security will help to ensure that machines and networks will not be physically tampered with, thus ensuring their availability.

Corey Parker

11/7/20

Critical Infrastructure Vulnerabilities

Supervisory control and data acquisition systems or, SCADA systems, are used to monitor and control critical infrastructure processes. These critical infrastructures range from monitoring water treatment, pipeline control, airplanes, space stations, and more (SCADA, 2020). Any sort of compromise within these critical infrastructures could cost million of dollars and even lives. The large scope of damage that could be done within critical infrastructures leaves us vulnerable to natural, accidental, and human-caused threats (Tal, 2018).

• Natural Threats –Critical infrastructure systems are vulnerable to natural threats such as flooding, tornadoes, earthquakes, hurricanes, etc.
• Accidental Threats – Critical infrastructure systems are vulnerable to accidental threats such as on-site accidents, water pipe ruptures, power-grid failure, system failure, etc.
• Human-caused Threats – Critical infrastructure systems are vulnerable to human-caused threats such as rioting, terrorism, finance related crime, and cyber-attacks.

Cyber-attacks:

Due to modern internet interconnectivity, critical infrastructure systems often use wide area networks, or WANS, to monitor essential information systems. This leaves critical systems vulnerable to cyber threats such as –

• Denial of Service or DDOS attacks: A cyber attack where the attacker overflows the host with information in order to compromise system availability.
• Bot-net operations: Malware infected machines consecutively attack the host via different means (phishing and spam attacks) (Tal, 2018). 
• Criminal groups deploying spyware/malware in attempt of identity or information theft.

With these ongoing risks and vulnerabilities, it is essential to provide proper security for essential information systems. Over time as the usage of SCADA systems has grown in order to monitor these critical infrastructures. Although SCADA systems have improved overtime, this does not mean that they are not vulnerable. The two main threats to SCADA systems are unauthorized access to software and packet access to network segments (SCADA, 2020).

• Unauthorized software access – Human access or virus access to the software can make detrimental changes to SCADA systems and cause damage.
• Packet access to software – There is often no security on packet control within SCADA system. Therefore, those who can send information to SCADA systems are in control of the system.

–  Physical access to SCADA systems also allows for a security bypass (SCADA, 2020).

Although SCADA systems are not perfect. SCADA manufacturers are constantly working towards making systems more secure in order to protect our critical infrastructures.

Works Cited:

• SCADA Systems. (2020). Retrieved from http://www.scadasystems.net/

• Tal, J. (2018). America’s Critical Infrastructure: Threats, Vulnerabilities and Solutions. Retrieved November 07, 2020, from https://www.securityinfowatch.com/access-identity/access-control/article/12427447/americas-critical-infrastructure-threats-vulnerabilities-and-solutions

• What is SCADA Security. (2020, March 25). Retrieved November 07, 2020, from https://www.forcepoint.com/cyber-edu/scada-security

Corey Parker

9/26/2020

The CIA Triad

The CIA Triad are the three vital principles of any secure network. Not to be mistaken with the Central Intelligence Agency, CIA stands for Confidentiality, Integrity, and Accessibility. If there is ever an information security breach it can ALWAYS be traced back to one or more of these 3 concepts.

Confidentiality:

Confidentiality means limiting the access of information to those who are authorized and/or authenticated to do so (Fruhlinger, 2020).

• Authorization lets us choose who has access to what information. It is important to keep information on a need-to-know basis I order to prevent data breaches. If an intern at an IT company were to be given an account with administrative control, he would have access to way more information than necessary. This opens the possibility of the intern doing things such as – remoting into client’s computers, discovering client’s passwords, deleting important data, and etc. To prevent this, we must limit people to the LEAST amount of information as possible, while still allowing them to do the tasks that are necessary.

• Authentication allows us to verify if a user is who they say they are (Fruhlinger, 2020). Examples of authentication would be – password protection, biometric scanners (scanners that identify users based on fingerprints, iris patterns, facial features, and more), keycards, etc. (Biometric Security Systems, 2020)

Integrity

Integrity is the functionality of the data. We must have complete data that is authentic, accurate, and dependable (Walkowski, 2019). If someone were to host a banking service, users of the service would want their account balances to be accurate and consistent. Otherwise the service would not be successful and the web users would search for an alternative.

Availability

Without availability, information and machines would be practically useless. What is the point of owning a device if you cannot log on to it? What is the point of having a hard drive full of photographs if the pictures are not available? Common occurrences that put availably at risk are user errors, power failures, and DDOS attacks or denial-of-service attacks (Walkowski, 2019).

DDOS attacks are done by overloading a network or machine with packets of information until it eventually goes down. Ways to prevent these availability failures from occurring are regular updates to systems, keeping information backed up, tracking bandwidth usage, and having backup hardware for if the network or machine goes down (Fruhlinger, 2020).

Works Cited

• Biometric security systems (2020, August 12). Retrieved September 28, 2020, from https://www.ifsecglobal.com/global/biometric-security-systems-guide-devices-fingerprint-scanners-facial-recognition/

• Fruhlinger, J. (2020). The CIA triad.

• Walkowski, D. (2019, July 09). What Is The CIA Triad? Retrieved September 27, 2020,