<\/p>\n\n\n\n
Tavion Johnson
Charlie Kirkpatrick
CYSE 200T
September 4, 2024<\/p>\n\n\n\n
The CIA Triad — Confidentiality, Integrity, and Availability — is a baseline model we use for Confidentiality: Examples<\/strong>: Authentication Vs. Authorization<\/strong><\/p>\n\n\n\n Authentication<\/strong>: <\/p>\n\n\n\n Tavion Johnson Scada Systems Conclusion<\/strong><\/p>\n\n\n\n <\/p>\n\n\n\n Tavion Johnson Security technology \u2013 40% Conclusion<\/strong><\/p>\n\n\n\n <\/p>\n\n\n\n Phishing Tests Are Necessary. But They Don\u2019t Need to Be Evil.<\/p>\n\n\n\n hadzidimova) – 202410_CYSE200T_17489 CYBERSECURITY-TECHNOL-SOCIETY – Perusall <\/p>\n\n\n\n READING: Cybersecurity and Criminal Justice: Exploring the Intersections (payne-<\/p>\n\n\n\n Cybersecurity & Infrastructure Security Agency. \u201cHomepage | CISA.\u201d Cisa.gov, 2020, SCADA – Tech-FAQ. 6 Apr. 2019, www.tech-faq.com\/scada.html#google_vignette.<\/p>\n\n\n\n \u201cSCADA Systems – SCADA Systems.\u201d Www.scadasystems.net, www.scadasystems.net\/<\/p>\n\n\n\n Hashemi-Pour, Cameron. \u201cWhat Is the CIA Triad? Definition, Explanation and Examples.\u201d<\/p>\n\n\n\n TechTarget, TechTarget, Feb. 2023, www.techtarget.com\/whatis\/definition\/Confidentiality- Okta. \u201cAuthentication vs. Authorization.\u201d Okta, 15 Oct. 2018, www.okta.com\/identity- CIA Triad Tavion JohnsonCharlie KirkpatrickCYSE 200TSeptember 4, 2024 The CIA Triad The CIA Triad — Confidentiality, Integrity, and Availability — is a baseline model we use forinformation security in organizations. Confidentiality:Confidentiality guarantees that sensitive information is secure and only available toauthorized users. This is important when protecting an organization\u2019s data and customerinformation. Methods such as… <\/p>\n
information security in organizations.<\/em><\/p>\n\n\n\n
<\/strong>Confidentiality guarantees that sensitive information is secure and only available to
authorized users. This is important when protecting an organization\u2019s data and customer
information. Methods such as data encryption and secure communication channels are
put in place to help maintain the confidential part of information security within a
company.<\/p>\n\n\n\n
Examples<\/strong>:
\u2022 Banks requiring account numbers and numbers when banking online
\u2022 Creating unique user IDs and passwords when creating accounts
\u2022 Using biometric verification and two-factor verification when securing accounts<\/p>\n\n\n\n
Integrity<\/strong>:
Integrity ensures that data remains accurate and consistent during storage or
transmission. This is essential for maintaining the reliability of business operating systems.
Methods such as checksums and digital signatures are used to detect and prevent
unauthorized users.<\/p>\n\n\n\n
\u2022 Using backup and recovery software on files and different data
\u2022 Businesses sending messages to users notifying them when someone logs into an
account<\/p>\n\n\n\n
Availability<\/strong>:
Availability makes sure that all software is up to date and always running. This is good for
organizations because it makes their services accessible and reliable. This also creates
customers\u2019 trust, which ultimately leads to more business.<\/p>\n\n\n\n
Examples<\/strong>:
\u2022 Companies repairing hardware failures
\u2022 Companies upgrading their systems
\u2022 Companies using firewalls and proxy servers to further reinforce information<\/p>\n\n\n\n
Authentication is the act of validating the identification of the user. Some systems require
more than one type of verification in order to access their system. This is known as multi-
factor authentication (MFA), and it is used to increase security beyond passwords.<\/p>\n\n\n\n
Examples<\/strong>:
\u2022 Passwords
\u2022 one-time pins
\u2022 authentication apps
oSecurity codes
\u2022 Biometrics
o Face ID\/fingerprints\/voice recognition<\/p>\n\n\n\n
Authorization:
<\/strong>Authorization is the process of granting the user permission to access a website or
equivalent resource. This is also known as access control. You need to be authenticated to
get authorized.<\/p>\n\n\n\n
Examples<\/strong>:
\u2022 Giving the user permission to download certain files on the server
\u2022 Providing users with administrative access to applications<\/p>\n\n\n\n
Conclusion:<\/strong><\/p>\n\n\n\n
The CIA Triad is a great framework to use when securing information, especially
when it comes to businesses. Knowing the difference between authentication and
authorization is crucial when taking safety and security measures into account. By having
these simple yet complex concepts, businesses can protect sensitive information,
maintain operational proficiency, and build trust with their consumers.<\/em><\/p>\n\n\n\nSCADA Systems <\/h1>\n\n\n\n
Charlie Kirkpatrick
CYSE 200T
November 3, 2024<\/p>\n\n\n\n
<\/strong>The use of SCADA systems is a necessity when it comes to safeguarding the various
services the economy depends on. Critical infrastructure systems, which include water,
energy, communication systems, and transportation, are needed today. These systems are
all connected with the use of technology. With this come risks and vulnerabilities.<\/em><\/p>\n\n\n\nVulnerabilities in Critical Infrastructure<\/strong><\/h4>\n\n\n\n
\u2022 Cybersecurity Threats: <\/strong>With the increasing number of cyberattacks on critical
infrastructure, this is a significant vulnerability. Hackers can target these systems to
disrupt services, steal data, and cause physical damage. If these attacks are
successful, this can lead to outages or shortages, sensitive information being
compromised, and even threats to society.<\/p>\n\n\n\n
\u2022 Aging Infrastructure: <\/strong>With the advancement of technology being so rapid, many of
these infrastructures are built on older systems. These systems are not very strong
in cybersecurity, which makes them more likely to be hacked.<\/p>\n\n\n\n
\u2022 Physical Security Threats:<\/strong> Critical infrastructure is also vulnerable to physical
threats such as natural disasters, bombings, and insider threats. These things can
damage physical assets and disrupt operation processes<\/p>\n\n\n\nRoles of SCADA Systems<\/strong><\/h4>\n\n\n\n
Supervisory Control and Data Acquisition (SCADA) systems play an important role in
making sure that critical infrastructure processes are flowing smoothly. These systems are
used to gather real-time data from various sensors and devices. Operators then use this
data to be able to check the system\u2019s performance.<\/em><\/p>\n\n\n\n
\u2022 Monitoring and Control: <\/strong>SCADA systems allow operators to continuously monitor
critical infrastructure systems in real-time. This allows for quick detection and rapid
responses to mitigate risks.<\/p>\n\n\n\n
\u2022 Incident Response:<\/strong> SCADA systems can help map out incident response plans by
automating alerts and providing operators with detailed information about various
issues. This can reduce response times and minimize the impact of disruptions.<\/p>\n\n\n\n
\u2022 Cybersecurity features: <\/strong>These systems have built-in encryption and intrusion
detection to prevent sensitive data from being compromised. This ultimately
maintains the integrity of the operation.<\/p>\n\n\n\n
\u2022 Integration and Compliance:<\/strong> These systems can also help assist different
companies in maintaining compliance with various industry regulations and
standards, as well as integrating various technologies to build a stronger system.<\/p>\n\n\n\n
<\/strong>In conclusion, the vulnerabilities associated with critical infrastructure systems are
a threat to the economy and national security. By using SCADA technology, various
organizations and companies can improve their critical infrastructure. SCADA ensures that
their operations are secure and durable even when coming across threats. As technology
continues to evolve, the integration of other technologies in SCADA will be a necessity for
safeguarding the various things society depends on<\/em><\/p>\n\n\n\nHuman Factor in Cybersecurity<\/h1>\n\n\n\n
Charlie Kirkpatrick
CYSE 200T
November 17, 2024<\/p>\n\n\n\n
Human Factor in Cybersecurity<\/strong><\/p>\n\n\n\n
<\/strong>\u201cBalancing the tradeoff between training and additional cybersecurity technology will lead
to a more efficient company with great security posture.\u201d<\/em><\/p>\n\n\n\n
Risk Assessment
<\/strong>I would like to start out by creating a risk assessment plan. From here, the company can find
their most critical assets and focus on protecting them.<\/p>\n\n\n\n
Training \u2013 30%
<\/strong>\u2022 It is crucial to prioritize training in cyber security. Since human error is common
throughout workspaces, there will always be a need for updated training. Well trained
employees can reduce the risk of security breaches the company faces.
o Phishing simulations are a good way to keep employees alert and on top of
things. (Wright and Thatcher, 2021) o Also enforcing good security practices such as password management and
keeping sensitive information secure<\/p>\n\n\n\n
<\/strong>\u2022 Having up to date technology is essential when running a company. The majority of
the funds should go towards this. The newest technology comes with the most
protection.
o Intrusion Detection Systems
o SCADA Systems
o Firewalls
o Antiviruses<\/p>\n\n\n\n
Layered Security \u2013 15%
<\/strong>\u2022 Having layered security further ensures the protection of a company.
o Encryption can be used when accessing sensitive in order to protect it
o Role Based Access Control makes sure that only certain people with certain
roles can access various information
o MFA adds an extra layer to each employee\u2019s account
o Updates and Patches<\/p>\n\n\n\n
Monitoring and Response Plans \u2013 15%
<\/strong>\u2022 Doing regular security audits ensures room for companies\u2019 improvement.
o Incident response plans<\/p>\n\n\n\n
I would have 30 percent go to training, 40 percent towards technology, layered
security 15 percent, and Monitoring and Response plan 15 percent. This is the best way to
allocate these funds in order to have great security posture.<\/em><\/p>\n\n\n\nWorks Cited<\/h1>\n\n\n\n
www.cisa.gov\/.<\/p>\n\n\n\n
integrity-and-availability-CIA.<\/p>\n\n\n\n
101\/authentication-vs-authorization\/.<\/p>\n","protected":false},"excerpt":{"rendered":"