Hello! Here are a couple of my Write-Ups I did in CYSE 200T
Write Up – The Human Factor in Cybersecurity
Balancing the Tradeoff of Training and Additional Cybersecurity
Technology
As cybersecurity threats continue to increase, organizations must prioritize their limited funds
between investing in training for employees and implementing additional cybersecurity
technology. Balancing the tradeoff between these two areas requires a comprehensive approach
that takes into account the specific needs and risks of the organization. While additional
technology can provide an important layer of protection, training employees is critical to
reducing the likelihood of successful cyberattacks.
Assess the organization’s specific risks and needs
Before deciding how to allocate funds between training and additional technology, it is important
to assess the organization’s specific risks and needs. This should include a comprehensive review
of current cybersecurity measures, as well as an evaluation of any recent incidents or
vulnerabilities. This assessment should also take into account the organization’s size, industry,
and any regulatory requirements.
Evaluate the effectiveness of current cybersecurity technology
Once the organization’s risks and needs have been identified, the next step is to evaluate theeffectiveness of current cybersecurity technology. This should include an analysis of any gaps in
protection, as well as an assessment of the technology’s ability to adapt to new threats. This
evaluation will help determine whether additional technology is necessary or whether existing
solutions can be optimized.
Allocate funds based on risk and need
Once the organization’s risks, needs, and required level of training have been identified, it is time
to allocate funds between training and additional technology. This should be done based on the
relative risks and needs of the organization, with a focus on minimizing the likelihood and
impact of successful cyberattacks. In some cases, it may be necessary to prioritize training over
technology or vice versa, depending on the specific circumstances.
Conclusion
Balancing the tradeoff between training and additional cybersecurity technology requires a
comprehensive approach that takes into account the specific risks and needs of the organization.
While additional technology can provide an important layer of protection, training employees is
critical to reducing the likelihood of successful cyberattacks. By assessing the organization’s
risks and needs, evaluating the effectiveness of current technology, determining the required
level of training, and allocating funds based on risk and need, organizations can create a
balanced and effective cybersecurity strategy. Continuous evaluation and adjustment will help
ensure that the organization remains protected against evolving threats.
Cites scored:
https://inductiveautomation.com/resources/article/what-is-humanfactor-in-cybersecurity
Write-Up – SCADA Systems
Understanding SCADA Systems and Their Role in Mitigating
Vulnerabilities in Critical Infrastructure
The observation and management of crucial infrastructure systems require SCADA technology. These
fundamental assets could include electricity conduits, water refinement facilities or transportation
networks. Regardless though, these amenities are at risk from cyber attacks that have the potential to
lead to dire results (Inductive Automation,2021. To deter such threats whose vulnerability is known
through critical infrastructure system weaknesses alongside the application of SCADA tools in resolving
them leads us towards better safeguarding our imperative resources.
What are SCADA systems?
One way to remotely monitor and control critical infrastructure systems such as power grids, water
treatment plants, and transportation systems is through the use of Supervisory Control and Data
Acquisition (SCADA) systems. These types of control system use sensors or other measuring devices to
collect data from various remote locations that are then transmitted back to a central command center
for analysis using human-machine interfaces and programmable logic controllers among other storage
applications (Inductive Automation,2021). The information gathered by these SCADA tools can be used
further downstream towards decision-making processes with direct application into controlling an entire
infrastructural network’s backend operations without anyone having a presence.
Vulnerabilities of critical infrastructure systems
Critical infrastructure systems are vulnerable to a range of threats, including natural disasters, physical
attacks, and cyber attacks. Cyber attacks are particularly concerning as they can be carried out remotely, and their effects can be widespread and long-lasting. A successful cyber attack on a critical
infrastructure system can result in service disruptions, property damage, and even loss of life.
Cyber threats to SCADA systems
SCADA systems are particularly vulnerable to cyber attacks due to their reliance on interconnected
networks and the Internet of Things. SCADA systems often use legacy technology that may not have the
latest security features, making them easy targets for cybercriminals. Attackers can exploit
vulnerabilities in SCADA systems to gain unauthorized access, manipulate data, or cause physical
damage (Inductive Automation,2021.
Best practices for securing SCADA systems
To secure SCADA systems, it is essential to implement best practices such as limiting access to critical
systems, using strong passwords, and regularly updating software and hardware (Inductive
Automation,2021. Organizations should also conduct regular vulnerability assessments and penetration
testing to identify and address weaknesses in their SCADA systems.
Conclusion
Critical infrastructure systems are vital to the functioning of modern society, and it is essential to protect
them against cyber attacks. SCADA systems play a critical role in monitoring and controlling these
systems and mitigating risks. By implementing best practices and using advanced security features, we
can better protect our critical infrastructure systems and prevent potential consequences.
Cites scored:
https://inductiveautomation.com/resources/article/what-is-scada
Write-Up: The CIA Triad
CIA TRIAD
The CIA triad is a model for information security that describes the three main areas of concern
for security: Confidentiality, Integrity, and Availability.
What is the CIA Triad?
Confidentiality refers to the protection of sensitive information from unauthorized access or
disclosure. Integrity refers to the protection of information from unauthorized modification or
alteration. Availability refers to the assurance that information is accessible to authorized users
when they need it.
How is it used?
Authentication and authorization are related but distinct concepts in the field of computer
security. Authentication is the process of verifying a user’s identity. This can be done through a
variety of methods, such as a password, a fingerprint, or a security token. Authorization is the
process of granting or denying access to a particular resource, based on the user’s
authenticated identity and their associated roles or permissions.
Example
For example, a bank’s website may use authentication to verify a customer’s identity by
requiring a login and password. Once the customer is authenticated, the website uses
authorization to determine what account information the customer is allowed to view and
what actions they are allowed to take (e.g. view account balance, transfer funds, etc.) based on
the customer’s account status and privileges.
Cites scored:
https://inductiveautomation.com/resources/article/what-is-ciatriad