IT/CYSE 200T

Cybersecurity, Technology, and Society

 

CIA Triad, and the differences between Authentication & Authorization

BULF:

To this day the CIA Triad (Confidentiality, Integrity, Availability) are important factors in our world’s system of technology, that provide protection of our people’s data and information over the data space. 

CIA Triad:

The CIA Triad is a model designed to help protect and guide policies for information security within an organization. CIA Triad is known for Confidentiality, integrity, and availability. While people outside the information security community might hear the phrase CIA Triad and think “conspiracy theory,” those in the cybersecurity field know that the CIA Triad has absolutely nothing to do with the Central Intelligence Agency. Instead, the CIA triad has everything to do with keeping your organization’s data, networks, and devices safe and secure, while strengthening the security posture of your organization. The CIA triad is widely accepted as a model in information security. It’s not a singular doctrine and there was no one author. Rather the model appears to have developed over time, with roots as old as modern computing, pulling concepts from various sources. Ben Miller, vice president for Dragos, seems to be one of the few people who has done any digging on the origins of the triad.

Confidentiality:

Confidentiality is that only authorized users and processes should be able to access or modify data. This often means that only authorized users and processes should be able to access or modify data. It also includes protecting information from hackers with malicious intent, like limiting access to only authorized individuals within a certain organization. 

Integrity: 

Integrity is data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously. It should be maintained in a correct state, kept so that it may not be tampered with, and should be correct, authentic, and reliable. A system with integrity keeps data safe from unnecessary changes, whether malicious or accidental. Cybersecurity professionals might implement access levels, enable tracking when making changes, and protect data when transferring or storing it.

Availability:

Availability-authorized users should be able to access data whenever they need to do so. Just as unauthorized users must be kept out of an organization’s data, data should be available to authorized users whenever they require it. This means keeping systems, networks, and devices up and running. Ensuring availability in data systems can be tricky because it may compete with the other factors in the triad. One of the best ways to protect data is to limit access to it. If you have an information security role, you may have experienced pushback from customers or coworkers about information availability.

Differences between Authentication and Authorization:

“Authentication and authorization are fundamental concepts in information security, often used interchangeably due to their similar contexts. However, they serve distinct roles in the security process.”

Authentication:

Authentication is the procedure that uses the system to verify that users are who they claim to be. These comprise passwords as well as the variety of identity-establishing methods that are available, such as biometrics, security tokens, cryptographic keys, and the like.

Authorization:

Authorization determines the right to access any data, but it doesn’t mean that all data is accessible to the public. Most operating systems enforce confidentiality in this sense by having many files accessible only by their creators or an admin, for instance.  One of the most important ways to enforce confidentiality is establishing need-to-know mechanisms for data access; that way, users whose accounts have been hacked or who have gone rogue can’t compromise sensitive data.

Some examples of Authentication and Authorization:

  • Authentication verifies a user’s identity, while authorization determines what that verified user can access within a system.
  • Effective access control combines both authentication and authorization to provide a comprehensive security framework that safeguards sensitive data, and critical systems.
  • Properly implemented access control reduces the risk of data breaches, ensures compliance with regulations, and enhances overall organizational security and operational efficiency.

                                                           Work cites

Coursera:

Coursera Staff • Updated on Nov 29, 2023

What Is the CIA Triad? | Coursera

CSO:

Fruhlinger Josh, in July 12, 2024

What is the CIA triad? A principled framework for defining infosec policies | CSO Online

 

SCADA System Write-Up

BLUF:

SCADA (Supervisory Control and Data Acquisition) are extremely useful in monitoring and controlling critical infrastructure like energy grids, water systems, and transportation networks. Although these systems are essential for normal operation, they are vulnerable to cyberattacks and unauthorized access. Factors such as physical security and measures taken to ensure that critical infrastructure is immune to malware infections are very vital to the integrity of the system. 

Vulnerabilities with Infrastructure system:

  • Secured physically (have intext citations) 

Physical security represents an elemental aspect of security for SCADA systems. Sabotage would be prevented by ensuring physical security of the “components of these systems, including, but not limited” to, servers and controllers. Common physical controls and measures include fencing, camera surveillance, and restricted access areas. 

  • Infrastructure (have intext citations) 

“Cyberattacks on infrastructure systems can be very damaging”, as the 2015 attack on the Ukraine power grid indicates. These hackers made their way inside SCADA systems, which caused a massive power outage affecting hundreds of thousands of people. Furthermore, this incident also brought to the forefront the urgency for SCADA systems’ protection against any assault that can be either physical or cyber-based

  • Unauthorized access/virus infections (have intext citations) 

One of the greatest threats to SCADA systems is unauthorized access, which can allow introduction of viruses or malware. An unauthorized breach can be perpetrated by means of phishing attacks, insider threats, or exploitation of published or known software vulnerabilities. 

Conclusion:

SCADA systems provide a means of monitoring and controlling critical infrastructure, but they are also very susceptible to cyberattacks and unauthorized access. Security of the SCADA systems relies on a combination of physical security, updated software, and monitoring for unauthorized access incidents or malware infections. Connections among infrastructure systems become more intertwined; thus, a proactive approach to the security of SCADA systems is needed to safeguard national security and public safety. 

References 

Electrical4u

SCADA System: What is it? (Supervisory Control and Data Acquisition) | Electrical4U 

AI Assignment: What to do with Cybersecurity??

 

Analysis of Optimal Placement for the Cybersecurity Department

Introduction:

In today’s digital landscape, cybersecurity is paramount for safeguarding a company’s assets, reputation, and operational integrity. As your publicly traded company embarks on establishing a cybersecurity program, determining the optimal organizational placement for the new department is crucial. This analysis evaluates the pros and cons of situating the cybersecurity department under four potential areas: Information Technology (IT), Finance, Operations, and direct reporting to the Chief Executive Officer (CEO).

1. Cybersecurity Department Under Information Technology (IT)

Pros

  1. Alignment with Technical Expertise:
    • IT departments possess the technical knowledge and infrastructure necessary for implementing and maintaining cybersecurity measures. Placing the cybersecurity team within IT ensures access to necessary resources and technical support.
  2. Streamlined Communication:
    • Cybersecurity often requires close collaboration with IT for tasks like network security, software updates, and incident response. Proximity facilitates quicker decision-making and efficient problem-solving.What happens if the necessary software updates and collaboration aren’t watching their systems and they could potentially get hacked?
  3. Integrated Strategy:
    • Embedding cybersecurity within IT allows for the integration of security protocols into the broader IT strategy, ensuring that security is considered in all technological initiatives.
  4. Resource Sharing:
    • Shared resources such as personnel, tools, and budgets can lead to cost efficiencies and better allocation of assets.

Cons

  1. Potential for Limited Autonomy:
    • IT departments may prioritize operational objectives over security needs, potentially leading to conflicts of interest and insufficient focus on cybersecurity.
  2. Perception of IT-Centric Security:
    • Positioning cybersecurity solely within IT might underrepresented its strategic importance to the entire organization, potentially limiting executive-level attention and support. How is positioning cybersecurity solely within IT, being a limited executive-level to attention and support?
  3. Risk of Silos:
    • Cybersecurity initiatives might become siloed within IT, hindering cross-departmental collaboration and comprehensive risk management across the organization.

2. Cybersecurity Department Under Finance

Pros

  1. Emphasis on Risk Management:
    • Finance departments are inherently focused on risk assessment and mitigation, aligning well with the objectives of cybersecurity in managing financial and operational risks.
  2. Budgetary Control:
    • Finance oversight can ensure that cybersecurity receives adequate funding and is considered a critical investment, rather than a cost center.
  3. Strategic Decision-Making:
    • Integrating cybersecurity with finance can facilitate strategic discussions on the financial implications of security measures and investments.
  4. Regulatory Compliance:
    • Finance departments are typically well-versed in regulatory requirements, aiding in ensuring that cybersecurity practices meet financial industry standards and compliance mandates.

Cons

  1. Lack of Technical Expertise:
    • Finance departments may lack the necessary technical understanding of cybersecurity, potentially leading to misaligned priorities and ineffective security strategies.
  2. Potential Disconnect from IT Operations:
    • Separating cybersecurity from IT can hinder collaboration and slow down the implementation of technical security measures.
  3. Limited Focus on Broader Security Issues:
    • Finance-centric cybersecurity may overly concentrate on financial data protection, neglecting other critical areas such as operational technology, intellectual property, and customer data.

 

Dear Boss, 

I believe that the Cybersecurity department should be located near good communication rangers for residents in the area and close for employees to drive to the workplace so it would be easy to report directly to the CEO. Here in Norfolk Virginia, we have a good area near the coast side of Virginia where everyone is close to the business. This will help Some pros and cons to this idea, are where the building will be close to our employees and has connections to other buildings nearby. Some cons to the concept are the limited focus on border Security due to use being far from the mainland and we might potentially be disconnected from IT Operations which can cause some miscommunication to far out employees. In conclusion, placing your Cybersecurity department near the Coast of Norfolk Virginia is a great idea for the company along with helping out some of their employees, despite some of the cons. 

From your trusted worker Charles Phillips