Cybersecurity, Technology, and Society

Students in IT/CYSE 200T will explore how technology is related to cybersecurity from an interdisciplinary orientation.  Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:

1. Describe how cyber technology creates opportunities for criminal behavior,
2. Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
3. Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
4. Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
5. Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
6. Describe the costs and benefits of producing secure cyber technologies,
7. Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
8. Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
9. Describe how cybersecurity produces ideas of progress and modernism.

Course Material

Students in this course have completed a number of activities including an reflection essay, weekly  technology and cybersecurity journal,  and several quizzes and exams. Below are write-ups that have been completed during the course.

Write up #1- The human factor in cybersecurity

Gideon Koomson

CYSE200T

November, 10, 2024

As a Chief Information Security Officer (CISO) with a limited budget, I’d have to make smart decisions about how to spend money on both employee training and cybersecurity tools. The goal is to keep the organization secure while getting the most out of the available funds. First, I’d assess the biggest security risks the company faces, like phishing attacks or malware. I’d also take a look at our current security systems to see if there are any weak spots. This would help me figure out where we need to spend money most.

Next, I’d focus on training employees, since human error is one of the main causes of security breaches. Training staff to recognize phishing emails, use strong passwords, and report suspicious activity is a cost-effective way to reduce risk. It’s often cheaper than buying new security tools, and it can have a big impact on overall safety.

At the same time, I’d make sure we have the right technology in place to protect against major threats. If we don’t already have strong protections against malware or phishing, I’d prioritize buying tools like endpoint security or email filters. These can stop attacks before they happen, keeping the company safer.

I’d also make sure we’re using our existing security tools to their full potential. Sometimes, systems are underused or not set up correctly. By reviewing and optimizing what we already have, I can improve security without spending extra money. Finally, security isn’t something that can be fixed once and forgotten. Both training and technology need regular updates. I’d schedule ongoing training and ensure our security systems stay updated with the latest patches and improvements.

In conclusion, with a limited budget, it’s important to balance employee training and the right technology. Training can reduce human error, while key security tools can block attacks before they happen. By focusing on these areas, I’d make sure the organization is protected without overspending.

Write up #2- The Cia Triad

Gideon Koomson

CYSE 200T

September 22, 2024

The CIA Triad is a basic idea in keeping information safe, made up of three key parts: Confidentiality, Integrity, and Availability. According to Wesley Chai’s article “Although elements of the triad are three of the most foundational and crucial cybersecurity needs, experts believe the CIA triad needs an upgrade to stay effective.” Confidentiality means keeping sensitive information private. An example of Confidentiality from Wesley Chai’s article is “requiring an account number or routing number when banking online.”

Integrity is about making sure information stays correct and hasn’t been changed. For instance, a bank checks that transaction details haven’t been altered. It’s crucial to have accurate information for making good decisions.

Availability ensures that people can access information when they need it. For example, a company might have backup servers, so their services keep running smoothly, even when there’s a lot of traffic. This helps avoid downtime and keeps everything working well. It’s also important to know the difference between authentication and authorization. Authentication is about checking who someone is. For example, when you log into your bank account with a username and password, the system confirms your identity. On the other hand, authorization decides what a verified user can do. After logging in, a bank might allow you to see your balance but not change your settings unless you have special permissions.

In a workplace, employees log in with their unique usernames and passwords. Once they are confirmed, their job roles determine what they can access. A regular worker might only be able to view documents, while a manager could edit and approve them. This clear separation helps keep the organization safe by ensuring that only the right people can access important information.

Write up #3- SCADA systems

Gideon Koomson

CYSE200T

October, 28, 2024

Critical infrastructure systems, like water treatment plants and power grids, are vital to our daily lives, but they face serious risks. As these systems connect more through Supervisory Control and Data Acquisition (SCADA) applications, understanding their vulnerabilities becomes essential.

One major threat is cyberattacks. Hackers can target SCADA systems to disrupt services or steal information. Common risks include unauthorized access and malware, especially since many systems use Internet Protocol (IP), making them more vulnerable (SCADA Systems).

Physical vulnerabilities also exist. Many components are easily accessible, making them targets for sabotage. While some SCADA systems have security measures, these aren’t always effective. Insider threats from employees can also pose risks, as they may make unauthorized changes.

Aging technology adds to the problem. Many systems rely on older infrastructure that lacks modern security features, increasing the chance of failures. Additionally, using different SCADA solutions can create communication issues, making it easier for attackers to exploit weaknesses.

Despite these challenges, SCADA systems play a key role in keeping critical services safe. They allow for real-time monitoring, enabling operators to quickly spot problems. For example, if there’s a sudden pressure change in a water pipe, alarms alert staff to act immediately, preventing bigger issues.

SCADA systems also collect data to identify trends and potential threats. By monitoring access patterns, they can detect suspicious activities. Plus, these systems are built with backups, so if one part fails, another can take over without service interruption. Access controls are crucial. SCADA systems use measures like multi-factor authentication to ensure only authorized people can make changes. They also employ security protocols like VPNs and firewalls to protect communication.

In conclusion, while critical infrastructure systems face serious vulnerabilities, SCADA applications help reduce these risks through monitoring, data analysis, and strong security measures. As threats grow, ongoing investment in these technologies is vital to protecting essential services (SCADA Systems).

Works cited

Chai, W. (2023). What is the CIA triad?: Definition from TechTarget. Retrieved from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA 

“SCADA Systems – SCADA Systems.” Www.scadasystems.net, www.scadasystems.net/.