Describe the CIA Triad and the differences between Authentication & Authorization,
including an example.

The CIA Triad is a fundamental concept used in information security organizations with
three main principles: confidentiality, integrity, and authorization. Confidentiality in the CIA
triad can also be identified as privacy. The only person who can access the information
must be an authorized user. This ensures that the data is only accessible to someone who
needs it ensuring that the data is protected from unauthorized users. The principle of
integrity means that data is not altered. This ensures that the data is maintained and
consistent. Authorization means that information needs to be accessible to authorized
users at any point focusing on preventing unauthorized users from retrieving data (aka
hackers). Authentication is known as the process of selecting authorized users, essentially
making sure the person is who they say they are. Authorization is the process of ensuring
that the person who was authenticated has access to what they are authorized to see. An
example of authentication is biometric scanning such as using your face ID to unlock your
phone. An example of authorization is if a student is trying to access a specific webpage
dedicated to administrators and professors. Students will not be able to access the
webpage as they are not an authorized user.

During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats.  Now, put on your Chief Information Security Officer hat.  Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology?  That is, how would you allocate your limited funds?  Explain your reasoning.

It is extremely important as a Chief Information Security Officer (CISO) to protect and ensure that an organization’s cybersecurity infrastructure is well maintained. In order to maintain the infrastructure, the CISO needs to delegate where the funds are spent including training and technology used to protect the organization. If I were a CISO I would prioritize 55% of the organization’s funds towards the technology and 45% to training the employees about cybersecurity. The funds toward technology security will cover a cybersecurity defense. This includes, firewall protection, disaster recovery solutions, and an intrusion detection system. While this defense plan is necessary it is also crucial to teach employees the importance of cybersecurity. The training for employees will include a cybersecurity awareness program, phishing test emails, and special training for those necessary employees such as IT staff. Between the technology and specialized training this will ensure that we are doing everything within our power to protect our organization’s cybersecurity infrastructure. 

Exploring Attacks on Availability

An attack on availability is defined as a cyberattack that is intended to disrupt an organizations network, or system which in turn can deny access or data making it inaccessible to authorized users. These cyberattacks are known as an attack on “availability” as it causes issues with the availability principle of the CIA triangle. The core principle is known as the availability which refers to the access authorized users have.

An example of an attack on availability is a DDoS attack. A DDoS attack is a “Distributed Denial-of-Service” a cyber-attack that floods a server with internet traffic to prevent access to the system. A recent DDoS attack occurred at Microsoft disrupting cloud services for Azure and Microsoft 365. Microsoft has experienced a DDoS attack before and has implemented defense measures in order to protect Azure from future DDoS attacks. During this DDoS attack the defense system was activated however, due to an error in the implementation of the defense system the system amplified the attack rather than mitigating it. Microsoft admitted they were unsure as to how many people were disrupted by the attack but mitigated the issue shortly thereafter.

While DDoS attacks seem like they only cause a disruption to its user there are many more implications that comes from DDoS attacks. While a server is down an organization can face financial loss and damage to their reputation. If an organization suffers from a cyber attack and the attack succeeds in flooding the server to disrupt access the attack can also lead to data loss. If a customer’s data is lost during the process or exposed this can lead to a distrust of the organization.