Cybersecurity, Technology, and Society

Cybersecurity, Technology, and Society (CYSE200T) gave me a valuable experience that expanded my understanding of how cybersecurity is connected to wider societal issues. I was able to learn that cybersecurity is not just about defense and preventing breaches, but also cuts across cultural beliefs, politics, and ethics, which influence the ways we approach protection in the digital world.

This course taught me to think critically, not just about how to build secure systems but also about the social impact those systems have. One of the interesting parts of the course was exploring how cybercrime changes with technology and how efforts globally made to create security can sometimes lead to new ethical challenges.

Generally, the class strengthened my ability to think interdisciplinarily, an essential skill for anyone who wants to succeed in the cybersecurity field. where technology, law, ethics, and human behavior are always connected.

Course Material

“Short Arm” of Predictive Knowledge

Given the “short arm” of predictive knowledge, our approach to cyber-policy and infrastructure must be proactive, ethically grounded, and oriented towards longer-term human flourishing. We must design systems not just for what they can do today, but for what they might do tomorrow with a deep sense of moral responsibility for the future. Unlike traditional ethics, which centered on individual actions and immediate effects, we now need public policies that consider the collective, long-term impact of technological decisions. Jonas proposes a new imperative act so that your actions do not compromise the future of humanity.

In cyber policy, this means:

Embedding ethics into tech development
Prioritizing sustainability, human dignity, and global responsibility over short-term gains.
Planning for long-term consequences.

Ultimately, Jonas calls for a shift from reactive policy to proactive moral responsibility in shaping a future where technology serves, not endangers humanity.

As a student of cybersecurity, I have come to understand that technical expertise must be guided by a strong ethical foundation. My studies and reflections have led me to believe that cybersecurity is not merely about preventing breaches or defending systems—it is also about protecting humanity’s digital future. The philosopher Hans Jonas’s warning about the “short arm” of predictive knowledge has greatly influenced my thinking. He emphasizes that we cannot always foresee the long-term consequences of our technological actions, which compels us to act with caution and responsibility (Jonas, 1984). His work has encouraged me to adopt a forward-thinking and morally grounded approach to cyber policy.

Jonas’s imperative—to act so that the effects of our actions are compatible with the continued existence of meaningful human life—has become a guiding principle in how I think about technology. In cybersecurity, this means designing systems with an awareness of how they might evolve, how they might be misused, and how they will impact future generations. It also means embedding ethical reasoning directly into the development and implementation of technological systems (Jonas, 1984). This perspective has shifted my goals. I no longer see cybersecurity as only a defensive field, but as one that holds profound moral responsibilities.

Other scholars have helped shape this understanding. Luciano Floridi’s (2013) call for an “ethics of information” reinforces the idea that data and digital systems must be handled with respect for human dignity, privacy, and autonomy. David Guston’s (2014) concept of anticipatory governance has also inspired me to think beyond current threats and to imagine how today’s decisions shape tomorrow’s digital landscape. These thinkers have helped me realize that a responsible cybersecurity professional must not only react to problems but also anticipate and help prevent them with thoughtful, ethical planning.

Conclusion

My commitment to cybersecurity is driven by more than technical interest—it is fueled by a sense of moral duty. I aspire to be a part of the next generation of professionals who help shift cyber policy from reactive protection to proactive ethical leadership. By integrating Jonas’s imperative and the insights of scholars like Floridi and Guston into my work, I aim to ensure that technology serves the long-term interests of humanity. This is not only a professional ambition, but a personal calling that I am committed to fulfilling.

Works cited:

Floridi, L. (2013). The ethics of information. Oxford University Press.

Guston, D. H. (2014). Understanding ‘anticipatory governance’. Social Studies of Science, 44(2), 218–242. https://doi.org/10.1177/0306312713508669

Jonas, H. (1984). The imperative of responsibility: In search of an ethics for the technological age. University of Chicago Press.

Goodluck Ahusimiro
CYSE 200T
30 March, 2025
Professor Duvall

Vulnerabilities associated with critical infrastructure systems, and the role SCADA applications play in mitigating these risks.

BLUF: When considering critical infrastructure, we might think about airports, seaports, power grid, power plants, etc. The importance of protecting and securing this infrastructure is obvious.

Vulnerabilities in Critical Infrastructure Systems.

Critical infrastructure systems are interdependent and will influence each other. When providing services, they also depend on services offered by other systems. Due to the mutual correlation of critical infrastructure systems, vulnerability is transmitted between systems, resulting in vulnerability changes at various dimensions. Also, outdated systems, weak authentication and access control, human factors, and Denial-of-service (DOS) attacks can lead to vulnerability of critical infrastructure.

Role of SCADA in mitigating these risks.

SCADA architecture provides extensive visibility into process and data from essential incident command systems (ICS) components like pumps, valves, and transmitters. It enables the monitoring and control of automatic processes within the ICS. Through automation and supervisory control, SCADA allows for centralized management during critical situations without the need for direct access to the physical ICS components in question.

Conclusion: Given the critical nature of infrastructure systems and their interconnected vulnerabilities, implementing robust measures is essential. SCADA plays a crucial role in enhancing the resilience of these systems by providing real-time monitoring, automated control, and rapid incident response capabilities.

References

Alcaraz, C., & Zeadally, S. (2023). Vulnerability cloud: A novel approach to assess the vulnerability of critical infrastructure systems. Concurrency and Computation: Practice and Experience, e7131. https://doi.org/10.1002/cpe.7131
CyberPaul. (2020, December 6). Using SCADA to protect critical infrastructure and systems. ODU Cybersecurity Blog. https://sites.wp.odu.edu/cyberpaul/2020/12/06/using-scada-to-protect-critical-infrastructure-and-systems/

Goodluck Ahusimiro

CYSE 200T

Feb 14, 2025

Professor Duvall

CIA Triad

BLUF: The CIA Triad is a model designed for information security and policies that guide an organization. CIA stands for Confidentiality, Integrity, and Availability.

Confidentiality:

It is a set of rules that ensures sensitive information is accessible to only authorized individuals. Techniques like encryption, access controls, and authentication help maintain confidentiality.

Integrity:

It is the assurance that data is accurate and trustworthy. This prevents unauthorized modifications, deletions, or corruption of information. Techniques like hashing, checksums, and digital signatures help protect integrity.

Availability:

It ensures that information and data are readily available to authorized users when needed. This involves preventing disruptions such as cyberattacks, hardware failures, or natural disasters. Redundancy, backups, and robust network security help maintain availability.

The CIA Triad is fundamental to cybersecurity because it provides a clear framework for protecting information and systems. These three components, confidentiality, integrity, and availability, ensure that all data security is addressed. It is basic information that everyone should know to progress further in the field.

The difference between authentication and authorization.

Authentication verifies who you are; it confirms user identity by checking credentials, such as biometric data, passwords, and tokens. For example, employees in a company are required to authenticate through the network before accessing their company email.

Authorization determines who has the right to access the information. Authorization assigns permission and access rights to specific resources or actions. For example, after an employee successfully authenticates, the system determines what information the employees are allowed to access.

Conclusion:

The CIA Triad is essential because it provides vital security features, helps avoid compliance issues, ensures business continuity, and prevents reputational damage to the organization. They guide the development of security controls and compliance with regulatory standards, ensuring that organizations protect sensitive information while maintaining operational resilience.

References

Fortinet: Chai, Wesley. “What Is the CIA Triad and Why Is It Important?” Fortinet, 28 June 2022, https://www.fortinet.com/resources/cyberglossary/cia-triad.

GeeksforGeeks: “The CIA Triad in Cryptography.” GeeksforGeeks, n.d., https://www.geeksforgeeks.org/the cia-triad-in-cryptography/.

Website Security Store: “What Is the CIA Triad?” Website Security Store, n.d., https://websitesecuritystore.com/blog/what-is-the-cia-triad/.

Goodluck Ahusimiro

CYSE 200T

April 6, 2025

Professor Duvall

How to manage a limited budget between training and cybersecurity technology

BLUF: Balancing a minimal budget between training and cybersecurity technology is a common challenge, and getting it right is very crucial for building an effective security position.

This is how I would approach the allocation;

Prioritizing Training

People are the first line of defense. NIST recommends a focus on “People, Process, and
Technology in building cybersecurity resilience. So, I will use 60% of the funds on training people because the best cybersecurity tools can’t protect an organization if the people using them lack knowledge or make mistakes. Human errors remain one of the biggest security risks.
Investing more in training will ensure every staff member, from IT teams to end users,
understands how to recognize threats like phishing and adhere to secure practices and the proper use of security tools.

Then, I will use 40% of the funds to invest in core cybersecurity technology. Focusing on
foundational, cost-effective solutions with the highest ROI. While training empowers people, technology provides critical defense layers that can detect, prevent, and respond to threats in real-time. I will prioritize Endpoint protection (EDR\AV), Firewall & basic intrusion detection systems (IDS), Multi-Factor Authentication and Patch Management tools.

In conclusion, Cybersecurity is not just a tech issue; it involves people, processes, and technology issues. With a limited budget, investing in people will be the best long-term defense and ensure that any technology you do implement is used effectively.

Work cited:
National Institute of Standards and Technology (NIST). Framework for Improving Critical
Infrastructure Cybersecurity. Version 1.1, U.S. Department of Commerce, Apr. 2018,
www.nist.gov/cyberframework. Accessed 6 Apr. 2025.

Analysis of Cybersecurity Department Placement within the Organization

Introduction

As our organization embarks on establishing a new cybersecurity department, a key decision is determining its reporting structure. Various options are being considered, including Information Technology (IT), Finance, Operations, or direct reporting to the CEO. Each option has distinct advantages and drawbacks, which are analyzed below.

Option 1: Placement Under the IT Department

Pros:

Alignment with IT Infrastructure: Cybersecurity naturally intersects with IT functions, including network security, endpoint protection, and system monitoring.
Technical Expertise and Resources: IT professionals possess the necessary technical skills to implement and manage cybersecurity measures effectively.
Streamlined Communication: Having cybersecurity within IT ensures seamless coordination in addressing security threats and implementing policies.

Cons:

Potential Conflicts of Interest: IT departments may prioritize functionality and performance over security, leading to competing objectives.
Limited Business Oversight: A cybersecurity team within IT may not have direct visibility into enterprise-wide risks beyond IT systems.
Compliance and Governance Risks: Cybersecurity requires a broader risk management perspective, which may not be IT’s primary focus.

Option 2: Placement Under the Finance Department

Pros:

Risk and Compliance Alignment: Finance teams manage risk, compliance, and audits, which align closely with cybersecurity’s risk management role.
Stronger Regulatory Focus: Finance departments are accustomed to adhering to regulatory requirements, making them well-suited to oversee cybersecurity compliance efforts.
Emphasis on Business Impact: Cybersecurity decisions would be made with a clear understanding of financial implications and business continuity.

Cons:

Limited Technical Expertise: Finance teams may lack the technical background to effectively manage cybersecurity operations and incident response.
Potential for Slower Decision-Making: Financial oversight could introduce bureaucratic delays in responding to cybersecurity threats.
Operational Disconnect: Cybersecurity threats impact more than just financial assets, requiring broader oversight beyond finance.

Option 3: Placement Under the Operations Department

Pros:

Enterprise-Wide Risk Management: Cybersecurity threats affect operational processes, supply chain security, and overall business continuity.
Integration with Business Processes: Embedding cybersecurity in Operations ensures security considerations are integrated into daily workflows.
Focus on Incident Response and Resilience: Operations teams excel at crisis management, which aligns with cybersecurity’s need for swift response strategies.

Cons:

Lack of Technical Cybersecurity Expertise: Operations professionals may not have deep cybersecurity knowledge, requiring reliance on IT specialists.
Potential for Siloed Security Efforts: Cybersecurity risks extend beyond operations, requiring collaboration with IT, HR, and Finance.
Resource Allocation Challenges: Competing operational priorities may result in cybersecurity receiving insufficient attention or funding.

Option 4: Direct Reporting to the CEO

Pros:

Strategic Visibility and Authority: Direct reporting ensures cybersecurity is a board-level priority with executive support.
Enterprise-Wide Risk Management: The cybersecurity team can oversee risks across all departments without bias toward one specific function.
Faster Decision-Making: Executive oversight ensures quick responses to security threats and regulatory changes.

Cons:

Potential for Limited Technical Understanding at the Executive Level: The CEO may not have the cybersecurity expertise to provide effective oversight without dedicated advisory support.
Operational Challenges in Daily Management: A direct line to the CEO may bypass necessary technical and operational collaboration.
Resource Intensive: Establishing cybersecurity as a standalone executive function may require additional leadership roles and governance structures.

Conclusion & Recommendation

Each placement option presents distinct advantages and challenges. If the organization prioritizes strong technical alignment, housing cybersecurity under IT is logical. If regulatory compliance and financial risk are primary concerns, Finance may be a suitable choice. Operations placement ensures integration with business continuity, while direct CEO reporting provides strategic importance and independent oversight.

For a publicly traded company, direct reporting to the CEO or Finance department is often recommended due to cybersecurity’s increasing role in regulatory compliance, enterprise risk management, and board-level oversight. A hybrid approach—where cybersecurity maintains operational ties to IT and Operations while reporting to Finance or the CEO—may offer the most balanced solution.

Analytical Paper

4NONYMOU5 Team

CYSE200T

Professor Duvall

April 20, 2025

Group Members: Jaivon Doniel, William Albert, Clifford Osei, Goodluck Ahusimiro.

BLUF: Team 4Nonymou5 will deliver a classroom presentation on fundamental cybersecurity concepts, emphasizing the evolution of the field and strategies for mitigating vulnerabilities. This paper is intended to serve as an introductory resource for individuals with no prior experience in cybersecurity who wish to gain foundational knowledge.

Introduction

Cybersecurity relies on CIA Triad to protect data amid rising cyber attacks. In sector like healthcare and workplace, balancing innovation with ethical use is crucial. Future cyber policies must ensure responsibility and security in an increasingly digital world.

CIA Triad

Introduction

As I understand it, cybersecurity is not only an essential area in today’s society but also safeguards technology in a world where technology is used extensively. Another way this can be performed is by implementing the CIA Triad. Within cybersecurity, a company should always use the CIA Triad, which consists of three main principles: confidentiality, integrity, and availability. With this being said, we must also progress toward better technological preservation by acquiring more knowledge about the distinctions between authorization and authentication.

Confidentiality

Establishing confidentiality in a cyber firm is a must, as it helps to better verify that only permitted and qualified individuals have access to certain information while also keeping it hidden from those who are not. A more effective solution for handling this crucial component of the CIA Triad would be to encrypt the data so that only permitted and qualified individuals are allowed to see it. This way, only those with the key to the encryption may access the data, so you would not have just anyone accessing the information. Only those who are permitted can gain access.

Integrity

In continuation of the topic from the preceding paragraph, we are going to address integrity. The idea is to ensure that the data in the systems remains accurate and unmodified by individuals who are not authorized to do so. Better ways to implement integrity within cyberspace would be by using single hash functions or checksums to ensure your data remains unmodified throughout transmission. By executing this, your cyber organization will be closer to having better integrity.

Availability

As the final component of the CIA Triad, availability allows the information and data to be visible when authorized personnel try to access it. Even so, simpler methods to make this easier would be to set up redundant systems, for example, system backups and even network path duplication, which could help you restore your system’s network in the unlikely scenario of malfunctioning or becoming corrupted. Ensuring that the system will continue functioning or at least be restored after a disaster is vital to cyberspace. However, when discussing availability, it is critical to make sure that all files and data are accessible at all times, even in the event of network outages.

Authorization vs. Authentication

Authorization and Authentication are two important processes that can better help the all-around concept of the CIA Triad, but they are different in their own ways. Authentication plays a role in ensuring the person logging into any account is the person to whom the account belongs. It does this by verifying the username and password of the user logging in and searching the information within the database to confirm both are correct, leading to the one logging in gaining access to that account. That said, there are ways to improve the security around this action, such as two-factor Authentication, biometrics, and more. The other process, known as Authorization, is used to ensure that once the user is logged in, they are only logged in to that account and are only permitted to perform actions that that account is permitted to perform. For example, if you log into your ODU email, you can read and send your emails. However, you cannot automatically access all other emails connected to that same system partially because of this process.

Conclusion

In the end, when in the cyber field, I believe you have to understand and implement the CIA Triad while also making sure that within your company, you are aware of the differences between authorization and authentication, as they are both just as crucial to you cyberspace as they are important for better securing your data and even helps ensure safe access to the data within. We can work towards more secure practices by implementing these concepts and processes. As cyber-attacks become more dangerous, better security is needed within our systems.

CYBERATTACKS:

Cyberattacks refer to malicious acts by individuals or groups to breach, damage, or disrupt computer systems, data, or networks. Cyberattacks are usually performed by hackers, cybercriminals, or government agencies, and they typically attempt to steal secret information, disrupt operations, ransom, or spy. The targets of cyberattacks may range from individuals and private organizations to government bodies, and the reason for conducting such attacks can be financial, political, revenge, or simply the desire to cause chaos.

One of the most common types of cyberattacks is phishing. In a phishing attack, the criminal sends a spurious email or message that appears to be sent by a known source in an attempt to fool the recipient into divulging personal information such as passwords, banking details, or login credentials. Malware is another major threat and refers to malicious software. These include viruses, worms, trojans, and ransomware, all of which can attack a system to damage files, steal data, or allow hackers to take control of a device.Ransomware is an extremely malicious form of malware that encrypts the victim’s data and asks for payment in exchange for access. It normally spreads via phishing or downloading corrupted files. Denial of Service attacks, or DoS attacks, flood a website or web service with excessive traffic, making it inaccessible to users. When such attacks are from multiple sources at once, they are known as Distributed Denial of Service attacks, or DDoS.

Man-in-the-Middle attacks also entail a cyberthief redirecting communication between two parties covertly, normally in insecure networks, to steal or manipulate information being passed through. SQL injection is another method through which hackers use weaknesses within a website’s coding to introduce malicious SQL instructions in a database and hence achieve authorization to view or alter confidential data. Zero-day exploits take advantage of security weaknesses that the software makers or the world have not yet discovered. Because there is no patch or solution yet at the time of attack, these exploits can be highly destructive. Lastly, credential stuffing is a technique where attackers utilize stolen usernames and passwords stolen in breaches to try to access other accounts if people reuse credentials across numerous sites.

In conclusion, Cyberattacks are one of the dangers in the world of technology and that is why you should be careful when using an electronic device and always be aware of what you do.

Title: Cybersecurity in Healthcare

The health industry depends on cybersecurity to defend against the increasing number of cyberattacks. Healthcare organizations maintain extensive collections of sensitive patient data which include medical histories together with social security numbers and insurance details. The theft or compromise of patient data results in identity theft and fraud and damages public trust in medical facilities. The critical data remains protected through encryption and firewalls and multi-factor authentication systems.The protection of data through cybersecurity ensures that hospital systems together with medical devices operate both safely and efficiently. Ransomware attacks which block system access until payment is made can cause treatment delays and surgery cancellations and result in life-threatening situations. A robust cybersecurity plan requires data backup systems and system update procedures and incident response protocols to minimize service interruptions while maintaining patient care throughout cyberattacks.

The practice of cybersecurity includes training employees to identify phishing attacks and other mistakes which frequently result in security breaches. Healthcare organizations that establish awareness programs and preparedness protocols will achieve better protection against cyber threats.

The protection of patient information combined with trust maintenance and healthcare service continuity depends on cybersecurity measures.

Conclusion

The modern healthcare system depends heavily on cybersecurity for its proper functioning. The health industry needs to establish robust digital defenses because advanced cyber threats will continue to rise while protecting patient data and medical devices and maintaining uninterrupted essential services. Healthcare organizations that invest in cybersecurity tools and train their staff and prepare for potential attacks will enhance patient protection and maintain patient trust in their care services.

Cyber Technology in the Workplace: Balancing Innovation and Deviance

Introduction

Cyber Technology has transformed the workplace, enhancing communication, productivity, and flexibility. Yet, with these advancements comes the misuse of digital tools, notably cyberloafing, employees using work resources for personal tasks, undermining efficiency and security. This paper explores both the benefits and drawbacks of cyber technology, emphasizing the need for effective management strategies.

Benefits of Cyber Technology

Digital tools enable real-time communication, remote work, and global collaboration. Cloud systems and AI streamline processes, allowing employees to focus on strategic tasks. These technologies boost operational efficiency, flexibility, and innovation.

Challenges: Cyberloafing and Deviant Behavior

Cyberloafing, personal use of digital resources during work hours, reduces productivity, affects team morale, and increases cybersecurity risks. With remote work, oversight diminishes, blurring work-life boundaries and heightening vulnerability to data breaches.

Addressing the Issue

To mitigate misuse organizations should implement clear internet policies, provide cybersecurity training, and use monitoring tools with respect to privacy. Building a culture of accountability and realistic expectations also helps curb deviant behavior.

Conclusion

Cyber technology is a double-edged sword in the workplace. Its benefits are vast, but so are the risks if misused. Balancing innovation with responsible uses requires clear policies, thoughtful oversight, and a culture that promotes integrity.

Ethics, Responsibility, and the Future of Cyber Policy

Other scholars have helped shape this understanding. Luciano Floridi’s (2013) call for an “ethics of information” reinforces the idea that data and digital systems must be handled with respect for human dignity, privacy, and autonomy. David Guston’s (2014) concept of anticipatory governance has also inspired me to think beyond current threats and to imagine how today’s decisions shape tomorrow’s digital landscape. These thinkers have helped me realize that a responsible cybersecurity professional must not only react to problems, but also anticipate and help prevent them with thoughtful, ethical planning.

Conclusion

References:

Authentication and Authorization

Cilwerner. (n.d.). Authentication vs. Authorization – Microsoft Identity Platform. Microsoft Learn. https://learn.microsoft.com/en-us/entra/identity-platform/authentication-vs-authorizatio

OneLogin. (n.d.). Authentication vs. authorization: What’s the difference? https://www.onelogin.com/learn/authentication-vs-authorization

CIA Triad

Fortinet. (n.d.). What is the CIA triad and why is it important? https://www.fortinet.com/resources/cyberglossary/cia-triad

Rand, D., Sharma, S., Brumfield, C., & Constantin, L. (2025, February 14). What is the CIA triad? A principled framework for defining infosec policies. CSO Online. https://www.csoonline.com/article/568917/the-cia-triad-definition-components-and-examples.html

TechTarget. (n.d.). What is the CIA triad: Definition, explanation, examples [PDF]. Google Drive. https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view

Cyberattacks

IBM. (n.d.). Cyberattacks. https://www.ibm.com/think/topics/cyber-attack

Cybersecurity & Infrastructure Security Agency (CISA). (n.d.). Cyber threats and advisories. https://www.cisa.gov/topics/cyber-threats-and-advisories

CrowdStrike. (n.d.). Common types of cyberattacks. https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/common-cyberattacks/

Healthcare and Public Health Sector Coordinating Council. (2023). Health industry cybersecurity practices: Managing threats and protecting patients (2023 edition). U.S. Department of Health and Human Services. https://asprtracie.hhs.gov/technical-resources/resource/12200/health-industry-cybersecurity-practices-managing-threats-and-protecting-patients-hicp-2023-edition

Workplace Deviance

Li, J. (2024). Cyberloafing and job-related anxiety in remote work settings [Master’s dissertation, University of Edinburgh Business School]. University of Edinburgh. https://www.business-school.ed.ac.uk/collaborate/dissertation-executive-summaries/cyberloafing

McCarter, M., Harris, J., & Walker, S. (2016). UTSA study explores how to increase productivity by stopping cyberloafing. UTSA College of Business News. https://business.utsa.edu/news/2016/01/utsa-study-explores-increase-productivity-stopping-cyberloafing.html

Timsit, A. (2020, February 6). Cyberloafing: The line between rejuvenating and wasting time. BBC Worklife. https://www.bbc.com/worklife/article/20200206-cyberloafing-the-line-between-rejuvenating-and-wasting-time

Ethics, Responsibility, and the Future of Cyber Policy

Floridi, L. (2013). The ethics of information. Oxford University Press.

Guston, D. H. (2014). Understanding ‘anticipatory governance’. Social Studies of Science, 44(2), 218–242. https://doi.org/10.1177/0306312713508669

Jonas, H. (1984). The imperative of responsibility: In search of an ethics for the technological age. University of Chicago Press.

4NONYMOU5 Team CYSE200T Presentation

CYSE-200T-Presentation

goodluckahusimiro

IT/CYSE 200T

Cybersecurity, Technology, and Society

Course Material