Cybersecurity, Technology, and Society

What benefit is the NIST Cybersecurity Framework, and how would you use it at your future workplace?

The NIST cybersecurity framework is made up of three things: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. These things allow a business to connect their business missions to cybersecurity. The framework also helps an organization benefit and be successful because it will help manage cybersecurity risks. No organization will have the same risks, and a good thing about the NIST framework is that it is broad enough to cover all types of unique risks that might occur. It is also beneficial to many different organizations no matter the size, country they are in, or previous experience with cybersecurity infrastructure. In my future I think it would be very useful to use the NIST framework at my workplace. I would use it to either build a cybersecurity program at the business, or use it to make the current cybersecurity program better. I would use it to find gaps in our program and use it to figure out how to close gaps in the systems. I think it is important to find weaknesses and make a plan to fix them. This is in the recover section of the framework. For example, if we notice an employee acting suspicious and staying in the office after hours it could be an insider threat. It is important to realize it and then we can use the NIST framework step of recovery to solve the issue. It is important to solve the issues in a timely manner and return to normal operations after the situation is resolved.

References:

“Framework for Improving Critical Infrastructure Cybersecurity.” National Institute of Standards and Technology, vol. 1, no. 1, 2018, pp. 1–20, doi:10.6028/NIST.CSWP.04162018ii.

The CIA Triad, and the Differences between Authentication & Authorization, including an example.

The CIA Triad

The CIA triad is a model made up of confidentiality, integrity, and availability that can guide an organization to keep its data safe. It allows the concepts to be linked, but also be easily contrasted to fit the needs of an organization.

The CIA Explained: Confidentiality is the way that data is restricted to only authorized users. Confidentiality can be done by making strong passwords, using two-factor authorization, like ODU uses, or something similar to a security token. These methods make it difficult for someone that is restricted from the data to access it. Integrity is the concept that focuses on information being altered or improperly modified. Fruhlinger’s CIA write-up states that the integrity of data can be changed both, “accidentally or maliciously” (Page 1). The integrity of data can be protected with included file permissions and version control.  Availability is the last portion of the triad and it refers to the data being available to the people that need it. For example, this means the data is always available and is not down due to attacks or the system not working properly.

Example: An example of the CIA triad model could be in data at Northwestern Memorial Hospital in Chicago, IL. In 2019, actor Jussie Smollett was admitted to the hospital. The nurses at that hospital, both helping and not helping Smollett, had access to the computer systems. With the data’s confidentiality, any nurse could log on to the system to view a patient’s profile. However, not every nurse had access to change the profile. The main issue was that the data was available to all Northwestern medical employees, when not all of those employees needed the access. The nurses that searched Smollett’s medical history were violating HIPAA. I believe that this is an example of the CIA because there was an issue with the confidentiality of information and the availability of it being too broad.

Authentication and Authorization

Authentication and authorization are two security processes to preotect against attacks.

Authentication: is how the system determines if the user is who they are claiming to be. It is like confidentiality and includes passwords, two-factor authentication, and things like security tokens. If these passwords match the data in the database, a user will be granted access to the data. 

Authorization: sounds similar to authentication, but it determines who has the right to certain data. If someone can log into the database it is determining what they can access. 

Examples: To put these two processes together I can relate it to logging into my ODU portal. For example, the authentication determines that I am myself logging in. I have to type in my user id, password, and use the two-factor authentication. Once I am logged in, I only have access to the student side of the portal. I can see my classes, my grades, and my dining hall balances. If I had access like a professor does, I could probably see much more information such as other student grades and their class schedules.

References:

IDG Communications, Inc., & Fruhlinger, J. (2020). The CIA triad: Definitions, components, and examples. https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view

You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

If I was the CISO for a publicly traded company I would use the following protections to ensure the availibility of my systems. First, one main threat to availability are distributed denial of service attacks. These attacks use botnets to overwhelm a server and make it crash. Therefore, one of my protections would be to buy more bandwidth. Having more bandwidth would mean the the attackers would have to send even more botnets before the system crashed. This solution would not stop the attacks, but it would reduce the likelyhood because the hacker would have to do double or triple the work. Another threat to availibilty happens because of port scanning. Port scanning is when a hacker scans a computer to see if there are open ports that the attacker can gain access through. There are lots of different port scans because a hacker can scan a computer in a handful of ways. In order to prevent port scans, as the CISO, I would implement a firewall. A firewall can help in a few ways. One way is if a firewall sees a port scan it can automatically shut it down. Also, a firewall can prevent access and visibilty of ports which would benefit and stop hackers from getting into the ports. Having a firewall and extra bandwidth are two protections I would take to ensure availibility of my systems.