ISM3004 Study Guide Exam 3

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

What is meant by the term, Digital Workplace?

The digital workplace program is a business strategy to boost employee engagement and ability through a more consumerized work environment.

Cost of CryptoWall to organizations who are compromised by it

The downtime caused by data not being accessible

What is employee engagement?

The emotional commitment an employee has to the organization and its goals.

What does the French phrase La Fin du monde have to do with AI?

The end of the world. What impact will AI have on us as individuals, orgs, society at large. Some people think it will be the end of the world.

Multi-factor authentication

The idea that there's something that you know

Key length impact on security and performance

The longer the key, the more secure

Who are "script kiddies"? What characterizes their methods and motivation?

The more immature but dangerous people in the internet Methods- exploit well known vulnerabilities using publicly available tools Motivation • Enhanced reputation • thrills

Organizations spend most of their IT Security dollars protecting _____________

The network borders of their organization

What is the real cost of Cryptowall to organizations who are compromised by it?

The real cost is not the ransom, it is the downtime caused by data not being accessible and IT overtime hours to fix things, and sometimes whole departments sitting on their hands.

Malvertising

The use of online advertising to spread malware

What to Trojans rely on?

The user to make a mistake of trusting the malware to operate

How do Trojans fool a user into executing them

They exploit human vulnerabilities

What is Gartner's opinion of AI's likely impact over the next 5 years?

Thru 2022, few jobs are fully replaceable, but most occupations will have at least some activities augmented by AI.

Why do IP thieves typically steal it?

To SELL it.

Risk assessment - what is the purpose?

To know how much to spend to protect assets.

Why do businesses put sensors on things?

To take care of our things. To keep track of our things like GPS, something getting too hot.

One use case of VR

Training and Simulation: military exercise training, practice without being in the real world

Where are the head-mounted displays on the hype cycle

Trough of Disillusionment

Where are Head-mounted displays on hype cycle?

Trough of disillusionment. 5-10 yrs. for performing tasks hands free.

Steps of Virtual Assistant workflow

UI (request) Processing of natural language Handling (decision tree, context) Feedback (speaks back) Exception Handling (refer to human agent)

How common is engagement among US workers? Worldwide?

US 33% Globally 15% UK 8% France - 3%

The FBI noted that these groups who have previously targeted what types of US sites?

US financial sectors

One business related use for smart garments

UV sensors for employees who work outdoors to help protect against UV exposure

Risky Behavior - two types o What are they?

Uninformed people • Don't know they are doing something dangerous potentially harmful Negligence • Know that behavior is risky but just don't care • End result is the same- harm to the person/organization

Human vulnterabilities

Uninformed risky behavior Social Engineering

Prive key

Unlocks encrypted data and only recipients can have it

Fastest and cheapest information security

User education training

Reading: How to Stop Gullible Employees: What's the fastest and cheapest bang for your buck when it comes to information security?

User education training to counteract those threats.

User passwords are yet another technological vulnerability. What is the root cause of our problems with user passwords?

Users don't like to change their passwords Users like passwords that are easy to remember

How is a VPA different from a VEA?

VEAs are owned and controlled by the organization; VPAs are owned and controlled by the employee.

Which of the technologies below could make meetings better by taking notes for us and assigning to-do items to attendees, among other helpful tasks?

VPA

What is the alleged benefit to workers of RPA Systems?

VPA - Virtual Personal Assistant can free us up from routine tasks. Smart Workplaces - smart conferences rooms. BYOD and BYOA can use our favorite tools to complete tasks.

What is VEA

Virtual Employee Assistant -A VEA is owned by the company, controlled by the company, but used by the employee. It's company's software.

VEA

Virtual Employee Assistant: Owned by company and used by employee

What is VPA?

Virtual Personal Assistant. Conversational UI Perform Tasks -Research -Interface with productivity apps Something YOU own. Outside of an org.

VPA

Virtual Personal Assistant: Free us up from routine tasks, employee owned

VR vs AR

Virtual Reality separates us from actual reality and surrounds us with virtual 3D environment Augmented Reality shows actual world and virtually superimposes enhancing the real world

What is VR

Virtual Reality. Takes us away from reality. it surrounds us with a simulated virtual computer generated 3D environment. Isolates us from physical reality. Presents us with only the digital world.

Viruses

Virus hides itself in host file Host file executed on new computer

What endpoint changes in recent years affect telecommunications?

Voice-only Telephone. Limited Video. Video conferences. Content Centric. Web conferences. Video first: High quality video conferences. ENDPOINT changes: -Mobile First -Better networks. -HD Video.

Three types of Security testing

Vulnerability scan Penetration Testing Disaster Recovery testing

The Legos Metaphor

We all use the same legos, but differ in the ability to create things with those legos

What is Principle of Least Privilege?

We have a business technology with the purpose of doing work. Give me the access that I need to do my job, nothing more. User given no more privilege than necessary to perform the job.

Risk posed by fraudulent mobile apps:

We use these devices for high stakes activities; high level of popularity of mobile banking apps has led to unauthorized banking apps written by cybercriminals, predonminately an Android problem.

How does a website visitor's computer also become compromised?

We visit compromised sites, click on a link and let the malware in; CAN HAPPEN AT LEGITIMATE WEBSITE. Cyber criminals compromise website, loads malware on there, and thousands become victims before it's detected.

Why are default password a potential security problem?

Weak. Easily guessable. Doesn't change network identifier.

Three Vulnerabilities in Websites

Web servers Web browsers Plug-ins

Compromised Websites - What vulnerabilities are exploited?

Web servers, browsers & plug-ins

Shoulder Surfing

What is it? • Looking over shoulder • Confidential data • Mobile devices How do attackers use it? • Get data

Dumpster Diving

What kinds of information might an attacker get from an organization's dumpster? • "gold mine information" • pre attack research • paper information • phone lists • printouts What kinds of things in those "gold mines" actually contain the desired information? • Passwords • Media- CD-Rs DVDs tapes etc.

Equipment Disposal

What's the risk involved in getting rid of an obsolete copy machine? • Hard drives inside of the machine that store copies of everything you copy or print out Roughly how large was Affinity Healthcare's fine for a breach that came from improper equipment disposal? • $1.2 million

How do viruses and host files relate?

When you become infected with a computer virus, it starts executing in your computer's memory/processor and then its going to go looking through your hard drive for files it can infect, once it finds a program, it inserts a piece of itself in there. the program will run normally as allows but now has the virus integrated in its DNA. Hopes that you will share this file. Program with a colleague. when you execute it, they will get the virus! And the virus starts its whole process over again. REALLY BAD WITH SHARED FILES SYSTEMS IN COMPANIES.

What is Ransomware?

When you execute the malware, it immediately installs on your machine and encrypts all your files with a password; sends message demanding money and giving instructions and passwords - great reason to have data backups.

What is a gig economy?

With remote work with all these technologies, a lot of people are saying, you know what I don't want to go work for The Man, I want to work for myself. I want to be a freelancer.

Why is mobile a cornerstone of the Digital Workplace

Work is no longer a place that you go and endpoints become diverse

Explain why mobile is a cornerstone of the Digital Workplace.

Work: no longer a place to go. 14% decreased in deskbound workers from 2016-2019. One in three workers will soon be mobile workers. Endpoint Diversity: -Average knowledge worker used 3 devices for work purposes in 2016 -They will employ 5 devices for work purposes by 2020!

Are insiders a serious threat?

Yes, because 70% of incidents involve insiders.

What is a Process Hacker?

You are able to look at a work situation and come up with a novel way to bring together different tools to improve work, to make things better, faster, and easier for people to use.

Why is digital dexterity important for an individual employee? ...for an organization?

You will thrive, be in high-demand, be happier at work. By 2020, the greatest source of competitive advantage for 30% of organizations will come from the workforce's ability to creatively exploit digital technologies. Disruption. Tumult and treasure.

What are Drive-by Downloads?

Your machine can be infected simply by visiting a page, you don't have to click on anything; no interaction, just open and BAM.

Gig Economy

a new technology enabled model for organizing work and enables people to work for themselves. Makes freelancers more relevant.

Zombie

a program that secretly takes over another computer for the purpose of launching attacks on other computers

Organizations spend most of their IT security dollars protecting _________________________.

castle walls. These are corporate sites.

Organizations spend most of their IT security dollars protecting ______. Mobile devices are largely unprotected because they spend much time _______.

castle walls; outside the walls

Gartner says that approximately 40% of enterprise ______________ has been inadvertently leaked onto Facebook through employees' mobile devices

contact information

App Savant (New role for the Dextrous)

first person to find out about new applications, learn how to use it faster than anyone, and come up with great ideas about how they can be used in your organization

DBAN

free program that wipes hard drive so no one can use it

App Wrapping

lets you take an app and add a security layer without damaging the look or the functionality of the app

2014: FBI cybercrime unit warned of potential offensive cyber attacks from ____________

middle east

Moore's Law

number of transistors on chip doubles every 2 years

Be able to explain why mobile is a cornerstone of the Digital Workplace.

o Consumerized work environment o 14% decrease in deskbound o 1/3 workers will soon be mobile workers o 3 devices: 2016 o 5 devices: 2020

What is the source of most malicious hacking?

o Cyber crime o Large groups

Two reasons to secure data

o Data asset o Competitive advantage etc o Privacy regulations o Information systems

Two reasons to secure data

o Data is an assest o Privacy regulations

CyberWarfare- What is it?

o Involves the action of a nationstate or international organization to attack or damage another nation's computers/ networks

Some people think that the attackers are "just kids" showing off their tech skills. True?'

o Its just some geek showing off- just kids yes in the old day nowadays its big drivers

CyberWarfare- What's the threat?

o Key terrain of the battlefield o Cyber terrorism o Greatest national security threat to the united states

Describe the characteristics of modern cybercrime syndicates

o Large groups- professional o Money - Underground economy o Effective - Russian crime ring- 1.2 billion login credential

Hacktivists - what characteristics typify hacktivist groups?

o Loose configurations of individuals o Dedicated to political activism- who seek fame on behalf of their political cause o Wants to be notice to bring about political change

Hacktivists - what characteristics typify hacktivist groups?

o Lose confederation, groups o Dedicated to political activism o Seek publicity and fame

What overall strategies do they use to accomplish their goals?

o Monetary pain o Embarrass victim- damage victim o Seek public support

What strategies do they use to accomplish their goals?

o Monetary pain to victims to force change o Embarrass victim o Seek public support

What are the real drivers behind modern cyber-attacks?

o Money o power

Additional reasons to secure information systems themselves, in addition to their data

o Need security o Private information

In IP theft, one is often facing a "determined human adversary." What characterizes this type of opponent?

o Not deterred by early failures o Repeated attacks o Variety of techniques o Significant resources from sponsors

Mobile and BYOD

o Organizations spend most of their IT security dollars protecting corporate site itself- castle walls. Mobile devices are largely unprotected because they spend much time outside the castle walls- data direct from mobile devices- the cloud

Describe the characteristics of modern cybercrime syndicates

o Organized groups, money (underground economy) o professional

How do Trojans fool a user into executing them?

o Social engineering, hidden threat, no need for vulnerabilities o Links in email, attachments, wed, USB flash

Why do IP thieves typically steal it?

o Steal and sell

What does it mean to be "vulnerable"? (dictionary definition used repeatedly...)

o To be susceptible to attack or harm o To be hopeless- physical, technological human vulnerabilities o Has layers of vulnerability o Data o Intellectual property o Business procedures o Reputation o Corporate survival

What are digital identities and why protect them?

o Use to access information o Money around o Hackers want these

What is a "zero day exploit"?

o Very day vulnerability exposed to the world, known because of the bad guys using it to break into systems- instant

According to PWC's Global State of Information Security Report...

o What is the annual growth rate for security incidents? 66% o Approximately how many attacks reported per day? 120,000 attacks

Mobile Device Management

remotely controls smart phones and tablets, ensuring data security

Gartner thinks that ____________ has the greatest growth potential of any wearable device technology. Where is that technology on the Hype Cycle right now?

smart garments innovation trigger

Where are Smart Garments on the Hype Cycle?

the innovation trigger

What's the goal of encryption?

to make sure data can only be read by authorized parties or at least until the info is no longer useful to an authorized user.

What is Malvertising?

use of online advertising to spread malware. Involves injecting malware laden advertisement into legitimate online advertisement network.

Lost mobile devices

• 5% of smartphones lost each year. • About 60% had sensitive data... and most of those were NOT protected at all!

Social Engineering - What is it?

• A process by which an outside exploits an naive insider • Clever manipulation of the natural human tendency to trust

Flash drives - Ponemon Institute study about lost flash drives

• As a rule of thumb, each data record lost costs a company about $200 • 70% of companies surveyed suffered loss of sensitive/confidential information

Social Engineering - How is it done? What steps does an attacker take to exploit this vulnerability?

• Baby steps • Research your victim, ask for help- plausible requests for the right people mentioning the right names • Act as the CFO- social engineering etc

Why are "default passwords" a potential security problem?

• Built into hardware or software

What can an attacker do with a bug?

• Can be exploited • Run undesired program code • Unauthorized data access • Gain full control • Passwords

Saudi Aramco was hacked-What damage was suffered?

• Everything happen on paper • Company stopped selling oil and started giving it away for free to keep it flowing through Saudi arabia

Beautiful Social Engineering Attack o How did the hacker gain the chemical engineer's confidence?

• Gave him free stuff and paid for his pitcher

What popular platform has been under heavy pressure due to repeated security issues, including numerous zero day exploits?

• Home depot- credit cards stolen

Stolen Veteran's Affairs laptop incident: what data was exposed? What was the impact?

• May 2006 laptop stolen • Exposure- name, SSN, birth date for 26.5 million people • Lawsuit settlement $20 million • Individual impact- ID theft

Beautiful Social Engineering Attack o What did the chemical engineer do that enabled the hacker to find him?

• Merry Christmas,' she says when she returns, placing on the bar an IBM coffee mug, T-shirt, mouse pad and 8-gig flash drive. The next morning at work, the coffee tastes extra rich in the new mug, the mouse moves so smoothly on the new pad, and with a new confidence, you push the thumb drive into your computer. • within seconds, the company's entire email network is compromised, and hackers begin work scraping messages, documents, attachments and images.

Insiders - Serious threat?

• Most use unsophisticated techniques- but is serious threat

Is it reasonable to expect that large software systems would be truly and totally bug-free? Why?

• No, people are fallible, make mistakes

o What's the trend in the ability of companies to deal with attacks over the last 6+ years?

• On the decline, busier attackers • Companies fooling themselves

Lost Laptops

• Percentage of laptops lost over their service life: 7%

What is a "bug"?

• Programming flaw or oversight

Servers - how are many small businesses at risk? How should they counter this risk?

• SMB- not out in the open • Alarm • Access control • Cloud includes servers too- • AICPA SOC 2 • Physical controls • Cloud extends insiders

Beautiful Social Engineering Attack o What method did the hacker use to gain access to the target company's entire email system?

• Social engineering

Saudi Aramco was hacked- How did the hackers get in?

• Someone opened an email link and the hackers were in

What are the three user password vulnerabilities? Why is each a problem?

• Sticky note- has password and username on there • Guessable • Lack of complexity

What are the root causes of problems with user passwords?

• US- we are the problem • Easily remembered • Resistance to change

What does Elon Musk think about AI?

"AI is the biggest risk that we face as a civilization

As a rule of thumb, each data record lost costs a company about $_____?

$200

Lost USB Flash Drives cna be a big problem if they contain confidential or sensitive information! Ponemon Institute says a good rule of thumn is that a company suffers a cost of roughly _____ for every data record lost.

$200

Explain the steps in the virtual assistant workflow:

-UI - your request - User Interface -Processing -Handling -Feedback -Exception Handling

Three reasons to secure data

1. It's the most valuable asset. 2. Privacy Regulations. 3. Systems can be hijacked.

How do cybercriminals make phishing emails look authentic?

1. They start by using a technique called SPOOFING - which is phishing email appearing to be from a legitimate sender, but it is not. You can easily do this by just altering who the email is from. 2. The graphics also look legit, they look legit because they are, they took them directly from the source - from the real site/URL. 3. With authentic graphics, even the links look legit - that's just text, it means nothing - need to find out what the real URL is and you can do that most times by just hovering over the link.

Why is engagement important?

17% more productive and 21% more profitable. Makes a big difference on the bottom line.

As a rule of thumb, each data record lost costs a company about $_____

200

Size of DDoS attacks

2003: 1 gbps 2012: 60 gbps 2014: 400 gbps

In 2014, nearly ___% of the URLs received via email are unsolicited malicious links.

25

In 2014, nearly _____% of the URLs received via email are unsolicited malicious links.

25%

Percentage of URLs received via email that are malicious links

25%

Explain the problem with Direct Data Flow with Gartner research data.

25% of all corporate data traffic can go directly from the mobile device to corporate provider. Huge amount of data flowing around the world without protection.

Stolen Veteran's Affairs laptop incident: what data was exposed? What was the impact?

26.5 million people, name birth, SS# Law suit settlement: $20 mill Individual impact - ID theft

How common is engagement among US workers? Worldwide?

33% - US 15% - Global

Percentage of US and Global engaged workers

33% and 15%

Explain the problem with Mobile Sync with Gartner research data.

40% of enterprise contact information will have leaked into Facebook such as customer information.

___% of smartphones lost each year.

5

Percentage of smartphones lost EACH YEAR?

5%

About _____% of lost smartphones had sensitive data?

60%

Percentage of growth in tech skills for non-IT jobs

60%

According to the latest data, about 5% of smartphones are lost each year. ____ of those phones had sensitive data. Of those that had sensitive data,_________________________

60% most had no protective measures for that data

Gartner analyzed 38 mil job postings over the last 4 years and found that there were a _______% growth in tech skills required for NON-IT jobs. Also, _______% of the CEO's that Gartner surveyed think digital dexterity should be a key requirement when hiring new employees.

60% 80%

About ___% had sensitive data... and most (%) of those were NOT protected at all!

60; 57

According to PWC's 2015 Global State of Information Security report, the number of information security incidents is growing at an annual rate of about _____.

65%

According to the PWC report, what is the annual growth rate for security incidents? ___%

66

According to the PWC report, what is the annual growth rate for security incidents?

66%

Percentage of laptops lost over their service life: ___%

7

Percentage of laptops lost over their service life?

7%

___% of companies surveyed suffered loss of sensitive/confidential information

70

What % of incidents involve insiders?

70%

_____% of companies surveyed suffered loss of sensitive/confidential information from lost flash drives?

70%

Gartner asked CEOs if digital dexterity is important. ____% of those CEOs want digital dexterity to be a key requirement for new hires

80%

Percentage of CEOs that think digital dexterity should be a key requirement

80%

2013: estimates that more than ___ of cyberespionage in US originated from china

90%

Are Robo Bosses unbiased?

A human has bias based on personal opinion. We are human. A computer doesn't have that.

Why can the supervisor job be automated?

A lot of things that a supervisor does is relatively routine.

How can the Gig Economy benefit employers?

A manager can quickly assemble a team of skilled, engaged, digital agile workers to work on a project. Once task is done, you can easily disman the team.

Spearphishing

A phishing scam where an attacker targets you more precisely by using pieces of your own personal information

What is a bug?

A programming flaw or oversight that can be exploited.

Why is engagement no the same as satisfaction?

A satisfied employee will show up but won't go the extra mile on their own

Phishing

A scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.

What is phishing and what its goal?

A scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.

Gartner believes that __________________ will be pervasive within the next 5 years because it improves usability and gives us access to vast amounts of data.

AI

What does Elon Musk think about AI?

AI is the biggest risk that we face as a civilization. AI will threaten ALL jobs.

Everyday AI

AI that will be subtle and we won't event realize it

This technology displays an image of the real world in front of you... with some virtual digital data superimposed on top of it.

AR

Digital Dexterity

Ability and desire of workforce to use tech for better outcomes

What is a New Media Mogul?

Able to use all different kinds of media to persuade and educate people your message.

What is ACL?

Access Control Lists

What is Shoulder Surfing?

Acquiring sensitive information just by looking over somebody's shoulder.

Bot

Allows cyber attacker to send commands to the bot that will execute commands from your computer

Reading: Beautiful Social Engineering Attack. What method did the hacker use to gain access to the target company's entire email system?

An 8GB flash drive.

You read this week about the biggest hack in history, which affected the Saudi Aramco oil company. Attackers manager to wipe and destroy 35,000 computers is just hours, leaving the huge oil company with better than 1970s technology to run their business. How did the hackers break into the company computer systems?

An IT employee clicked a bad link in a scam email

Reading: Biggest hack in history. How did hackers get in ?

An employee opened a bad email.

What is a Robo Boss?

Applying the task of supervision to the RPA's.

Four reasons why supervisor job can be automated

Approves time Schedule employees Resume Screening Performance Evaluations

What is AI?

Artificial Intelligence is a set of related technologies that seems to emulate human thinking and action. -Learn from experience. -Arrive at its own conclusion. -Appear to understand complex content. -Participate in natural language dialogues with people. -Enhance human cognitive performance -Replace people in executing routine tasks.

Implication #1 of Moore's law.

At a fixed price point, computers get much more powerful.

What is AR?

Augmented Reality. Real time addition of virtual world superimposed on the physical world. Enhances they physical environment by overlaying virtual data information on top of it.

How can VA's make meetings better?

BEFORE: -Making arrangements. -Decide if you should have a meeting. -Who should you invite -When you should have a meeting. DURING: -Take notes. -Create Tasks. AFTER: -Creates a transcript -Sends follow-up notes to people -reminder before deadlines.

Three elements of Disaster Recovery

Back up data Create a recovery site Have an acceptable recovery time

Malware

Bad software that is written by a cyber attacker It can disable software, disrupt operations and steal data

What is malware?

Bad software; disables computer systems, disrupts operations, stealing data - intended to do something harmful to you or your organization. Malware is software; must be executed to have an impact.

Explain the Legos metaphor.

Basically, we are all using the same tools. We've all got the same legos. The real question is who is better at building amazing things with those legos. The employee who can really build well with legos are going thrive. They will be in high-demand.

Tips for avoiding phishing scams:

Be careful of urgent email requests. Be very suspicious of requests for personal info. Check with the company - don't use phone number they give you in the email. Don't use links in an email. Just type those characters in the browser instead.

Three Tips for avoiding phishing scams

Be suspicious Call to check legitimacy Don't click on links, copy and paste in browser

How did Moore's Law help make the IoT possible?

Because for a fixed amount of computing power, computers become much cheaper over time.

Why do smart garments have the most potential of any wearable tech?

Because it can track activity, collect data, and can promote fitness and health

How can Virtual Assistants improve before, during and after a meeting

Before: Scheduling, who to invite, is a meeting necessary or not? During: Takes notes, recommend content After: Recognize and create tasks for individuals, send transcripts of meeting, sends reminders

What is a Virus?

Behaves like a biological virus - hides itself inside a host file, could be any sort of file.

Erik Brynjolfsson

Believes AI is a boost of mental power and it will be a boost to humanity like physical power was

What impact does Erik Brynjolfsson think AI will have on society?

Book: The Second Machine Age. They are allowing us to blow past previous limitations taking us into new territory. We are running WITH machines, combining our strengths with the machine's strengths to achieve otherwise impossible heights. "A vast and unprecedented boost to mental power should be a great boost to humanity, just as the earlier boost to physical power (train) clearly was."

Robo-Boss

Bringing together AI and applied to the task of supervision instead of center workers

What is CEO Fraud? How does it work?

Business email compromise. Sophisticated swindle and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

Digital Workplace

Business strategy to boost employee engagement and agility through a more consumerized work environment

Digital Workplace

Business strategy to boost employee engagement through consumerized work environment

Reading: Beautiful Social Engineering Attack. How did the hacker gain the chemical engineer's confidence?

By talking to him.

What can a public key do and who should have it?

Can ONLY encrypt. Can give to anybody.

What is Penetration Testing?

Can be done externally or internally. Authorized a group of people to pretend they are hackers and attempt to break into your network by whatever means they see necessary. Test all barriers.

Public key

Can only encrypt data and anyone can have it

Three reasons why do businesses put sensors on things?

Cheap data collection Image recognition Near field communications

Smart Contract

Code within a transaction that takes actions based on conditions

How does Smart Contract work?

Codes within a transaction. Takes actions based on conditions. Runs as long as it has money.

CyberWarfare- Who's vulnerable to these attacks? (WW2 B-17 raid...)

Companies and governments And any small business organizations

What is a Zombie?

Computer that a remote attacker has accessed and set up to forward transmissions - including spam and viruses - to other computers on the internet.

Types of systems targeted by malware:

Computers - Windows, Mac, Linux, mobile devices.

What risk must be considered when disposing of obsolete equipment?

Computers and copy machines at risk due to their hard drives.

What is the level Actively Disengaged?

Consistently negative. Vocal Create toxic environment.

What are containers.

Create a container within the mobile device, all the corporate data is on the inside of the container, protected from external attack and also secures the employee's personal data.

How does CERT define the term Insider?

Current or former employee, contractor, or other partner that has or had authorized access and intentionally misused that access against the organization.

What is the impact of a DoS - Denial of Service - attack?

Customers will get frustrated and shop somewhere else. Server will crash. Cannot handle the volume.

What is the source of most malicious hacking?

Cyber crime syndicates.

What is the source of most malicious hacking?

Cyber-crime syndicates

Disaster Recovery DR - What are the elements of a disaster recovery plan?

Data protected with good backup systems. Business Continuance. Ensure business can continue operations even if main data center goes up in flames. DR site - have a backup Disaster Recovery site for when main site goes down, acceptable recovery time.

Disaster Recovery (DR) - What are the elements of a disaster recovery plan?

Data, business continuance, DR site, acceptable recovery time

Explain how they use the two methods below to achieve their goals:

Denial of Service • Overwhelm servers with so many requests for service, deny service for users • Amazon servers crash Information Exposure • Expose sensitive data

Distributed Denial of Service - DDoS - how does this differ from a normal DoS attack?

Denial of service but the attack comes from every direction simultaneously; it's distributed.

What is a Vulnerability Scan?

Device within the company that will scan every computer on corporate network testing for broad range of vulnerabilities. If it detects any, it will then report them back to IT staff so that they can be repaired. Repeat until fixed. Goal is informative - how are we doing? Reaffirm success in building secure environment.

_______________ is a business strategy that achieves its goals through the use of a more consumerized work environment.

Digital Workplace

What is a Bitcoin?

Digital currency. Decentralized Secure and confidential

According to Gartner Research, by 2020, _______ will be the greatest source of competitive advantage for 30% of organizations.

Digital dexterity

________________ is the ability and desire of the workforce to use existing and emerging technology for better business outcomes.

Digital dexterity

What is key-based cryptograhy?

Digital key, which is much like a physical key, used to encrypt data/make cipher text which is unreadable without appropriate digital key. these keys can be lost or stolen, Key Management System.

Bitcoin

Digital, decentralized currency that is secure and confidential

Two examples of mobile/BYOD technical risk are listed below. For each one, be able to explain the problem, using a piece of Gartner research data to support your argument.

Direct data flow • The cloud • Data direct from mobile devices Mobile sync • Corporate contact info to Facebook • Loss of control over corporate contact info

2 examples of mobile/BYOD technical risks are:

Direct data flow. Mobile Sync.

Blockchain

Distributed ledger system that enables trusted transactions in untrusted environments

What is Blockchain?

Distributed ledger system. Enables trusted transactions in UNTRUSTED environment.

Why do Blockchain systems have distributed ledgers?

Distributed ledgers enables trusted transactions in an untrusted environment.

Why might employees like the Gig Economy?

Don't have to work for The Man anymore. Freelance Work for yourself, only on projects you care about. Enjoy a fantastic work life balance that you control.

Gold Mine of Information

Dumpster Diving

____________ is a "gold mine of information" that is incredibly useful during pre-attack research. The attacker can get documents like lists of phone numbers or account names, printed emails, or maybe even passwords.

Dumpster diving

The article suggests that CEO fraud works because __________ is inherently insecure.

EMAIL

How can orgs address the ever-increasing security threats to their mobile devices?

EMM: Enterprise Mobility Management Containers App Wrapping

What are the root causes of problems with user passwords?

Easily remembered. Resistant to change.

Example of AI affecting Office Suit software

Editing in Microsoft Word

How is email used to distribute malware?

Email is ubiquitous - its everywhere, everyone uses it, and everyone uses it a LOT, multiple distribution methodologies. Send malware as an attachment or a link to a website, excellent high speed distribution tool, large threat.

Employee Engagement

Emotional commitment an employee has to the organization and its goals

How is Public Key Encryption used?

Encrypt credit card information in online purchases and ensures email authenticity

Two steps to protect mobile devices

Encryption Mobile Device Management

Why is encryption used with Blockchain distributed ledgers?

Encryption locks them down, so they cannot be changed. They are welded together digitally.

Based on this week's lecture content, what term would you use to describe an employee who is involved and enthusiastic about her work, who has a real emotional connection to the company and its mission, and chooses to voluntarily commit her time and energy to advance the organization's objectives?

Engaged

Three Levels of Engagement

Engaged (involed and enthusiastic in work) Not engaged (do bare minimum required) Actively disengaged (toxic to work environment)

What is Engagement Profit Chain?

Engaged employees equals better service, productivity, quality equals equals increased sales, higher profits, and shareholder benefits.

Enryption

Ensures a message is only readable to intended recipient until it is no longer useful to an unauthorized reader

What is EMM?

Enterprise Mobility Management. Mobile App security. Mobile threat defense. User education.

EMM

Enterprise mobility management - manage apps installed so they're protected, no malicious apps

How do viruses propagate?

Even if it doesn't have any obvious negative payload, it can still be a problem - it could introduce instability into your computer system, it's not designed to be there and can cause problems, inserts a copy of the program, infects other files

What is a zero day exploit?

Everyday vulnerability becomes known to the world, because bad guys are using it to break into other people's systems. A hole in the software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it.

Conversational Interface

Evolution of VPA that uses natural language and is context aware

Ransomware

Execute malware immediately, encrypts everything with a password, all files can disappear

Some people think that the attackers are just kids showing off their tech skills. True?

FALSE

Gartner on AI in 5 years

Few jobs will be replaceable, but majority will have some activities augmented by AI

What is Gartner's advice to business leaders regarding wearables?

Few wearable devices have solutions that will improve enterprise efficiency and lower net costs. IT leaders must differentiate among many types of wearables to determine the right opportunites for investment. We should evaluate wearable devices for specific targeted roles. They are not broadly generally, they will not broadly improve society or costs, but if we're wise, we can find ways to invest now to learn so we're ready when technology becomes mature.

Explain one example of a Smart Garment.

Fitness and Health - detecting your heartrate, breathing, motion data, temperature, ultraviolet lights, radiation. Safety officers of industrial companies should look at the ways that smart garments could protect workers on shop floors - biometric data for stress, etc.

Why does Gartner believe that AI will be so pervasive within the next 5 years?

Five years ago, we struggled to find 10 AI-based business applications. In five years, we will struggle to find 10 that are not.

Implication #2 of Moore's Law.

For a fixed amount of power, computers will become much cheaper.

What is DBAN? How does it help with information security?

Free program that will repeatedly write patterns of 1s and 0s all over the hard drive so that it wipes out all traces of data. So, if someone gets ahold of it, they have no access to your data. DBAN - equipment disposal.

What's a typical methodology for stealing IP?

Gain Access: Step by Step, Social Engineering, brute force passwords, dump all passwords. Unauthorized file access. Intercept email. STAY HIDDEN. "Break into a company's IT assets, dump all the passwords, and over time, steal gigabytes of confidential information."

What's a typical methodology?

Gain access • Step by step • Social engineering • Brute force passwords • Dump all passwords Unauthorized file access Intercept email Stay hidden

A company's dumpster can be a "_________________________" to cybercriminals.

Gold Mine of Information

How does Everyday AI affect Office Suite software

Google calendar: autoscheduling

Gig Economy positives

Great word-life balance and managers can quickly build short-term teams to complete projects

Two steps to protect USB flash drives

Hardware encryption Ban them!

Vulnerability DDoS attacks exploits

Heavy reliance of servers with fixed capacities

What is the "vulnerability" being exploited in a Denial of Service (DoS) attack?

Heavy reliance on servers

What is the vulnerability being exploited in a Denial of Service -DoS - attack?

Heavy reliance on servers: - E-Commerce - revenue - Communications - email - Enterprise applications - efficiency Capacity - Servers have maximum capacity Exceeding maximums equal problems! Businesses today rely heavily on servers, both for generating revenue and for reducing costs. Servers have a fixed capacity. They are not infinitely powerful. As long as you dont exceed the performance capacity of the server or cluster of servers, everything's done in a timely manner. but, when you exceed those maximums, the server will go slower, productivity will drop, and/or if the server runs out of memory, it might crash.

Mr. Olson suggested that software bugs are inevitable. What two reasons from the list below did he use to support that statement? We need better project management these programs are huge : 40 million lines of program code or more we need better programming languages too many programmers didn't go to UF humans make mistakes

Humans make mistakes These programs are huge : 40 million lines of program code or more

Endpoint Protection

Idea that we would call antivirus software (looks more holistically at everything that is necessary to protect)

What's the FBI's advice to those organizations?

If you had no backup, it was best to pay the ransom to get your files back.

Key length - impact on security and system performance.

Impact on security and system performance. keys are basically numbers, a sequence of bits that is used to lock or unlock the data. The longer the key is in terms of bit, the more secure things are going to be - also means it will be slower. More bits means more possible keys.

Principle of Least Privilege

Implements access controls that require least amount of privilege to do their job

Affinity Healthcare was fined over $1 million for a security breach that came about because of ___________________

Improper disposal of an obsolete copy machine

As one example, why was one healthcare company over $1 million?

Improper photocopy equipment disposal.

Reading: Biggest Hack in History. What damage was suffered?

In a matter of hours, 35,000 computers were partially wiped or totally destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco's ability to supply 10% of the world's oil was suddenly at risk. Employees had to use typewriters since they could not use the computer to prevent the virus from spreading further.

Typical Lindt sales executive have their office

In their car

Where does the typical Lindt sales executive have their office?

In their car

Drive-By Downloads

Infects your machine as soon as you open a web page

Where are Smart Garments on the hype cycle?

Innovative Trigger. 10+ years

Insider threats - Who are they? How does CERT define the term "insider"?

Insider • Current or former employee contractor or other partner • Has or had authorized access • Intentionally misused that access

Access Controls

Insists high-quality passwords

What is IP?

Intellectual Property. That refers to the creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce - World Intellectual Property Org. Trade Secrets! The competitive advantage.

What is IP?

Intellectual property • Refers to creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images, used in commerce • secrets

What is level of Engaged?

Involved and enthusiastic about their work and workplace. Real emotional connections Commit their time, talent, and energy. Advance the organization's objective.

What is the term Digital Dexterity?

Is the ability and desire of the workforce to use existing and emerging technology for better business outcomes.

What is multi-factor Authentication?

Is the idea that there is something that you know - password - and something that you have. Greater level of confidence that the person logging in is who they say they are. Example: Google - you have to know your password AND enter a verification code texted to your mobile device.

Why is it important that blockchain have a distributed ledger?

It adds trust to an untrusted environment

Two reasons why will AI be pervasive within the next 5 years

It will make software easy to use based on tontext of what should you be looking at Access to vast amount of data

What is meant by the term Everyday AI?

It's invisible, integrated. Subtle. What: -AI helping in normal course of work -Not perceived as AI- just a feature. Where: -SaaS 75% by 2020 will include useful AI services -VPAs

How is email used to distribute malware?

It's ubiquitous and its everywhere

One example of AI-induced tumult

Journalism: AI can extract meat out of press release, write an article, and publish it without a human

Be able to explain one example of AI-induced tumult from the lecture.

Journalism: automate article writing, narrative science, 90% news articles to be written by algorithm

What is a Smart Contract?

Just program code that is baked into that transaction, making it conditional.

What are physical vulnerabilities?

Laptops, desktops, etc. You want to have a good inventory: know what they are, who has them, where they are, and encrypt their hard drives so lost data is not out in the open.

Botnet

Large army of computers infected with malware

What is Botnet of Zombies?

Large army of computers that have become infected by malware and become Zombies or BOts - Malware Victims.

Describe the characteristics of modern cybercrime syndicates.

Large groups. Very Professional. Lots of money. Effective.

Gartner's advice about wearables

Leaders have to be very selective and find opportunities today

Explain one AI Tumult

Legal eDiscovery. Law firms used to hire thousands of people to do eDiscovery. That is now being done largely by machine algorithms. Not entry level. Quantitative legal prediction. AI algorithms can predict if you are going to Win your case or not. or use an appeal. It uses big data to outperform some of the most experienced lawyers.

What is app wrapping?

Lets you take an app and add a security layer, wrapping security around it without damaging the look, feel, or functionality of the app.

Five steps to risk assessment

List of IT assets Assign values Identify threats Assign costs to replace Determine acceptable downtime

What are digital identities and why protect them?

Log-in credentials such as usernames and passwords. To protect your identity.

digital identities

Logging credentials - ruining credit

Hacktivists

Loose confederation of individuals who seek political change through information security attacks on target organizations

Hacktivists - what characteristics typify hacktivist groups?

Loose confederations of individuals dedicated to political activism, who seek publicly/fame on behalf of their political cause.

What can Robo Bosses do?

Machine Learning and can process routine tasks: Approve Time Schedule employees Resume Screening Performance evaluation

What steps can be taken to protect mobile devices?

Make sure your mobile device is encrypted. By using a Mobile Device Management.

What are access controls?

Making sure the right people get the right access to things.

Ransomware

Malware that encrypts data files on computer with a password in which you are unable to open files. It displays a message asking for money in exchange for data.

Keylogger

Malware will monitor every key stroke you type and collect and use them Username and password for bank account

What is the level Not Engaged?

Might be satisfied or even happy at work. Do the bare minimum required. Have not bought into the organization's mission, values, vision, or goals.

Three endpoint changes that telecommunications affected in recent years

Mobile-first mentality Better networks and collaboration HD video is cheaper

Two Modes of Bimodal IT

Mode 1: traditional Mode 2: experimental and innovative

What is Bimodal IT and its two modes?

Mode 1: traditional, keeps the lights on. Runs those systems that gives you the exact amount of money every two weeks. Rock solid, reliable. Changes at a glacial pace. Mode 2: experimental, innovative. Takes risks and learns from it. Tweaks, changes, and grows. OK to make small errors. Where the digital dexterity employee is.

What strategies do hacktivists use to accomplish their goals?

Monetary pain to victims to force them to change behavior. Embarrass the target and damage their reputation. Seek to gain public support against the target.

What are the real drivers behind modern cyber-attacks.

Money and power.

What is intrusion detection system?

Monitor all the network traffic coming in and out of the internet connection, looking for sequences of packets that are indicative of certain types of information technology security attacks. When it detects those, it'll then notify the system managers so then they can take appropriate action. For example: going to the router on the internet and blocking a host that is attacking them. not taking action, but notifies.

Intrusion Detection

Monitors all network traffic coming in and out of your network connection

Keylogger

Monitors everything key stroke that is made on your computer once it runs on your machine

Three reasons why is engagement important

More productive and profitable Provides better service and quality Misery can follow you home

Castle Metaphor in information security

Multi-layer Defences and policies

Defense in depth - how does the castle metaphor apply to information security?

Multi-layer defenses; castles have lots of ground around the castle itself. So, they could see invaders approaching from a distance. Then there was a moat that had to be crossed, then outer and inner walls. Invaders had to get past all these defenses. Information security should have multiple layers of defense and each should warn you of their attack.

Were the lost smartphone protected?

NO

Is it reasonable to expect that large software systems would be truly and totally bug-free? Why?

NO. There are millions of lines of codes that could contain bugs.

What is a Conversational Interface?

Natural Interface Context Aware Evolution of VPA: Informal and bidirectional platforms

Pick the "New Role for the Dextrous

New Media Mogul All sorts of media to persuade and educate people with your message.

Are algorithms neutral?

No, algorithms reflect human prejudices and biases that lead to machine learning and making mistakes

Do Trojans rely on software vulnerabilities to compromise a system?

No. They exploit a weakness in the human character, not the computer software. Exploit human vulnerabilities, responsible for hundreds of millions of hacks every year.

In IP theft, one is often facing a determined human adversary. What characterizes this type of opponent?

Not deterred by early failure. Repeated attacks. Variety of techniques. Significant resources from sponsors.

What is Moore' Law?

Number of transistors on a chip that doubles every two years, at the same price.

How does Everyday AI affect Office Suite software?

Office 365: -Word: Editing. with copy-editing to avoid the grammar police. -Outlook - prioritize your mail so important stuff comes first. -Google calendar - autoscheduling.

What is a keylogger?

Once it's on your computer, the malware will monitor every keystroke you type and send back to the cybercriminals.

zero day exploit

One day exploit id discovered bad guys are using it before a cure is instills

Stolen Veteran's Affairs laptop incident: What data was exposed, what was the impact?

One laptop stolen! Exposure: name, SSN, birth date for 26.5 million people. Lawsuit settlement: 20 Mil Individual impact: ID theft

Frequency of DDos

Only 6% were NOT attacked. 11% attacked 11-50 times a month. 11% attacked more than 50 times a month.

What can a private key do and who should have it?

Only know to recipients. Decrypts messages.

Drive-by Downloads - What vulnerabilities are exploited?

Operating system, web browser and plug-ins

These days most malicious hacking attacks are the result of ____________________.

Organized groups of professional cybercriminals

Mobile devices are largely unprotected because they spend much time ________________________.

Outside the castle walls.

How does DoS - Denial of Service - attack work

Overwhelm the target server with service requests. Deny service to regular customers. -Attack consumes all normally available server capacity. -Nothing left for regular customers. -Regular customers frustrated, go elsewhere. The straw that broke the camel's back. You want to overwhelm the victim - send the target more legitimate service requests than it is able to handle, denies service to regular customers. Adding that one more request so that the server CAN'T respond or crashes.

Asymmetric or Public Key Encryption

Pair of keys, each with a different function.

Endpoint protection

Patching, anti malware, firewall

What are endpoint protection - anti-virus software?

Patching: Eliminate Software vulnerabilities with patches. Anti-malware: detect viruses, trojans, to stop the from infecting your machines. Firewall: To stop undesired incoming network traffic. Idea that we would call antivirus software, looks more holisticaly at everything that is neccessary to protect, endpoint could be laptop, desktop, or mobile device. Software that patches the operating system and applications so that you eliminate software vulnerabilities on client devices.

How is spearphishing different from phishing?

Phishing is just a broadcast attack whereas with spearphishing, you are much like a sniper. You research your target and then go after it with extreme dedication and effort. Narrow effect. Target - research target. Find out about the victim. The victim's company, all the information we can so we can make a super custom, exactly crafted email that is tailored to knock down the big game. Apparently valid source Personalized: Nicknames, habits, preferences, recent purchases, recent promotions or job changes.

What kinds of things actually contain the desired information from dumpster diving?

Phone Lists, Print outs, and media

What are the broad categories of IT vulnerability?

Physical Technological Human

What are the broad categories of IT vulnerability?

Physical, Technological, Human

Reading: Beautiful Social Engineering Attack. What did the chemical engineer do that enabled the hacker to find him?

Posted information on social media.

What kinds of information might be in a company's 'dumpster'?

Pre-attack research

What is spoofing?

Pretending to be someone your are not.

What is Social Engineering?

Process where outsiders exploit naive insiders; tricking.

What kind of tasks can an RPA system perform?

Processes routine tasks. Works with existing applications.

Moore's Law Results in extremely cheap:

Processors Memory Sensors Connections

How is the public key encryption used?

Protect web transactions, SSL, Secure - HTTP Data encrypt between client and server, passwords, confidential data, medical, financial.

examples of proximity-aware systems

Proximity badge, Disney badges, RFID badges, Sections of a store

Why do blockchains have distributed ledgers?

Publicly readable transactions are recorded and safe

One Proximity Aware System and benefits

RFID chip in our badge, every rooms that you walk in and out of, they knew precisely when you were in and out of which rooms and what times Allows for productivity, safety, quality assurance, and compliance/fraud detection

Proximity-Aware System example:

RFID in a badge. Chip in a badge, everywhere you go, they know that, your information.

Cryptowall is an example of what type of malware payload?

Ransonware.

Three things about Lindt's Digital Workplace strategy

Real time device where everything is available as and when they need it. Shows people all displays and product catalog. Allows for more flexibility since data uploading software occurs in tablet

Four steps to Organizational Transformation

Recognize opportunity Design the solution Deliver the Solution Execute

How does digital dexterity enable an employee to participate in organizational transformation?

Recognize opportunity Design the solution Deliver the solution execute Digital dexterity lets your participate.

What is a bot?

Remote control payload. Allows cybercriminals to do anything they want remotely. You can still operate your computer, but without your knowledge, they can send a control command to your machine whenever they want.

Bot

Remote control: can do anything remotely, in the background

What steps can be taken to protect USB flash drives?

Requiring the use of encrypted USB flash drives - actually having encryption hard drives built into them. Some companies banned this sort of storage - disable computer USB ports.

Risk posed by fraudulent mobile apps

Risk is giving away important banking information

Select all of the following statements that are true about RPA. Robot employees handle routine tasks Humans interact with RPA systems using natural language interfaces. Existing applications must be redesigned from the ground up to take advantage of RPA. The work with your organization's existing applications Humans do not directly interact with RPA systems. RPA systems only communicate with other computer software using APIs. RPA is a future technology, not likely to be deployed in production use for about 5-10 years.

Robot employees handle routine tasks Humans interact with RPA systems using natural language interfaces. The work with your organization's existing applications

How does RPA - Robotic Process Automation work?

Robot machines. Behaves as if it were an employee. It will eliminate routine tasks, leaving humans free to address non-routine tasks. Machine Learning. Natural Language Interface.

What is RPA

Robotic Process Automation - software robot employees.

RPA

Robotic Process Automation: Software running on a computer that behaves like an employee and gets better with experience and runs on existing apps

What can an attacker do with a bug?

Run undesired programs. Unauthorized data access. Gain full control.

How would the cyber-criminal use the information from the dumpster dive?

SELL IT

How do viruses propogate

Searches all files until it finds one to infect. It creates copies of itself inside of the file

How do worms propagate?

Searching for vulnerabilities in the operating networks or software installed on a network, once it identifies another vulnerable machine, it will exploit its vulnerabiliites and install itself on that machine and being its own execution, second machine joins the attack, can generate a lot of traffic on your network, carry a payload, typically negative.

Viruses

Self replicating malware that hides itself inside a host file

Artificial Intelligence

Set of related technologies that seem to emulate human thinking an action

One attack we studied this week sounded like something from a James Bond Movie. An attractive female hacker approached a male chemical engineer after work at a bar; she quickly earned his confidence by posing as an IBM employee. At the end of the story, the entire corporate email system has been compromised and the hackers were able to steal all sorts of proprietary data found in messages and attachments. Aside from being a fascinating story it can teach us some things about improving our own security posture. What method did the hacker eventually use to compromise the company's email system?

She tricked him into putting an infected USB flash drive into his office computer.

While typing your PIN number into the banking app on your smartphone, you notice some creepy guy trying to peek at what you're doing. What term is used for this method of stealing passwords, PINS and other confidential data?

Shoulder surfing

Many companies now practice something that Gartner calls Bimodal IT. Select all of the statements below that are characteristic of Mode 1 IT operations. experimental slow to change rock-solid reliability traditional innovative

Slow to change rock solid reliability traditional

Gartner thinks that ________________________ have the greatest growth potential of any wearable device technology.

Smart Garments.

This type of attack attempts to exploit naive people, tricking them into providing information that the attacker will use to gain access to their network and systems.

Social engineering

How do Trojans fool a user into executing them?

Social engineering - the key - you are tricked to invite that malware into your computer.

Human vulnerabilities - how to address them?

Social engineering - the reason it succeeds is because people are naive. Education and Awareness Training. An ounce of PREVENTION is work a POUND of cure. Uniformed risky behavior. Good HR practices - hiring - background checks, good exit procedure - when someone leaves.

Reading: How to Stop Guilible Employees: The most prevalent, successful threats rely on what vulnerability?

Social engineering, one way or another. That could be a phishing email, a rogue link, or an offer of a free download that pops up on a trusted website. In rare instances, it's a physical phone call asking for credentials to be reset or for the person to install needed diagnostics software to remove malware.

What vulnerabilities are exploited with compromised websites?

Software; incredibly complex and therefore there are bugs - vulnerable browsers and plug ins. This presents the opportunity for cyber criminals to take advantage of the fact that we are out there on the internet.

Spoofing

Something that appears to be authentic but it isn't actually.

What are worms? And do they rely on host files?

Standalone malware - doesn't insert itself like a virus. It's just the worm's job to propagate itself via your network; once a worm is on one computer on a network ,it starts looking for other computers on the network it could infect.

Worms

Standalone malware - no useful program Self-propagating via network

Worms

Standalone malware that inserts itself and hides in another program

IP Thieves

Steal industrial secrets and sells them for profits

Why do IP thieves typically steal it?

Steal to sell, corporate espionage

How do attackers use shoulder surfing?

Stealing confidential data. Stealing mobile devices.

What steps are involved in risk assessment?

Step 1: List IT assets and assign them a value - trying to identify if something is critical for ongoing business success. Step 2: Identify threats - How could an attacker potentially get at assets? Step 3: If assets are destroyed - what would it cost to replace, assign cost to replace. Step 4: how long is it OK to be down? Determine acceptable downtime.

What are the three user password vulnerabilities?

Sticky Notes: writing the passwords down. Guessable: people who know you. Lack on complexity: too simple.

What are the three user password vulnerabilities

Sticky note, guessable, lack of complexity

Firewall

Stop incoming network requests

Firewall

Stop undesired incoming network traffic

What is a Firewall?

Stop undesired incoming network traffic.

What does it mean for something to be vulnerable?

Susceptible to attack or harm.

How is social engineering done?

Take baby steps. Research your victim. Ask for help: plausible requests to the right people mentioning the right names.

CEO Fraud

Targets business working with foreign suppliers and businesses that regularly perform wire transfers

Three Broad areas of change, trends demanding digital dexterity.

Technology is changing. Working is changing. IT is changing.

What does "La fin du monde" have to do with AI?

The End of the World is what some people believe AI will come to

Digital Dexterity

The ability and desire of the workforce to use existing and emerging technology for better business outcomes

Elon Musk on AI

The biggest threat we face as a civilization


संबंधित स्टडी सेट्स

Advertising and Promotion Management

View Set

sq23, sq22, sq21, sq24, sq19, sq18, sq17, sq16, SQ15, sq14, sq13, SQ12, SQ11, sq09 & sq10, sq08, SQ07, SQ06, SQ05, POLI 102

View Set

AP Government Chapter 2 Assignment

View Set

Chapter 1 introduction to nursing

View Set

Ch 24- liability, defenses, and discharge

View Set