Mist quiz 3

¡Supera tus tareas y exámenes ahora con Quizwiz!

Security controls (administrative, technical, physical)

- Administrative Controls: Policies, standards, procedures, guidelines, personnel screening, training - Technical Controls ("logical controls"): Authentication, encryption, firewalls, biometrics, etc. - Physical Controls: Locks, monitoring, mantraps, environmental control

Relationship between security controls and security frameworks

- An organizational security framework is your organization's suite of security controls - It is made up of many entities, protection mechanisms, processes, and procedures that all work together and rely on each other to protect the company

AIC Triad

- Availability - integrity - Confidentiality

"Best practice" security control illustrations (e.g., continuity planning, employment/HR, data management)

- Continuity planning typically relies on backup sites - Rotation of duties - Mandatory vacations - Split knowledge - Unlink sensitive data from other data to minimize the damage if it is stolen - Encrypt data both in transit and in storage so that it is unreadable if it does fall into the wrong hands

The role of good management in the companies of the future; how to lead effectively

- Egalitarianism—especially of ideas. Everything is fair game. - Transparency of information

The relationship between transaction cost economics and self-organizing (why might companies be considered passe?)

- Markets have lower production costs (the costs of making goods and services) - Hierarchies have lower coordination costs (the costs of setting up production and keeping it running) - As coordination costs go down, markets become more and more attractive Competition in markets bring prices down, but it costs more to hire new people every time.

When and why outsiders can be more effective than experts

- New knowledge is being created in other fields and it is slow to enter the core - Many problems, opportunities, and projects benefit from different perspectives, people, and teams - The crowd is so valuable, in large part, because it's massively marginal: it contains huge numbers of people who are some combination of smart, well-trained, experienced, tenacious, and motivated

Characteristics of effective self-organizing structures (e.g., openness, non-credentialism, etc.)

- Openness - Noncredentialism - Verifiable and reversible contributions - Clear outcomes - Self-organization

Database vs. spreadsheet as a tool for data storage

- Security: Administrator can grant each user a different level of access, - Elimination of redundant data via relational model - Data Access: Multiple types of users can query a single database simultaneously - Big Data: Databases can handle much larger datasets

Cryptocurrencies and the blockchain - Specifically, I want you to recognize the tension that exists between a digital currency and the free, perfect, instant properties of digital information goods. - You should also know, in general terms, what the role of the blockchain is with respect to

- The bitcoin is a digital good - It is essential that BTC not follow the free, perfect, and instant economics of information goods - Blockchain acts as a distributed/decentralized ledger system that logs transactions

core

Dominant organizations, institutions, groups, and processes of the pre-Internet era (p. 231)

Ways to organize the crowd (e.g., formal hierarchies, markets, self-organizing structures like Wikipedia/Open Source)

Formal hierarchy is good when the work has to be perfect (medical equipment) Markets let people freely transact with each other without centralized control.

Conventional technical approaches to security (e.g., MFA, monitoring, software updates)

Multifactor authentication (MFA) - Something you know - Something you have - Something you are (e.g., your fingerprint) Monitoring and anomaly detection - Intrusion detection (e.g., flagged account after numerous failed login attempts) - Intrusion prevention (e.g., blocked access to critical systems from international IP addresses) Routine patching of newly-discovered vulnerabilities; software update

crowd

New participants and practices enabled by the net and its attendant technologies

Shortfalls of the conventional technical approach (e.g., Social engineering, insider threats)

Skilled hackers prefer social engineering attacks over brute force attacks - It is easier to fool a human than a machine "Insider threats" - Motives for malicious attacks include financial gain; revenge Conventional technical approaches to IT security risks overemphasize identifiable risks

Ox weight example (incl. the four criteria to make crowd-based estimation effective)

The guy made everyone guess the weight of the cow and the average ended up being the correct answer. - Independence - Diversity - Decentralization - Aggregation

Problems arising from the non-hierarchical/messy crowd

This presents two difficult problems: - Overload: It can be hard to find what you're looking for in an ocean of uncontrolled information (The core can curate information, but there's just too much in the crowd) - Malicious Intent: Some of its members behave in hurtful ways (The core can evict bad actors, but that's hard to do on the web)

one-to-one

When an instance of one entity can have a relationship with one and only one instance of the other entity.

One to many

When an instance of the first entity can have a relationship with one or more instances of the second entity, but instances of the second entity can be related to only one instance of the first.

Many-to - Many

When instances of each entity can be related to one or more instances of the other entity.

Database

a collection of organized data that allows access, retrieval, and use of data

Primary keys

an attribute that can have a unique value for every instance (record) that you store in a table (social security number, student ID number, etc.)

How to model a database, generally (e.g., the use of Crow's Foot notation, etc)

entities are connected by crows feet. a branch means it is a many to many or one to many notation

integrity

maintaining and assuring the accuracy and reliability of the information and systems over its lifecycle

Foreign Key

one table is always the primary key in another table

The "stories" behind the hacking methods illustrated in the in-class videos

phishing the telephone company email password hack

Attributes

properties that we want to store values for. correspond to columns

availability

refers to the ability for authorized parties to access data and systems when necessary

Data Base Management System (DBMS)

software application that lets you create and work with a database

Confidentiality

the property that information is not disclosed or otherwise made available to unauthorized individuals, entities, or processes.

entities

things and concepts for which you wish to store data in the database; connected through relationships may include: Movie, Actor, Production Company, etc.


Conjuntos de estudio relacionados

HUM210 Astone Film Multi-Choice Set 12

View Set

The Periodic Table and Periodic Law Study Guide

View Set

Energy and 🅱️ociety Presentations

View Set

End Behavior of 12 Basic Functions

View Set

New Headway Beginner UNIT 1 Hello!

View Set

BIG EAQ RANDOM QUESTIONS TERM 1 (2)

View Set