Write up – Rundown Explanation on the CIA Triad – Febuary, 13, 2025
Using the Chai Article (Links to an external site.), along with additional research you will
conduct on your own, describe the CIA Triad, and the differences between Authentication
& Authorization, including an example.


BLUF: The CIA triad is an important 3 element structure that ensures data is kept private,
safe, and accessible by authorized users. The CIA triad is an acronym for confidentiality, integrity, and availability. It’s a cybersecurity model designed to guide policies for information security within an organization. The three elements of the triad make up the most out of the foundation and crucial cybersecurity. They act as a set of rules that limit access to information with integrity assuring that the
information is trustworthy, accurate, and available guarantee of reliability for the authorized
users.

The three key components that form the CIA triad are: Confidentiality, Availability, and
availability.

  • Confidentiality is kind of equivalent to privacy where it’s designed to prevent any
    sensitive information from being used or viewed by unauthorized users while preventing
    its attempts. It’s common for data to be categorized according to the amount or types of
    damages it would occur if it fell into the wrong hands.
  • Integrity is the maintaining consistency, accuracy, and trustworthiness of data for its
    entire lifecycle. Data cannot be changed while being transferred with steps ensuring data
    isn’t and cannot be altered by unauthorized personnel.
  • Availability is information that should be readily available and accessible for authorized
    users. This includes maintaining hardware and technical infrastructure and systems that
    hold and display information to allow the data to be readily accessible without delay.
    Updating the software is also important to provide adequate communication bandwidth to
    prevent unnecessary bottlenecks.

These elements in the CIA triad play an important role in making sure that the information is
secured from unauthorized access, making sure the data is accurate and trustworthy, and having
it readily available for access to authorized users.

There are two things commonly used with the CIA triad authentication and authorization.
Authentication verifies the true identity of a user or account while authorization determines what
a user is allowed to access and ensures that they receive the right access and permission for their
position. An example of authentication is the two-factor authentication which is a two-step
security process that makes the user provide two different forms of authentication to verify that
it’s themselves such as iPhone push or SMS text verification. An authorization example involves
giving someone authorization to access the admin panel on a server because of their role as an
administrator.

In conclusion, the CIA triad model acts as a guidance policy for protecting data from
unauthorized users and making sure it’s genuine while allowing users who have authorized
access to use it whenever they want. Authentication also plays a role in making sure the user
entering is as they say who they are and providing appropriate authorization for them to use with
their job title. It plays an important role in making sure that everything is in working order while
protecting it from unauthorized users

Write-Up – SCADA SystemsMarch 24, 2025


BLUF: SCADA (Supervisory Control and Data Acquisition) is an ICS (industrial control system)
used to control critical infrastructures, facilities, and industrial processes. It gathers and analyzes real-
time data to monitor equipment that works with these time-sensitive and vital structures to control
them. This topic will explain why vulnerabilities with critical infrastructure systems are dangerous and
how the role of SCADA will help manage these risks. Vulnerabilities also include natural causes that
would cause something to break, and no one is informed about this problem, which could lead to
problems if not dealt with.


When it comes to critical infrastructure, they’re a prime, valuable target for cyber-criminals to
attack since they control vital systems like electricity, water, gas, telecommunications, etc. Hackers can
utilize phishing emails, password attacks, DDoS, ransomware, and spoofing to disrupt critical
infrastructure operations. If a hacker were to take one of these structures down with ransomware, it
would be devastating to a large part of society and would result in millions or even billions of dollars in
damages. Even if no lives are lost, the cost of damages would most likely be very high.


SCADA comes into play to mitigate these vulnerabilities. They’re centralized wireless
communication systems that control and monitor complex systems and machines in real time. Its
automation allows an organization to measure the conditions of its systems and respond to any
problems. All the actions are automatically done through a remote terminal unit or programmable
logical controls. For example, if something is wrong on a pipeline and it’s detected, it will carry out a
chain of command to alert the users that something is wrong and immediately execute the policies it
was given to counter the problem that is happening.


The key components that SCADA uses are Distribution Control Systems (DCS), Process Control
Systems (PCS), Programmable Logic Controller (PLC), and Remote Terminal Units (RTU). These
components perform a majority of local and remote processes that monitor, control, and alert the
workers of any problems. A few requirements that these devices use are liquid level, gas meter reading,
equipment voltage levels, operation pressure, temperature, etc.


In conclusion, the role of SCADA technology is to control and monitor the physical properties
and processes of a system of electricity, transportation of gas and oil, water distribution, traffic lights,
and systems used every day in society. This is done to act as the security of the critical infrastructure
because compromises to these systems would impact multiple areas of society and businesses that rely
on them to live.


Writing assignment – The Human Factor in Cybersecurity – April 6, 2025

BLUF: A CISO is a senior-level executive that oversees an organization’s information, cyber, and
technological security. This is important as developing, implementing, and enforcing security practices,
training, and policies can determine the security of an organization and protect critical information from
being accessed by intruders or unauthorized personnel. “Traditionally, a CISO focuses on developing and
leading the information security program. This involves protecting the organization’s assets,
applications, systems, and technology while enabling and advancing business outcomes.” (CISCO 1)
The limitation of budget will make it harder to upgrade technology. This can be an acceptable
loss when allocating the limited funds into cybersecurity training. Educating the staff members about
the practices and dangers of cybersecurity will allow them to be responsible with using the technology.
This training will reduce the risks of a cybersecurity attack and allow the employees to recognize
individual threats that they might encounter. “Proper and consistent training and performance
monitoring can minimize human error” (Jones 3)


A lot of cybersecurity breaches are caused by human error or oversight by anyone in the
organization. Employees are mainly a vulnerable target as they’re the ones who have access to the tools
that have access to the company, so they’ll have to be careful. Training them in the field of cybersecurity
practices, awareness, and threat detection will reduce the odds of a human error breach and reduce the
chance of future attacks. “About 68% of breaches in a 2024 survey were caused by human factors, such
as someone being tricked by a social engineering scam or making an error” (Jones 6)


In conclusion, cybersecurity training and awareness will help the employees be more aware of
the dangers that would arise during their work and be more financially beneficial. Because of the
investment into training the employees, this will allow the organization to avoid any cybersecurity
threats while reducing human error, making the organization more secure and the data integrity safe.
“Human error is a significant contributor to cybersecurity risks, and addressing it is crucial for
safeguarding your organization from costly breaches and reputational damage” (Jones 49)

Work cited
• Jones, Anthony. “Human Error Cybersecurity Statistics.” I.S. Partners, 6 Nov. 2024,
www.ispartnersllc.com/blog/human-error-cybersecurity-
statistics/#:~:text=Human%20error%20in%20cybersecurity%20is,practices%20or%20poor%20de
cision%2Dmaking.
• “What Is a Ciso? Chief Information Security Officer.” Cisco, 21 Mar. 2025,
www.cisco.com/site/us/en/learn/topics/security/what-is-a-
ciso.html#:~:text=A%20CISO%2C%20or%20chief%20information,policies%20to%20pr
otect%20critical%20data.