CIA Triad
CIA Triad is a basic cyber security framework that makes sure that information systems
stay safe by enforcing three postulates:
1. Confidentiality – Prevent unauthorized hands from accessing sensitive information.
Precautions include:- control of access,encryption, and multi-factor authentications
(MFA).
2. Integrity – Makes sure that information is reliable and is what it is supposed to be.
Precautions include:- digital signs, and hashing function.
3. Availability – Makes sure that legitimate people can view information and programs
whenever there is need. Precautions include redundancy, failover servers, and recovery
plans.
Authorization vs. Authentication:
– Authorization says what is permitted to what guy after making sure that guy is legitimate
(e.g., what files or servers are accessed by what kind of role of guy).
– Authentication makes sure that you actually are what you pretend to be. It makes sure
that guy actually is what guy claims to be (e.g., using password, fingerprint, or MFA).
Example:
To view your bank website, you need to authenticate (enter username and password). After
authenticating, what can or can’t you do is controlled by authorization, i.e., view account
balances but can’t approve big transactions unless your role is admin.

Ethical Considerations of CRISPR Gene Editing

BioCybersecurity, which is the marriage of biology with cybersecurity, offers several ethical concerns worth discussing. Primarily among the ethical concerns is the matter of privacy. Since biological data, such as DNA and medical data, is incorporated in computer systems, the data are at risk of disclosure, misuse, or theft of personal data. This can result in discrimination, identity theft, or unwarranted monitoring. Moreover, increased use of biometric data for verification purposes or other uses can result in the loss of control by individuals over the ways in which their private data are stored, shared, or accessed, eroding autonomy.

Another basic ethical issue is the consent. With the increased application of bio-interfaces in cybersecurity, individuals may be unconsciously relinquishing consent for their biological data to be utilized in particular ways. Individuals may be required to give up their biological data for the purpose of authentication with no knowledge of the dangers. And whose biological data is it? Do we treat it as personal data or something more vulnerable to abuse?

There is also the possibility of weaponizing bio-cyber technologies, such as using biological data for creating bio-hacking tools or controlling biological systems in order to cause damage. This puts a spotlight on misuse, accountability, and the requirement for control in the area of bio-cybersecurity.

In short, while there exists tremendous bio-cybersecurity possibility in propelling technology ahead, it is equally fraught with real ethical concerns in the areas of privacy, consent, ownership of biological data, and possibility of malicious abuse. Solution of such matters necessitates thoughtful and reflective consideration to protect the rights and freedoms of the people in the context of emerging technology.

Protecting Availability

Since I am a CISO for a listed company, our system availability is most critical. In order to guarantee this, I would implement a multi-layer system that includes redundancy, disaster recovery planning, and threat monitoring ahead of time.

To begin with, I would have redundant systems and failover systems in order to minimize downtime. This would include load balancing across several data centers, using cloud-based infrastructure with auto-scaling capabilities, and having geographically distributed backup systems. With this, even if one system fails, operations can be easily shifted to another.

Second, I would establish a detailed disaster recovery (DR) and business continuity plan (BCP). Regular onsite and offsite backups would be required to recover vital data in the event of an outage or cyber attack. Additionally, routine DR drills ensure that the employees are aware of how to respond to interruptions.

Third, active monitoring and threat containment are critical. Having Security Information and Event Management (SIEM) systems and Artificial Intelligence-based anomaly detection would allow real-time monitoring of network traffic and potential threats. A separate Security Operations Center (SOC) would watch this to be able to respond in a timely manner to incidents.

Finally, employee training and awareness programs would be put in place to avoid human error, a primary source of security breaches. Phishing simulations and security best practice workshops held on a regular basis would reduce threats from social engineering attacks.

With these controls, I would ensure our systems are very available, protected against cyber attacks, and can conduct business processes with minimal downtime.