CIA Triad
Tavion Johnson
Charlie Kirkpatrick
CYSE 200T
September 4, 2024
The CIA Triad
The CIA Triad — Confidentiality, Integrity, and Availability — is a baseline model we use for
information security in organizations.
Confidentiality:
Confidentiality guarantees that sensitive information is secure and only available to
authorized users. This is important when protecting an organization’s data and customer
information. Methods such as data encryption and secure communication channels are
put in place to help maintain the confidential part of information security within a
company.
Examples:
• Banks requiring account numbers and numbers when banking online
• Creating unique user IDs and passwords when creating accounts
• Using biometric verification and two-factor verification when securing accounts
Integrity:
Integrity ensures that data remains accurate and consistent during storage or
transmission. This is essential for maintaining the reliability of business operating systems.
Methods such as checksums and digital signatures are used to detect and prevent
unauthorized users.
Examples:
• Using backup and recovery software on files and different data
• Businesses sending messages to users notifying them when someone logs into an
account
Availability:
Availability makes sure that all software is up to date and always running. This is good for
organizations because it makes their services accessible and reliable. This also creates
customers’ trust, which ultimately leads to more business.
Examples:
• Companies repairing hardware failures
• Companies upgrading their systems
• Companies using firewalls and proxy servers to further reinforce information
Authentication Vs. Authorization
Authentication:
Authentication is the act of validating the identification of the user. Some systems require
more than one type of verification in order to access their system. This is known as multi-
factor authentication (MFA), and it is used to increase security beyond passwords.
Examples:
• Passwords
• one-time pins
• authentication apps
oSecurity codes
• Biometrics
o Face ID/fingerprints/voice recognition
Authorization:
Authorization is the process of granting the user permission to access a website or
equivalent resource. This is also known as access control. You need to be authenticated to
get authorized.
Examples:
• Giving the user permission to download certain files on the server
• Providing users with administrative access to applications
Conclusion:
The CIA Triad is a great framework to use when securing information, especially
when it comes to businesses. Knowing the difference between authentication and
authorization is crucial when taking safety and security measures into account. By having
these simple yet complex concepts, businesses can protect sensitive information,
maintain operational proficiency, and build trust with their consumers.
SCADA Systems
Tavion Johnson
Charlie Kirkpatrick
CYSE 200T
November 3, 2024
Scada Systems
The use of SCADA systems is a necessity when it comes to safeguarding the various
services the economy depends on. Critical infrastructure systems, which include water,
energy, communication systems, and transportation, are needed today. These systems are
all connected with the use of technology. With this come risks and vulnerabilities.
Vulnerabilities in Critical Infrastructure
• Cybersecurity Threats: With the increasing number of cyberattacks on critical
infrastructure, this is a significant vulnerability. Hackers can target these systems to
disrupt services, steal data, and cause physical damage. If these attacks are
successful, this can lead to outages or shortages, sensitive information being
compromised, and even threats to society.
• Aging Infrastructure: With the advancement of technology being so rapid, many of
these infrastructures are built on older systems. These systems are not very strong
in cybersecurity, which makes them more likely to be hacked.
• Physical Security Threats: Critical infrastructure is also vulnerable to physical
threats such as natural disasters, bombings, and insider threats. These things can
damage physical assets and disrupt operation processes
Roles of SCADA Systems
Supervisory Control and Data Acquisition (SCADA) systems play an important role in
making sure that critical infrastructure processes are flowing smoothly. These systems are
used to gather real-time data from various sensors and devices. Operators then use this
data to be able to check the system’s performance.
• Monitoring and Control: SCADA systems allow operators to continuously monitor
critical infrastructure systems in real-time. This allows for quick detection and rapid
responses to mitigate risks.
• Incident Response: SCADA systems can help map out incident response plans by
automating alerts and providing operators with detailed information about various
issues. This can reduce response times and minimize the impact of disruptions.
• Cybersecurity features: These systems have built-in encryption and intrusion
detection to prevent sensitive data from being compromised. This ultimately
maintains the integrity of the operation.
• Integration and Compliance: These systems can also help assist different
companies in maintaining compliance with various industry regulations and
standards, as well as integrating various technologies to build a stronger system.
Conclusion
In conclusion, the vulnerabilities associated with critical infrastructure systems are
a threat to the economy and national security. By using SCADA technology, various
organizations and companies can improve their critical infrastructure. SCADA ensures that
their operations are secure and durable even when coming across threats. As technology
continues to evolve, the integration of other technologies in SCADA will be a necessity for
safeguarding the various things society depends on
Human Factor in Cybersecurity
Tavion Johnson
Charlie Kirkpatrick
CYSE 200T
November 17, 2024
Human Factor in Cybersecurity
“Balancing the tradeoff between training and additional cybersecurity technology will lead
to a more efficient company with great security posture.”
Risk Assessment
I would like to start out by creating a risk assessment plan. From here, the company can find
their most critical assets and focus on protecting them.
Training – 30%
• It is crucial to prioritize training in cyber security. Since human error is common
throughout workspaces, there will always be a need for updated training. Well trained
employees can reduce the risk of security breaches the company faces.
o Phishing simulations are a good way to keep employees alert and on top of
things. (Wright and Thatcher, 2021) o Also enforcing good security practices such as password management and
keeping sensitive information secure
Security technology – 40%
• Having up to date technology is essential when running a company. The majority of
the funds should go towards this. The newest technology comes with the most
protection.
o Intrusion Detection Systems
o SCADA Systems
o Firewalls
o Antiviruses
Layered Security – 15%
• Having layered security further ensures the protection of a company.
o Encryption can be used when accessing sensitive in order to protect it
o Role Based Access Control makes sure that only certain people with certain
roles can access various information
o MFA adds an extra layer to each employee’s account
o Updates and Patches
Monitoring and Response Plans – 15%
• Doing regular security audits ensures room for companies’ improvement.
o Incident response plans
Conclusion
I would have 30 percent go to training, 40 percent towards technology, layered
security 15 percent, and Monitoring and Response plan 15 percent. This is the best way to
allocate these funds in order to have great security posture.
Works Cited
Phishing Tests Are Necessary. But They Don’t Need to Be Evil.
hadzidimova) – 202410_CYSE200T_17489 CYBERSECURITY-TECHNOL-SOCIETY – Perusall
READING: Cybersecurity and Criminal Justice: Exploring the Intersections (payne-
Cybersecurity & Infrastructure Security Agency. “Homepage | CISA.” Cisa.gov, 2020,
www.cisa.gov/.
SCADA – Tech-FAQ. 6 Apr. 2019, www.tech-faq.com/scada.html#google_vignette.
“SCADA Systems – SCADA Systems.” Www.scadasystems.net, www.scadasystems.net/
Hashemi-Pour, Cameron. “What Is the CIA Triad? Definition, Explanation and Examples.”
TechTarget, TechTarget, Feb. 2023, www.techtarget.com/whatis/definition/Confidentiality-
integrity-and-availability-CIA.
Okta. “Authentication vs. Authorization.” Okta, 15 Oct. 2018, www.okta.com/identity-
101/authentication-vs-authorization/.