INFO360
California's SB-327 for Internet of Things Security mandates that security features of internet-ready devices must be:
- Appropriate to the intended use of the device - Suitable for the type of data the device will contain and relay - Constructed to protect the device and any data it stores
Multiple-criteria decision analysis (MCDA) steps: (5)
1. Define the problem 2. Determine criteria and constraints 3. Weight the criteria by importance 4. Combine the points for each option's criteria 5. Analyze the results
What are the five steps in an ethical analysis
1. Getting all the facts 2. Determining affected stakeholders 3. Finding precedents 4. Listing options 5. Deciding & Preparing consequences
Five Principles of Ethical Conduct
1. Principle of Moral Rights 2. Principle of Virtue 3. Principle of Distributive Justice 4. Universalist Principle 5. Utilitarian Principle
Web crawler
A benign internet bot that gathers data
Infrastructure as a Service (IaaS)
A cloud computing model that provides unlimited computing, storage, and network resources that the enterprise can use to build its own virtual infrastructure in the cloud. Infrastructure can grow as usage increases
Universalist Principle
A manager must determine if a decision is fair for everyone involved
Five Whys Method
A principle of questioning which allows you to understand the root cause of a problem
What are customer delivery networks
A system that moves goods from manufactures or suppliers to customers
Stored Communications Act
Addresses voluntary compelled disclosure of stored wire and electronic communications and transactional records held by third-party Internet service providers
Direct Inquiry
Asking consumers questions about product or service experience through direct means like surveys or reviews
What cryptocurrency shares features with a previous cryptocurrency but is technologically enhanced?
Bitcoin Cash
Input validation
Checking if the input of data meets a pre-determined set of criteria and formatting
Utilitarian Principle
Choosing the option that does the greatest good for the most involved
Principle of Virtue
Considers what a highly moral person would do when faced with dilemma
What is data in transit, where is it found, how is it protected?
Data that is moving between devices, found on cellular networks, protected with encryption
Examples of unstructured decisions
Deciding whether to enter a new market Launching a completely new product line Hiring a key executive Merging with another company Adopting a new disruptive technology
Digital Millennium Copyright Act
Designed to protect copyright holders from online theft (redistribution or reproduction of online materials)
Principle of Distributive Justice
Distributing rewards equitable to individuals based on their level of effort or productivity level
What is the 2nd highest value of cryptocurrency in the market today?
Etherium
Bitcoin
First cryptocurrency; created in 2009
What actions may occur during the respond stage of the plan-protect-respond cycle?
Identifying a cybersecurity incident Containing the breach Taking immediate mitigation steps to limit damage Coordinating communication with relevant stakeholders Performing forensic analysis to understand the incident Restoring affected systems and data Improving future responses
What actions may occur during the protect stage of the plan-protect-respond cycle?
Implementing security controls Deploying firewalls Encrypting data Conducting employee security awareness training Managing access controls Performing regular system maintenance Updating security patches
LAN
Local Area Network: "Small geographic area. All the hardware for the LAN is owned by the organisation using it. Can be wired or wireless, and they typically have high bandwidth and fast internet speeds
How do software-based keyloggers most commonly infect a system?
Malicious emails or links opened by unsuspecting users
Input sanitization
Modifying the input to create a valid, in-format input
1st and 2nd stages necessary for adding a block to the blockchain
Occurence of transaction and transaction verification
PAN
Personal Area Network: Connects devices within a short range of a person, typically 10 meters or less, like bluetooth
What is the difference between production reports and forecasting reports about production?
Production reports also fully tract current levels of production
What types of data are included in the analytical hierarchy process programming model for decision making?
Qualitative data Data from enterprise systems Data from human resource systems
Examples of structured decisions
Reordering inventory Approving employee leave and hours Scheduling shifts Calculating payroll
What actions may occur during the plan stage of the plan-protect-respond cycle?
Risk assessment Threat identification Vulnerability analysis Policy Development Incident response plan creation Communications strategy planning Staff training
What does a hash/digital fingerprint/unique identifier do in the blockchain
Secures transactions and links blocks in the blockchain together
What are cookies on a website?
Small text files that websites send to a user's browser to store information about the users visit
Keylogging Software
Software which tracks keystones from a user and can glean information like passwords, account names, and credit card numbers
Principle of Moral Rights
Some decisions are either morally right or wrong; certain moral values should always be upheld
Persistent/Permanent Cookies
Stored on your device for a long time and can recognize you and remember your preferences
Session/Transient Cookies
Temporary cookies that are used to store information on a website during a single browsing session
What is an Analytical Hierarchy Process
The AHP is a multi-criteria decision analysis (MCDA) method that involves the following steps: Hierarchy formation: Break down the decision into a hierarchical structure Pairwise comparisons: Decision-makers perform a series of pairwise comparisons to score the alternatives relative to each other Verification of consistency: Use the consistency ratio (CR) to examine the consistency of the answer
What is social engineering in cybersecurity
The act of manipulating or tricking people into sharing confidential information
Third-Party Cookies
Track your behavior across different websites. also known as tracking cookies
Examples of collaboration software
Trello Slack Zoom
What is a balanced scorecard
Used to structure business plans Includes measurable outcomes like financials and internal business processes Include Key plausibility indicators Information from executive support systems is used in the second scorecard
Folksonomy
User-generated system of classifying and organizing online content into different categories by the use of metadata such as electronic tags
NIST Cybersecurity Guidelines
Voluntary guidelines designed to help organizations assess and improve their ability to prevent, detect, and respond to cybersecurity risks
WAN
Wide Area Network: Connects devices across a large geographical area, including multiple countries. WANs can be public or private, not typically owned by a single company. limited bandwidth
Process of sending a message via the internet
identify the domain name, look up the corresponding IP using DNS, assemble the data packet, add the IP address, ensure packet delivery with TCP send the message across networks
Henry Fayol's 5 Functions of Management
planning, organizing, commanding, coordinating, controlling