Competency C

Here, in this section, I present three pieces of evidence that demonstrate Competency C which include the following: a research paper on information collection, cybersecurity, and privacy of autonomous vehicles (INFM 200); a risk assessment assignment identifying assets in my home and details of security controls to protect those assets (INFM 208); and a class discussion around Verizon’s breach report (INFM 202). All three pieces of evidence have similarities in that the central focus is on the protection of information.. Though protection of information is a common theme in each of these pieces of evidence, each assignment has a different application of this theme (i.e. the INFM 200 assignment has a specific and technical focus towards describing and providing solutions for information collection, cybersecurity, and privacy of autonomous vehicles; whereas the Verizon breach discussion assignment has a more general focus on observing cyberattack trends across different industries).

In my first piece of evidence; the INFM 200 research paper on information collection, cybersecurity, and privacy of autonomous vehicles; I reviewed and analyzed some of the current literature around the concerns over protection of information in autonomous or self-driving vehicles and proposed solutions to remedy some of these concerns. Before I wrote this paper, I had a personal interest in some of the developments in autonomous vehicle technology such as Tesla’s Full Self Driving Beta software and the field testing of Waymo’s robotaxi service out in the Phoenix, Arizona area. Currently, many of the discussions around autonomous vehicles revolves around their safety, adaptability to changing road conditions (i.e. vehicle performance in inclement weather), scalability, and hardware developments. Though safety is a pressing concern, one of the areas that I was interested in exploring were the implications of information collection, privacy, and cybersecurity of autonomous vehicles which are less discussed by the public day-to-day. During the research and writing phases for this paper, I discovered that autonomous vehicles have the potential to collect a very large amount of Personally Identifiable Information (PII) about individuals and their whereabouts and that there are major cybersecurity concerns with these vehicles since an attack can lead to potentially lethal consequences. With these issues of the potential misuse or abuse of PII and cybersecurity implications, I highlighted and analyzed the current literature around the issues and solutions on the ethical, privacy, and cybersecurity implications of autonomous vehicles: some of the solutions to these problems include but are not limited to implementing Privacy-by-Design to protect PII and generating cybersecurity awareness among vehicle users to prevent cyberattacks. I felt that the solutions were important for me to include because we will likely need to employ some of these concepts as autonomous vehicle adoption becomes more widespread as the technology matures. This paper demonstrates Competency C because it takes informatics issues dealing with security, ethics, and privacy and applies them to a real-world field (e.g. transportation).

In my second piece of evidence, the INFM 208 risk assessment assignment identifying assets in my home and details of security controls to protect those assets, I took an inventory of the different assets in my home, analyzed the different threats to those assets, assessed current security controls that are currently employed to protect the assets against threats, and designed future strategies to help implement more security controls to mitigate risk even further. This assignment had a major focus on risk management and information assurance (e.g. satisfies the information assurance part of Competency C). When doing the work for the assignment, I had an opportunity to think like a business performing a risk assessment by classifying the different assets in my home into three general categories: physical assets, information assets, data and information assets, and information technology assets. After identifying these assets, I needed to assess the potential threats that could bring harm to these assets and think about the degree that a compromised asset could impact my household, this reflects ways that businesses measure risks before making organizational decisions. With an understanding of the threats and their impacts, I also had the opportunity to think about how I am currently lowering my risk of asset compromise, with the introduction of security controls, and what strategy I intend to use to protect these assets even more in the future (i.e. putting a data and information asset such as financial documents in a fireproof/waterproof safe helps reduce the risk of unauthorized access and physical damage). Though I already mentioned that this assignment satisfies the information assurance part of Competency C, it is also concerned with privacy, security, and ethics since several assets, particularly the data and information and information technology assets, contain sensitive information. The ethical practice of keeping this sensitive information confidential, via the use of security controls, guards against misuse and abuse of the assets by bad actors.

In my last piece of evidence, the INFM 202 class discussion around Verizon’s breach report, I was able to explore the nature of cyberattacks, in general, across several different industries. The report being analyzed in this discussion is Verizon’s DBIR which features recorded data on breach incidents. When I was finished working on this assignment, I learned about some of the common trends that leads to a data breach; for example, external bad actors breach organizations for the purpose of financial gain, most often by using social engineering tactics (e.g. tricking a user into giving away personal information or downloading malware). I was also surprised to learn that many data breaches occur by internal actors, like employees or system administrators, by mistake (i.e. someone in the organization sends an email containing confidential information to the wrong email address). After studying the different ways breaches can occur, I was tasked with recommending security controls that could help mitigate the effects of cyberattacks: in my opinion, one of the most important security controls that I recommended was a focus on user education, since the majority of breaches relied on human error as the main vulnerability (i.e. breaches caused by social engineering from external actors and mistakes from internal actors). After submitting an initial analysis of Verizon’s DBIR, I had the opportunity to open a dialogue amongst my peers in the course to compare and contrast ideas about the report. This piece of evidence demonstrates Competency C because it is concerned with security and privacy of protecting information across different industries and allowed me a chance to address those concerns with appropriate solutions.