BTE Exam 2
Software Attack (deliberate threats)
Remote attack needing user action -Virus -Worm -Phishing -Spear phishing attack Remote attack without user action -Denial-of-Service (DoS) attack -Distributed DoS (DDoS) attack Attacks by programmers -Trojan horse -Back door or trap door -Logic bomb
Cookies
Small files stored on a computer containing information about visited websites. (Tracking these e.g. AT&T, Verizon)
Unintentional Threats
Social engineering& Human Errors: -Carelessness with portable computing devices olaptops, smartphones, USB flash drives -Opening questionable e-mails, clicking on links or attachments -Careless internet surfing (look for HTTPs) -Weak password selection and use -Carelessness with one's office Most dangerous departments: -Human Resources personnel -Information System personnel Other areas of threats in the business: -Janitors, guards, contract labor, and consultants
Artificial Intelligence (AI)
Subfield of Computer Science which deals with building intelligent machines, agents or systems, which simulate intelligent living beings (human) behavior. -These systems should be able to solve problems and evolve by themselves. -Creating an intelligent agent that perceives the environment and makes decisions to maximize chances of achieving its goal. -first used by John McCarthy in 1956
Tangible Intangible
The assets in networks of individuals and organizations can be: ____________: house, products, cash ____________: mortgage, services, online music/video
expert systems
The main difference is that ________ ___________ are rule based systems which utilize a predefined data set created by 'subject matter experts' while machine learning (ML) are based on statistical modeling of data and constantly self updating of the model.
object code
The output of the compiler after it translates the program into machine language
Profiling
The process of forming a digital dossier
Privacy
The right to be left alone and to be free of unreasonable personal intrusions.
Information Privacy
The right to determine when, and to what extent, information about you can be gathered and/or communicated to others.
human intelligence
The ultimate goal of AI is to mimic ________ ______________ Signs of intelligence such as: -Learning -Understanding from prior experience to respond quickly to new situations -Making sense of ambiguous or contradictory messages (e.g. sarcasm, jokes) -Ability to change behavior or response, with new knowledge
Hash Functions
These are different from SKC and PKC. They use no key and are also called one-way encryption. -are mainly used to ensure that a file has remained unchanged.
Risk Acceptance Risk limitation Risk transference
Three strategies to risk management:
database
Transactions are recorded (write) in the
open market (auction) closed market (supply chain)
Transactions could happen in:
Risk transference
Transfer the risk by using other means to compensate for the loss, such as purchasing insurance
Logic Flow
Two-way selection syntax: -IF expression is true, statement1 is executed; otherwise (else), statement2 is executed -statement1 and statement2 are any C++ statements
Unintentional (Human Error/ Social Engineering) Deliberate
Type of Threats (2)
Virtual private networking (VPN)
Use logins and encryption to establish secured, private connection on a public network (the Internet) -Encrypted tunnel of communication. -Provides online privacy and anonymity by creating a private network from a public Internet connection. -mask the Internet protocol (IP) address so your online actions are virtually untraceable. -a private network that uses a public network (usually the Internet) to connect users -integrate the global connectivity of the Internet with the security of a private network and thereby extend the reach of the organization's networks. -called this because they have no separate physical existence (What happens when the employees want to access a database, critical to the business, from a remote location? Now the data is being transferred over shared devices and cables or send over the open air. Encryption is required, thus a this Network comes into play)
DDoS attack (Distributed DoS)
Used to hacked computers (zombies) to perform DoS attack. Ex. Botnet
alpha beta
________ and ________ testing are important testing phases for success of any software release. Both these testing techniques have saved thousands of dollars to large scale software releases for companies like Apple, Google and Microsoft.
Applied
____________AI is far more common -systems designed to intelligently trade stocks and shares, or maneuver an autonomous vehicle would fall into this category.
Generalized
______________ AIs - systems or devices which can in theory handle any task - are less common, but this is where some of the most exciting advancements are happening today. -It has led to the development of Machine Learning, a subset of AI.
Engagement Factor
a feature that would help increase the probability that users will continue using the App and even suggest it to friends.
Hot Sites
a fully configured computer facility with all of the company's services, communications links, and physical plant operations. -duplicates computing resources, peripherals, telephone systems, applications, and workstations. -reduce risk to the greatest extent, but they are the most expensive option.
Syntax
a programs language rules
conditional statement
a statement with a hypothesis followed by a conclusion. -"If this happens, then that will happen." The hypothesis is the first, or "if," part of this statement. -perform different computations or actions depending on whether a programmer-specified condition evaluates to true or false
Copyright
a statutory grant that provides the creators or owners of intellectual property with ownership of the property, also for a designated period.
algorithm
a step-by-step problem-solving process -A solution is achieved in a finite amount of time
Reinforcement Learning
a type of Machine Learning, and thereby also a branch of Artificial Intelligence. It allows machines and software agents to automatically determine the ideal behaviour within a specific context, in order to maximize its performance.
Whitelisting
allows acceptable software to run -a process in which a company identifies the soft ware that it will allow to run on its computers and permits acceptable soft ware to run, and it either prevents any other soft ware from running or lets new soft ware run only in a quarantined environment until the company can verify its validity.
Blacklisting
allows everything to run unless it is on the blacklist -includes certain types of software that are not allowed to run in the company environment.
Back door (trap door)
allows unauthorized access to the program or system, bypassing security measures
Something the user is
also known as biometrics, is an authentication method that examines a person's innate physical characteristics (e.g., fingerprint scans, palm scans, retina scans, iris recognition, and facial recognition).
Responsive web design
an approach to web design that makes web pages render well on a variety of devices and window or screen sizes.
execution error (different from compiler error)
an error which only manifests itself when a program is run rather than when its source code is translated
Trade Secret
an intellectual work, such as a business plan, that is a company secret and is not based on public information.
Patent
an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
Threat
any danger to which a system may be exposed (to an information resource)
applications (computer programs)
are created through programming languages to control the behavior and output of a machine through accurate algorithms, similar to the human communication process. Examples: Python, C++, Java
IDEs
are very user friendly -Compiler identifies the syntax errors and also suggests how to correct them -A library of resources is typically included as well -Build or Rebuild is a simple command that links the object code with the resources used from the IDE
Virus
attach to a host computer -require an active host program or an already-infected and active operating system in order to run, cause damage and infect other executable files or documents
PROVENANCE
blockchain technology: Blocks must show connection to (fingerprint of) prior block, keeping a trail
IMMUTABLE
blockchain technology: Once a transaction is recorded into a block, a block can't be changed nor deleted
CONCENSUS
blockchain technology: Everyone (or a Regulator) must validate and approve the new transaction/block
SECURED
blockchain technology: Uses cryptography to process digital transactions or verifiable digital signature
DISTRIBUTED
blockchain technology: -It is a _____________ digital ledger technology -Ledger keeps records of transaction, value, and ownership of assets -Copies of recording (ledger) are kept in different databases/nodes
Readability
code is properly and consistently formatted and uses clear, meaningful names for functions and variables
Spyware
collects personal information about users without their consent Keystroke loggers: record keystrokes and Web browsing history Screen scrapers: record a continuous "movie" of activities on a screen
linker
combines object code of this program with other programs in the library to create executable code
Data Aggregators
companies that collect public data such as real estate records and published telephone numbers in addition to nonpublic information -such as Social Security numbers; financial data; and police, criminal, and motor vehicle records.
Authentication
confirms the identity of the person requiring access. Use something the user... oIS: Biometrics is a person's innate physical characteristics oHAS: ID cards, smart ID cards, and tokens oDOES: Voice, signature, and gait recognition oKNOWS: password and passphrase
infinite loop
continues to execute endlessly (expression never false)
Cryptography
converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without unauthorized entities decoding it back into a readable format
Spamware
create a launchpad for sending out spam emails
App Prototyping
creating a model of the App, before going through development. FluidUI is an example of an App prototyping tool.
Industrial espionage
crosses the legal boundary oExample: SONY, Google IP (Espionage or Trespass)
Digital Dossier
data integrated from data gathered about you in a typical day (surveillance cameras located on toll roads, on other roadways, in busy intersections, in public places, and at work; credit card transactions; telephone calls (landline and cellular); banking transactions; queries to search engines; and government records (including police records).
Authorization
determines which actions, rights, or privileges the person has, based on his or her verifi ed identity.
Trojan horse
disguised as an innocent program
Logic bomb
dormant until activated at a certain date and time
Compiler
guarantees that the program follows the rules of the language -Does not guarantee that the program will run correctly -identifies the syntax errors and also suggests how to correct them -Check that the program obeys the language rules (syntax) -Translate the program into machine language (object code)
Two-Way Selection
if (expression) statement1; else statement2;
variable declarations
instructs the system to allocate memory space and name it length -a statement such as "double length;"
Privacy Concerns
involve collecting, storing, and disseminating information about individuals. -issues involve collecting, storing, and disseminating information about individuals.
Security Concerns
involve security measurements -issues revolve around security measurements taken to protect the person the data refers to.
Accuracy Concerns
involve the authenticity and fidelity of information that is collected and processed
Property Concerns
involve the ownership and value of information
Breach
involves the unauthorized viewing, access or retrieval of data (of an information resources)
Natural language processing (NLP)
is a branch of artificial intelligence that helps computers understand, interpret and manipulate human language, like speech and text.
User Interface (UI)
is a broad term for any system, either physical or software based, that allows a user to connect with a given technology. -Many different kinds of these come with various devices (e.g. a remote controller) and software programs (e.g. iOS). -Many of them have some basic similarities, although each one is unique in key ways. -Ex: graphical user interface (GUI)
Program Documentation
is a comprehensive information on the capabilities, design details, features, and limitations of a systems or application software.
Cryptocurrency
is a digital currency that uses cryptography for security measures. -Each user has both public and individual private keys. -Operates independently of a central bank.
Usability testing
is a form of User Acceptance testing.
Permission marketing
is a marketing technique that allows consumers to receive marketing and other promotional offers upon their consent rather than being pushed to them.
Crowdfunding
is a method of raising capital in small amounts from a large group of people using the Internet and social media. oThe money raised through this doesn't necessarily buy the lender a share oThere is no guarantee that it will be repaid even if the venture is successful oIndividuals are asked to make micro-investments or donations to causes and ventures they believe in, thus allowing the work to be completed
Programming
is a process of problem solving
Ledger
is a system of records for a business -transactions are always recorded in this -in the selling organization, a transaction removes assets from this -in the buying organization, a transaction adds assets onto the this -every organization keeps their own respective ____________
Cognitive Computing
is about elevating AI to a reasoning level.
Machine learning
is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed. - focuses on the development of computer programs that can access data and use it learn for themselves. -enables analysis of massive quantities of data. -It is only as valuable as the data used.
programming language
is an artificial formalism in which algorithms can be expressed. -a computer language engineered to create a standard form of commands. -These commands can be interpreted into a code understood by a machine. -It is a set of rules (syntax), symbols, and special words.
Something the user knows
is an authentication mechanism that includes passwords and passphrases.
Something the user has
is an authentication mechanism that includes regular identifi cation (ID) cards, smart ID cards, and tokens.
Something the user does
is an authentication mechanism that includes voice and signature recognition.
Opt Out
is an option for unsubscribing or leaving membership from a website, blog, group or any other online subscribed service.
Blockchain
is an unchangeable system of recordkeeping that is seeing a growing use well beyond financial transactions. -Data is copied on multiple servers or computers and encrypted into blocks, which are then linked by hashes to previous blocks. -This allows the system to reject any non-valid transactions.
Malicious software (malware)
is any software that brings harm to a computer system
Opt-In
is bulk email that a consumer can choose to receive. -a form of requested email based on consumer needs, hobbies or other special interests. -can be delivered through a website the consumer visits to shop for merchandise. -The site may contain the option to receive future sales or product information. -In this instance, the consumer provides their address to the website and requests emails about the specified content.
Viability (feasibility) study
is conducted to answer questions such as: -Is the project doable from a technical? -Will the App work from an operational perspective? -What are the opportunities and threats? -What is the competitive environment? This last question could be answered by searching the App stores for Apps with similar functionality and promise to customers; e.g. see what's popular on application stores.
Alpha Testing
is simulated or actual operational testing by potential users/customers or an independent test team at the developers' site. -is often employed for off-the-shelf software as a form of internal acceptance testing, before the software goes to beta testing.
Prototyping
is the act of creating a model of a product so that it can be tested by users before you expend valuable development time on creating the actual product. -encompass everything from simple sketches of the product interface right through to dynamic interactive computer models of the product and stopping at wireframes on the way as an interim prototype.
Artificial Intelligence
is the broader concept of machines being able to carry out tasks in a way that we would consider "smart". -refers to putting together different algorithms and making inferences.
Usability
is the degree of ease with which products such as software and Web applications can be used to achieve required goals effectively and efficiently. o assesses the level of difficulty involved in using a user interface. o if it is good, it means it is easy to learn and efficient and satisfying to use.
Identity Theft
is the deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime. Can do this through: -Phishing oStealing from databases oSocial engineering
Decryption
is the process of transforming encrypted information so that it is legible again.
Encryption
is the process of transforming information so it is unintelligible to anyone but the intended recipient. -Converting an original message into a form that can only be read by the intended receiver -Public key encryption (asymmetric encryption) -Digital Certificate
Source code
is the set of instructions and statements, written by a programmer, which determines what the program does. (Step 1 C++)
Competitive intelligence
legal information gathering (Espionage or Trespass)
App creation
oApp Description oCompany Report -Business Model Canvas (BMC) oApp Prototype Design: -Create click-through flow on paper -Design Mock up prototype (FluidUI.com) oWebsite Development (wix.com) oStart a Kickstarter Project, including video (kickstarter.com) -Pitch the App idea to an investor
Personal Data Record Keepers
oEmployers, Government, oMedical Offices, Hospitals oCredit Reporting Agencies, Banks and Financial Institutions, Retailers oUtility Companies, Schools oSocial Media Companies
Information Extortion
occurs when an attacker either threatens to steal, or actually steals, information from a company. -An attacker demands payment for not stealing the information, for returning stolen information, or for not to disclose the information stolen from a company Ex. Ransomware
Espionage or Trespass
occurs when an unauthorized individual attempts to gain illegal access to organizational information. Individual attempts to gain illegal access to organizational information -Competitive intelligence -Industrial espionage
Physical Controls
prevent unauthorized individuals from gaining access to a company's facilities. -Walls -Doors -Fencing -Gates -Locks -Badges -Guards -Alarm systems
User Experience (UX)
primarily studies the behavior, feelings, perceptions, reactions, emotions and other psychological constraints that may occur with a computer or computing enabled device or application. -is the core of human computer interaction technologies. -facilitates and enables the development of computer systems that are centered on ease of use and accessibility for a human user.
Warm Site
provides many of the same services and options as the hot site. -it typically does not include the actual applications the company needs -includes computing equipment such as servers, but it often does not include user workstations.
Cold Site
provides only rudimentary services and facilities, such as a building or a room with heating, air conditioning, and humidity control -This type of site provides no computer hardware or user workstations -reduce risk the least, but they are the least expensive option.
Blockchain technology
provides the basis for a dynamic distributed and shared ledger that can be applied to save time when recording transactions between parties, remove costs associated with intermediaries, and reduce risks of fraud and tampering.
Business Continuity Plan
purpose is to provide guidance to people who keep the business operating after a disaster occurs.
Machine Learning
refers to basically taking data and data streams looking for patterns and adapting to what the algorithms are learning over time -is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves.
Access Controls
restrict unauthorized individuals from using information resources and involve two major functions: authentication and authorization.
Accessibility Concerns
revolve around who should have access to information and whether a fee should be paid for this access
Dumpster Diving
rummaging through commercial or residential trash to find discarded information.
Communication Controls (called network controls)
secure the movement of data across networks and consist of firewalls, anti-malware systems, whitelisting and blacklisting, encryption, virtual private networks (VPNs), secure socket layer (SSL), and employee monitoring systems. -Protect the movement of data across networks
Public-private Key
sender encrypts the info using receivers public key anyone can access, receiver decrypts the message using his her her own private key...vice versa too 1.The sender encrypts the information using the receiver's public key. 2.The receiver decrypts the message using his/her private key. -For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender's public key to decrypt it. Thus, the receiver knows who sent it
Functions
should be kept simple and small blocks of code
Comments
should explain clearly what function that part of the source code should be accomplishing, what is the input and expected output oin C++ a // indicates that a comment follows
Proper programming style
significantly reduces maintenance costs and increases the lifetime and functionality of software.
Flowchart
the Solution to a Problem
Business Continuity
the chain of events linking planning to protection and recovery
Vulnerability
the possibility that the system will suffer harm by a threat (of an information resource)
Intellectual Property
the property created by individuals or corporations that is protected under trade secret, patent, and copyright laws.
Supervised machine learning
these algorithms can apply what has been learned in the past to new data using labeled and classified examples to predict future events. -Starting from the analysis of a known training dataset, the learning algorithm produces an inferred function to make predictions about the output values.
Unsupervised machine learning
these algorithms explore the data and can draw inferences from datasets to describe hidden structures from data that has not been classified nor labeled.
SCADA attacks (Supervisory control and data acquisition)
these systems control chemical, physical, or transport processes -Oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants Ex. Cyberterrorism/cyberwarfare
output statement
this statement instructs the system to display results
assignment statement
this statement instructs the system to evaluate the expression "length * width" and store the result in the memory space "area"
Indentation
used to clearly define sections and flow of functions
Integrated Development Environment (IDE)
used to develop programs in a high-level language -Programs such as mathematical functions are available -The library contains prewritten code you can use -A linker combines object code of this program with other programs in the library to create executable code
Electronic Surveillance
using technology to monitor individuals as they go about their daily routines, -conducted by employers, governments, and other institutions. -Examples: Surveillance cameras in airports, subways, banks, and other public venues, smartphones create geotags, Google street view images
Machine Learning
was coined by Arthur Samuel in 1959. At that time he worked for IBM.
Beta Testing
- testing carried out by real users in real environments. -this is a testing stage followed by internal full alpha test cycle. -This is the final testing phase where companies release the software for few external user groups outside the company test teams or employees. -This initial software version is called as _____ version. -Most companies gather user feedback in this release.
BITCOIN
-A blockchain application -Anonymity is important -Anyone can participate -Transactions are viewable by all members of the network -Based on Public-Private Keys -A cryptocurrency -Based on Proof of Work -A decentralized clearing system -A decentralized system of payments -A decentralized currency open, public and anonymous making its security and trust questionable
Kickstarter
-A crowd-funding website where you give money to a company, artist, filmmaker, game developer, etc. to fund their project. Every ___________ project should have the following: oA project page with a video and description that clearly explain the story behind your project oRewards the backers will receive when the project is completed oUpdates that share the creative journey as the project comes to life oMake a compelling video oConsider adding captions and subtitles
BLOCKCHAIN
-A methodology -Identity of members is known -Permissioned network -Transactions are secret or Permission viewing -Virtual Signature -Handles many types of assets -Selective endorsement business is private, permissioned and running on smart contracts.
Secure Socket Layer (Transport Layer Security - TLS)
-An encryption standard for secure transactions such as credit card purchases and online banking -Verisign
Website Development
-Any App should have a dedicated website, as a promotion tool oWhen people look for App information, they don't go to the app stores at once, more likely they search in the browser. -It offers a respectable front to pure click company (humanizes it) -It allows user to provide feedback and even suggestions -It allows to better educate the users on the app features -All App websites need minimum a Landing page (Home) from where users can get a quick idea of the app and download it -Other suggested pages: oAbout Us, Contact Us, In the News, FAQ, Partners -Responsive Design should be a consideration to fit many devices
Cyberterrorism/cyberwarfare
-Attack via the Internet to use a target's computer systems to cause physical, real-world harm -Usually to carry out a political agenda Ex. Stuxnet Worm
Social Engineering
-Attacker uses social skills to trick a legitimate employee into providing confidential company information such as passwords -Techniques: Tailgating, shoulder surfing, Facebook befriending (unintentional threat)
Bitcoin
-Based on Blockchain methodology -An unregulated international shadow-currency -Units in that system - bitcoins -Created as a decentralized digital currency exchange system to exchange digital currency without the banks as intermediaries, while keeping (pseudo) anonymity -Resource intensive (requires Proof of Work Consensus) -Created in 2008 after the Global Financial crisis
Remote attack without user action
-Denial-of-Service (DoS) attack -Distributed DoS (DDoS) attack
Business Continuity Planning
-Disaster Recovery Plan -Business Continuity -Business Continuity Plan
Deliberate Threats
-Espionage or Trespass -Information extortion -Theft of equipment or information -Identity theft -Sabotage or vandalism -Compromises to intellectual property -Supervisory control and data acquisition (SCADA) attacks -Cyberterrorism and cyberwarfare -Software attacks (malware) -Alien software
Revenue Streams (R$)
-For what value are our customers really willing to pay? -For what do they currently pay? -How are they currently paying? -How would they prefer to pay? -How much does each Revenue Stream contribute to overall revenues?
Customer Segments (CS)
-For whom are we creating value? -Who are our most important customers? -Mass Market -Niche Market -Market segmentation -Diversification -Multi-sided Platform
Blockchain
-It is a distributed database leveraging distributed processing -Multiple parties (peer) share it by keeping an identical copy -Transactions are recorded (write) in the database -Each new record (write) to the database is a Block -Transactions/Blocks are processed one at a time, no new transaction/block is committed until the prior one is approved -All participants must give approval to the new recording = new Block -New Block is concatenated with prior Block by using a cryptographic hash (like a fingerprint of predecessor Block) -Every recording uses private cryptographic key or digital signature -The process is repeated over and over creating a ...
Alien software (or postwar)
-Programs installed on a computer without user's consent or knowledge -Use up valuable system resources and may report user activities back to the creator -not designed to disrupt system functioning nor to steal data from files EX: oCookies oAdware oSpyware - Keystroke loggers or Screen scrapers Spamware
Company Report (for Proposed App)
-Technical Viability (How doable) -Business Viability (how will it generate revenue?) -Originality (New ideas or improved idea) -User's Data (Collection, Marketability, Privacy/security) -User Interface Design (appealing, Simple but with substances) oUsability (ease of use) oUsability Testing (ease of use) -Engagement Factor: (Engaging, Motivating, Challenging) oSocial Media Integration oLoyalty oGamification
while loop (repetition)
-The expression provides an entry condition to the loop -The statement (body of the loop) continues to execute until the expression is no longer true
Channels (CH)
-Through which Channels do our Customer Segments want to be reached? -How are we reaching them now? -How are our Channels integrated? -Which ones work best? -Which ones are most cost-efficient? -How are we integrating them with customer routines? CHANNEL PHASES: -Awareness oHow do we raise awareness about our company's products and services? -Evaluation oHow do we help customers evaluate our organization's Value Proposition? -Purchase oHow do we allow customers to purchase specific products and services? -Delivery oHow do we deliver a Value Proposition to customers? -After sales oHow do we provide post-purchase customer support?
Factors Contributing to Vulnerability
-Today's interconnected (IoT), interdependent, wirelessly networked business environment -Management support has not increased as quickly as threats --Low security awareness among employees -Smaller computers (laptops, smartphones) and storage devices -Decreasing skills necessary to be a computer hacker --New and easier tools make it very easy to attack the network --Attacks are becoming increasingly sophisticated -Lack of skilled personnel to protect information -International organized crime taking over cybercrime
Attacks by programmers
-Trojan horse -Back door or trap door -Logic bomb (malware)
Remote attack needing user action
-Virus -Worm -Phishing attack -Spear phishing attack
Key Activities (KA)
-What Key Activities do our Value Propositions require? -Our Distribution Channels? -Customer Relationships? -Revenue streams? CATEGORIES -Production -Problem Solving -Platform/Network
Key Resources (KR)
-What Key Resources do our Value Propositions require? -Our Distribution Channels?--Customer Relationships? -Revenue Streams? TYPES OF RESOURCES -Physical -Intellectual (brand patents, copyrights, data) -Human -Financial
Cost Structure (C$)
-What are the most important costs inherent in our business model? -Which Key Resources are most expensive? -Which Key Activities are most expensive? IS YOUR BUSINESS MORE: Cost Driven (leanest cost structure, low price value proposition, maximum automation, extensive outsourcing) -Value Driven (focused on value creation, premium value proposition) SAMPLE CHARACTERISTICS: -Fixed Costs (salaries, rents, utilities) -Variable costs -Economies of scale -Economies of scope
Customer Relationships (CR)
-What type of relationship does each of our Customer Segments expect us to establish and maintain with them? -Which ones have we established? -How are they integrated with the rest of our business model? -How costly are they? EXAMPLES -Personal assistance -Dedicated Personal Assistance -Self-Service -Automated Services -Communities -Co-creation
Value Propositions (VP)
-What value do we deliver to the customer? -Which one of our customer's problems are we helping to solve? -What bundles of products and services are we offering to each Customer Segment? -Which customer needs are we satisfying? CHARACTERISTICS -Newness -Performance -Customization -Design Price -Accessibility -Convenience/Usability
Key Partners (KP)
-Who are our Key Partners? -Who are our key suppliers? -Which Key Resources are we acquiring from partners?-Which Key Activities do partners perform? MOTIVATIONS FOR PARTNERSHIPS: -Optimization and economy -Reduction of risk and uncertainty -Acquisition of particular resources and activities
Worm
-a standalone malware computer program that replicates itself in order to spread to other computers -uses a computer network to spread itself, relying on security failures on the target computer to access it.
Sabotage and Vandalism
-deliberate acts that involve defacing an organization's Web site, potentially damaging the organization's image and causing its customers to lose faith. -Occurs when an intruder maliciously alters a Web page by inserting or substituting provocative and frequently offending data oExample: Syrian Electronic Army defaces Forbes Magazine website, Feb 2014
Blockchain
-is an emerging technology that can radically improve banking, supply chain, and other transaction networks and can create new opportunities for innovation. -can reduce friction between organizations, increase trust through immutability of data and the use of smart contracts, and save time by making parties more efficient.
Information Security Controls
-physical controls -access controls -communication controls -business continuity plan
Awareness Evaluation Purchase Delivery After sales
5 CHANNEL PHASES
Business Transactions
A transaction always happens between, at least, two organizations -Buyer and seller, no business operates in isolation
Machine Learning Natural Language Processing Robotics Vision
AI Subfields:
Risk Acceptance
Accept the potential risk, continue operating with no controls, and absorb any damages that occur
Careless Internet surfing
Accessing questionable Web sites; can result in malware and/or alien software being introduced into the organization's network.
new Block
All participants must give approval to the new recording = -it is concatenated with prior Block by using a cryptographic hash (like a fingerprint of predecessor Block)
alexa and siri
Allowing scientists to embed the technology into objects around us, whether or not they have a screen: AI infused virtual assistants - _________ __________ Relating sensing and responding with emotion
Bitcoin
An unregulated international shadow-currency -Created as a decentralized digital currency exchange system to exchange digital currency without the banks as intermediaries, while keeping (pseudo) anonymity -A decentralized clearing system -A decentralized system of payments -A decentralized currency
Programming Steps
Analyze the problem using these steps: Step 1: Outline the problem Step 2: Understand the problem requirements -Does program require user interaction? -Does program manipulate data? -What is the expected output? Step 3: If complex, divide the problem into sub-problems -Treat each sub-problem independently and follow same steps to program Check the correctness of algorithm -Test the algorithm using sample data Once the algorithm is designed and correctness is verified -Write the equivalent code in high-level language Enter the program using a text editor Run code through the compiler If compiler generates errors: -Look at code and remove errors -Run code again through compiler If there are no syntax errors -Compiler generates equivalent machine code Link machine code with the system's resources -Performed by the linker Once compiled and linked, the loader can place program into main memory for execution The final step is to execute the program
ledgers
Ancient History of __________ -Mesopotamia clearing system -Public Ledger 'written in stone'! Every transaction documented in a stone -Everybody could verify it -Transactions are not reversible -Hard to commit fraud
applied general
Artificial Intelligences - devices designed to act intelligently - are often classified into one of two fundamental groups:
learn from data
Artificial intelligence systems that ______ ________ _________. Examples are: -Optical character recognition -Face recognition -Fraud detection -Customer segmentation -Topic identification
DoS attack (Denial-of-Service)
Bombarding and crashing a target computer with bogus requests
key partners key activities, key resources cost structure value propositions customer relationships customer segments revenue streams
Business Model Canvas component
Contracts
Businesses agree on ____________, which set conditions of transactions
networks of individuals and organizations
Businesses contain many examples of these that collaborate to create value and wealth -These networks work together in markets that exchange assets--tangible(house, product, cash) or intangible (mortgage, services, online music/video)-- in the form of goods and services between the participants.
Topic identification
Categorize news articles as to whether they are about politics, sports, entertainment, and so on.
Poor password selection and use
Choosing and using weak passwords (see strong passwords in the "Authentication" section)
public nonpublic
Companies collect ________ and __________ data and integrate them (profiling) to produce electronic description of you and your habits (digital dossiers).
Trade Secret Patent Copyright
Compromises to Intellectual Property (3)
Theft of Equipment or Information
Computing devices and storage devices are becoming smaller yet more powerful with vastly increased storage and as a result these devices are becoming easier to steal and easier for attackers to use to steal information. -Smaller equipment are easier to steal -Larger storage means more information lost Ex. Dumpster diving
initiator supporters mediator
Crowdfunding involves three main entities: -the __________, who proposes their thoughts to the public; -the __________ of the idea or project, who actually help the initiator by raising money; and -the __________, who brings the two parties together and acts as their communication channel (kickstarter.com)
Adware
Display pop-up advertisements on computer screens
Block
Each new record (write) to the database is a
Firewalls (packet filter)
Enforces access-control policy to prevent certain information from moving between untrusted and private networks -a system that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network. -software which monitors network traffic and connection attempts into and out of a network or computer and determines whether or not to allow it to pass. -Depending on the sophistication, this can be limited to simple IP/port combinations or do full content-aware scans. -can be thought of as a screen that categorically filters out potentially harmful data.
Public Key Cryptography (PKC) (asymmetric encryption)
Here two keys are used: -public key: anyone can access -private key: only the owner can access it 1.The sender encrypts the information using the receiver's public key. 2.The receiver decrypts the message using his/her private key. -For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender's public key to decrypt it. Thus, the receiver knows who sent it
Business Continuity strategies
Hot Sites Warm Site Cold Site
Machine Learning Algorithms
How well the program is trained makes the difference in the outcome. -Supervised -Unsupervised -Reinforcement
CONVERSATIONAL
Human-Computer Interaction shifts from command base, on-screen interaction to __________________, giving computers the ability to interact with us in a more natural way.
Anti-malware systems (AV)
Identify and eliminate malicious software (viruses and worms, and other malicious programs) -finds programs/files/software/etc that might compromise your computer, either by being executable or by exploiting a vulnerability in the program normally supposed to process them (Rootkits, trojans, or other types of malware) -detects these kinds of harmful programs that are already installed on your computer or about to be installed -performs various protective measures (based on the security settings in this software) such as quarantine, permanent removal, fix, etc -looks for potentially harmful files that are downloaded from the internet or attached to an email and notifies/removes it to protect your computer.
Fraud detection
Identify credit card transactions that may be fraudulent.
Face recognition
Identify faces in images.
Customer segmentation
Identify which customers may respond positively to a particular promotion.
Risk management
Identify, control, and minimize the impact of threats
Phishing
Impersonating a trusted organization in an electronic communication
Risk mitigation
Implement controls and develop recovery plan
you
In App websites, What _______ want: - Strong app branding in the upper left corner - Demonstration of value app brings (via video/screenshots) - Engagement with customer base (via twitter/contact email) - Multiple, prominent Calls to Action (download/buy this app!)
users
In App websites, what ________ want: - Bullet points of what your app will do for them (or their readers, in the case of bloggers/journalists) - Video demo - Screenshots - Social proof (via twitter feed) that shows others find the app useful - Bios that prove you're human (serious business) - Contact info for press inquiries or support - Ease navigation within the website
Production Problem Solving Platform/Network
Key Activities CATEGORIES
Physical Intellectual Human Financial
Key Resources (KR): 4 TYPES OF RESOURCES
Carelessness with one's office
Leaving desks and filing cabinets unlocked when employees go home at night; not logging off the company network when leaving the office for any extended period of time.
Risk limitation
Limit the risk by implementing controls that minimize the impact of threat
Carelessness with mobile devices
Losing laptops, smartphones, leaving them in taxis, etc, not having security controls installed on them.
oCarelessness with computing devices
Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization's network.
Employee monitoring systems
Monitor employees' computers, e-mail, and Internet activities
bigger potential exposure
More data being collected about customers, represents ________ _________ ____________ -The more data that needs to be protected the more money might be required for Information Technology - bigger servers to handle encrypting an decrypting data very fast, more money on the encryption software, bigger databases, etc.
Opening questionable e-mails
Opening e-mails from someone unknown, or clicking on links embedded in e-mails (phishing and spear-phishing attack).
Spear phishing attack
Phishing attack on specific target
Optical character recognition
Printed, handwritten characters are recognized automatically based on previous examples.
Communications Controls
Protect the movement of data across networks -Firewalls -Whitelisting and Blacklisting -Anti-malware systems (AV)
Information Security
Protecting organization's information resources from unauthorized access, use, disclosure, disruption, modification, or destruction
