MIST Part A Final
What is database management? DBMS?
The software application that lets you create and work with a database
Types of relationships (1:1, 1:m, m:m)
1:1- when an instance of one entity can have a relationship with one and only one instance of the other entity 1:M- when an instance of the first entity can have a relationship with one or more instances of the second entity, but instances of the second entity can be related to only one instance of the first M:M- When instances of each entity can be related to one or more instance of the other entity
Database vs. spreadsheet as a tool for data storage
A database allows for security, the elimination of redundant data, data access (multiple types of users can query a single database simultaneously) and big data (Volume, variety and velocity)
AIC Triad (Availability, Integrity, Confidentiality)
AIC Triad is the heart of information security Availability: refers to the ability for authorized parties to access data and systems when necessary Data integrity: means maintaining and assuring the accuracy and reliability of the information and systems over its lifecycle Confidentiality: the property that information is not disclosed or otherwise made available to unauthorized viewers of information
Specifically, I want you to recognize the tension that exists between a digital currency and the free, perfect, instant properties of digital information goods.
BTC should NOT follow free perfect and instant
"Best practice" security control illustrations (e.g., continuity planning, employment/HR, data management)
Business Continuity Planning: tactical plan for quickly resuming your firm's business operations after a catastrophe Employees: rotation of duties, mandatory vacations, split knowledge, dual control and strict procedure for employee termination Data management: unlink sensitive data from other data to minimize the damage if its stolen
Definitions of the core vs. the crowd
Core: dominant organizations, institutions, groups and processes of the pre-interent era The Crowd: New participants and practices enabled by the net and its attendant technologies
The "stories" behind the hacking methods illustrated in the in-class video
Girl logging into cell phone company
Ways to organize the crowd (e.g., formal hierarchies, markets, self-organizing structures like Wikipedia/Open Source)
Hierarchal organization--> employment relationship inside the firm Non-Hierarchal--> markets can focus information flow or have self-organizating structures (ex wiki) and if they do have self organizing structures then the following are needed: Openness Noncredentialism verifiable and reversible contributions clear outcomes self-organization geeky leadership as well as labor resources and information
Ox weight example (incl. the four criteria to make crowd-based estimation effective)
Independence, diversity, decentralization, aggregation
Conventional technical approaches to security (e.g., MFA, monitoring, software updates)
Multi-factor authentication: something you know, have or are Monitoring and anomaly detection: intrusion detection, intrusion prevention Software updates; routine patching of newly-discovered vulnerabilities
Primary keys and foreign keys
Primary key- an attribute that can have a unique value for every instance (record) that you store in a table Foreign key- the primary key in another table
Shortfalls of the conventional technical approach (e.g., Social engineering, insider threats)
Skilled hackers prefer social engineering attacks over brute force attacks Biometric authentication and MFA prevent attacks from outsiders but not bad insiders --> "insider threats" include both negligence and malice
Problems arising from the non-hierarchical/messy crowd
Two difficult problems: it can be hard to find what you're looking for in an ocean of uncontrolled information some of its members behave in hurtful ways
Relationship between security controls and security frameworks
administrative controls, technical controls and physical controls should be utilized to achieve security management directives
Cryptocurrencies and the blockchain
blockchain acts as a distributed/ decentralized ledger system that logs transactions
Major components of a relational database model (entities, attributes, relationships)
entities: data is stored data in one more more tables corresponding; things and concepts for which you wish to store data in the database relationships: entities are connected through these attributes: store data on a single instance of an entity, consists of one more more fields
The role of good management in the companies of the future; how to lead effectively
social skills of coordination, negation, persuasion and social perceptiveness
When and why outsiders can be more effective than experts
the crowd is valuable because its massively marginal
