CYSE200T

These are some of my favorite assignments from the course. Thanks to the amazing Professor Kirkpatrick 🙂

DISCUSSION BOARD: Protecting Availability

The first thing I would do as a CISO for a company is to have multiple backup files and drives for all of our public and private data as we discussed today in class. Having a secure spot for the companies’s data is vital in protecting the company in case of a cyber threat or if we ever need to find old documents or data. The next thing I would do as the CISO of the company is have a contingency plan in case our companies or others that try to harm ours are at risk. For example, in the scenario the company is on the verge of bankruptcy, I would have a plan set where I, the employees, and third parties would be financially stable after the crisis. The last protection I would implement is hiring an elite cybersecurity team to protect our systems from potential threats or hackers. I would also have them directly report to me with any information the find inside and outside the companies’s walls.

 

Write-Up: The CIA Triad – Joshua Belk

  In this report, we discuss what the CIA Triad is, why it’s important in the cybersecurity world, and the many differences between authentication versus authorization. 

What is the CIA Triad?

  The CIA Triad is the supreme framework of the cybersecurity world, and the sole purpose of guiding, creating, innovating, and enforcing policies for the security of information held within an organization. Confidentiality, integrity, and availability are what the CIA strives for, and they ensure the security of organizations is protected. Confidentiality is set to limit information access from any threat or possible threat that may or will occur. This is necessary in an organization, as they don’t want their private information to be leaked, stolen, or put in the wrong hands, hence why this information is confidential. Integrity is like consistency. Everything must be maintained in a company. Calculations and information must be accurate and precise. There is no room for error in the organization, as the fate of the company lies in its integrity. Data may also not be altered or interfered with by unauthorized users. Breachers, for example. Lastly, availability entails that information should be accessible to authorized users or parties only. Proper maintenance is required to maintain the infrastructure of the information system. 

Why is it so important to us?

  This is so important to the cybersecurity world, that each letter in the CIA Triad represents the foundation of it. Confidentiality, integrity, and availability are widely considered to be the most important notions when it comes to information security, and the cyber world as a whole. These different principles help organizations understand how to protect themselves, provide better security, and refine policies. For example, when businesses analyze their necessities and use different cases for future products, services, and innovations, the triad assists them by putting their focus on how and what value is provided in the three main principles of the triad. 

Authentication v. Authorization

  Authentication and authorization are very similar, so it could be easy to get the two confused. However, this is important for not just companies, but for everyone to understand, utilize, and protect. First, let’s define the terms. Authentication is the process of validating the identity of a user, system, or application. It approves whether the user attempting to access the information is permitted to do so. This is usually determined by the approval of a correct username, password, or other identifications. For example, when I log in to my ODU MIAS account, I must provide my user identification and password to access my information. On the other hand, authorization is the step after authentication, in which the system approves, or denies accessibility to a specific resource based on the authenticated permissions set in place. It determines what commands a certain user is allowed to access. A great example of authentication and authorization being used at the same time is logging into your online banking app. When you log into your bank, you’re usually asked to enter your username and password for that account, as most services online do. After successfully logging in, the banking app authorizes you to do specific things, such as viewing your balances, transferring funds, and changing settings. 

 

Conclusion

  In conclusion, we discussed why the CIA triad is such an important principle in cybersecurity and information security and the differences between authentication and authorization. Confidentiality, integrity, and availability are the key foundations of security in organizations, people’s information, and the world. These principles serve as guidelines for how security should properly be handled and help us innovate and protect our information. 

 

Citations & References 

Chai, W. (2024, January 23). What is the CIA triad? definition, explanation, examples – techtarget.WhatIs.com. Retrieved September 15, 2022, fromhttps://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on

 

 

 

Discussion Board: The NIST Cybersecurity Framework

Some benefits different organizations can gain from using this framework are risk management cybersecurity maturity, common language, and communication skills. My favorite of the three mentioned is risk management, as many companies are looking for this. Organizations love this because it allows them to better understand what’s at risk and make critical decisions to prioritize and efficiently use resources based on the risk. Another important benefit(which is something we talked about in class today) is communication skills, as that is arguably one of the most important skills you can have not only in the field but in life. Companies need people who are good at communicating and innovating new ideas and plans. This also ties in with leadership. Lastly, I would use these frameworks at my future workplace with different assignments, planning, and of course, with my communication skills.