{"id":274,"date":"2025-09-09T21:29:06","date_gmt":"2025-09-09T21:29:06","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/?page_id=274"},"modified":"2025-11-22T17:10:31","modified_gmt":"2025-11-22T17:10:31","slug":"write-ups","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/write-ups\/","title":{"rendered":"Write-Ups"},"content":{"rendered":"\n

The Importance of CIA in Cybersecurity<\/em><\/strong><\/p>\n\n\n\n

What is the CIA triad?<\/strong><\/p>\n\n\n\n

The CIA triad is a model designed to guide policies for information security inside an organization (Chai, 2022). The acronym CIA stands for Confidentiality, Integrity, and Availability.<\/p>\n\n\n\n

Confidentiality refers to privacy, or the protection of data from unauthorized access. Integrity is ensuring that data remains unchanged by unauthorized users, and that data remains the same moving from point A to point B. Finally, availability is the ability of authorized users to easily access the data whenever desired. (Chai, 2022).<\/p>\n\n\n\n

What are some ways the CIA triad is applied?<\/strong><\/p>\n\n\n\n

Confidentiality can be enforced with techniques meant to ensure only authorized users gain access to their data. This can include tools such as two-factor authentication, biometric authentication, and even passkeys. (Chai, 2022).<\/p>\n\n\n\n

Integrity can be maintained by changing the editing permissions on information so that only authorized users can make changes, as well as data backups to prevent data loss in the case of an emergency. (Chai, 2022).<\/p>\n\n\n\n

Availability can be protected by ensuring that operating systems run smoothly and are up to date, keeping up with regular updates and maintenance on software systems, and by maintaining hardware. (Chai, 2022).<\/p>\n\n\n\n

The difference between authentication and authorization<\/strong><\/p>\n\n\n\n

Authentication is the act of verifying the identity of a user, while authorization refers to the resources a user is allowed to access, and what permissions they have to perform on or in the resource. (GeeksforGeeks. (2025, August 28). Authentication vs authorization<\/em>. https:\/\/www.geeksforgeeks.org\/computer-networks\/difference-between-authentication-and-authorization\/).<\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

In conclusion, the CIA triad is an essential model used to guide organizations regarding their information security. The model is composed of three parts: Confidentiality, Integrity, and accessibility. Each pillar of the model provides important information on how, and what to protect when it comes to securing data.<\/p>\n\n\n\n

Authorization and authentication are two terms that might be commonly confused. Authorization comes after authentication, and deals with the access users have to certain tools, and what users are permitted to do in those tools. Authentication is the process of ensuring a user is who they say they are by using a variety of security measures. (GeeksforGeeks. (2025, August 28). Authentication vs authorization<\/em>. https:\/\/www.geeksforgeeks.org\/computer-networks\/difference-between-authentication-and-authorization\/)<\/p>\n\n\n\n

Critical Infrastructure Systems and Their Vulnerabilities<\/em><\/strong><\/p>\n\n\n\n

What is a critical infrastructure system?<\/strong><\/p>\n\n\n\n

According to CISA.gov, a critical infrastructure system is an infrastructure system that is vital to the security, economy, public health, and or public safety of a country. These infrastructure systems are made up of individual assets that work together as an integrated system (CISA.gov, n.d.). Some examples of these systems may include water processing plants, energy plants, and public transportation systems. SCADA (supervisory control and data acquisition) refers to the systems used to control infrastructure processes (scadasystems.net, n.d.).<\/p>\n\n\n\n

Vulnerabilities in Critical Infrastructure Systems<\/strong><\/p>\n\n\n\n

Because the majority of critical infrastructure systems are interconnected and rely heavily on the functionality of other systems to work properly, if one system is compromised then the rest are at risk, which can have devastating effects on the health, safety and functioning of society.<\/p>\n\n\n\n

For example, in 2008 the Stuxnet worm compromised industrial control systems and caused centrifuges to fail at an Iranian nuclear material enrichment facility, causing physical damage and costing Iran a considerable amount of money. The worm was developed to cause the centrifuges to fail, while the SCADA systems continued to show that they were operating normally. (cfr.org, n.d.)<\/p>\n\n\n\n

Modern technology increasing convenience and vulnerability<\/strong><\/p>\n\n\n\n

With the advent of modern technology more and more critical infrastructure systems management have adopted PLC\u2019s (programmable logic controllers) that have embedded websites and are accessed on site through a web browser (Stewart, 2024). While having control systems accessed via devices such as computers and tablets adds a layer of convenience, the connection of the systems to the web is an obvious vulnerability that could be exploited.<\/p>\n\n\n\n

The role of SCADA in decreasing vulnerability and risk<\/strong><\/p>\n\n\n\n

As the centralized system that maintains control and monitors the entire infrastructure site, the SCADA system holds an important role in decreasing vulnerability and risk. The SCADA systems provide an overview of the entire infrastructure site, and as such act as an integral tool in pinpointing vulnerabilities and issues. The entire system must be hardened to ensure that bad actors are unable to infiltrate the system, or manipulate the system into showing false readings. In addition, SCADA systems must be able to detect when an anomaly occurs, even one caused by a cyber-threat.<\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

Critical infrastructure systems are systems which are essential to the everyday functioning of our society, and as such, are high priority for security. If a critical infrastructure system were successfully targeted and attacked, the effects could be devastating. Health, transportation, energy, and even the environment could see negative impacts from an attack.<\/p>\n\n\n\n

Because of this, it is incredibly important that these critical infrastructure systems are hardened and protected. One key factor in the security of these systems is SCADA, which provides detailed information on the functionality of a system to system operators. The SCADA system itself must remain secure so that vulnerabilities cannot be exploited.<\/p>\n\n\n\n

Sources:<\/strong><\/p>\n\n\n\n

Council on Foreign Relations. (n.d.). Connect the dots on state-sponsored cyber incidents – stuxnet<\/em>. Council on Foreign Relations. https:\/\/www.cfr.org\/cyber-operations\/stuxnet<\/p>\n\n\n\n

Critical Infrastructure Systems are vulnerable to a new kind of cyberattack<\/em>. College of Engineering. (n.d.). https:\/\/coe.gatech.edu\/news\/2024\/02\/critical-infrastructure-systems-are-vulnerable-new-kind-cyberattack<\/p>\n\n\n\n

Critical Infrastructure Systems: CISA<\/em>. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). https:\/\/www-cisa-gov.translate.goog\/topics\/critical-infrastructure-security-and-resilience\/resilience-services\/infrastructure-dependency-primer\/learn\/critical-infrastructure-systems?_x_tr_sl=en&_x_tr_tl=id&_x_tr_hl=id&_x_tr_pto=tc<\/p>\n\n\n\n

SCADA systems<\/em>. SCADA Systems. (n.d.). https:\/\/www.scadasystems.net\/<\/p>\n\n\n\n

Balancing Technology and Human Factors in Cybersecurity<\/em><\/strong><\/p>\n\n\n\n

Allocation of Cybersecurity Funds<\/strong><\/p>\n\n\n\n

When working with a limited budget as a Chief Information Security Officer, it is essential to balance cybersecurity technology and employee security training. An effective approach might involve utilizing funds to first acquire a basic set of cybersecurity software tools (such as VPNs, and two-factor authentication), then allocating an appropriate amount of funding for personnel training. Any leftover funds can be used to purchase additional cybersecurity software or hardware.<\/p>\n\n\n\n

Most Common Tactics Used by Hackers<\/strong><\/p>\n\n\n\n

Surveys show that phishing is the most effective form of cybersecurity attack, and that a majority of hackers will utilize social engineering first before resorting to technology vulnerabilities. (Isik, 2025). With this in mind, it\u2019s crucial to focus efforts on training employees about risks, and to improve everyday cyber hygiene.<\/p>\n\n\n\n

Cybersecurity Decisions Based on Available Budget<\/strong><\/p>\n\n\n\n

If an initial amount of money is spent on basic cybersecurity software, the rest of the funds are then opened up to be able to use for training purposes. However, this strategy is only applicable given the budget allows for both training and software purchases. In the case that a budget would not allow for at least minimal software purchases as well as training, training should take priority.<\/p>\n\n\n\n

The Benefits of Focusing on Human Factors in Cybersecurity<\/strong><\/p>\n\n\n\n

When personnel are appropriately trained and are aware of security risks and best practices, as well as the potential consequences of failing to follow cyber hygiene best-practices, the efforts can be just as effective as implementing software.<\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

In summary, the most common vulnerabilities that are exploited stem from human factors and social engineering. Because of this, when a budget allows for both software purchases as well as personnel training, I believe the funds should first be allocated to basic software, and then to training of employees. In cases where funds are incredibly limited, the money might have the most impact when used for cybersecurity training.<\/p>\n\n\n\n

Sources:<\/strong><\/p>\n\n\n\n

I\u015f\u0131k, \u00d6. (2025, June 11). Employee training, not technology, is companies\u2019 biggest cybersecurity gap – I by Imd<\/em>. IMD business school for management and leadership courses. https:\/\/www.imd.org\/ibyimd\/human-resources\/employee-training-not-technology-is-companies-biggest-cybersecurity-gap\/<\/p>\n","protected":false},"excerpt":{"rendered":"

The Importance of CIA in Cybersecurity What is the CIA triad? The CIA triad is a model designed to guide policies for information security inside an organization (Chai, 2022). The acronym CIA stands for Confidentiality, Integrity, and Availability. Confidentiality refers to privacy, or the protection of data from unauthorized access. Integrity is ensuring that data remains unchanged by unauthorized users,… Read more →<\/a><\/p>\n","protected":false},"author":31162,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/pages\/274"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/users\/31162"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/comments?post=274"}],"version-history":[{"count":4,"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/pages\/274\/revisions"}],"predecessor-version":[{"id":351,"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/pages\/274\/revisions\/351"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/eportfolio-michelle-zimmer\/wp-json\/wp\/v2\/media?parent=274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}