A CIA Triad Analysis
The CIA Triad, otherwise known as the AIC Triad, stands for Confidentiality, Integrity, and Availability. The Triad is a basic guideline for the development of security systems. Each section of the Triad has its own purpose that help create effective systems to protect us and our data. “The CIA triad provides a simple yet comprehensive high-level checklist for the evaluation of your security procedures and tools.” (What Is the CIA Triad and Why Is It Important? | Fortinet, n.d.)
The first part of the Triad is Confidentiality. Confidentiality deals with the many ways a security system keeps users and their data anonymous to outsiders. This standard maintains privacy and control of data depending on how much it needs it. For example, you and your doctor are two of the only people that should have access to your medical history. Confidentiality is important in this transfer of data to keep you safe. Another example is banking and SSNs. Only your bank and you should have your credit card details, and only you and the Social Security Office should have your Social Security Number.
Next there is Integrity. Integrity deals with credibility of data. It maintains that your data is not altered, stolen, or changed in anyway from one place to another. If data is being transferred, it can be open to changes and alterations from malicious entities. Pieces of that data could be stolen during the transfer or altered to falsify a document or article. If someone were to hack your business website, they could change titles, articles, and pictures to anything: Explicit imagery, nonsensical ramblings, or unrelated articles. Data integrity is very important to making sure the data stays 100% reliable no matter where it goes or for what it is used.
Lastly there is Availability. Availability is quite simple in concept, as its purpose is in the name. This standard deals with the ability for those authorized to view data to view it. If a person or business is constantly sending and receiving data streams, both sides of this interaction need to be able to access the information they are allowed to view. It ensures no one unauthorized can view or tamper with the confidential data. There is also cases of unforeseen losses of access. Power outages are one such loss that can compromise availability. If no backup system is in place to view the data offline or off site, then availability is breached and no longer accounted for.
In addition, there are two terms that are affiliated with the Triad that easily get grouped together into one of the three standards: Authorization and Authentication.
Authentication is the act of proving something is true, valid, or correct. In the case of the Triad, Authentication deals with confirming who is allowed to be searching through the data. For example, a group of bankers can access the bank vaults and safety deposit boxes, but a normal citizen cannot. The citizen is not authenticated into the system and is thus not allowed to view any of the data.
Authorization builds off Authentication. Authorization deals with the level of clearance an authenticated person has within the systems. It regulates how much each authenticated person can see of the data stream. An example being the same bankers. Some are cashiers, others are executive officers, and one is the CEO of that branch. The cashiers are authorized to collect and cash checks, make deposits and withdrawals, and handle the physical money to help do those tasks. The executives, however, are authorized to do all of this and more. In most cases, they are allowed into the vaults and keep track of the finances of the bank branch. But the CEO has the biggest authorization. They are the boss, so they get full access to data and systems of the bank. They regulate cash flow, cash checks, and run the whole bank branch.
Conclusion
The CIA Triad is a guideline that all businesses should follow. From the smallest gas station to the biggest tycoon, all should keep these core ideals in mind to protect their data and the data of their customers and clients. Confidentiality, Integrity, and Availability; These are the golden standards that a good business thrives on. If they are upheld in all aspects of business, than they are sure to help keep everyone’s privacy and data safe and sound.
Works Cited: What is the CIA Triad and Why is it important? | Fortinet. (n.d.). Fortinet. https://www.fortinet.com/resources/cyberglossary/cia-triad
SCADA Systems
What is the SCADA system? In short, the SCADA system refers to the many distinct parts of an Industrial Control System (ICS). These systems are used to control important infrastructure in things such as wastewater management, gas lines, and wind/solar power farms. The ICS is typically a subsystem to the larger SCADA whole, making them the backbone of the entire process.
A SCADA system typically involves some of the following: “A supervisory system that gathers all the required data about the process, Programmable Logic Controller (PLCs) used as field devices, and the apparatus used by a human operator; all the processed data are presented to the operator” (SCADA Systems Doc) These are some of the important parts to a successful ICS system.
What do SCADA systems do? Well, they are quite literally the backbone of the system. They are the programs and mechanisms that control the entire system from within. Think of it as the primary controls. It can tell who, what, when, where, why about the data it receives and monitors. The system takes all the data it receives and watches over it and keeps a record of it within the system. “It’s basically a computer-based system that provides basic control and detailed monitoring of plants and industrial equipment.” (What Is SCADA?, n.d.)
When a human user needs to access the data, an HMI is used. An HMI (Human Machine Interface) gives the required data to the user in the form of diagnostic data, mimic graphs, and logistic information. It provides a doorway for us to access all the data the system records.
Finally, there are the Supervisory Stations. These are seen as the primary control of the entire system. They are usually comprised on a single PC connected directly to the SCADA system. It shows everything the HMI spits out. As stated in the article SCADA Systems, “Master stations can have multiple servers, disaster recovery sites, and distributed software applications in larger SCADA systems.”
In conclusion, SCADA is an easy and effective system that helps keep data contained and secured. It provides a way to see the intricacies of complex data.
Works Cited
SCADA Systems (Doc)
If I Were CIO
What is a CIO? As the article CIO At A Glance states: “The CIO’s role at their agency is to enable the organization’s mission through the effective use of information resources and information technology.” (CIO Role at a Glance, n.d.) A CIO (Chief Information Officer) is responsible for managing all facets of a business or company that deals with the technological assets. This means that they are responsible for hiring and firing personnel that fit the qualifications needed to run a business’ finances, information and data analysis, and cybersecurity frameworks, among many more requirements.
If I were a CIO, I would first assess what the budget is and what I could reasonably expect to give out as payment to employees or for equipment and other important assets. My main priority would be to hire and train officers in each facet of the workforce. I would need to have analysts who could read and process the information, data, and analytics that is created. I would not want to hire ten people if five could do the work efficiently and accurately, so I would need to find the right people for the right job. Interviews, internships, resumes; These are just some of the things I would look into when finding employees. I would need people to manage other factors of the workforce, like finances and technology. I would need workers that are trained and equipped to deal with cybersecurity. They will need to protect company data.
As for assets and technology, I would need to make sure I have up-to-date machinery and technology. Out-of-date technology has its own risks of cyberattacks due to its age and obsolete nature. Allocating funds for technological assets should not outweigh the funds meant for paying employees and other expenses, but they should also not be lackluster in effect. Keeping a balance is key. If the budget does not allow you to acquire the necessary resources, then changes will likely have to be made. Employees get wage cuts or are fired all together, or cheaper equipment is brought in to accommodate the reduced budget. Checks and balances must be maintained for a business to function properly. As CIO, it would be my job to make sure everything is accounted for, and that the employees under me are well trained and prepared to prevent company data and information from being stolen, harmed, or otherwise threatened.
In conclusion, I would be responsible for keeping all technological aspects of my company safe, secure, and protected. I would allocate funds for equipment, assets, and employees, and I would manage the budget to make sure everything runs smoothly for the business’ success.
Works Cited
CIO role at a glance. (n.d.). CIO.GOV. https://www.cio.gov/handbook/cio-role-at-glance/