MIST 2090 part A final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

decentralization (4 conditions for using the crowd for estimation purposes)

the people making the guesses should be able to draw on their private, local knowledge

clear outcomes

the people who worked on Linux knew what the end result of their work would be (directly and indirectly)

aggregation (4 conditions for using the crowd for estimation purposes)

there must be some way of aggregating the guesses into a single collective guess (by taking the average)

conventional technical approaches to security include...

- MFA - monitoring & anomoly detection - software updates

ways to organize the crowd

- formal hierarchies - markets - self-organizing structures

characteristics of effective self-organizing structures (like Linux)

- openness - noncredentialism - verifiable & reversible conditions - clear outcomes - self-organization - geeky leadership

compare a database to a spreadsheet

Although they're very powerful and useful, spreadsheets are generally not the best tool to store large or complicated sets of data advantages of using a database model: - redundant data - data access - data security - big data

primary key

For each entity, we list attributes (properties) that we want to store values for, one of which is called the _____ an attribute that can have a unique value for every instance (record) that you store in a table (ex: SSN, student ID number)

ox weight example

In a contest where people bought tickets to guess the weight of an ox, the average guess of the crowd was one pound off from the real weight of the ox. This is an example of leveraging the knowledge of the crowd.

cryptocurrencies & BTC technology

It is essential that blockchain technology NOT follow the free/perfect/instant economics of information goods. Blockchain acts as a distributed / decentralized ledger system that logs transactions. It is considered secure because you can't make free copies of bitcoins or use the same one over and over. The distributed database enables the security and effectiveness of the system, which is entirely due to the crowd. There is tension between the fact that bitcoin is a digital good (which typically follows free/perfect/instant), while blockchain prevents you from using free copies of bitcoin. Blockchain is how bitcoin is linked to the crowd.

openness

Linus made his initial request for contributions as broad as possible - anyone could help

geeky leadership

Linus was engaged and informed about the work

role of good management of future companies / how to lead effectively"

Managers provide social skills of coordination, negotiation, persuasion, and social perceptiveness. This is more relative today because the world is complex and fast-changing, and coordination is more important today than ever before. In addition, humans are social creatures and want to work together. Most of us don't find algorithms persuasive; we need a good story or anecdote. How to lead effectively in this age includes egalitarianism (especially of ideas) and transparency of information.

shortfalls of the conventional technical approach

Skilled hackers prefer social engineering attacks over brute force attacks (it is easier to fool a human than a machine) Biometric authentication and MFA prevent attacks from outsiders but not from rogue insiders - insider threats include both negligence and malice - motives for malicious attacks include financial gain and revenge Conventional technical approaches to IT security risks overemphasize identifiable risks and underemphasize insider threats & social engineering attacks

The relationship between transaction cost economics and self-organizing (why might companies be considered passe?)

TCE - hierarchical model might be more costly than the market model b/c technology decreases transaction costs self-organizing models - hierarchical model might be more costly b/c there are ways to organize production & labor that require very little capital at all

problems arising from the non-hierarchical / messy crowd

The crowd is not organized / focused on solving problems, presenting 2 difficult problems: - it can be hard to find what you're looking for in an ocean of uncontrolled information (the core can curate information, but there's just too much in the crowd) - some of its members behave in hurtful ways (the core can evict bad actors, but that's hard to do on the web) Effective solutions will probably leverage machine learning AI technologies (ex: Reddit website)

relational database model

The organization scheme chosen for a database is called its logical data model; the most popular set of standard rules for database organization is known as the _____ components include entities, relationships, and attributes

when/why outsiders can be more effective than experts...

When things get really complex, don't look to the experts. Instead, call in the outsiders to help with complex, multidisciplinary tasks with objective evaluations as to the potential solutions . New knowledge is being created in other fields and it is slow to enter the core; many problems, opportunities, and projects benefit from different perspectives, people, and teams.

formal hierarchies (ways to organize the crowd)

a boss tells everyone how to focus their resources (ex: labor) in exchange for money

foreign key

a foreign key in one table is always the primary key in another table

what is the difference between a hot and cold backup site?

a hot site - fully operational & instantaneously usable replica of the firm's mission-critical IT assets (very costly) a cold site - the opposite extreme; inexpensive but very slow to start up and resume business operations

redundant data (advantages of using a database over a spreadsheet)

a relational model with primary & foreign keys allows you to avoid storing redundant data in a single table (such as on a spreadsheet)

data security (advantages of using a database over a spreadsheet)

an administrator can grant each user a different level of access ensuring that confidential info is not accessed by unauthorized parties

organizational security frameworks

an organization's suite of security controls, made up of many entities, protection mechanisms, processes, and procedures

database

an organized collection of data, at the heart of most all useful information systems (search engines, ATM/credit transactions, TPS, personal info management tools) Databases are an important component in making any technology work successfully.

define a management information system

an organized integration of hardware and software technologies, data, processes, and human elements designed to produce timely, integrated, relevant, accurate, and useful information for decision-making purposes

technical (logical) security controls

authentication, encryption, firewalls, biometrics, etc

what areas are there "best practices" for security control?

continuity planning & disaster recovery employees / HR data management

verifiable & reversible contributions

contributors can't irreversibly break or worsen the software - it is democratic in nature

self-organizing structures (ways to organize the crowd)

create an environment where anybody can pitch in that is open, doesn't require credentials, people can choose what they work on, etc

entities (components of the relational database model)

data is stored in one or more tables corresponding to entities (things & concepts for which you wish to store data in the database) - tables consist of records which correspond to rows in the tables - records store data on a single instance of an entity - a record consists of one or more fields (attributes)

big data (advantages of using a database over a spreadsheet)

databases can handle larger datasets more effectively

noncredentialism

diplomas, job titles, recommendation letters, experience, grades, etc, don't matter - if your work is good, there aren't requirements or barriers to helping

the core

dominant organizations, institutions, groups, and processes of the pre-Internet era

relationships (components of the relational database model)

entities are connected through relationships 3 choices for relationships between 2 entities include: 1:1 1:m m:m

attributes (components of the relational database model)

fields are often referred to as attributes and correspond to columns of the tables

markets (ways to organize the crowd)

focus the crowd's info resources, let people freely transact with each other without centralized control

what should the core rely on the crowd for?

get work done find the right resource conduct market research acquire new customers acquire innovation trading AVOID products for which safety and quality is paramount (and the consequences of potential missteps involve very high stakes)

The "stories" behind the hacking methods illustrated in the in-class video

https://www.youtube.com/watch?v=bjYhmX_OUQQ

when using the crowd for estimation purposes, what 4 conditions must be met?

independence diversity decentralization aggregation

monitoring & anomaly detection (conventional technical approaches to security)

intrusion detection and intrusion prevention ex: flagged account after numerous failed login attempts & blocked access to critical systems from international IP addresses

diversity (4 conditions for using the crowd for estimation purposes)

it is important to have a diverse set of guesses (ex: farmers, butchers, livestock experts, housewives, etc) and therefore have a wide distribution of backgrounds to avoid systematic error / bias

physical security controls

locks, monitoring, mantraps (can't open both doors @ same time), environmental controls

(data) integrity

maintaining and assuring the accuracy & reliability of the information and systems over its lifecycle - accidental or unintentional modifications to data cannot occur undetected - integrity threats include data entry error (undercharging) and incorrect modifications of data - safety measures include access/change controls and audit trails

data access (advantages of using a database over a spreadsheet)

multiple users can query a single database simultaneously

the crowd

new participants and practices enabled by the net and its attendant technologies

self-organization

people decided for themselves which aspects of Linux to work on

administrative security controls

policies, standards, procedures, guidelines, personnel screening, training

AIC triad`

represents the heart of information security (also referred to as the CIA Triad), 3 concepts commonly applied to all info systems and often forms the basis of security policies, rules of corporate governance, etc AVAILABILITY INTEGRITY CONFIDENTIALITY

employees / HR (best practices for security control)

rotation of duties mandatory vacations split knowledge (separation of duties concept) dual control (2 or more people perform the same action) strict procedure for employee termination

software updates (conventional technical approaches to security)

routine patching of newly-discovered vulnerabilities

security controls

the following controls should be utilized to achieve security management directives: - administrative - technical (logical) - physical

confidentiality

the property that info is not disclosed or otherwise made available to unauthorized individuals, entities, or processes - not the same as privacy; confidentiality is a component of privacy that is specific to unauthorized viewers of information - confidentiality threats include shoulder surfing and social engineering - safety measures include access controls and encryption of data (at rest, in transit)

database management system (DBMS)

the software application that lets you create and work with a database

continuity planning & disaster recovery (best practices for security control)

the tactical plan for quickly resuming your firm's business operations after a catastrophe (aka an attack against availability) typically relies on backup sites (hot vs cold)

independence (4 conditions for using the crowd for estimation purposes)

the various guesses must be independent of one another; each person must guess without the knowledge of what other people have guessed

data management (best practices for security control)

unlink sensitive data from other data to minimize the damage if it is stolen systems with sensitive data should be walled off from the other systems in the data environment anonymize sensitive data if you only need aggregates for analytics initiatives encrypt data both in transit and in storage so that it is unreadable if it does fall into the wrong hands

MFA (conventional technical approaches to security)

uses something you know (a password), something you have (an ATM card), and something you are (your fingerprint)

1:1 relationship

when an instance of 1 entity can have a relationship with 1 (and only 1) instance of the other entity

1:m relationship

when an instance of the first entity can have a relationship with 1 or more instances of the second entity, but instances of the second entity can be related to only 1 instance of the first

m:m relationship

when instances of each entity can be related to 1 or more instances of the other entity


Ensembles d'études connexes

Quantitative reasoning chapter 1

View Set

Korean: Present Tense (Various Types) 현재시제 총정리

View Set

Elsevier Adaptive Quizzing: Sexuality

View Set

Africa and Australia/Ocean Fun Facts

View Set

Modules 7-12, Culinary Chemistry Exam 2!!

View Set

Human Anatomy chapters 3,4,5,6,9

View Set

Chapter 16 Working with macOS and Linux

View Set

Chapter 13 - EES 1050 - Groundwater

View Set

Chapter 8: Review Questions and Exercises

View Set