IT/CYSE 200T

Cybersecurity, Technology, and Society

Students in IT/CYSE 200T will explore how technology is related to cybersecurity from an interdisciplinary orientation.  Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:

  1. Describe how cyber technology creates opportunities for criminal behavior,
  2. Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
  3. Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
  4. Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
  5. Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
  6. Describe the costs and benefits of producing secure cyber technologies,
  7. Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
  8. Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
  9. Describe how cybersecurity produces ideas of progress and modernism.

Course Material

Write-Up: The CIA Triad

Demetrius Evans
CYSE 200T
February 16th 2025
Professor Duvall

The CIA Triad, Authentication, and Authorization

BLUF: The CIA (Confidentiality, Availability, Integrity) Triad is a checklist for I.T workers that creates better security.

The Triad

The C in the CIA triad stands for confidentiality, which means privacy of the data in company (Chai, 2022). Confidentiality is about securing data by limiting access to it (Fortinet, 2025). The other two components, integrity and availability, are both built around this central idea of security. Integrity is about ensuring your data is not tampered with by unauthorized people (Chai, 2022). Integrity makes sure your data remains trustworthy, reliable, and accurate (Fortinet, 2025). The last part of the triad, availability, makes sure that the appropriate parties can access or change your data (Chai, 2022). Availability is all about keeping data easily accessible to authorized parties only (Chai, 2022).

Authentication and Authorization

Authentication and authorization are two main components of availability. Authentication involves cataloging users and checking if they are who they claim (Okta, 2024). Biometrics, passwords, or pins are three examples of authentication (Okta, 2024). Authentication checks that the user has access to the requested data or resources (Okta, 2024). Authorization should require permission from the owner of the data to access it (Okta, 2024). An example of authentication and authorization would be trying to access Professor Duvall’s reading monitor. To access it, you first need to log into your google account and then your Canvas, this would be the authentication, then you would need to click on the reading monitor. If you are not logged into google using your school email, you will not have access to the monitor and either must request access or try again with your ODU email, which would be the authorization part of this example.

Conclusion

Overall, the CIA Triad, along with authentication and authorization, are the core components of cyber security. Together they provide a checklist to ensure the basic security of your data and resources.

Write-Up – SCADA Systems

Demetrius Evans
CYSE 200T
March 30th
Professor Duvall


SCADA Systems


BLUF: SCADA systems are used in many different industries today including critical
infrastructure. These systems, while useful, can be major cybersecurity risks if the proper security measures aren’t considered.


What is SCADA?


SCADA systems, also known as Supervisory Control and Data Acquisition, are industrial control systems used to manage infrastructure, industrial, and facility processes of critical infrastructure (SCADA, 2020). SCADA systems help control everything from air transportation to power generation and primarily act as coordinators in real time processes (SCADA, 2020). SCADA systems are defined as PCSs, or Process Control Systems, which are used to both monitor and control remote and local processes the use the site’s equipment or devices (Ryu et al. 2009). The main benefits of SCADA systems are their ability to increase efficiency, manage complex systems, and increasing reliability, but as time has gone on these systems have become more and more interconnected creating a major cybersecurity risk (Claroty, 2024).
Vulnerabilities of SCADA and Critical Infrastructure While SCADA systems are good tools for managing critical systems, they also come with major security risks. Firstly, many SCADA systems were designed and implemented decades ago meaning that they run on legacy software that was created for ease of access without any thought regarding security (Claroty, 2024).


Authentication is missing from many of these systems, meaning unauthorized access,
by hackers or otherwise, is a major concern (SCADA, 2020).
SCADA systems, falling under the category of OT rather than IT, have the
downside that many of the common IT security tools cannot be used due to the specific
hardware used by SCADA systems and the chance that these tools would interfere with
the effectiveness of the systems (Claroty, 2024). The last and biggest security concern
for SCADA systems is remote access. SCADA systems lack proper security when it
comes to remote access, with internal and third-parties sometimes needing to access
these systems remotely for maintenance or other issues, this creates new points of
entry for attackers (Claroty, 2024).


Best Protections for SCADA Systems


While SCADA systems have many vulnerabilities to exploit, leading experts in cybersecurity and critical infrastructure systems are constantly working on ways to make these systems more secure. The first step, generally, of securing these systems is increasing visibility and taking inventory and all devices, assets, and systems in the given critical infrastructure environment (Claroty, 2024). Having an inventory of assets allows for vulnerabilities to be discovered and monitored so that administrators can track threats and know where they will be coming from (Claroty, 2024). Integrating firewalls, VPNs, and physical security around hardware are also essential steps in reducing threat vectors (SCADA, 2020). VPNs and firewalls can make remote access more secure and prevent third parties from accessing data sent through remote access preventing malicious code from infecting the systems (SCADA, 2020). Physical security is essential, as if threat actors are able to access the physical hardware the entire system can be compromised (Brown, 2020). Customized security measures may also be necessary as traditional tools such as vulnerability scanners or IDSs (Intrusion Detection System) could interfere with the effectiveness of the SCADA system (Claroty, 2024).


Conclusion


While SCADA systems are great tools for critical infrastructure, there tend to be cyber risks associated with them that can be difficult to solve. Traditional IT tools may be ineffective which could warrant building custom security measures tailored around these systems. To solve the vulnerabilities with the remote access that many of these systems utilize, firewalls and VPNs are some of the easiest and best ways to keep out third party attackers, and when used with physical security, greatly increase operational
security.


Works Cited


SCADA Systems. (2020) “Using SCADA to Protect Critical Infrastructure and Systems”
https://docs.google.com/document/d/1VnMlL2YmcW5Jg4MdDa1dt5fJpmQM0KV
H/edit?tab=t.0
Claroty Team. (2024) “A Comprehensive Guide to SCADA Cybersecurity.” Claroty.com
https://claroty.com/blog/a-comprehensive-guide-to-scada
cybersecurity#:~:text=Legacy%20Systems%3A%20SCADA%20systems%20wer
e,them%20vulnerable%20to%20cyber%20attacks.
Ryu, D. Kim, H. Um, K. (2009) “Reducing security vulnerabilities for critical
infrastructure.” Journal of Loss Prevention in the Process Industries, Volume 22,
Issue 6, Pages 1020-1024, ISSN 0950-4230,
https://doi.org/10.1016/j.jlp.2009.07.015

Human Factor – Write Up

Demetrius Evans 

CYSE 200T 

April 22nd, 2025 

Professor Duvall 

The Human Factor of Cybersecurity  

BLUF: As the CISO of this company, our cyber prevention efforts should focus roughly 50% of our resources on virtual cyber prevention tools (firewalls, VPNs, intrusion detection systems, etc.), with the other 30% spent on employee cyber training, and the remaining 20% on physical security. 

Virtual Security 

The first priority for ensuring company security should be integrating the appropriate system security tools, such as firewalls to protect crucial systems. Intrusion detection systems should also be utilized to detect suspicious activity on company networks. Having access control for systems that relies on authorization and authentication is also a baseline need for virtual security, as this both protects the company from malicious outside threats as well as worker negligence, compliance, and malice (Alvas, 2023). Along with these tools, securing connections from employees working from home or internationally through tools such as VPNs is also critical for maintaining appropriate security. 

Physical Security 

Physical security is also important for maintaining data integrity. Having backups of critical data that can be stored in an offsite physical location is essential (Bourgeois, 2014). Securing these backup sites through physical measures such as keycard access, biometric scans for authorized individuals, and natural disaster protections against floods, earthquakes, or fires (depending on the location) are also steps that should be taken to ensure data safety. The company’s critical data should be backed up daily and stored separately from the data collected from worker computers, which should be considered non-critical data and can be backed up weekly (Bourgeois, 2014). Along with this, the company should hire security personnel to ensure that unauthorized individuals cannot enter company property and physically tamper with systems. 

Personal Training 

While virtual and physical security measures are important fundamentals for cybersecurity, personal training is just as crucial. White collar crime within companies is just as, if not more, likely now that most companies keep all of their critical data stored digitally (Payne, 2018). Disenfranchised or deviant employees can use the access granted to them to steal company data, sabotage systems, or sell customer information stored on company servers. Training personnel to be cautious and vigilant when clicking on links, executing software, or creating passwords helps to create an environment that is secure both from the inside and outside. Strong passwords and setting up two factor authentication should be the main talking points of training, as they are fairly simple, cost-effective ways to increase security. As well as this, training should emphasize being on the lookout for insider threats and explain who should be told if a worker sees another worker who may be trying to authorize data that they do not have access to. 

Conclusion 

With our budget for cybersecurity, virtual security should account for the majority of our spending, as without strong virtual security personnel training and physical security become obsolete. If attacks can easily access our systems from the outside, protecting against insider threats is not prioritized, and physical security is also null as attackers would have no need to tamper with physical systems. Personnel training should be the next priority, as protecting key data includes protecting from insider attacks as well as ensuring that employees are not accidentally compromising company systems by accident. Finally, physical security should be prioritized last, as it is fairly easy to implement, and physical threats would be less prevalent than virtual attacks. Overall, that is why we should spend 50% of our budget on virtual security, 30% on personnel training, and 20% on physical security. 

Works Cited 

Alvas, Itzik. 2023. “An insider threat vs. an outsider threat – Which is worse and why?” Entro.com https://entro.security/blog/an-insider-threat-vs-an-outsider-threat-which-is-worse-and-why/ 

 Bourgeois David. 2014. “Information Systems Security.” Information for Businesses and Beyond (6): https://ecampusontario.pressbooks.pub/infosysbus/chapter/chapter-6-information-systems-security/ 

Payne, Brian. 2018. “White-Collar Cybercrime: White-Collar Crime, Cybercrime, or Both?” Criminology, Criminal Justice, Law & Society 19 (3): 16–32. https://ccjls.scholasticahq.com/article/6329-white-collar-cybercrime-white-collar-crime-cybercrime-or-both