{"id":133,"date":"2024-09-25T16:21:05","date_gmt":"2024-09-25T16:21:05","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/cyberimpact1\/?page_id=133"},"modified":"2024-12-04T01:55:51","modified_gmt":"2024-12-04T01:55:51","slug":"it-cyse-200t-2","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/jlowm004\/it-cyse-200t-2\/","title":{"rendered":"IT\/CYSE 200T"},"content":{"rendered":"

Cybersecurity, Technology, and Society<\/h1>\n

 <\/p>\n

CIA Triad Write-Up<\/strong><\/h1>\n

Mikey Lowmack<\/p>\n

September 12, 2024<\/p>\n

The Definition and Explanation of the CIA Triad and its Importance<\/p>\n

The CIA Triad, a vital business model in cyber security, is built on three core principles: confidentiality, integrity, and availability. To avoid any confusion with the Central Intelligence Agency, it is also referred to as the AIC Triad. This distinction ensures clarity and precision in cybersecurity. <\/em><\/p>\n

Practical application of each principle of the CIA Triad in the real world with cybersecurity scenarios.<\/h2>\n

Confidentiality <\/strong><\/p>\n

    \n
  • The definition of confidentiality, the first pillar of the CIA Triad, is \u201cprevent sensitive information from unauthorized access attempts\u201d (Chai).<\/li>\n
  • For instance, data should be organized appropriately and encrypted properly (2FA). Also, file permissions for those authorized to file should be kept current. Additionally, using secure communication channels and implementing access controls are other ways to maintain confidentiality.<\/li>\n<\/ul>\n

    Integrity<\/strong><\/p>\n

      \n
    • Integrity, the second pillar of the CIA Triad, is all about maintaining data consistency, accuracy, and trustworthiness. This principle is crucial because data should not be susceptible to unauthorized changes, especially in transit.<\/li>\n
    • For instance, when backing up data and recovering software, it is vital to minimize human errors.<\/li>\n<\/ul>\n

      Availability <\/strong><\/p>\n

        \n
      • The definition of availability, the third pillar of the CIA Triad, is \u201cinformation that should be consistently and readily accessible for authorized parties\u201d (Chai). Availability is not just about making information accessible but also about the significant responsibility of maintaining systems, hardware, and technical infrastructure. It’s about ensuring the information is held and displayed to users when needed, a crucial aspect of cybersecurity.<\/li>\n
      • For instance, in the worst-case scenario of a disaster, such as a cyber-attack, the CIA Triad ensures that the system is resilient and can quickly recover. This could involve creating backup copies of data and storing them in secure, isolated locations with fire and waterproof safes. Another example could be using encryption to maintain data confidentiality during transmission.<\/li>\n<\/ul>\n

        Difference between Authentication and Authorization in the cybersecurity field.<\/h2>\n

        Authentication vs Authorization <\/strong><\/p>\n

          \n
        • Authentication is verifying a person, files, systems, and resources.<\/li>\n
        • Authorization verifies users’ identities and ensures what resources should be allowed and what passwords or sign-ins go with what sites.<\/li>\n<\/ul>\n

          Conclusion<\/h2>\n

          The CIA Triad, which stands for confidentiality, integrity, and availability, is a significant part of the cybersecurity principles. It\u2019s not the Central Intelligence Agency, also known as the CIA. There is also a difference between authentication and authorization. Authentication verifies who or what is allowed access, while authorization determines what or who is allowed access. Understanding and applying the CIA Triad is crucial in ensuring robust cybersecurity measures.<\/p>\n

          \n

          Work Cited<\/h3>\n

          Chai, Wesley. What Is the CIA Triad? Definition, Explanation, Examples<\/em>, 8 Sept. 2022, drive.google.com\/file\/d\/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l\/view.<\/p>\n

          SCADA Write-Up<\/strong><\/h1>\n

          Mikey Lowmack<\/p>\n

          October 20, 2024<\/p>\n

          The Vulnerabilities Associated with Infrastructure Systems and the Role of SCADA<\/p>\n

          The Supervisory Control and Data Acquisition system, also known as SCADA, is a crucial tool in controlling and managing infrastructure processes. These include water treatment, wind farms, gas pipelines, space stations, ships, and airports. The SCADA system operates by monitoring and controlling systems through components such as Human Machine Interfaces (HMIs), Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), and\u00a0communication infrastructure. The intricate web of interconnected automated processes, facilitated by SCADA, is a key factor in both creating and exposing vulnerabilities, due to the potential for a single breach to affect multiple systems.<\/em><\/p>\n

          The Vulnerabilities, issues, and threats associated with the infrastructure<\/h1>\n
            \n
          1. Legacy software: The SCADA system uses outdated software that doesn\u2019t implement the necessary security. This allows attackers to carry out varying forms and types of attacks against the system and its components.<\/li>\n
          2. Default configuration: According to Paganini, cyber attackers try to exploit systems still using the default settings, mainly if they use the default passwords, allowing attackers to compromise the device and other OT systems connected to\u00a0that same network.<\/li>\n
          3. Malware: As Paganini states, attackers design malware that can compromise industrial control systems (ICS) and interfaces, disrupting operations and exposing connected devices to other threats.<\/li>\n<\/ol>\n

            The role of the SCADA<\/h1>\n

            The SCADA system uses human operators\u2019\u00a0data that the supervisory system gathers about the process connected to RTUs. This helps convert the sensor’s signals to digital\u00a0and send them to the\u00a0supervisory system. The communication infrastructure connects to both the RTUs and the supervisory system. This allows the SCADA system to monitor\/control, alarm or notify, perform data redundancy and backups, advance security protocols, use training programs and support systems, and be integrated into modern technology to help mitigate risks.<\/p>\n

            Conclusion<\/h1>\n

            In conclusion, SCADA\u00a0is crucial\u00a0for controlling and managing infrastructure processes. This includes water treatment, wind farms, gas pipelines, space stations, ships, and airports, in which the SCADA system operates by monitoring and controlling systems throughout its components. These components are Human Machine Interfaces (HMIs), Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), and\u00a0communication infrastructure. The intricate web of interconnected, automated processes\u00a0facilitated by SCADA creates and exposes vulnerabilities, issues,\u00a0and threats like malware and attacks on systems using default configurations.<\/p>\n

             <\/p>\n

             <\/p>\n

            Work Cited<\/p>\n

            Paganini, P. (2020, July 15). SCADA & Security of critical infrastructures [updated 2020]<\/em>. Infosec. https:\/\/www.infosecinstitute.com\/resources\/scada-ics-security\/scada-security-of-critical-infrastructures\/#:~:text=Most%20common%20ICS%2FSCADA%20security%20issues%20and%20threats%201,…%208%20Command%20injection%20and%20parameters%20manipulation%20<\/p>\n

            Human Factor Write-Up<\/h1>\n

            Mikey Lowmack<\/p>\n

            November 17, 2024<\/p>\n

            Balancing a limited for Cybersecurity Technology and Training<\/strong><\/p>\n

            To balance a limited budget for cybersecurity technology and training facilities, the budget must be restricted\/limited equally, making them 50\/50 with their investments and funds. Also, the reasons for them being 50\/50 and what should be invested in.<\/em><\/p>\n

            Reasoning for budget<\/h1>\n