The Importance of the Human Factor

October 26, 2025November 18, 2025 kfors002 CYSE 200, Write-Ups

Introduction
The tools we implement are only as good as the people behind the tools. Without
the proper training of different departments, the business isn’t able to be protected to
the fullest potential, which is the security department’s goal. Just as home security
means nothing if the front door is open, an information security department can only be
as effective and efficient as the employees who utilize it. “Investing in people is just as
critical as investing in technology,” because if the people are neglected, that means the
business is as well (AIM, 2024).
The Strategy
With limited funds, it is important that resources are used to their fullest potential,
which includes the people. When it comes to training, it should cover people in all
sectors of the business, or else it will leave potential risk to overall security. Having only
the security department be aware of the proper methods to reduce human error will not
reduce any risk. There is also a “cost of ignoring these training needs,” so when
implementing a security defense, the priority is to enact department training that informs
teams of proper everyday protocols that allow protecting the systems and awareness of
what attacks can look like (AIM, 2024).
The line of defense includes every person who works with the business’s
systems and thus must be knowledgeable of the “culture of cybersecurity
awareness”(AIM, 2024). Housekeeping is essential, making sure that employees are
updating passwords and logging off can be the first steps to increasing the protection of
information systems around the office. Especially with more people who are working
from home. Another benefit of training all business departments is by testing and
demonstrating what phishing and scam attacks are, so that they can effectively report
them and decrease vulnerability.
Conclusion
When it comes to implementing additional cybersecurity or enforcing training
while on a limited budget, the priority is employee training. Human factors are a part of
security and will always be, no matter the systems implemented. The investment in the
people who work under the business will help security in reducing risk and bringing
overall awareness of potential cyber attacks, allowing everyone to be on the same page
when it comes to working with technology.

References
The Australian Institute of Management. (2024, October 15). The human factor in
cybersecurity: The impact of training. Australian Institute of
Management (AIM).
https://www.aim.com.au/blog/the-human-factor-in-cybersecurity

CIS with SCADA System

October 12, 2025November 18, 2025 kfors002 CYSE 200, Write-Ups CYSE 200, Write Ups

Introduction
Critical infrastructure systems, CIS, are important as they control the operation of public
safety and health; an attack on any of these operating systems could cause disaster. Due to the
value of these systems, they are prone to attacks of all kinds from individuals seeking to exploit
their extensive information or cause significant disruption. Which is why it is just as important to
secure these systems to “protect the public and national security” (Minin, 2020).
Vulnerabilities
The transition to updated systems is still ongoing, and applies to some CIS, which is a
very easy way to make any system vulnerable. Because there is updated technology, not
constantly updating it leaves those older systems at a huge disadvantage. New tools and
methods for making cyberattacks are made every day, and these systems run on such old and
unprotected systems that leave them susceptible to damage, which on that scale can easily
lead to public distress.
This includes updating the information that is used to train the workers running these
systems, in an effort to minimize human error. Since humans aren’t perfect, there will always be
that risk, but that can be reduced by properly informing those who work on these important
systems how to securely operate them (Minin, 2020).
How SCADA Changes CIS
SCADA is a technology that can “seamlessly [connect] across diverse equipment and
systems using industry-specific protocols,” which allows it to combat the vulnerabilities in CIS
(Kok, 2025). How SCADA operates is by acting as the control for systems. It is known for its “tag
databases,” which allow a record of the system’s input and outputs (SCADA Systems Article).
SCADA can then provide “real-time visibility,” allowing constant monitoring and oversight of CIS
(Wangsness, 2024). This feature is crucial to protecting the everyday operation of CIS because
those monitoring the systems can detect any insecurity or cyberattacks and catch them early on
without actually starting a disruption in the system or its safety.
Conclusion
SCADA systems control and regulate the operations of critical infrastructure systems
that allow them to function properly and minimize their initial system insecurities. Keeping
real-time records of operating systems allows CIS worker to predict and visualize how systems
are operating, which aids in their security and protects public safety.
References
http://www.scadasystems.net
Kok, R. (2024, September 9). SCADA Communication Protocols. Mitsubishi Electric
Iconics Digital Solutions, Inc.

Wangsness, C. (2024, September 20). What is a SCADA system and how does it work?.
Embedded Industrial Computers for Edge & IoT.
https://www.onlogic.com/blog/what-is-a-scada-system-and-how-does-it-wor
k/
Minin, R. (2025, September 15). Critical Infrastructure Cybersecurity. Sepio.
https://sepiocyber.com/resources/solution-briefs/critical-infrastructures-cybersecurity/

Information Security Needs the CIA Triad

September 24, 2025November 18, 2025 kfors002 CYSE 200, Write-Ups Free Writes

The CIA Triad stands for confidentiality, integrity, and availability; these are the core
principles for organizations used as a standard for information security. By implementing these
principles, companies can secure their information.
Confidentiality
The role of confidentiality is to secure the sensitive and private information that a
company is involved with. An example of confidentiality is confirming your date of birth at a
doctor’s office or by saying the last 4 digits of your social security number. It ensures that only
the people who are involved in handling that specified information can access that information.
Another example of this is two-factor authentication, as integrated by ODU with DUO Mobile
(Chai, 2022).
Integrity
The importance of integrity in information security is the ability to trust or notify of any
alteration of any information. Companies use version control and file permissions to document
data changes to ensure that information is documented correctly (Hashemi-Pour, 2023). Making
sure only trusted authorized people can change information. An example of this can be digital
signatures and file history logs, which display the previous versions (Chai, 2022).
Availability
The purpose behind availability is to allow accessibility of information, securing the
proper functions of systems to operate as a business. What this looks like in practice is that
disaster recovery and safeguards are integrated into systems, should something happen to the
connection of the information (Chai, 2022). This allows operations to continue smoothly and with
minimal long-term loss of connection or data.
Authentication vs. Authorization
The difference between authentication and authorization is that authorization grants
permission, and authentication confirms identity. Authorization requires authentication.
Authentication can be defined as verifying who you are. Examples of this include answering the
preset question from your bank. Authorization is the power one has that allows permission to
“access system resources” (Kosinski,2024). An example of this is teachers being able to change dates in their class Canvas or put tests behind password walls.
Conclusion
By integrating the CIA Triad, companies will inherently have better security practices
along with a more secure routine of information security. It is important in this field to always
have updated responses with checks and balances, which are integrated through the CIA
principles and the understanding of authentication and authorization roles.
References
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition
from TechTarget. WhatIs.
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-a
vailability-CIA
Chai, W. (2022, June 28). What is the CIA triad?
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-a
vailability-CIA
Kosinski, M. (2025, April 15). Authentication vs. authorization: What’s the difference?
IBM. https://www.ibm.com/think/topics/authentication-vs-authorization