BTE 210 - Quiz #2
programming
- Programming is a process of problem solving - An algorithm is a step-by-step problem-solving process - A solution is achieved in a finite amount of time
IDEs (Integrated Development Environment)
- Very user friendly - Compiler identifies the syntax errors and also suggests how to correct them - Build or Rebuild is a simple command that links the object code with the resources used from the IDE
crypto-currency
-A digital currency that uses cryptography for security measures -Each user has both public and individual private keys -Operates independently of a central bank
bitcoin
-Based on Blockchain methodology -An unregulated shadow-currency -Created as a decentralized digital currency exchange system to exchange digital currency without the banks as intermediaries, while keeping (pseudo) anonymity -Resource intensive (requires Proof of Work Consensus) -Created in 2008 after the Global Financial crisis
knowledge base
-Facts: such as the problem situation. -Rules: direct the use of knowledge to solve specific problems in a particular domain.
Blockchain Creation
-It is a distributed database leveraging distributed processing -Multiple parties (peer) share it by keeping an identical copy -Transactions are recorded (write) in the database -Each new record (write) to the database is a Block -Transactions/Blocks are processed one at a time, no new transaction/block is committed until the prior one is approved -All participants must give approval to the new recording = new Block -New Block is concatenated with prior Block by using a cryptographic hash (like a fingerprint of predecessor Block) -Every recording uses private cryptographic key or digital signature -The process is repeated over and over creating a 'block chain'
distributed
-It is a distributed digital ledger technology -Ledger keeps records of transaction, value, and ownership of assets -Copies of recording (ledger) are kept in different databases
artificial intelligence
-Subfield of Computer Science that studies the thought processes of humans and recreates the effects of those processes via machines, such as computers and robots -Behavior by a machine that, if performed by a human being, would be considered intelligent.
while loop (repetition)
-The expression provides an entry condition to the loop -The statement (body of the loop) continues to execute until the expression is no longer true -An infinite loop continues to execute endlessly (expression never false)
5 factors contributing to vulnerability
-Today's interconnected, interdependent, wirelessly networked business environment -Smaller, faster, cheaper computers & storage devices -Decreasing skills necessary to be a computer hacker -International organized crime taking over cybercrime -Lack of management support
Compromises to Intellectual Property
-Trade Secret: an intellectual work, such as a business plan, that is a company secret and is not based on public information -Patent: an official document that grants the holder exclusive rights on an invention or a process for a specified period of time -Copyright: a statutory grant that provides the creators or owners of intellectual property with ownership of the property, also for a designated period
difficulties of using expert systems
-Transferring domain expertise from human experts to the expert system can be difficult because people cannot always explain what they know -Even if the domain experts can explain their entire reasoning process, automating that process may not be possible -In some contexts, there is a potential liability from the use of expert systems.
wearable internet
-While technology can now be found in people's mobile phones in their pockets, it will soon be integrated directly into clothing and accessories. -Increasingly, clothing and other equipment worn by people will have embedded chips that connect the article and person wearing it to the internet -In the future data could be collected from individuals wearing devices during an emergency to monitor their response and recovery. Data could also be used to highlight trends in healthcare.
interference engine
-a computer program that provides a methodology for reasoning and formulating conclusions.
benefits of expert systems
-increased output and productivity -increased quality (can provide consistent advice and reduce error rates) -capture and dissemination of scarce resources(expertise from anywhere in the world can be used) -operation in hazardous environments -accessibility to knowledge and help desks -reliability -ability to work with incomplete or uncertain info -provision of training (explanation facility of an ES can serve as a teaching device and a knowledge base for novices) -enhancement of decision making and problem-solving capabilities -decreased decision making time -reduced downtime (can quickly diagnose and repair malfunctions)
common human errors
1. Carelessness with laptops -Losing or misplacing laptops, leaving them in taxis, and so on. 2. Carelessness with computing devices -Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization's network 3. Opening questionable e-mails -Opening e-mails from someone unknown, or clicking on links embedded in e-mails 4. Careless Internet surfing -Accessing questionable Web sites; can result in malware and/or alien software being introduced into the organization's network. 5. Poor password selection and use -Choosing and using weak passwords 6. Carelessness with one's office -Leaving desks and filing cabinets unlocked when employees go home at night; not logging off the company network when leaving the office for any extended period of time. 7. Carelessness with discarded equipment -Discarding computer hardware without completely wiping the memory 8. Careless monitoring of environmental hazards -These hazards, which include dirt, dust, humidity, and static electricity, are harmful to the operation of computing equipment.
expert -> computer -> user
1. knowledge acquisition- acquired from domain experts or documented sources 2. knowledge representation- knowledge is organized as rules or frames (object oriented) and stored electronically in a knowledge base 3. knowledge inferencing- computer is programed so that it can make inferences based on knowledge 4. knowledge transfer- the inference expertise is transferred to the user in the form of a recommendation
programming in C++
1.Use a text editor to create the source code (source program) in C++ 2.Include preprocessor directives -Begin with the symbol # and are processed by the preprocessor 3.Use the compiler to: -Check that the program obeys the language rules -Translate the program into machine language (object program) 4.Use an Integrated Development Environment (IDE) to develop programs in a high-level language -Programs such as mathematical functions are available -The library contains prewritten code you can use -A linker combines object program with other programs in the library to create executable code 5.The loader loads executable program into main memory 6. The last step is to execute the program
the connected home
2024: Over 50% of Internet traffic delivered to homes for appliances and devices (not for entertainment or communication)
programming language
A programming language is a computer language engineered to create a standard form of commands -These commands can be interpreted into a code understood by a machine -It is a set of rules, symbols, and special words. -Programs (applications) are created through programming languages to control the behavior and output of a machine through accurate algorithms, similar to the human communication process. examples: C, C++, Java, Python, Java script
logic bomb
A segment of computer code that is embedded within an organization's existing computer programs and is designed to activate and perform a destructive action at a certain time or date.
neural networks
A system of programs and data structures that simulates the underlying functions of the biological brain Uses: -research into diseases (Alzheimer's, Parkinson's, etc) -banking system fraud detection -bruce nuclear facility
unintentional threats to information systems
Acts performed without malicious intent that nevertheless represent a serious threat to information security, such as: Human Errors- •Higher level employees + greater access privileges = greater threat •Two areas pose significant threats -Human Resources -Information Systems •Other areas of threats: -Contract Labor, consultants, janitors, & guards
AI and decision making
An AI system using natural language processing, ontologies and reasoning can be effective in gathering and extracting information from large data sources and has the ability to identify the cause and effect within data -useful for segmentation in marketing
Information Extortion
An attacker either threatens to steal, or actually steals, information from a company. - The perpetrator demands payment for not stealing the information, for returning stolen information, or for agreeing not to disclose the information
distributed denial of service attack
An attacker first takes over many computers, typically by using malicious soft ware. These computers are called zombies or bots. The attacker uses these bots—which form a botnet—to deliver a coordinated stream of information requests to a target computer, causing it to crash.
denial of service attack
An attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function)
Espionage or Trespass
An unauthorized individual attempts to gain illegal access to organizational information
blockchain
An unchangeable system of record keeping that is seeing a growing use well beyond financial transactions. Data is copied on multiple servers or computers and encrypted into blocks, which are then linked by hashes to previous blocks. This allows the system to reject any non-valid transactions.
Theft of Equipment or Information
Computing and storage devices (powerful with vastly increased storage) are becoming smaller and as a result easier to be stolen.
supercomputer in your pocket
Current smartphones and tablets contain more computing power than many of the formerly known supercomputers, which used to fill an entire room
Sabotage or Vandalism
Deliberate acts that involve defacing an organization's Web site, potentially damaging the organization's image and causing its customers to lose faith
identity theft
Deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime
Deliberate Threats to Information Systems
Espionage or trespass Information extortion Sabotage or vandalism Theft of equipment or information Identity theft Compromises to intellectual property Software attacks Alien software Supervisory control and data acquisition (SCADA) attacks Cyberterrorism and cyberwarfare
consensus
Everyone (or a Regulator) must validate and approve the new transaction/block
Gartner Magic Quadrant
Get quick view about a market's competing technology providers and how they are competitively positioned
vision as the new interface
Glasses, headsets and eye-tracking devices can become "intelligent" with eyes and vision being connected to the internet and other devices Direct access to internet applications and data through vision, can enhance, mediate or completely augment an individual's experiences to provide immersive reality With emerging eye-tracking technologies, devices can feed information through visual interfaces, and eyes can be the source for interacting with and responding to the information.
public key cryptography (pkc)
Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key, and only the owner can access it. The sender encrypts the information using the receiver's public key. The receiver decrypts the message using his/her private key. For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender's public key to decrypt it. Thus, the receiver knows who sent it.
2-way selection
IF expression is true, statement1 is executed; otherwise (else), statement2 is executed
Cyberterrorism and Cyberwarfare
Malicious acts in which attackers use a target's computer systems, particularly via the Internet, to cause physical, real-world harm or severe disruption, often to carry out a political agenda
smart cities
Many cities will connect services, utilities and roads to the internet Progressive cities, such as Singapore and Barcelona, are already implementing many new data-driven services, including intelligent parking solutions, smart trash collection and intelligent lighting
immutable
Once a transaction is recorded into a block, a block can't be changed nor deleted
flowchart symbols
Ovals: start/end Parallelogram: input/output Rectangles: processes Diamonds: decisions (true or false) Arrows: connector (shows relationship between representative shapes)
Spear Phishing Attack
Phishing attacks target large groups of people. In spear phishing attacks, attack the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will obtain sensitive, personal information
information security controls
Physical Controls Access Controls Communication Controls
Physical Controls
Prevent unauthorized individuals from gaining access to a company's facilities. Common physical controls include walls, doors, fencing, gates, locks, badges, guards, and alarm systems
Software Attacks
Remote Attacks Requiring User Action -Virus -Worm -Phishing Attack -Spear Phishing Attack Remote Attacks Needing No User Action -Denial of Service Attack. -Distributed Denial of Service Attack Attacks by a Programmer Developing a System -Trojan Horse -Back Door -Logic Bomb
Access Controls
Restrict unauthorized individuals from using information resources and involve two major functions: 1. authentication (confirms the identity of the person requiring access) -Something the user is: also known as biometrics, examines a person's innate physical characteristics (e.g., fingerprint scans, palm scans, retina scans, iris recognition, and facial recognition). -Something the user has: regular identification (ID) cards, smart ID cards, and tokens. -Something the user does: includes voice and signature recognition. -Something the user knows: includes passwords and passphrases 2. authorization: Determines which actions, rights, or privileges the person has, based on his or her verified identity
Supervisory Control and Data Acquisition (SCADA) Attacks
SCADA systems are used to monitor or to control chemical, physical, and transport processes such as those used in oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants
worm
Segment of computer code that performs malicious actions and will replicate, or spread, by itself (without requiring another computer program).
virus
Segment of computer code that performs malicious actions by attaching to another computer program.
Trojan horse
Software programs that hide in other computer programs and reveal their designed behavior only when they are activated.
solving a problem with programming
Step 1: Analyze the problem -Outline the problem and its requirements -Understand the problem requirements: Does the program require user interaction? Does the program manipulate data? What type of data? What is the expected output? -Design steps (algorithm) to solve the problem- if complex problem should be divided Step 2: Implement the algorithm -Code the algorithm in the programming language of choice -Verify that the algorithm works: use sample data that covers all possibilities, make it fool's proof (test for errors) Step 3: Maintain the program
Clean technology
Technology that is not polluting, associated with environmental sustainability •Alternate energy sources: solar, wind, etc. •Fuel cells •Smart grid : Architecture, sensors, software, middleware, interface, etc. •Smart meters: Monitoring, comparing, optimizing.
crossing the chasm
The chasm is a gap between visionary early adopters and the pragmatic majority. Crossing the chasm requires securing a specific niche.
hash functions
These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.
intelligent sensors and wireless sensor networks
Typical Examples: •Cell Phones and Mobile Networking. •Bridges & structural monitoring-seismic measurements/simulations. •Wide-range motion tracking system for augmented reality applications. •Gait analysis for athletics, neurological exams, knee replacements, cardio-vascular health, etc. •Hand gesture recognition(with acceleration sensing glove) in medical virtual reality (VR) surgery didactic and training applications. •Inventory & status check on factory floors. •Monitoring & control of refrigeration in grocery stores. •Oil-field pipeline equipment and measurement-while-drilling surveying system. •Inertial navigation/global position system for control feedback in driverless agricultural equipment. Drive-through automobile service stations- check fluids & servicing needs while refueling or washing vehicle
back door
Typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures (also called a trap door).
blockchain vs bitcoin
Unlike the bitcoin application which is open, public and anonymous making its security and trust questionable - blockchain for business is private, permission and running on smart contracts -blockchain is a methodology and bitcoin is an application
secured
Uses cryptography to process digital transactions or verifiable digital signature
Gartner Hype Cycle
a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities: technology trigger peak of inflated expectations trough of disillusionment slope of enlightenment plateau of productivity (expectations vs. time)
information security
all of the processes and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction
machine learning systems
artificial intelligence systems that learn from data -optical character recognition: printed, handwritten characters are recognized automatically based on previous examples -face recognition -topic identification: categorize news articles as to whether they're ab politics, sports, etc. -fraud detection (credit card transactions) -customer segmentation: identify which customers may respond positively to a certain promotion
blockchain in retail- supply chain
blockchain holds history of food items processed through entire supply chain -you can find out exactly where food as been before you buy it -Benefits: increased trust, pinpoint source of compromised food (reduce recalls), improved coordination in food supply chain
alien software
clandestine software that is installed on your computer through duplicitous methods ―Adware Software that causes pop-up advertisements to appear on your screen. ―Spyware Software that collects personal information about users without their consent.
Cryptography
converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without unauthorized entities decoding it back into a readable format
user interface
dialogue between the user and the computer triggers the inference engine to match the problem symptoms with the knowledge contained in the knowledge base and then generate advice
the components of expert systems
knowledge base, inference engine, and user interface.
3D Printing (healthcare)
lower costs and easier access -new cast designs -print out organs from CT scan to better prep for surgeries -enlarge organs (esp in pediatrics) to see more detail
blockchain technology
provides the basis for a dynamic distributed and shared ledger that can be applied to save time when recording transactions between parties, remove costs associated with intermediaries, and reduce risks of fraud and tampering -distributed, consensus, secured, immutable, provenance
communication controls
secure the movement of data across networks •Firewalls- a system that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network. •Anti-malware Systems- software packages that attempt to identify and eliminate viruses and worms, and other malicious software. •Encryption- the process of converting an original message into a form that cannot be read by anyone except the intended receiver
security
the degree of protection against criminal activity, danger, damage, and/or loss
blockchain in the diamond industry
track diamonds across supply chain from mine to retail through shared ledger for storing digital certification with supporting material -Benefits: protect against fraud, theft, trafficking and black markets; identify and reduce synthetic stone being labelled as authentic; increase speed of transparency for cross border transactions for insurance companies, banks, and claimants
phishing attack
use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages.
Robotics and automation
•Advances in artificial intelligence and soft computing techniques (artificial neural networks, fuzzy logic, genetic algorithms, etc.,) will permit robots and advanced machines to better deal with chaos and uncertainty. •Intelligent sensors, actuators and signal processing will provide robots and machines with unprecedented capabilities and accuracies. •Advances in wireless sensor networks and system of systems technologies will allow robots and machines to work in teams to accomplish higher level tasks
implantable technologies
•Providing communications, location and behavior monitoring, and health functions •Pacemakers and cochlear implants were just the beginning •New devices will be able to sense the parameters of diseases, enable individuals to take action, send data to monitoring centers, or potentially release healing medicines automatically
intelligent cars and smart highways
•Safety Critical Systems ( e.g. Anti-Lock Braking Systems). •Electronic Stability Control. •Rollover Prevention. •Autonomous Predictive Cruise Control. •Intelligent Speed Adaptation. •Lane-change assist. •Child safety seats to prime airbags based on the child's weight. •Drowsy driver detection & prevention. •Drunk driver detection & prevention. Integrated Safety Management
tele-health (wireless healthcare monitoring)
•Wearable sensors for monitoring vital body signals •Wireless interface for data transfer to PC, cell-phone, doctors office with real-time indication of any abnormal behavior and recommended action •Kiosks with real-time capability to monitor vital body signs and interact with individual as well as doctor's office •Provide real-time vital body signs information to coaches in deciding whether to leave a player in or pull him out (e.g. basketball, football, boxing and other endurance sports). Wirelessly monitor condition of vehicles (tire pressure, engine heat, rpm, etc.,) to determine servicing schedule
basic guidelines for passwords
•difficult to guess •long rather than short •should have uppercase letters, lowercase letters, numbers, and special characters •not recognizable words •not the name of anything or anyone familiar, such as family names or names of pets •not a recognizable string of numbers, such as a Social Security number or a birthday
provenance
Blocks must show connection to (fingerprint of) prior block, keeping a trail