Students in\u00a0IT\/CYSE 200T\u00a0will explore how technology is related to cybersecurity from an interdisciplinary orientation.\u00a0 Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:<\/p>\n
Students in this course have completed a number of activities including an reflection essay, weekly technology and cybersecurity journal,\u00a0 and several quizzes and exams. Please include some of these artifacts on this page, particularly the reflection essay, explaining what you did and how these projects helped you engage with the outcomes listed above.<\/p>\n\n\n
Assignment 1.<\/strong><\/p>\n\n\n\n Bring Your Own Application (BYOA) Policy<\/p>\n\n\n\n \u2022 Applications must provide the capability to restrict and audit data sharing Assignment 2.<\/strong><\/p>\n\n\n\n SCADA systems write-up<\/p>\n\n\n\n SCADA systems, which stands for Supervisory Control and Data Acquisition, are super Assignment 3.<\/strong><\/p>\n\n\n\n The human factor in cybersecurity write-up<\/p>\n\n\n\n If I were the Chief Information Security Officer (CISO) and had to work with a limited budget to protect the company from cyber threats, I\u2019d need to find a smart balance between training employees and investing in cybersecurity technology. First, I\u2019d spend around 40% of the budget on training and awareness programs. This is because human error is one of the biggest reasons for data breaches, like when people fall for phishing scams or don\u2019t follow security rules. If employees are trained to spot threats and know how to react, it could prevent a lot of problems before they even start. Plus, ongoing training would help build a culture where everyone is more careful and aware of security risks.<\/p>\n\n\n\n Next, I\u2019d allocate about 50% of the budget to upgrading and maintaining strong cybersecurity technology. This would include things like firewalls, endpoint security software, and tools that use AI to help detect and respond to threats faster. Advanced tech can block attacks that employees might not notice, like malware or zero-day vulnerabilities. It\u2019s important to have tools that can protect the company on all fronts, especially if there are gaps in human oversight.<\/p>\n\n\n\n Finally, I\u2019d use the last 10% for incident response and monitoring. This would help make sure that if a breach does happen, the company can act quickly to reduce the damage. Having a plan for responding to incidents and possibly using managed security services would be a smart way to extend our response capabilities without needing to hire a lot of extra staff.<\/p>\n\n\n\n Overall, balancing these areas is important. Training helps prevent mistakes by teaching employees what to watch out for, while technology steps in to handle the more complex attacks. Together, this strategy would protect the company as much as possible with the resources available, making sure both people and tech play their parts in keeping us safe from cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":" Cybersecurity, Technology, and Society Students in\u00a0IT\/CYSE 200T\u00a0will explore how technology is related to cybersecurity from an interdisciplinary orientation.\u00a0 Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows: Describe how cyber technology creates opportunities for criminal… <\/p>\n
Purpose:
This Bring Your Own Application (BYOA) Policy aims to safeguard TechSolutions Inc.’s
information security by regulating the use of employee-installed applications on corporate
devices or within the corporate network. As employees bring third-party applications into
the workspace to increase productivity, these applications can present significant security
risks if not managed properly. This policy ensures the secure use of such applications
while maintaining business efficiency.<\/p>\n\n\n\n
Scope:
This policy applies to all employees, contractors, and temporary workers at TechSolutions
Inc. who access company networks, data, or systems, using personal or corporate
devices.<\/p>\n\n\n\n
Policy:
1. Application Approval Process:
\u2022 All third-party applications must be reviewed and approved by the IT
department before they can be installed or used within TechSolutions Inc.\u2019s
network.
\u2022 Employees must submit a request for application use through the corporate
service desk, detailing the purpose and functionality of the application.
\u2022 Unapproved or unsanctioned applications are strictly prohibited from being
installed on company devices or used to access company data.<\/p>\n\n\n\n
2. Security Evaluation:
\u2022 The IT security team will conduct a risk assessment of any new applications
requested to ensure they do not pose significant vulnerabilities or data
security threats.
\u2022 Applications must comply with company security standards, including
encryption, data privacy, and network access controls.<\/p>\n\n\n\n
3. Data Handling & Compliance:
\u2022 Applications that store, process, or transmit company data must ensure
compliance with data protection regulations (e.g., GDPR, CCPA).<\/p>\n<\/div><\/div>\n\n\n\n
between employees and external parties.<\/p>\n\n\n\n
4. Application Updates:
\u2022 Approved applications must be regularly updated to the latest version to
prevent security vulnerabilities.
\u2022 Employees will be responsible for ensuring applications are patched in line
with the company’s security update schedule.<\/p>\n\n\n\n
5. Revocation of Access:
\u2022 The IT department reserves the right to revoke access to or disable any third-
party application that poses a security risk or no longer meets the company\u2019s
security requirements.
\u2022 Failure to adhere to this policy will result in the immediate removal of the
offending application and may result in disciplinary action.<\/p>\n\n\n\n
6. Incident Reporting:
\u2022 If an employee suspects that a third-party application has led to a data
breach or security incident, they must immediately report it to the Incident
Response Team.
\u2022 The IT department will initiate an investigation and take appropriate steps to
contain and mitigate any risks.<\/p>\n\n\n\n
Enforcement:
Violations of this policy will be subject to disciplinary actions, up to and including
termination of employment. TechSolutions Inc. reserves the right to monitor, audit, and
remove any applications that conflict with organizational security policies.<\/p>\n\n\n\n
Effective Date:
This policy is effective as of 09\/26\/2024 and is subject to periodic review.<\/p>\n\n\n\n
Policy Owner:
Chief Information Security Officer (CISO)
TechSolutions Inc.<\/p>\n\n\n\n
important for running things like water treatment plants, gas pipelines, and power grids.
Basically, these systems allow operators to monitor and control all the different parts that
make up essential infrastructure, which keeps things working smoothly in our everyday
lives. But with all the benefits come some real risks. As SCADA systems have become
more connected to networks, they\u2019ve become more vulnerable to cyberattacks. If a hacker
gained access to a SCADA system, they could mess with crucial services, like electricity or
water, which could cause serious problems for a lot of people.<\/p>\n\n\n\n
A lot of these security issues come from the fact that many SCADA systems were designed
a while ago, before cybersecurity was as big of a priority as it is now. Some of these older
systems use outdated, proprietary communication protocols that don\u2019t have strong
security, which makes them easier targets for hackers. There\u2019s also a common
misconception that SCADA systems are safe just because they\u2019re separate from the
internet. But the reality is, there are plenty of ways that attackers could still gain access,
especially through local network connections or weak points in the system.
Despite these risks, SCADA systems actually play a huge role in reducing threats by
allowing operators to keep an eye on everything in one central place. These systems gather
data from all over from sensors and other monitoring devices called Remote Terminal
Units (RTUs) and Programmable Logic Controllers (PLCs) and store it in databases that
operators can check on through what\u2019s called the Human-Machine Interface (HMI).
Through the HMI, operators can view real-time information about the system\u2019s status and
receive alerts if anything goes wrong. For instance, if a pump isn\u2019t working right, the SCADA
system will notify the operator so they can fix it quickly. This setup helps operators catch
problems early before they get out of control.<\/p>\n\n\n\n
To make sure SCADA systems are protected, many include backup components, so the
system can keep running even if one part fails. For example, if a main server goes offline, a
backup can automatically take over, allowing operators to keep monitoring important
processes without any downtime. Modern SCADA systems also use communication
protocols like IEC 61850 and DNP3, which are standardized to improve security and make
it easier for SCADA systems to work with other equipment. By moving away from older,
proprietary protocols to these standardized ones, SCADA systems are generally more
secure and compatible.<\/p>\n\n\n\n
Even with these protections, there are still some challenges. Older protocols like Modbus
RTU don\u2019t come with built-in security features, so operators have to be extra careful with
things like passwords and network configurations. Because SCADA systems today are
more connected through wide-area networks (WAN) and use protocols like TCP\/IP, it\u2019s easier for attackers to find weak points if the system isn\u2019t carefully secured. This is why
using firewalls and VPNs is really important. Insider threats are also a risk since anyone
with access to SCADA controls could accidentally or intentionally cause disruptions.
In the end, SCADA systems are incredibly important for keeping critical infrastructure safe
and functional. They give operators the ability to control things remotely, monitor
processes in real-time, and get alerts when something isn\u2019t right. Even though there are
vulnerabilities, SCADA systems can be highly secure if they\u2019re kept up-to-date and
properly managed. As cyber threats continue to evolve, it\u2019s essential that SCADA systems
are protected to avoid any disruptions to the critical services we all rely on.<\/p>\n\n\n\n