SCADA Systems Write up

X’Zaveion Owens
CYSE 200T
October 27th,2024
Knowing about SCADA systems
The article on SCADA systems goes into deep detail on their important role in controlling
important infrastructure including gas pipelines, water treatment, and power generation.
Supervisor Control and Data Acquisition, or SCADA, is an industrial control system combining
Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), and Human-Machine
Intervals of time (HMIs) to monitor and control processes both locally and remotely (SCADA
Systems). Many different industries rely on these skills for successful operating smoothly and
securely.
SCADA systems provide security issues as well. These systems become easier to
access but also more accessible to illegal access since they have developed to control current
IP-based protocols. While this link of communication helps to provide flexibility and efficiency, it
has also created weaknesses that could allow unauthorized access, therefore compromising
important infrastructure operations and maybe threatening public safety. These weaknesses
show the need of more security actions, particularly in areas of need.
SCADA’s Part in Risk Mitigation
Reducing dangers connected with these weaknesses mostly depends on SCADA systems.
Inductive Automation claims that SCADA systems centralize real-time data collected from
monitors positioned all around a facility on one interface. By means of this data collecting and
centralizing, operators may constantly check infrastructure status, identify problems and react
fast to possible threats. SCADA systems, for instance, can set off alerts, start emergency
shutdowns, or automatically change system settings if something unusual be found. These

purposes lower the possibility of operational breakdown, destruction of equipment, and even
cyberattacks.
Advanced SCADA systems also combine safety precautions including VPNs, firewalls, and role-
based access limits. These steps are meant to restrict access to authorized individuals only
therefore stopping illegal users from compromising the system. Inductive Automation tells on
how SCADA systems’ HMI interface lets operators safely see and control processes. Very
utilized in lowering risks, SCADA systems enable a clear view of system status and real-time
updates, therefore helping to prevent the rise of possible threats.
Value of Cybersecurity Improvements
Although physical security devices have always maintained SCADA systems, current linked
systems need equally strong cybersecurity protections. Data encryption, intrusion detection
systems, and authentication using multiple factors are being included into SCADA software in
order to uphold the confidentiality, integrity, and availability of important data. As the SCADA
Systems explains, maintaining public safety and infrastructure stability depend on these
cybersecurity improvements.
Conclusion
In conclusion, SCADA systems are a must for monitoring and managing critical infrastructure
and actively help to lower risk. As these systems keep growing, safety precautions included in
SCADA applications become more important for avoiding any vulnerabilities.The revelations
from the SCADA Systems and Inductive Automation show that securing public resources and
security is just as important as keeping efficiency in operations in defending SCADA systems.
Maintaining the dependability and stability of SCADA-managed infrastructure will depend on
ongoing checking and improvement of techniques for cybersecurity in future.

The Human Factor in Cybersecurity Write Up

X’Zaveion Owens
November 10th, 2024
CYSE 200T
Managing a limited budget, as a CISO is what I would give top priority to establishing the
perfect balance between funding cybersecurity technology and training. When deciding on this
plan of action, I would give great thought to a few key aspects: the present threats our company
is facing, the state of development of our present security procedures, and the possible
advantages of funding technology and training (Ryerse).
Evaluating our current security situation
First, I’m going to take a look at how we’re doing with our security right now. I would take
a good look at the tools and technologies we have, like firewalls, endpoint detection, and SIEM
systems, to see if they’re still doing their job and fitting in with the threats we face today (Palo
Alto Networks). Finding important gaps, such as missing multi-factor authentication or lacking
monitoring abilities, would help us focus on the investments that matter most. I’d also take a
look at how aware employees are of cybersecurity procedures, as repeated phishing or social
engineering incidents might indicate that we need to provide more thorough training (Prime
Secured). I’d also take a look at our security team’s skills to see where they might benefit from
extra training to address new threats or get used to new technologies.
Prioritizing on certain areas for the best benefit
After we understand where we currently stand, I’d focus on handling the most important
areas where our investments can really create a positive impact. User awareness will be a key
focus for training, as employees can often be the most affected aspect of our security (Palo Alto

Networks). By enhancing their grasp of phishing, password safety, and secure online behaviors,
we can greatly lower the chances of falling victim to social engineering attacks. I would prioritize
skill development for the security team by offering specialized training in areas such as incident
response, threat hunting, and cloud security, guaranteeing they are well-equipped to detect and
respond to threats effectively (Prime Secured). When it comes to technology, I would focus on
important security tools such as endpoint protection to guard against malware and ransomware,
identity and access management (IAM) to ensure secure access to important systems, and
SIEM for better monitoring and threat detection. Fixing these technology gaps would really help
us recognize and solve threats more effectively.
Smart budget planning
In terms of budget allocation, I would plan to dedicate around 40-50% of the funds to training.
This would include advanced training for the security team and ongoing awareness efforts for all
employees. Regular training sessions and simulated phishing campaigns can significantly
improve security awareness throughout the organization. Providing the security team with
additional training and specialized certifications would also help strengthen their technical skills
(Prime Secured). The remaining 50-60% of the budget would be allocated to technology
investments, focusing on solutions that reduce risk significantly, such as SIEM, IAM, backup
solutions, and endpoint detection and response (EDR) (Ryerse). Through careful management
of tool overlap, I can ensure efficient resource use while keeping costs under control.
Ongoing review and changes
Finally,I would set up a way to regularly check in and alter how we allocate our
resources. If user mistakes keep happening even after training, I would think about shifting funds to implement stronger checks. If the technology controls are doing their job but there are
still human mistakes, I would focus on investing more in training.
Conclusion
In conclusion, we can create a more solid and flexible security defense by funding technology
as well as training. While technology manages the technical flaws that could be used, training
helps reduce the possibilities of human errors. This careful method maintains consideration for
the constraints of a limited budget while improving security efficacy (Ryerse).

The CIA Triad Write-Up

X’Zaveion Owens
CYSE 200T
September 18th,2024
Knowing About The CIA Triad
Although this was stated in our class reading I found another article by (Fruhlinger) where he
stated that “Unlike many foundational concepts in infosec, the CIA triad doesn’t seem to have a
single creator or proponent; rather, it emerged over time as an article of wisdom among
information security pros.Ben Miller, a VP at cybersecurity firm Dragos, traces back early
mentions of the three components of the triad in a blog post; he thinks the concept of
confidentiality in computer science was formalized in a 1976 U.S. Air Force study, and the idea
of integrity was laid out in a 1987 paper that recognized that commercial computing in particular
had specific needs around accounting records that required a focus on data correctness.”
While reviewing the published article and conducting further independent research on the CIA
triad within the framework of information security. The term “CIA Triad” indicates the three
fundamental principles that establish the basis for safeguarding data and systems within an
organization. The acronym CIA stands for Confidentiality, Integrity, and Availability. The
previously mentioned principles have widespread support within the field of cybersecurity and
are considered important for guaranteeing the security and reliability of information and
information systems. Furthermore, I observed in the given article that, as stated by Chai, “While
the components of the triad are considered to be three of the most basic and important
cybersecurity requirements, professionals say that the ClA triad requires a change in order to
maintain its performance.”

The argument made by Wesley Chai in the article indicates the need of maintaining the
advantage and protecting against new technological risks. Over time, it is important to remain
alert of the persistent dangers that arise. As technology progresses, it becomes more and more
important to upgrade your equipment in order to prevent new risks and defend your information,
whether it be important data pertaining to electricity or private information. Otherwise, the
increasing amount of personal information would not have reached its current level, resulting in
a rising rate of cyber-attacks and a larger percentage of people being impacted by these events
due to the widespread usage of technology in today’s society. The importance of each triangle
pillar and its specific beneficial benefits to our daily lives will be determined.
Confidentiality pertains to the proactive steps taken to avoid any unauthorized access or public
sharing of sensitive information. Access control means that only consumers, owners, and
workers of a company have the appropriate permissions to access this information, as well as
access specific information or resources. The objective of this principle is to decrease the risk of
identity theft, financial fraud, and trade secret compromise, among other potential issues, by
preventing unauthorized parties from obtaining or utilizing sensitive information.
Upholding the reliability, precision, and availability of resources and information is the basic
principle and main focus of integrity. By nature of its being there, it protects the precision and
reliability of the information. The principle of integrity intends to prevent the unauthorized
incorporation or loss of information. Many of our everyday tasks depend on the dependability of
many different kinds of systems and services. For example, to guarantee an equal and easily
enforceable transaction during Dio Within Amazon, our dependence is on the precision of
product descriptions, pricing, and payment methods. Data. Maintaining honesty is of utmost importance in order to prevent scams, misuse, and errors.
Organizations that prioritize data integrity rely on the accuracy, security, and consistency of their
information. This is important for successful decisions being made, maintaining high company
expectations, and keeping trust among customers. The notion of availability pertains to providing
the accessibility and usefulness of information and materials at need. It allows continuous
access for authorized users to the required data or systems. For instance, we assume that our
mobile devices, internet services, laptops, and online platforms will consistently be available and
capable of responding quickly to our needs for making calls, performing tasks, conducting
research, and engaging in other activities in our daily lives. An important factor for the continuity
and operational efficiency of a corporation is availability. A company could experience financial
losses, reduced productivity, and damage to its reputation as a result of downtime or availability
of important systems.
In accordance with the article “What Is the CIA Triad?”The importance of CIA Triad is in the
offering of an in-depth framework for businesses to determine and repair the security needs of
their data and systems, even in the absence of specialized knowledge in security. In order to
minimize risks, protect sensitive information, and maintain consumer trust, organizations should
consider and implement measures that guarantee confidentiality, integrity, and availability.
Furthermore, the CIA Triad helps companies in dealing with many industry and government
information security regulations. Frameworks such as the Payment Card Industry Data Security
Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) require
the creation of protocols to safeguard the confidentiality, integrity, and availability of sensitive
data associated with what we do every day.
In conclusion, The CIA Triad, which stresses the safeguarding of data’s confidentiality, integrity,
and availability, is an important principle in the field of information security. More improvements are necessary to maximize the operation of the CIA Triad for better outcomes and efficiency.
Providing solid access restrictions, data encryption, and providing detailed personnel data
protection training all contribute to improving confidentiality. Implementing data validation tests,
version control, and regular data backups all improve the integrity of the data. Including
redundant operation, disaster recovery plans, and incident response protocols enhances
availability.
Continuous evaluation and enhancement of security measures is important for the ongoing
success of the CIA Triad. In order to ensure the security of their information assets and maintain
a robust security position, organizations should give priority to data classification, implement
appropriate security measures, and recruit experts who are knowledgeable about new the
updating of the CIA Triad requires an extensive and preventive approach towards information
security, considering the specific needs and risks of each organization. Continuous evaluation
and improvement of security procedures enable organizations to lower risks and secure their
data against unauthorized access, manipulation, and loss.