Keeno Montalban
CYSE 201
9/9/2024
What is the CIA TRIAD ?
The CIA TRIAD is a key cybersecurity model that follows three fundamental principles which are: Confidentiality, Integrity, and Availability (Coursera, 2023). The concept of confidentiality ensures that sensitive information is accessible to only its authorized users, which is typically enforced through encryption and access controls (Washington University in St. Louis, 2024). Integrity on the other hand, guarantees the accuracy and reliability of data, which protects from any unauthorized changes while using techniques like hashing and digital signatures. Availability is ensuring that systems and backup and information are accessible when needed, which are supported by measures like redundant systems and backups which are used to prevent disruptions from attacks or failures. (Washington University in St. Louis, 2024)
Authentication and Authorization are two vital but related processes in cybersecurity.
Authentication is the process of verifying the identity of the user or system (OneLogin, n.d.).
Common methods such as usernames, passwords, two-factor/multi-factor authentication (MFA). It answers the question such as, “Who are you?” An example of this would be when you’re logging into your MIDAS account with your credentials and the system verifies that you are the rightful owner of this student account.
Alternatively, Authorization deals with the permissions granted to an authenticated user (OneLogin, n.d.). It helps determines what resources or actions that the user is allowed to access, which answers the question, “What gave you the permission to do so?” An example of this instance would be, after logging into your MIDAS account, you are given the authorization to view your tuition costs and can either apply for a student loan or a grant to pay for the outstanding balance. Authorization uses methods like Role-Based Access Control (RBAC) to
help define different levels of accessibility.
So in summary, The CIA Triad is vital for ensuring a secured information environment, while authentication verifies identity and authorization monitors access, both methods are crucial in maintaining system security.
Coursera. (2023, November 29). What is the CIA triad? Coursera. https://www.coursera.org/articles/cia–triad
Washington University in St. Louis. (2024). Confidentiality, integrity, and availability: The CIA triad. Office of Information Security. https://informationsecurity.wustl.edu/items/confidentialityintegrity–and–availability–the–cia–triad/
OneLogin. (n.d.). Authentication vs. authorization: What’s the difference? OneLogin. https://www.onelogin.com/learn/authentication–vs–authorization
Hacking Humans Write-up
After reviewing the article “Hacking Humans: Protecting our DNA from Cybercriminals” it showcases the upbringing risks of digitizing human DNA, specifically through popular direct-to-consumer DNA testing services. Although these services may offer some deep insight into ancestry and medical research, they still expose sensitive genetic data to cyberthreats. DNA is still considered the ultimate form of personal identifiable information (PII), as it is considered permanent and also irreplaceable. Once this info is compromised, the damage to privacy could be quite extreme, and recovering from these breaches is a lot more difficult compared to replacing information such as Social Security Numbers. (Rizkallah, 2018).
The main point of this article is to showcase the growing field of “cyberbiosecurity”, which addresses the risks being associated with digitizing life sciences data, which includes DNA. Cybercriminals would target DNA for identity theft, an unauthorized use in medical research, or selling the data on the dark web. Although there is no major trend in DNA-based identity just yet, the risks still exist, especially when hackers explore new ways to exploit any valuable information (Rizkalla, 2018). This article showcases a point towards a significant breach in the DNA sector, which still raises some alarms about potential misuse of data (Rizkalla, 2018)
In addition to all this, ethical concerns are still highlighted, such as using DNA in employment screening or criminal investigations. This problem expands the privacy and ethical dilemmas of digital DNA storage. The author encourages consumers to be proactive, demanding transparency and better security from organizations that manage DNA data. Without any protection, the consequences could be quite sever as DNA data is only unique but irreplaceable. (Rizkalla, 2018)
Reference:
Rizkallah, J. (2018, November 29). Hacking humans: Protecting our DNA from cybercriminals. Forbes.
Exploring Attacks on Availability
The concept of “attack on availability” within the cybersecurity field refers to the motives from attackers that disrupt access to certain systems, various networks, or data, disabling users temporarily or sometimes permanently. An example of such an attack is the recent surge of Distributed Denial of Service (DDoS) attacks. The company Microsoft has reported an increase of in application-layer DDoS attacks of this year, which are quite challenging to counter these attacks due to the attackers stealth and sophisticated tactics. Usually, these attacks can often overwhelm application services, often targeting large target sectors such as online banking and healthcare facilities, thus disrupted important operations and causing hours upon downtime.
Some profound implications of availability attacks can be quite extensive. For most organizations, some of these disruptions can result in losing a bunch of revenue due to them not being able to be online, reputation damage, and also paying for recovering costs. In important/vital sectors, such as healthcare facilities, availability attacks can potentially delay essential services, sometimes to the points where lives are at stake, as demonstrated with specific ransomware attacks where the attackers would withhold some information and demand money. In order to combat these kinds of threats, organizations are implementing layered defense, which includes DDoS mitigation services/software and reliable incident response plans. Having these defenses are crucial for all organizations as the cyber filed continues to evolve and develop more sophisticated techniques from various attackers, requiring these organizations to maintain a resilient type of security and also keeping vigilant to any on coming cyber threat.
Cloudflare. (2024, January). DDoS threat report for 2024 Q1. Cloudflare Blog. https://blog.cloudflare.com/ddos-threat-report-for-2024-q1/
Microsoft. (2024). Microsoft digital defense report 2024. Microsoft. https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
Winder, D. (2024, October 20). Microsoft suffers outages as it fights off latest DDoS attack wave. Cybersecurity Dive. https://www.cybersecuritydive.com/news/microsoft-azure-365-outage-ddos/722920/
Write Up – The Human Factor in Cybersecurity – During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats. Now, put on your Chief Information Security Officer hat. Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology? That is, how would you allocate your limited funds? Explain your reasoning.
– If I were in the position as CISO, along with a limited budget, I’d most likely strike a balance between training and cybersecurity. Of course having training is crucial; especially within this sector, we’re really trying to avoid any sort of human error from happening in the long run. So, of course I’d like to motivate/train the employees in order to recognize common threats such as phishing. Also, I’d love to invest into our core technology, like endpoint protection and threat detection software, its to provide automated defense that detects and responds to any threats that we come across. Having regular risk assessments would greatly help adapt the budget against evolving threats, it ensures that the resources will go to where it is most needed. With this approach, it fosters a secured-conscious environment and it helps strengthen both human and technological defenses for extensive protection against any threats.