{"id":135,"date":"2025-02-03T03:09:06","date_gmt":"2025-02-03T03:09:06","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/scottworm\/?page_id=135"},"modified":"2025-04-30T01:29:46","modified_gmt":"2025-04-30T01:29:46","slug":"journal-entries-3","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/scottworm\/journal-entries-3\/","title":{"rendered":"Journal Entries"},"content":{"rendered":"\n<p><strong>Write up &#8211; Rundown Explanation on the CIA Triad &#8211; Febuary, 13, 2025<\/strong><br>Using the Chai Article (Links to an external site.), along with additional research you will<br>conduct on your own, describe the CIA Triad, and the differences between Authentication<br>&amp; Authorization, including an example.<\/p>\n\n\n\n<p><br>BLUF: The CIA triad is an important 3 element structure that ensures data is kept private,<br>safe, and accessible by authorized users. The CIA triad is an acronym for confidentiality, integrity, and availability. It\u2019s a cybersecurity model designed to guide policies for information security within an organization. The three elements of the triad make up the most out of the foundation and crucial cybersecurity. They act as a set of rules that limit access to information with integrity assuring that the<br>information is trustworthy, accurate, and available guarantee of reliability for the authorized<br>users.<br><br>The three key components that form the CIA triad are: Confidentiality, Availability, and<br>availability.<\/p>\n\n\n\n<ul>\n<li>Confidentiality is kind of equivalent to privacy where it\u2019s designed to prevent any<br>sensitive information from being used or viewed by unauthorized users while preventing<br>its attempts. It\u2019s common for data to be categorized according to the amount or types of<br>damages it would occur if it fell into the wrong hands.<\/li>\n\n\n\n<li>Integrity is the maintaining consistency, accuracy, and trustworthiness of data for its<br>entire lifecycle. Data cannot be changed while being transferred with steps ensuring data<br>isn\u2019t and cannot be altered by unauthorized personnel.<\/li>\n\n\n\n<li>Availability is information that should be readily available and accessible for authorized<br>users. This includes maintaining hardware and technical infrastructure and systems that<br>hold and display information to allow the data to be readily accessible without delay.<br>Updating the software is also important to provide adequate communication bandwidth to<br>prevent unnecessary bottlenecks.<\/li>\n<\/ul>\n\n\n\n<p>These elements in the CIA triad play an important role in making sure that the information is<br>secured from unauthorized access, making sure the data is accurate and trustworthy, and having<br>it readily available for access to authorized users.<br><br>There are two things commonly used with the CIA triad authentication and authorization.<br>Authentication verifies the true identity of a user or account while authorization determines what<br>a user is allowed to access and ensures that they receive the right access and permission for their<br>position. An example of authentication is the two-factor authentication which is a two-step<br>security process that makes the user provide two different forms of authentication to verify that<br>it\u2019s themselves such as iPhone push or SMS text verification. An authorization example involves<br>giving someone authorization to access the admin panel on a server because of their role as an<br>administrator.<br><br>In conclusion, the CIA triad model acts as a guidance policy for protecting data from<br>unauthorized users and making sure it\u2019s genuine while allowing users who have authorized<br>access to use it whenever they want. Authentication also plays a role in making sure the user<br>entering is as they say who they are and providing appropriate authorization for them to use with<br>their job title. It plays an important role in making sure that everything is in working order while<br>protecting it from unauthorized users<\/p>\n\n\n\n<p><strong>Write-Up &#8211; SCADA Systems<\/strong> &#8211; <strong>March 24, 2025<\/strong><\/p>\n\n\n\n<p><br>BLUF: SCADA (Supervisory Control and Data Acquisition) is an ICS (industrial control system)<br>used to control critical infrastructures, facilities, and industrial processes. It gathers and analyzes real-<br>time data to monitor equipment that works with these time-sensitive and vital structures to control<br>them. This topic will explain why vulnerabilities with critical infrastructure systems are dangerous and<br>how the role of SCADA will help manage these risks. Vulnerabilities also include natural causes that<br>would cause something to break, and no one is informed about this problem, which could lead to<br>problems if not dealt with.<\/p>\n\n\n\n<p><br>When it comes to critical infrastructure, they\u2019re a prime, valuable target for cyber-criminals to<br>attack since they control vital systems like electricity, water, gas, telecommunications, etc. Hackers can<br>utilize phishing emails, password attacks, DDoS, ransomware, and spoofing to disrupt critical<br>infrastructure operations. If a hacker were to take one of these structures down with ransomware, it<br>would be devastating to a large part of society and would result in millions or even billions of dollars in<br>damages. Even if no lives are lost, the cost of damages would most likely be very high.<\/p>\n\n\n\n<p><br>SCADA comes into play to mitigate these vulnerabilities. They\u2019re centralized wireless<br>communication systems that control and monitor complex systems and machines in real time. Its<br>automation allows an organization to measure the conditions of its systems and respond to any<br>problems. All the actions are automatically done through a remote terminal unit or programmable<br>logical controls. For example, if something is wrong on a pipeline and it&#8217;s detected, it will carry out a<br>chain of command to alert the users that something is wrong and immediately execute the policies it<br>was given to counter the problem that is happening.<\/p>\n\n\n\n<p><br>The key components that SCADA uses are Distribution Control Systems (DCS), Process Control<br>Systems (PCS), Programmable Logic Controller (PLC), and Remote Terminal Units (RTU). These<br>components perform a majority of local and remote processes that monitor, control, and alert the<br>workers of any problems. A few requirements that these devices use are liquid level, gas meter reading,<br>equipment voltage levels, operation pressure, temperature, etc.<\/p>\n\n\n\n<p><br>In conclusion, the role of SCADA technology is to control and monitor the physical properties<br>and processes of a system of electricity, transportation of gas and oil, water distribution, traffic lights,<br>and systems used every day in society. This is done to act as the security of the critical infrastructure<br>because compromises to these systems would impact multiple areas of society and businesses that rely<br>on them to live.<\/p>\n\n\n\n<p><br><strong>Writing assignment \u2013 The Human Factor in Cybersecurity &#8211; April 6, 2025<\/strong><\/p>\n\n\n\n<p>BLUF: A CISO is a senior-level executive that oversees an organization\u2019s information, cyber, and<br>technological security. This is important as developing, implementing, and enforcing security practices,<br>training, and policies can determine the security of an organization and protect critical information from<br>being accessed by intruders or unauthorized personnel. \u201cTraditionally, a CISO focuses on developing and<br>leading the information security program. This involves protecting the organization&#8217;s assets,<br>applications, systems, and technology while enabling and advancing business outcomes.\u201d (CISCO 1)<br>The limitation of budget will make it harder to upgrade technology. This can be an acceptable<br>loss when allocating the limited funds into cybersecurity training. Educating the staff members about<br>the practices and dangers of cybersecurity will allow them to be responsible with using the technology.<br>This training will reduce the risks of a cybersecurity attack and allow the employees to recognize<br>individual threats that they might encounter. \u201cProper and consistent training and performance<br>monitoring can minimize human error\u201d (Jones 3)<\/p>\n\n\n\n<p><br>A lot of cybersecurity breaches are caused by human error or oversight by anyone in the<br>organization. Employees are mainly a vulnerable target as they\u2019re the ones who have access to the tools<br>that have access to the company, so they\u2019ll have to be careful. Training them in the field of cybersecurity<br>practices, awareness, and threat detection will reduce the odds of a human error breach and reduce the<br>chance of future attacks. \u201cAbout 68% of breaches in a 2024 survey were caused by human factors, such<br>as someone being tricked by a social engineering scam or making an error\u201d (Jones 6)<\/p>\n\n\n\n<p><br>In conclusion, cybersecurity training and awareness will help the employees be more aware of<br>the dangers that would arise during their work and be more financially beneficial. Because of the<br>investment into training the employees, this will allow the organization to avoid any cybersecurity<br>threats while reducing human error, making the organization more secure and the data integrity safe.<br>\u201cHuman error is a significant contributor to cybersecurity risks, and addressing it is crucial for<br>safeguarding your organization from costly breaches and reputational damage\u201d (Jones 49)<a href=\"https:\/\/www.ispartnersllc.com\/penetration-testing-services\/social-engineering\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Work cited<br>\u2022 Jones, Anthony. \u201cHuman Error Cybersecurity Statistics.\u201d I.S. Partners, 6 Nov. 2024,<br>www.ispartnersllc.com\/blog\/human-error-cybersecurity-<br>statistics\/#:~:text=Human%20error%20in%20cybersecurity%20is,practices%20or%20poor%20de<br>cision%2Dmaking.<br>\u2022 \u201cWhat Is a Ciso? Chief Information Security Officer.\u201d Cisco, 21 Mar. 2025,<br>www.cisco.com\/site\/us\/en\/learn\/topics\/security\/what-is-a-<br>ciso.html#:~:text=A%20CISO%2C%20or%20chief%20information,policies%20to%20pr<br>otect%20critical%20data.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Write up &#8211; Rundown Explanation on the CIA Triad &#8211; Febuary, 13, 2025Using the Chai Article (Links to an external site.), along with additional research you willconduct on your own, describe the CIA Triad, and the differences between Authentication&amp; Authorization,&#8230; <a class=\"more-link\" href=\"https:\/\/sites.wp.odu.edu\/scottworm\/journal-entries-3\/\">Continue Reading &rarr;<\/a><\/p>\n","protected":false},"author":29416,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/pages\/135"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/users\/29416"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":3,"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/pages\/135\/revisions"}],"predecessor-version":[{"id":146,"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/pages\/135\/revisions\/146"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/scottworm\/wp-json\/wp\/v2\/media?parent=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}