The ethical question raised about deepfakes is at what point do the deepfakes become hurtful and cause serious distress to the person being the victim of a deepfake. There is a line between a funny non hurtful deepfake and one that is created to cause pain. It needs to be determined the motive behind the creation of the deepfake. It’s also becoming harder to differentiate between what is real and fake. Is the deepfake designed to spread misinformation. I believe that there are more destructive and negative deepfakes compared to funny non hurtful ones. Deepfakes are increasingly more realistic and harder to identify.

SCADA Systems

Introduction

            In this write up I’m going to explore the vulnerabilities in the critical infrastructure of SCADA systems. I will be looking into the applications within the system to see what role it plays in the vulnerabilities. I’m going to discover if the applications do enough to secure themselves against their vulnerabilities. This should determine if SCADA systems are worth using.

Human Machine Interface

            Human Machine Interface (HMI) is used in the SCADA systems to allow a human operator to control the processes of the system.  HMI is linked to the diagnostic data, management data, and logistical data of a system. This allows operators to change the system from the HMI graphical interface. The operators can see everything that is happening from the HMI interface.

HMI Vulnerabilities

HMI has vulnerabilities in its’ authentication process and file path traversal. The authentication process is either lacking or nonexistent. This vulnerability increases the odds that an attacker can get into the systems. The attacker can extract files from the system by manipulating the filename parameter and affecting the file path (Silva, 2024). The lack of an authentication process leaves the system open to all attackers.

SCADA Systems Hardware

            The hardware used in the SCADA systems is a combination of SCADA and third-party hardware. The hardware must be monitored because it must be in its’ own facility. This is where the most vulnerabilities are present.

Hardware Vulnerabilities

            The vulnerabilities begin with the lack of security evaluations on the third-party hardware (Amos, 2022). There is no system currently in place to vet any hardware from a separate organization. The hardware itself has outlived its’ shelf life. Some systems haven’t updated to meet current security standards (Amos, 2022). The hardware has outdated software and there aren’t any regular patches in place to address this major security risk. The network security of these systems are also in need of modernization (Amos, 2022). The network infrastructure isn’t equipped to provide sufficient security against attackers.

In Conclusion

            SCADA systems aren’t equipped with current security measures or hardware. The security lacks the authentication process and is the most egregious of the vulnerabilities. The lack of an authentication process is a vulnerability that should’ve been already corrected. It doesn’t help that the hardware being used is out of date and has security vulnerabilities with third-party vendors. These applications don’t provide any security against their vulnerabilities. I don’t believe that SCADA systems are worth using given the amount of vulnerabilities present.

References

SCADA Systems. (n.d.). SCADA Systems. http://www.scadasystems.net

Silva, D. (2024, December 6). Major Vulnerabilities Found in Human Machine Interface [Review of Major Vulnerabilities Found in Human Machine Interface]. University of Hawaii – West O’hau. https://westoahu.hawaii.edu/cyber/ics-cybersecurity/ics-weekly-summaries/major-vulnerabilities-found-in-human-machine-interface/

‌Amos, Z. (2022). 9 SCADA System Vulnerabilities and How to Secure Them. Isa.org. https://gca.isa.org/blog/9-scada-system-vulnerabilities-and-how-to-secure-them

CIA Triad

Introduction

            The purpose of this write up is to describe the CIA Triad and determine the difference between authentication and authorization. The CIA Triad is important and by the conclusion of this write up the reasons for its’ importance will be explained. I will provide examples of authentication and authorization. I will also describe the difference between authentication and authorization.

The CIA Triad

            The CIA Triad is the core principles of cybersecurity consisting of Confidentiality, Integrity, and Availability. Confidentiality is keeping the private information and data of users safe and secure. Integrity is maintaining the security of data to prevent any alterations or breaches. Availability is providing access to the data to the appropriate users. These three principles form the cybersecurity model based on protecting data (Prakash, 2022).

Authentication vs Authorization

            Authentication is the process of verifying the user’s or system’s identity. Authentication is a cornerstone of digital security and is the first defense against unauthorized access (Team, 2024). There are many ways to authenticate a user. The most used are Single-Factor Authentication (username and password), Two-Factor Authentication (password and a separate code sent to the user), and Biometric Authentication (face scan and fingerprint scan). Authorization is the process of granting permissions to authorized users (Team, 2024). This means that having access to a system comes with restrictions based on what the user has permission to do within the system.

What is the difference?

            The difference is that authentication can authenticate a user, and authorization can grant permissions to the user. This means authentication will always come before authorization because to use a website or access information you must be allowed to have access. Even with access to a website or information depending on the permissions of the user the actions after gaining access can be restricted.

In Conclusion

            The CIA Triad is the model used in cybersecurity to maintain and protect the private information of users. Authentication can only authenticate a user to have access to information and authorization determines what the user can do once given access. This means that authentication will always come before authorization in determining who has access to the private information being protected.

References

Prakash, M. (2022, June 28). What is CIA triad? examples, components, importance & goals. knowledgehut. https://www.knowledgehut.com/blog/security/cia-in-cyber-security

Team, C. W. (2024a, September 27). What is authentication? – types, role & how it works!. Cyber Security News. https://cybersecuritynews.com/authentication/

Team, C. W. (2024b, September 30). What is authorization? definition, use case & models. Cyber Security News. https://cybersecuritynews.com/what-is-authorization/

Cybersecurity Budget

Introduction

            The purpose of this write-up is to determine if having a limited budget can provide sufficient training and implement cybersecurity technology. Cybersecurity is important and having qualified employees monitoring it is just as important. The effectiveness of a limited budget will be determined in the conclusion of this write-up. I will also explain my reasoning for how I would use the budget. For this write-up the budget for the training and cybersecurity technology will be $3,000.

The Training

            For this write-up, the budget is going to be applied towards in-house training. This means the company directly trains their employees. The type of training is an essential part of determining the training costs. The two options are bootcamps or shorter specialized training courses. The bootcamps are fast tracking the employees to develop their skills to be efficient in cybersecurity. The bootcamps can range from $2,500 to $20,000, and the more intensive bootcamps range from $10,000 to $17,000 (Cybercrim, 2025). The shorter specialized training can cost $2,500 to $4,500. The shorter specialized training could be more depending on which specialized training is being used.

The Technology

            To operate cybersecurity technology, it requires an initial investment of $115,00 to $300,000 (Team, 2025). The cost to maintain the technology ranges from $20,000 to $50,000. The overall cost to maintain the business could be $500,000 or more. The cost of the business revolves around the cost of the technology being used and the salaries of the team members. The needs of the business determine the cost to maintain the business.

The Budget

            Using the $3,000 budget I can train employees with the shorter specialized training. The purpose of the budget in this write-up was to portray a small business that has a small team. In my opinion, budgeting for cybersecurity training is essential for them. I would send one employee to the training and have that employee train his coworkers. In this scenario the budget was $3,000 for the training and technology and not for the entire business.

In Conclusion

            The limited budget of $3,000 is barely effective in managing the training and technology. The budget would have to be a loan from the bank. The loan just creates another expense that a business can’t afford to have. The cost of cybersecurity technology would be completely outside of the budget. The limited budget isn’t effective in cybersecurity and wouldn’t provide any sustainable result for the business.

References

CyberCrim. (2025). How Much Does Cyber Security Training Cost In 2025 [Review of How Much Does Cyber Security Training Cost In 2025]. CyberCrim. https://cybercrim.com/career/cyber-security-training-cost/ ‌Team, B. (2025, April 4). What Are the 9 Operating Costs of Cyber Security for Businesses? Business Plan Templates. https://businessplan-templates.com/blogs/running-costs/cyber-security

The five most serious violations are using copyrighted images, faking your identity online, illegal searches on the internet, collecting information on people younger than 13, and cyberbullying and trolling. These are the most serious because of the trouble someone would be in if they were arrested for any of these crimes. If someone uses a copyrighted image without the consent of the owner, the person has essentially stolen that image from the owner. Privacy on the internet is important, but there should never be a doubt about who you are. This is most common on social media, and it takes the place of aliases and fandom pages. Having an alias isn’t necessarily bad, but it needs to be understood that the account name isn’t your own. Fandom pages often have something in their bio stating that they aren’t impersonating but simply posting about the person that they’re a fan of. Illegal searches are an obvious one and that is because if you’re searching for something that is a threat to the overall safety of yourself and others, you will face the punishments. It goes without saying that any crime associated with minors is horrible. If it is discovered that someone has been collecting information from someone 13 years old or younger, they face an obvious and deserved lose-lose situation. It’s a lose-lose situation because if people discovered the gaining of information of minor for nefarious mean, then that person could be dealt with by society instead of the police. It’s understood that prisoners don’t take crimes against children or minors lightly because if your crimes were to be discovered, that persons’ life is essentially over. Cyberbullying and trolling are what most people have probably experienced in their life. In my opinion, there is a line between jokingly trolling and purposing being hurtful trolling. When someone jokingly trolls someone the intent isn’t to cause any pain and, in my experience, it is often done in friend groups. Those who troll or cyberbully without any consideration for others shows an extreme lack of awareness and depending on where the crime occurs or jurisdiction it falls under the repercussions could lead to prison.

This article delves into the possibility of allowing hackers to being compensated for identifying weak points in the system. This is done by bug bounties. The outcome described in this article is that hacklers operate more effectively when money or bounties are presented to them. This motivates the hackers to increase the number of vulnerability reports that are submitted. Having groups of hackers go into the private and public fields and identifying vulnerabilities allows for the cybersecurity to be upgraded and protected against hackers that would exploit those vulnerabilities. This increases the productivity of not only the hackers but the system being analyzed for vulnerabilities. The more money a hacker is provided for their services the better reports that will be submitted.

The two economic theories that I chose to apply to this letter are the Marxian economic theory and the Rational Choice theory. The Marxian economic theory is based upon those in power who exploit those who don’t have the power. In this article the hackers had the power to take private information for their own gain without the consideration of the people affected by the hacking. The rational choice theory is based on the belief that individuals and business make choices that best fit their interests. The two psychological theories that I chose to apply to this letter are Parsimony and Determinism. Parsimony is explaining what happened in the simplest way. The letter did this so the user can take the proper actions to protect themselves. Determinism is base3d on the belief that actions are dictated by preceding events. The preceding events in this letter were the hackers obtaining access to the private information and led to the user’s data being maliciously used.

Cybersecurity is such a huge field that the description of a cybersecurity analyst varies from organization to organization. The cybersecurity analyst is a job that requires monitoring 24/7 and shifts for beginners are often the graveyard shift. Cybersecurity analysts can be done everywhere, and certain locations offer different types of benefits. Some locations are in areas that are technology dense areas like New York City or in more rural areas like Atlanta, Georgia. The opportunities are nearly endless for beginners entering into the cybersecurity field. The field of cybersecurity is constantly evolving and as beginners gain experience and prove to be a valuable asset to the organization then you can ask for more money.                           

I do agree that social cybersecurity has become a very important part of everyday life. The reason it has become increasingly important to separate fact from fiction is because having the whole truth without personal bias has become nearly impossible. There is always some way to twist someone’s words or actions to fit the narrative being told. There are deepfakes of very important people saying or doing something that can ruin their lives. It has only gotten worse with the advancements made in artificial intelligence. The bias in social cybersecurity is most present in politics. This is because each party wants to paint the other as the bad guy and win the votes of the people. Social cybersecurity was created to prevent attacks against individuals or communities that threaten their privacy or security.

I scored a 1 on the Social Media Disorder scale. I feel that the items on the scale were the appropriate ones to use. I think that there are different patterns all over the world because everybody uses social media differently. There are some people that don’t use social media and there are some people that obsess over social media. I use social media to keep up with friends and see what they are doing. That’s how I use social media. I’ve met people that social media has completely taken over their lives and have no interest in interacting with the real world. It really depends on what the purpose of social media is to the user.

I believe that media plays a very important role in how we view hackers. This is because most of the time hackers are depicted as these twisted individuals that have to empathy or care about the effects their actions have on others. It’s mainly present in shows that handle crime like NCIS. While some shows do show that there can be hackers that work on the good side of the law, those aren’t displayed very often. The media spreads the negative side of hackers more than the positive side. This is because negativity spreads way faster than positivity on the internet. The media uses movies and T.V. shows to demonstrate how important cybersecurity is.

The first meme I created has the tagline “How the team feels preventing a security breach.”

The second meme I created has the tagline “When I lock in and fix a system vulnerability.”

The final meme I created has the tagline “The closer I am to the server the quicker I can fix it.”

All these memes have their own explanation. The first image shows a team jumping in the air. When an objective is achieved as a team it needs to be celebrated. The group is jumping as a sign of success. The second image shows a hacker focusing intently on his screens. The term “lock in” means to focus and he seems really focused on his screens. The final image shows a specialist holding a laptop next to the Operational Server racks. I chose to highlight how close he is standing to the server racks. While it is obvious that standing closer doesn’t indicate that the server will be quicker to fix. The idea that being closer speeds up the fixing process is funny but wildly unrealistic.