The Importance of the Human Factor

kfors002 CYSE 200, Write-Ups

Introduction
The tools we implement are only as good as the people behind the tools. Without
the proper training of different departments, the business isn’t able to be protected to
the fullest potential, which is the security department’s goal. Just as home security
means nothing if the front door is open, an information security department can only be
as effective and efficient as the employees who utilize it. “Investing in people is just as
critical as investing in technology,” because if the people are neglected, that means the
business is as well (AIM, 2024).
The Strategy
With limited funds, it is important that resources are used to their fullest potential,
which includes the people. When it comes to training, it should cover people in all
sectors of the business, or else it will leave potential risk to overall security. Having only
the security department be aware of the proper methods to reduce human error will not
reduce any risk. There is also a “cost of ignoring these training needs,” so when
implementing a security defense, the priority is to enact department training that informs
teams of proper everyday protocols that allow protecting the systems and awareness of
what attacks can look like (AIM, 2024).
The line of defense includes every person who works with the business’s
systems and thus must be knowledgeable of the “culture of cybersecurity
awareness”(AIM, 2024). Housekeeping is essential, making sure that employees are
updating passwords and logging off can be the first steps to increasing the protection of
information systems around the office. Especially with more people who are working
from home. Another benefit of training all business departments is by testing and
demonstrating what phishing and scam attacks are, so that they can effectively report
them and decrease vulnerability.
Conclusion
When it comes to implementing additional cybersecurity or enforcing training
while on a limited budget, the priority is employee training. Human factors are a part of
security and will always be, no matter the systems implemented. The investment in the
people who work under the business will help security in reducing risk and bringing
overall awareness of potential cyber attacks, allowing everyone to be on the same page
when it comes to working with technology.

References
The Australian Institute of Management. (2024, October 15). The human factor in
cybersecurity: The impact of training. Australian Institute of
Management (AIM).
https://www.aim.com.au/blog/the-human-factor-in-cybersecurity

CIS with SCADA System

kfors002 CYSE 200, Write-Ups ,

Introduction
Critical infrastructure systems, CIS, are important as they control the operation of public
safety and health; an attack on any of these operating systems could cause disaster. Due to the
value of these systems, they are prone to attacks of all kinds from individuals seeking to exploit
their extensive information or cause significant disruption. Which is why it is just as important to
secure these systems to “protect the public and national security” (Minin, 2020).
Vulnerabilities
The transition to updated systems is still ongoing, and applies to some CIS, which is a
very easy way to make any system vulnerable. Because there is updated technology, not
constantly updating it leaves those older systems at a huge disadvantage. New tools and
methods for making cyberattacks are made every day, and these systems run on such old and
unprotected systems that leave them susceptible to damage, which on that scale can easily
lead to public distress.
This includes updating the information that is used to train the workers running these
systems, in an effort to minimize human error. Since humans aren’t perfect, there will always be
that risk, but that can be reduced by properly informing those who work on these important
systems how to securely operate them (Minin, 2020).
How SCADA Changes CIS
SCADA is a technology that can “seamlessly [connect] across diverse equipment and
systems using industry-specific protocols,” which allows it to combat the vulnerabilities in CIS
(Kok, 2025). How SCADA operates is by acting as the control for systems. It is known for its “tag
databases,” which allow a record of the system’s input and outputs (SCADA Systems Article).
SCADA can then provide “real-time visibility,” allowing constant monitoring and oversight of CIS
(Wangsness, 2024). This feature is crucial to protecting the everyday operation of CIS because
those monitoring the systems can detect any insecurity or cyberattacks and catch them early on
without actually starting a disruption in the system or its safety.
Conclusion
SCADA systems control and regulate the operations of critical infrastructure systems
that allow them to function properly and minimize their initial system insecurities. Keeping
real-time records of operating systems allows CIS worker to predict and visualize how systems
are operating, which aids in their security and protects public safety.
References
http://www.scadasystems.net
Kok, R. (2024, September 9). SCADA Communication Protocols. Mitsubishi Electric
Iconics Digital Solutions, Inc.

Wangsness, C. (2024, September 20). What is a SCADA system and how does it work?.
Embedded Industrial Computers for Edge & IoT.
https://www.onlogic.com/blog/what-is-a-scada-system-and-how-does-it-wor
k/
Minin, R. (2025, September 15). Critical Infrastructure Cybersecurity. Sepio.
https://sepiocyber.com/resources/solution-briefs/critical-infrastructures-cybersecurity/

Information Security Needs the CIA Triad

kfors002 CYSE 200, Write-Ups


The CIA Triad stands for confidentiality, integrity, and availability; these are the core
principles for organizations used as a standard for information security. By implementing these
principles, companies can secure their information.
Confidentiality
The role of confidentiality is to secure the sensitive and private information that a
company is involved with. An example of confidentiality is confirming your date of birth at a
doctor’s office or by saying the last 4 digits of your social security number. It ensures that only
the people who are involved in handling that specified information can access that information.
Another example of this is two-factor authentication, as integrated by ODU with DUO Mobile
(Chai, 2022).
Integrity
The importance of integrity in information security is the ability to trust or notify of any
alteration of any information. Companies use version control and file permissions to document
data changes to ensure that information is documented correctly (Hashemi-Pour, 2023). Making
sure only trusted authorized people can change information. An example of this can be digital
signatures and file history logs, which display the previous versions (Chai, 2022).
Availability
The purpose behind availability is to allow accessibility of information, securing the
proper functions of systems to operate as a business. What this looks like in practice is that
disaster recovery and safeguards are integrated into systems, should something happen to the
connection of the information (Chai, 2022). This allows operations to continue smoothly and with
minimal long-term loss of connection or data.
Authentication vs. Authorization
The difference between authentication and authorization is that authorization grants
permission, and authentication confirms identity. Authorization requires authentication.
Authentication can be defined as verifying who you are. Examples of this include answering the
preset question from your bank. Authorization is the power one has that allows permission to
“access system resources” (Kosinski,2024). An example of this is teachers being able to change dates in their class Canvas or put tests behind password walls.
Conclusion
By integrating the CIA Triad, companies will inherently have better security practices
along with a more secure routine of information security. It is important in this field to always
have updated responses with checks and balances, which are integrated through the CIA
principles and the understanding of authentication and authorization roles.
References
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition
from TechTarget. WhatIs.
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-a
vailability-CIA
Chai, W. (2022, June 28). What is the CIA triad?
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-a
vailability-CIA
Kosinski, M. (2025, April 15). Authentication vs. authorization: What’s the difference?
IBM. https://www.ibm.com/think/topics/authentication-vs-authorization

Entry #15

kfors002 Journal Entry

Digital Forensics | Davin Teo | TEDxHongKongSalon– YouTubeLinks to an external site. Watch this video and think about how the career of digital forensics investigators relates to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

Integrity of data is secured is something the speaker reinforces through his speech, which aligns with the social science idea of collecting data to be objective and parsimonious. These are important factors to the field of forensics because they must be able to reference again and thus cannot be tampered with, along with being able to accurately rely on this information. Forensic science is associated with criminal cases, and so they must also understand human behavior to effectively analyze and protect people from future attacks. The way the speaker talks about how he got into his career was very interesting and sweet when he gives credit to his father, who placed him in the initial technology class. 

Career Paper

kfors002 Career Paper, Cybersecurity

The Work of a Data Analyst 

Introduction

In the National Initiative for Cybersecurity Careers and Studies, or NICE, they categorize data analytics as under implementation and operations. This categorical field is described as a provider of the administration and maintenance of systems’ efficiency. A more in-depth job description is transforming and interpreting “raw data to make conclusions” to progress workflow(Drury, 2024). 

Importance to Society

Data analysis must take an objective approach when deciphering statistical data. By doing this, they reinforce their ethical neutrality or standard for how their research is conducted. This is important because in this position, a crucial aspect of their role is assessing information, which involves many complex and moving pieces. Also known as relativism, because they are looking at a graph and finding patterns or trends. The patterns they detect allow them to rely upon their findings for their agency or company. By practicing parsimony, the act of condensing information to provide a simplified explanation, their companies can effectively use that information towards “optimiz(ing) their performances” given the facts by the data analysis(Drury, 2024).

Data analytics uses archival research,  a collection of relevant research, to provide “effective solutions” to improving resources and tools within organizations (Parameshwaran, 2022). Backing up solutions with thorough research that is justified through the study of past behavior, and whether or not the stream of productivity was positive or negative. 

Challenges

Due to the workload that comes with the position, the challenges lie in every detail of their work. They work with sensitive information, so privacy is a huge responsibility and requires the upholding of “ethical standards” while avoiding “inaccurate” data (Staff, 2024). Being a foundational position, if their data interpretation and collection misrepresents the true findings, it will damage the project’s integrity. The foundations can’t be wrong, so having to redo them would cost a lot of money because you have to restart. An increasing challenge within this field is the ethical dilemmas of how data is collected. Following the NICE description of implementation and operations, there must be protection of data privacy, but as information gets leaked more and more and is being sold to train and improve companies’ algorithms and sales, that is an invasion of privacy and an ethical situation (Staff, 2024). The range of this field is very wide, so it is crucial for an understanding of the specific business practices that follow the companies that you work for in order to prevent malpractice or insufficient demonstration of information (Dice, 2024).

Conclusion

Data analysis plays a foundational role in developing formulas and plans for companies to improve their programs. Through scientific research methods like using archival research and case studies to compare information, growing the possibilities for solutions. This field requires precision of different complex principles that come from assessing the patterns of past work while making an educational prediction of future work that requires objectivity and relativism. Despite the challenges that drive the difficulty of this workforce, data analysis is important to society because it must work with the numbers to accurately project the status of companies in order to come up with the best solution for maximum productivity.

References

Drury, A. (2024). Data analytics: What it is, how it’s used, and 4 basic techniques. Investopedia. https://www.investopedia.com/terms/d/data-analytics.asp 

Staff, D. (2024, November 27). Data Analyst challenges: What you need to know. Dice Insights. https://www.dice.com/career-advice/data-analyst-challenges-what-you-need-to-know#:~:text=Data%20Consistency:%20Inconsistent%20data%20formats,initiatives%20from%20leadership%20is%20crucial. 

Parameshwaran, S. (2022, December 20). How data analytics can help deliver social good. Knowledge at Wharton. https://knowledge.wharton.upenn.edu/article/how-data-analytics-can-help-deliver-social-good/ 

Entry #14

kfors002 Journal Entry

Andriy Links to an external site.SlynchukLinks to an external site. Links to an external site.has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

Some of the more serious violations described in this article include using illegal streaming services, as not only is the content stolen, but these websites are also not secure and can compromise your information. Password sharing is another very common practice that has good intentions, but is just unsafe for the owner. You don’t know how many people know your passwords, and because they have that information, those people can lock the owner of the account and can take their payment information along with that. With TikTok, people are blurring the lines of sarcasm and jokes with trolling and bullying. Those harmful comments are part of your digital footprint and will stay with you, so you should be mindful of what you say to others. Another trend is creating fake accounts to stalk people online. It is illegal to stalk and to use another’s information. This is harmful because it promotes fraud and harassment. The article also discusses collecting information from people under the age of 13, which can stem from these fake accounts. This puts children in danger, which is terrible. All of these involve some kind of fraud and putting someone in danger, which are serious offenses. 

Article Review #2: An Analysis of Cybercrime

kfors002 Article Reviews, Cybersecurity


In this article, Smith takes an objective view of cyberspace’s impact and
how that has affected cybersecurity and its effectiveness. They review how
cyberspace has “unique characteristics” that make evaluating the activity
different than in traditional spaces (Smith, 2024). By using an objective way to
deliver their investigation on human and cyber behaviors, it makes sense to
connect their message with mitigation, because they are trying to understand
the vulnerabilities and how they will impact communities, and they do this by
looking at the patterns and history of cyber vulnerabilities.
Although the format of these crimes has evolved, the motives of the crimes
are derived from the same interpersonal motives that have been discovered and
studied. Psychology and criminology have paved the way for discovering and
evolving an interdisciplinary understanding of cybersecurity, and “encapsulates
the complexity of cybercrime” (Smith, 2024). Because of the psychological
reasoning and understanding of crime, we can apply social learning theory (SLT)
and routine activities theory (RAT) when evaluating the motives and patterns of
cybercrime, retracing the steps that lead to the crime.
The challenges the research found were that both theories had limits that
didn’t cover the full individual being’s behavioral complexities. They look into
gratification theory to shed light on this neglect because it would give an
explanation to “the desire” that comes along with many crime motives (Smith,
2024). In the boy of the article, they review different personality types like
narcissism and anti-social behavior found that they all feel a ned for gratification
of some kind. Because gratification comes in different forms for different people,
it acknowledges the complexity of an individual’s behavior and how every person
will require different incentives that lead to different motives, such as money or
peer approval.

Conclusion
In Trot Smith’s article, they take horse law, or psychology and criminology
principles, when discussing crimes, and suggest applying it to cyber crimes.
Their plan for finding a method that proves this theory is through “synthesizing
concepts” that would allow full coverage of an individual’s personality, which will
give reason to motive for crime, and applies to the cyber world where crime is
made more accessible and allows for more complex motives (Smith, 2024).
Smith, T. PhD (2024). Integrated Model of Cybercrime Dynamics: A Comprehensive Framework
for Understanding Offending and Victimization in the Digital Realm. International Journal of
Cybersecurity Intelligence & Cybercrime, 7(2), – . DOI: https://doi.org/10.52306/2578-3289.1163
https://vc.bridgew.edu/ijcic/vol7/iss2/4

Entry #12

kfors002 Journal Entry

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different psychological sciences theories relate to the letter.

Laissez-faire economic theory explains that the government must intervene because there has been an interference in a company that has an individual’s information. Because this company has had a cyber threat, it is their duty to inform those who have interacted and explain that there is a situation. Reinforcement Sensitivity Theory suggests that people are motivated by the idea of reward. The reward in this scenario is access to people’s money through the taking of their credit card information. Marxian economic theory could also apply to this situation because someone who has greater cyber information was able to take advantage of the vulnerability within the targeted company’s software. Neutralization Theory would apply to the company because they are trying to make their customers aware of the threat and correct and acknowledge their wrong. 

Entry #13

kfors002 Journal Entry

 Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site.  and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

This article addresses the growing concerns of companies and their cyber vulnerabilities, especially in large companies. Seeing as the branch is relatively new, companies have taken some time to create proper protocols for their online security. This article has found that a good solution to giving companies exposure to their cyber vulnerability is by having bug bounties. By having bug bounties, it allows a way for many hackers to view the company’s programs and point out the bugs and potential safety weaknesses. This not only helps the companies but also the hackers because it allows the companies a chance to look at their work and help the job or freelance pool of more than capable workers. The resistance to this is a lack of testing and time. 

Entry #11

kfors002 Journal Entry

Watch this videoLinks to an external site..  As you watch the videohttps://www.youtube.com/watch?v=iYtmuHbhmS0Links to an external site. Think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

Nicole Enesse describes an entry-level cybersecurity analyst position as part of the response system that oversees the status of the network, making sure operations are running smoothly and answering and aiding people if they have trouble. She goes on to provide disclaimers that, because this field is relatively new, the road map isn’t quite as precise. Many things rely on the resume, experience, and networking when it comes to landing an internship or a job. Utilize your resources around you to maximize your experience and work on your connections. At least for entry, it is crucial to be active in your space so that you allow yourself the most opportunities to you can grow, learn, and advance your background, so don’t overlook the social aspect of the cybersecurity work market.