Crispr, soft/hardware that allows for the possibility of gene editing, seems like it could have a number of positive impact the security of Crispr still has many questions. First I think that just messing around with genes, given how easy it is for software or hardware to go wrong, could have unsafe unintended consequences. The other thing is just the safety of Crispr based technology, you are giving away the very code to your being and it is more than likely being shared.

I would like start by discussing the base safety of this, in terms of the use of Crispr. From a very base perspective we do not know much about gene editing and I would stake a claim that it has not been done much, if at all, that alone should be scary enough. Essentially if you are editing the genes of a person, without complete knowledge, and there are any number of things that could go wrong. From a computer perspective, genes are essentially programs that are run when they are needed, containing statistical data that is used somewhat randomly to create a new organism. The biggest thing that makes this so chaotic and unsafe, is that by the nature of DNA itself, you are unable to completely control the outcomes. Mostly I think the outcomes would come in the way of genetic conditions that hinder a life form rather than increase it.

Recently Tik Tok has been on the tech news a fair amount, in the case against Tik Tok it is alleged that your information is collected. Right now an app can really only take your PPI and browsing data, as that is really all that you give it. Lets say that you use a software like crispr, what happens when that DNA record is then shared with another firm. It was determined that Cambridge Analytica was providing Facebook with money in exchange for personal information, this is a practice that is likely still going on but in the form of taking your information for advertisements. One of the DNA “track your ancestry websites” is able to get a copy of your DNA, anything from a Cyber Crime to just simply sharing your data has now put your data out there for anyone.

Pageof 3

ZOOM

CIA Triad: Key to Cybersecurity

Introduction
One of the main jobs of Cybersecurity is to protect data and make it available to the
authorized user(s), the basic principles of the CIA triad are important to that defense. The CIA
triad represents a number of different ideas that all pertain to the protection of data, from
accessing the data, to keeping it unadulterated. The “C” in CIA stands for confidentiality, a
concept that means making sure data is only accessible to the right person. Integrity, noted by the
“I” in CIA, involves keeping stored and protected data from being changed by unauthorized
parties. Data availability, or the ability for data to be available to authorized users, is the last part
of the CIA triad and represents the protection of access to data. One of the best ways to establish
a CIA triad in practice is to correctly administer authorization and authentication so that only
those users who are supposed to have access to data have access, while preventing unauthorized
users from gaining access. Using the CIA triad, along with proper identification of authorized
users, a cybersecurity professional is able to keep your data secure and available for access.
Confidentiality
The first part of any data protection involves keeping the data away from malicious users,
the word Confidentiality is used as a measure of the authorization of a user to data. As Welsey
from TechTarget defines confidentiality “Confidentiality means that only authorized
individuals/systems can view sensitive or classified information.” (Chai), basically it is the key
concept to the defense of data and the CIA triad. Imagine that confidentiality is the door man at a
building, only letting people that belong inside the building in, while rejecting outsiders. In the
example of an apartment building, the doorman defends the confidentiality of the building, he is
essentially the login screen that an authorized user would have no issue logging into. Normally in
a computer system there are also measures taken, outside of password and username, to keep
malicious users out. Back to the Apartment building, in order to keep people out the building has
a number of locks on the doors and windows, on the computer model the same thing is done with
encryption and firewalls. Confidentiality is the key element to any computer system, and the
proper use of it is used throughout the other elements of the CIA triad.
Integrity
Integrity represents one of the results of proper Confidentiality, the aim of this concept is
to keep information untampered with and unchanged. In the Apartment building, while the
doorman is defending the confidentiality of the various units, the purpose of the building itself is

to keep the state of apartments in a static condition, in this way the apartment itself is defending
the “Integrity” of the various apartments. Integrity pops up in a computer where important
information is stored, and the alteration of that information would be detrimental to the owner of
that data. Much in the same way that the doorman of the apartment might check to see that the
units inside the building are safe, a cybersecurity professional assures the state, or integrity of the
data that they are protecting.
Availability
With the first two parts of the CIA triad the goal was the protection of the data; the goal
of availability is that authorized users have access to the data whenever they need it. If a
computer system were to be set up with the information fully protected, but there was no way to
access the data, then that computer system is not helping anyone out. If the doorman of the
apartment does not let anyone access their apartments, then the confidentiality and integrity of
the apartments within serve no person and the lack of availability is detrimental to the patron.
Availability means that the user is able to access their data, and properly applied along with
confidentiality and integrity in the CIA triad, is crucial to any data driven computer system.
Authorization and Authentication
Authorization and authentication are the method by which the CIA gives confidentiality,
integrity, and availability of data. Together authorization and authentication are used to identify a
user, identify what that user has access to, and ensure an user ends up in the right part of the
computer system. While they work in tandem, the two concepts are actually different subjects
entirely. Authentication represents the method by which the user is identified, in order to accept
the right password for a system, the user accessing the system needs to be identified.
Authorization, on the other hand, represents the level of access that authentication of the user
allows. Using authentication the user logs into the system, once they are in the system the level
of authorization they have determines what, if any, parts of the data or system they can access. In
terms of confidentiality the user is then allowed access to the information based on their
authentication. The integrity of the system is then access based on the authorization the user has
access to, under the question of if the user should be able to alter that information. Lastly, with
the proper application of authorization and authentication, the user is then able to access the
available resources.
Conclusion
The CIA triad, along with authorization and authentication, gives users access to
information, knowledge that the information is retained safely, and gives access to that
information when the user needs it. Confidentiality measures the authentication of the user,

granting access based on those credentials. Integrity of the information is protected by only
allowing alteration of the data or system to those with the proper authorization. With
authentication and authorization properly applied, the user is assured availability to that
information. Authorization and authentication represent the level of access a user has and by
what information they are identified by the computer system. The knowledge of the CIA triad,
coupled with the correct use of authorization and authentication is the cornerstone of
Cybersecurity.
References
1. Chai, W. (2022, June 28th). What is the CIA Triad? Definition, Explanation, Examples.
TechTarget.com,
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view
2. The CIA Triad in Cryptography. (2021, Nov. 03) Retrieved from
https://www.geeksforgeeks.org/the-cia-triad-in-cryptography/
3. Authentication and Authorization. (n. d.) Retrieved from
https://www.onelogin.com/learn/authentication-vs-authorization#:~:text=Authentication
%20and%20authorization%20are%20two,authorization%20determines%20their%20acce
ss%20rights.

Before the invention, or application, of the open computer network, there was largely not much need to concern yourself with cybersecurity; in a closed system there is a very small chance of needing to have a secure network. These days you can not go very far without running into some cybersecurity threats, from Russia botnets to Chinese cyber spies, meaning that these days you can not have a computer system without having some measure of security. As with most things, a step-by-step approach to security is a great way to fight possible intrusions, this document offers a basic understanding of cyber terms and ideas, while presenting steps to stop these events from happening.

Section 1.

In this section we are introduced to the concepts and terms of cybersecurity. For anyone that is new to this, this provides some good insight into the processes that go into the topic of this paper. Even more than that the first section is a good starting point for the reading of this paper, simply because it offers an appendices.

Section 2.

This section is a better use for companies and professionals. First the paper goes over the steps in responding to a cyber attack. This is a good set of information because it breaks down the main steps it takes to fight a cyber attack. From Identifying the risk, to Recovering from the attack, this section would teach someone a good framework for combating security threats. Furthermore, the paper goes in to the different sections of the framework, identifying the steps that someone who have to take to meet the framework requirements, making the solutions that much easier to obtain. The next part of that sections talks about how prepared someone is for a cyber attack; the writer introduces the person reading to the tiers of cybersecurity, in each tier it details what actions from the framework are done to achieve each level. Using this section, a business owner or IT professional could figure out a good starting point for their own cybersecurity actions and structure.

Section 3, 4.

With the majority of the process of how to assess a cybersecurity risk and come up with a gameplan figured out, these two sections do an overview of how to implement the framework and assess implementation. While section 2 does an overview of the implications and details of the framework, section 3 is really where the document gets into usable information, breaking down how to use the framework. The third section goes through numerous steps of how to apply the framework, in detailed fashion without being too specific. Section 4 gives a good overlook at everything, while specifically talking about how to assess how good your framework for cybersecurity is, by the benchmarks section 2 gave us.

Overall

This document is either very useful or not very useful, really what it ends up doing is making a methodical approach to cybersecurity, but really only for someone completely new to the topic. While the information in the document is useful, its really rather broad for addressing specific issues. In the hands of someone who is familiar with cybersecurity, a skim through lets you see that what they talk about really come down to common sense; this disparity is usefulness is actually even further widened if that professional has already been through a hack. For those completely new to the ideas of cybersecurity this document really gets the ball rolling, its a little confused at how involved executives get with computers or IT (IT downsizing followed by the panic of realizing nothing works happens way to often), but it does offer the beginnings of solutions. If someone has not read this, and is going into IT or a systems job that puts them on the front line, then they should definitely read this and it contains a lot of great information.

As someone who has worked for a company that has gotten hacked, I would keep this on file to give to the upper management, and would likely use it as a basic learning tool; I would be worried otherwise of giving out too much information to people are unfamiliar with the terminology.