Topic 1 — The CIA Triad
Definition
The CIA Triad, Confidentiality, Integrity, and Availability,is the foundational model for cybersecurity. It explains the three core goals security controls must protect: preventing unauthorized access (confidentiality), ensuring data is correct and unchanged (integrity), and keeping systems accessible when needed (availability).
Example
Major ransomware attacks, such as WannaCry, demonstrate how a single threat can disrupt all three components at once, locking users out (availability), corrupting files (integrity), and risking data exposure (confidentiality).
Mitigation Techniques
Mitigations include encryption, access controls, hashing, backups, redundancy, and incident response planning. The NIST CSF categories, Identify, Protect, Detect, Respond, Recover, offer a structured approach for strengthening each CIA pillar.
Connection to Next Topic
Most CIA failures are triggered not just by technology, but by people. Human mistakes can break confidentiality, integrity, or availability even when technical controls are strong.
Topic 2 — The Human Factor in Cybersecurity
Definition
The human factor refers to the psychological, behavioral, and social vulnerabilities that attackers exploit through phishing, social engineering, insider threats, and accidental error.
Example
As covered in readings on “Hacking Humans” and bio-cybersecurity, humans can be manipulated into giving attackers initial access. Sometimes even in high-security scientific environments. Real-world breaches often begin with a single user being deceived.
Mitigation Techniques
Effective strategies include multifactor authentication, continuous training, phishing simulations, user behavior monitoring, and reducing access permissions. Cultural reinforcement helps strengthen long-term resilience.
Connection to Next Topic
Because humans fail unpredictably, organizations must rely on frameworks like NIST CSF to provide structure, standardization, and consistent practices that compensate for inevitable human error.
Topic 3 — The NIST Cybersecurity Framework (CSF)
Definition
The NIST CSF is a national guideline used by organizations to identify risks, protect systems, detect threats, respond to incidents, and recover after disruptions. It acts as a blueprint for building comprehensive cybersecurity programs.
Example
Critical infrastructure sectors use the CSF to prevent incidents like SCADA compromises or failures similar to those discussed in the course readings. These sectors include energy, water, and healthcare.
Mitigation Techniques
CSF mitigations include asset inventories, patch management, network segmentation, monitoring tools, incident response procedures, and recovery planning. These ensure organizations are not just reactive but strategically prepared.
Integrative Connection
The CIA Triad defines what needs protecting; the human factor explains why breaches occur; and the NIST CSF provides a structured way to reduce both technical and human-based risks.
Philosophical Discussion — The Short Arm of Predictive Knowledge
Throughout the course, one major idea changed my view of cybersecurity: predictions are always limited. Even with threat intelligence, analytics, and frameworks, human behavior and system complexity make perfect forecasting impossible.
The CIA Triad assumes we can prevent violations, yet ransomware evolves faster than defenses. The human factor shows that predicting user mistakes is unreliable. Training reduces risk, but cannot eliminate it. The NIST CSF helps organizations anticipate threats, but unexpected vulnerabilities or zero-day exploits still arise.
Understanding these limits helped shift my perspective. Cybersecurity isn’t about stopping everything, but about preparing for uncertainty. Prediction may guide strategy, but resilience is what truly keeps systems secure.
Conclusion
Across the semester, I learned that cybersecurity is not solely technical, it is structural, behavioral, and philosophical. The CIA Triad clarified what we protect, the human factor revealed why breaches happen, and the NIST CSF demonstrated how organizations create consistent defenses. Through the lens of predictive knowledge, I recognized that uncertainty is permanent, and modern cybersecurity must prioritize resilience over perfect foresight.
References
Apache Software Foundation. (2021). Log4Shell Vulnerability: CVE-2021-44228 Technical Report.
National Institute of Standards and Technology. (2020). Framework for Improving Critical Infrastructure Cybersecurity.
Verizon. (2023). Data Breach Investigations Report.
WannaCry Ransomware Attack. (2017). MITRE CVE-2017-0144.
Appendix: Reasoning Notes
Reflection on Topics
When I first approached the CIA Triad, I thought of it as mainly a technical model. As I moved through the course, I realized how often the triad fails because of human decisions rather than system flaws. My thinking shifted especially during the Human Factor unit. What confused me at first was how unpredictable human behavior can be, but readings and examples helped clarify why training alone isn’t enough. The NIST CSF section tied everything together by showing how organizations structure defenses to compensate for both technical and human weaknesses.
What I Asked AI Tools
I asked the AI to help organize and clean up my writing, clarify definitions.
How I Used (or Chose Not to Use) AI
I used AI for rewriting support and structure but kept the content based on my own understanding of class material. I avoided using AI to generate references or course-specific examples.
What I Wrote Entirely on My Own
The main topic explanations, examples, philosophical section, and overall structure were written by me before AI editing.
Where I Changed or Rejected AI Suggestions
I removed overly formal or overly complex phrasing suggested by the AI, simplified transitions, and kept the explanations aligned with my own interpretations from the course instead of generic cybersecurity descriptions.