The CIA Triad 

Confidentiality, Integrity, and Availability

At the heart of cybersecurity is the CIA Triad, a model designed to guide security policies within an organization. The three elements of the triad are:

• Confidentiality: Ensures that sensitive information is only accessible to authorized individuals. This is about preventing unauthorized access, whether through encryption, authentication, or other security measures.

• Integrity: Focuses on maintaining the accuracy and trustworthiness of data. Ensuring that information has not been tampered with, modified, or deleted is critical to data integrity. Techniques like hashing and checksums are often used to verify data integrity.

• Availability: Ensures that systems and data are accessible when needed. Protecting against threats such as denial-of-service (DoS) attacks or hardware failures is key to maintaining system availability.

Together, these three principles help create a balanced approach to security, ensuring that information remains safe, accurate, and accessible.

Internal and External Threats

Cyber threats can come from both internal and external sources. Internal threats refer to risks posed by individuals within an organization, such as employees or contractors. These threats can be either intentional (like a disgruntled employee stealing data) or unintentional (such as accidental data deletion). Internal threats are particularly dangerous because insiders often have legitimate access to sensitive information.

On the other hand, external threats come from outside the organization, typically in the form of hackers, cybercriminals, or malicious software. These external actors often exploit vulnerabilities in a system to gain unauthorized access or disrupt operations. Common external threats include phishing attacks, malware, and ransomware.

Understanding the difference between internal and external threats helps organizations implement appropriate security measures to protect against both.

Vulnerabilities: Weaknesses in the System

A vulnerability is any weakness or flaw in a system that can be exploited by a threat. These weaknesses could be found in software, hardware, or even human behavior (such as using weak passwords). Common vulnerabilities include outdated software, unpatched systems, and insecure configurations. Cybercriminals actively search for and exploit these vulnerabilities to gain unauthorized access to systems or data. 

Managing vulnerabilities is a critical aspect of cybersecurity, and it involves regularly identifying, assessing, and mitigating potential weaknesses before they can be exploited.

The Risk Equation

It is difficult to know how to protect a system without knowing what risks it faces. In cybersecurity, risk is often understood using the following equation:

Risk = Threat x Vulnerability x Impact

• Threat: The potential for an attack or breach.

• Vulnerability: A weakness in a system that could be exploited.

• Impact: The potential damage that could result from a successful attack, such as financial loss, data theft, or reputational harm.

By evaluating these factors, organizations can assess the level of risk they face. For example, even if a threat exists, if there are no vulnerabilities, the risk is low. Conversely, a highly vulnerable system with significant potential impact represents a much higher risk. This equation helps prioritize security efforts, ensuring that resources are focused on the most critical areas.

Here are some examples of the risk equation at work:

Example 1: Student Data Breach

• Threat: An external hacker attempting to steal student personal data from the school's database.

• Vulnerability: The school uses outdated software that has known security flaws but hasn't been patched.

• Impact: If successful, the hacker could access sensitive information, including student addresses, grades, and medical records, which could lead to identity theft or privacy violations.

In this case, the outdated software (vulnerability) combined with an external hacker (threat) increases the risk of a data breach. The high impact on student privacy makes the risk significant, and the school would need to address the vulnerability to mitigate this risk.

Example 2: Phishing Attack on Teachers

• Threat: A phishing email sent to teachers, disguised as a message from the school administration, asking them to log in to a fake portal.

• Vulnerability: Some teachers are unaware of the signs of phishing and may not know how to verify whether the email is legitimate.

• Impact: If teachers enter their login information, an attacker could gain access to the school's internal systems, potentially accessing student data or grading systems.

Here, the vulnerability lies in the lack of awareness or training among staff, and the threat is the phishing email. If this vulnerability is not addressed, the risk is high due to the possible compromise of important school systems.

Example 3: Physical Access to Computers

• Threat: A disgruntled student accessing an unattended teacher’s computer in a classroom.

• Vulnerability: The teacher left their computer unlocked while away from the classroom, allowing anyone to access it.

• Impact: The student could potentially change grades, delete important files, or access sensitive school data.

In this scenario, the vulnerability is the unlocked computer, and the threat is an internal actor (the student). The potential impact is  compromised academic integrity and data loss\.

Example 4: Network Outage

Threat: A DDoS (Distributed Denial of Service) attack on the school's network, designed to flood it with traffic and shut it down.

Vulnerability: The school’s network lacks strong firewalls or protections against DDoS attacks.

Impact: If the network goes down, it could disrupt online learning, access to educational resources, and even administrative tasks like grading or attendance.

Here, the vulnerability is the weak network infrastructure, and the threat is the external attack. The risk is significant due to the potential impact on daily school operations.

Example 5: Weak Passwords Used by Students

Threat: A student or external attacker guesses or cracks weak passwords used by other students to log in to the school’s learning management system (LMS).

Vulnerability: Many students use simple or common passwords, making it easier for attackers to gain unauthorized access.

Impact: If an attacker gains access, they could alter assignments, view private information, or impersonate other students in the system.

In this case, weak passwords are the vulnerability, and the threat is someone attempting to break into accounts. The impact could range from minor disruptions to more serious consequences like data tampering or impersonation, making this a manageable but still important risk to address.