BTE Exam 2

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Software Attack (deliberate threats)

Remote attack needing user action -Virus -Worm -Phishing -Spear phishing attack Remote attack without user action -Denial-of-Service (DoS) attack -Distributed DoS (DDoS) attack Attacks by programmers -Trojan horse -Back door or trap door -Logic bomb

Cookies

Small files stored on a computer containing information about visited websites. (Tracking these e.g. AT&T, Verizon)

Unintentional Threats

Social engineering& Human Errors: -Carelessness with portable computing devices olaptops, smartphones, USB flash drives -Opening questionable e-mails, clicking on links or attachments -Careless internet surfing (look for HTTPs) -Weak password selection and use -Carelessness with one's office Most dangerous departments: -Human Resources personnel -Information System personnel Other areas of threats in the business: -Janitors, guards, contract labor, and consultants

Artificial Intelligence (AI)

Subfield of Computer Science which deals with building intelligent machines, agents or systems, which simulate intelligent living beings (human) behavior. -These systems should be able to solve problems and evolve by themselves. -Creating an intelligent agent that perceives the environment and makes decisions to maximize chances of achieving its goal. -first used by John McCarthy in 1956

Tangible Intangible

The assets in networks of individuals and organizations can be: ____________: house, products, cash ____________: mortgage, services, online music/video

expert systems

The main difference is that ________ ___________ are rule based systems which utilize a predefined data set created by 'subject matter experts' while machine learning (ML) are based on statistical modeling of data and constantly self updating of the model.

object code

The output of the compiler after it translates the program into machine language

Profiling

The process of forming a digital dossier

Privacy

The right to be left alone and to be free of unreasonable personal intrusions.

Information Privacy

The right to determine when, and to what extent, information about you can be gathered and/or communicated to others.

human intelligence

The ultimate goal of AI is to mimic ________ ______________ Signs of intelligence such as: -Learning -Understanding from prior experience to respond quickly to new situations -Making sense of ambiguous or contradictory messages (e.g. sarcasm, jokes) -Ability to change behavior or response, with new knowledge

Hash Functions

These are different from SKC and PKC. They use no key and are also called one-way encryption. -are mainly used to ensure that a file has remained unchanged.

Risk Acceptance Risk limitation Risk transference

Three strategies to risk management:

database

Transactions are recorded (write) in the

open market (auction) closed market (supply chain)

Transactions could happen in:

Risk transference

Transfer the risk by using other means to compensate for the loss, such as purchasing insurance

Logic Flow

Two-way selection syntax: -IF expression is true, statement1 is executed; otherwise (else), statement2 is executed -statement1 and statement2 are any C++ statements

Unintentional (Human Error/ Social Engineering) Deliberate

Type of Threats (2)

Virtual private networking (VPN)

Use logins and encryption to establish secured, private connection on a public network (the Internet) -Encrypted tunnel of communication. -Provides online privacy and anonymity by creating a private network from a public Internet connection. -mask the Internet protocol (IP) address so your online actions are virtually untraceable. -a private network that uses a public network (usually the Internet) to connect users -integrate the global connectivity of the Internet with the security of a private network and thereby extend the reach of the organization's networks. -called this because they have no separate physical existence (What happens when the employees want to access a database, critical to the business, from a remote location? Now the data is being transferred over shared devices and cables or send over the open air. Encryption is required, thus a this Network comes into play)

DDoS attack (Distributed DoS)

Used to hacked computers (zombies) to perform DoS attack. Ex. Botnet

alpha beta

________ and ________ testing are important testing phases for success of any software release. Both these testing techniques have saved thousands of dollars to large scale software releases for companies like Apple, Google and Microsoft.

Applied

____________AI is far more common -systems designed to intelligently trade stocks and shares, or maneuver an autonomous vehicle would fall into this category.

Generalized

______________ AIs - systems or devices which can in theory handle any task - are less common, but this is where some of the most exciting advancements are happening today. -It has led to the development of Machine Learning, a subset of AI.

Engagement Factor

a feature that would help increase the probability that users will continue using the App and even suggest it to friends.

Hot Sites

a fully configured computer facility with all of the company's services, communications links, and physical plant operations. -duplicates computing resources, peripherals, telephone systems, applications, and workstations. -reduce risk to the greatest extent, but they are the most expensive option.

Syntax

a programs language rules

conditional statement

a statement with a hypothesis followed by a conclusion. -"If this happens, then that will happen." The hypothesis is the first, or "if," part of this statement. -perform different computations or actions depending on whether a programmer-specified condition evaluates to true or false

Copyright

a statutory grant that provides the creators or owners of intellectual property with ownership of the property, also for a designated period.

algorithm

a step-by-step problem-solving process -A solution is achieved in a finite amount of time

Reinforcement Learning

a type of Machine Learning, and thereby also a branch of Artificial Intelligence. It allows machines and software agents to automatically determine the ideal behaviour within a specific context, in order to maximize its performance.

Whitelisting

allows acceptable software to run -a process in which a company identifies the soft ware that it will allow to run on its computers and permits acceptable soft ware to run, and it either prevents any other soft ware from running or lets new soft ware run only in a quarantined environment until the company can verify its validity.

Blacklisting

allows everything to run unless it is on the blacklist -includes certain types of software that are not allowed to run in the company environment.

Back door (trap door)

allows unauthorized access to the program or system, bypassing security measures

Something the user is

also known as biometrics, is an authentication method that examines a person's innate physical characteristics (e.g., fingerprint scans, palm scans, retina scans, iris recognition, and facial recognition).

Responsive web design

an approach to web design that makes web pages render well on a variety of devices and window or screen sizes.

execution error (different from compiler error)

an error which only manifests itself when a program is run rather than when its source code is translated

Trade Secret

an intellectual work, such as a business plan, that is a company secret and is not based on public information.

Patent

an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.

Threat

any danger to which a system may be exposed (to an information resource)

applications (computer programs)

are created through programming languages to control the behavior and output of a machine through accurate algorithms, similar to the human communication process. Examples: Python, C++, Java

IDEs

are very user friendly -Compiler identifies the syntax errors and also suggests how to correct them -A library of resources is typically included as well -Build or Rebuild is a simple command that links the object code with the resources used from the IDE

Virus

attach to a host computer -require an active host program or an already-infected and active operating system in order to run, cause damage and infect other executable files or documents

PROVENANCE

blockchain technology: Blocks must show connection to (fingerprint of) prior block, keeping a trail

IMMUTABLE

blockchain technology: Once a transaction is recorded into a block, a block can't be changed nor deleted

CONCENSUS

blockchain technology: Everyone (or a Regulator) must validate and approve the new transaction/block

SECURED

blockchain technology: Uses cryptography to process digital transactions or verifiable digital signature

DISTRIBUTED

blockchain technology: -It is a _____________ digital ledger technology -Ledger keeps records of transaction, value, and ownership of assets -Copies of recording (ledger) are kept in different databases/nodes

Readability

code is properly and consistently formatted and uses clear, meaningful names for functions and variables

Spyware

collects personal information about users without their consent Keystroke loggers: record keystrokes and Web browsing history Screen scrapers: record a continuous "movie" of activities on a screen

linker

combines object code of this program with other programs in the library to create executable code

Data Aggregators

companies that collect public data such as real estate records and published telephone numbers in addition to nonpublic information -such as Social Security numbers; financial data; and police, criminal, and motor vehicle records.

Authentication

confirms the identity of the person requiring access. Use something the user... oIS: Biometrics is a person's innate physical characteristics oHAS: ID cards, smart ID cards, and tokens oDOES: Voice, signature, and gait recognition oKNOWS: password and passphrase

infinite loop

continues to execute endlessly (expression never false)

Cryptography

converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without unauthorized entities decoding it back into a readable format

Spamware

create a launchpad for sending out spam emails

App Prototyping

creating a model of the App, before going through development. FluidUI is an example of an App prototyping tool.

Industrial espionage

crosses the legal boundary oExample: SONY, Google IP (Espionage or Trespass)

Digital Dossier

data integrated from data gathered about you in a typical day (surveillance cameras located on toll roads, on other roadways, in busy intersections, in public places, and at work; credit card transactions; telephone calls (landline and cellular); banking transactions; queries to search engines; and government records (including police records).

Authorization

determines which actions, rights, or privileges the person has, based on his or her verifi ed identity.

Trojan horse

disguised as an innocent program

Logic bomb

dormant until activated at a certain date and time

Compiler

guarantees that the program follows the rules of the language -Does not guarantee that the program will run correctly -identifies the syntax errors and also suggests how to correct them -Check that the program obeys the language rules (syntax) -Translate the program into machine language (object code)

Two-Way Selection

if (expression) statement1; else statement2;

variable declarations

instructs the system to allocate memory space and name it length -a statement such as "double length;"

Privacy Concerns

involve collecting, storing, and disseminating information about individuals. -issues involve collecting, storing, and disseminating information about individuals.

Security Concerns

involve security measurements -issues revolve around security measurements taken to protect the person the data refers to.

Accuracy Concerns

involve the authenticity and fidelity of information that is collected and processed

Property Concerns

involve the ownership and value of information

Breach

involves the unauthorized viewing, access or retrieval of data (of an information resources)

Natural language processing (NLP)

is a branch of artificial intelligence that helps computers understand, interpret and manipulate human language, like speech and text.

User Interface (UI)

is a broad term for any system, either physical or software based, that allows a user to connect with a given technology. -Many different kinds of these come with various devices (e.g. a remote controller) and software programs (e.g. iOS). -Many of them have some basic similarities, although each one is unique in key ways. -Ex: graphical user interface (GUI)

Program Documentation

is a comprehensive information on the capabilities, design details, features, and limitations of a systems or application software.

Cryptocurrency

is a digital currency that uses cryptography for security measures. -Each user has both public and individual private keys. -Operates independently of a central bank.

Usability testing

is a form of User Acceptance testing.

Permission marketing

is a marketing technique that allows consumers to receive marketing and other promotional offers upon their consent rather than being pushed to them.

Crowdfunding

is a method of raising capital in small amounts from a large group of people using the Internet and social media. oThe money raised through this doesn't necessarily buy the lender a share oThere is no guarantee that it will be repaid even if the venture is successful oIndividuals are asked to make micro-investments or donations to causes and ventures they believe in, thus allowing the work to be completed

Programming

is a process of problem solving

Ledger

is a system of records for a business -transactions are always recorded in this -in the selling organization, a transaction removes assets from this -in the buying organization, a transaction adds assets onto the this -every organization keeps their own respective ____________

Cognitive Computing

is about elevating AI to a reasoning level.

Machine learning

is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed. - focuses on the development of computer programs that can access data and use it learn for themselves. -enables analysis of massive quantities of data. -It is only as valuable as the data used.

programming language

is an artificial formalism in which algorithms can be expressed. -a computer language engineered to create a standard form of commands. -These commands can be interpreted into a code understood by a machine. -It is a set of rules (syntax), symbols, and special words.

Something the user knows

is an authentication mechanism that includes passwords and passphrases.

Something the user has

is an authentication mechanism that includes regular identifi cation (ID) cards, smart ID cards, and tokens.

Something the user does

is an authentication mechanism that includes voice and signature recognition.

Opt Out

is an option for unsubscribing or leaving membership from a website, blog, group or any other online subscribed service.

Blockchain

is an unchangeable system of recordkeeping that is seeing a growing use well beyond financial transactions. -Data is copied on multiple servers or computers and encrypted into blocks, which are then linked by hashes to previous blocks. -This allows the system to reject any non-valid transactions.

Malicious software (malware)

is any software that brings harm to a computer system

Opt-In

is bulk email that a consumer can choose to receive. -a form of requested email based on consumer needs, hobbies or other special interests. -can be delivered through a website the consumer visits to shop for merchandise. -The site may contain the option to receive future sales or product information. -In this instance, the consumer provides their address to the website and requests emails about the specified content.

Viability (feasibility) study

is conducted to answer questions such as: -Is the project doable from a technical? -Will the App work from an operational perspective? -What are the opportunities and threats? -What is the competitive environment? This last question could be answered by searching the App stores for Apps with similar functionality and promise to customers; e.g. see what's popular on application stores.

Alpha Testing

is simulated or actual operational testing by potential users/customers or an independent test team at the developers' site. -is often employed for off-the-shelf software as a form of internal acceptance testing, before the software goes to beta testing.

Prototyping

is the act of creating a model of a product so that it can be tested by users before you expend valuable development time on creating the actual product. -encompass everything from simple sketches of the product interface right through to dynamic interactive computer models of the product and stopping at wireframes on the way as an interim prototype.

Artificial Intelligence

is the broader concept of machines being able to carry out tasks in a way that we would consider "smart". -refers to putting together different algorithms and making inferences.

Usability

is the degree of ease with which products such as software and Web applications can be used to achieve required goals effectively and efficiently. o assesses the level of difficulty involved in using a user interface. o if it is good, it means it is easy to learn and efficient and satisfying to use.

Identity Theft

is the deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime. Can do this through: -Phishing oStealing from databases oSocial engineering

Decryption

is the process of transforming encrypted information so that it is legible again.

Encryption

is the process of transforming information so it is unintelligible to anyone but the intended recipient. -Converting an original message into a form that can only be read by the intended receiver -Public key encryption (asymmetric encryption) -Digital Certificate

Source code

is the set of instructions and statements, written by a programmer, which determines what the program does. (Step 1 C++)

Competitive intelligence

legal information gathering (Espionage or Trespass)

App creation

oApp Description oCompany Report -Business Model Canvas (BMC) oApp Prototype Design: -Create click-through flow on paper -Design Mock up prototype (FluidUI.com) oWebsite Development (wix.com) oStart a Kickstarter Project, including video (kickstarter.com) -Pitch the App idea to an investor

Personal Data Record Keepers

oEmployers, Government, oMedical Offices, Hospitals oCredit Reporting Agencies, Banks and Financial Institutions, Retailers oUtility Companies, Schools oSocial Media Companies

Information Extortion

occurs when an attacker either threatens to steal, or actually steals, information from a company. -An attacker demands payment for not stealing the information, for returning stolen information, or for not to disclose the information stolen from a company Ex. Ransomware

Espionage or Trespass

occurs when an unauthorized individual attempts to gain illegal access to organizational information. Individual attempts to gain illegal access to organizational information -Competitive intelligence -Industrial espionage

Physical Controls

prevent unauthorized individuals from gaining access to a company's facilities. -Walls -Doors -Fencing -Gates -Locks -Badges -Guards -Alarm systems

User Experience (UX)

primarily studies the behavior, feelings, perceptions, reactions, emotions and other psychological constraints that may occur with a computer or computing enabled device or application. -is the core of human computer interaction technologies. -facilitates and enables the development of computer systems that are centered on ease of use and accessibility for a human user.

Warm Site

provides many of the same services and options as the hot site. -it typically does not include the actual applications the company needs -includes computing equipment such as servers, but it often does not include user workstations.

Cold Site

provides only rudimentary services and facilities, such as a building or a room with heating, air conditioning, and humidity control -This type of site provides no computer hardware or user workstations -reduce risk the least, but they are the least expensive option.

Blockchain technology

provides the basis for a dynamic distributed and shared ledger that can be applied to save time when recording transactions between parties, remove costs associated with intermediaries, and reduce risks of fraud and tampering.

Business Continuity Plan

purpose is to provide guidance to people who keep the business operating after a disaster occurs.

Machine Learning

refers to basically taking data and data streams looking for patterns and adapting to what the algorithms are learning over time -is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves.

Access Controls

restrict unauthorized individuals from using information resources and involve two major functions: authentication and authorization.

Accessibility Concerns

revolve around who should have access to information and whether a fee should be paid for this access

Dumpster Diving

rummaging through commercial or residential trash to find discarded information.

Communication Controls (called network controls)

secure the movement of data across networks and consist of firewalls, anti-malware systems, whitelisting and blacklisting, encryption, virtual private networks (VPNs), secure socket layer (SSL), and employee monitoring systems. -Protect the movement of data across networks

Public-private Key

sender encrypts the info using receivers public key anyone can access, receiver decrypts the message using his her her own private key...vice versa too 1.The sender encrypts the information using the receiver's public key. 2.The receiver decrypts the message using his/her private key. -For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender's public key to decrypt it. Thus, the receiver knows who sent it

Functions

should be kept simple and small blocks of code

Comments

should explain clearly what function that part of the source code should be accomplishing, what is the input and expected output oin C++ a // indicates that a comment follows

Proper programming style

significantly reduces maintenance costs and increases the lifetime and functionality of software.

Flowchart

the Solution to a Problem

Business Continuity

the chain of events linking planning to protection and recovery

Vulnerability

the possibility that the system will suffer harm by a threat (of an information resource)

Intellectual Property

the property created by individuals or corporations that is protected under trade secret, patent, and copyright laws.

Supervised machine learning

these algorithms can apply what has been learned in the past to new data using labeled and classified examples to predict future events. -Starting from the analysis of a known training dataset, the learning algorithm produces an inferred function to make predictions about the output values.

Unsupervised machine learning

these algorithms explore the data and can draw inferences from datasets to describe hidden structures from data that has not been classified nor labeled.

SCADA attacks (Supervisory control and data acquisition)

these systems control chemical, physical, or transport processes -Oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants Ex. Cyberterrorism/cyberwarfare

output statement

this statement instructs the system to display results

assignment statement

this statement instructs the system to evaluate the expression "length * width" and store the result in the memory space "area"

Indentation

used to clearly define sections and flow of functions

Integrated Development Environment (IDE)

used to develop programs in a high-level language -Programs such as mathematical functions are available -The library contains prewritten code you can use -A linker combines object code of this program with other programs in the library to create executable code

Electronic Surveillance

using technology to monitor individuals as they go about their daily routines, -conducted by employers, governments, and other institutions. -Examples: Surveillance cameras in airports, subways, banks, and other public venues, smartphones create geotags, Google street view images

Machine Learning

was coined by Arthur Samuel in 1959. At that time he worked for IBM.

Beta Testing

- testing carried out by real users in real environments. -this is a testing stage followed by internal full alpha test cycle. -This is the final testing phase where companies release the software for few external user groups outside the company test teams or employees. -This initial software version is called as _____ version. -Most companies gather user feedback in this release.

BITCOIN

-A blockchain application -Anonymity is important -Anyone can participate -Transactions are viewable by all members of the network -Based on Public-Private Keys -A cryptocurrency -Based on Proof of Work -A decentralized clearing system -A decentralized system of payments -A decentralized currency open, public and anonymous making its security and trust questionable

Kickstarter

-A crowd-funding website where you give money to a company, artist, filmmaker, game developer, etc. to fund their project. Every ___________ project should have the following: oA project page with a video and description that clearly explain the story behind your project oRewards the backers will receive when the project is completed oUpdates that share the creative journey as the project comes to life oMake a compelling video oConsider adding captions and subtitles

BLOCKCHAIN

-A methodology -Identity of members is known -Permissioned network -Transactions are secret or Permission viewing -Virtual Signature -Handles many types of assets -Selective endorsement business is private, permissioned and running on smart contracts.

Secure Socket Layer (Transport Layer Security - TLS)

-An encryption standard for secure transactions such as credit card purchases and online banking -Verisign

Website Development

-Any App should have a dedicated website, as a promotion tool oWhen people look for App information, they don't go to the app stores at once, more likely they search in the browser. -It offers a respectable front to pure click company (humanizes it) -It allows user to provide feedback and even suggestions -It allows to better educate the users on the app features -All App websites need minimum a Landing page (Home) from where users can get a quick idea of the app and download it -Other suggested pages: oAbout Us, Contact Us, In the News, FAQ, Partners -Responsive Design should be a consideration to fit many devices

Cyberterrorism/cyberwarfare

-Attack via the Internet to use a target's computer systems to cause physical, real-world harm -Usually to carry out a political agenda Ex. Stuxnet Worm

Social Engineering

-Attacker uses social skills to trick a legitimate employee into providing confidential company information such as passwords -Techniques: Tailgating, shoulder surfing, Facebook befriending (unintentional threat)

Bitcoin

-Based on Blockchain methodology -An unregulated international shadow-currency -Units in that system - bitcoins -Created as a decentralized digital currency exchange system to exchange digital currency without the banks as intermediaries, while keeping (pseudo) anonymity -Resource intensive (requires Proof of Work Consensus) -Created in 2008 after the Global Financial crisis

Remote attack without user action

-Denial-of-Service (DoS) attack -Distributed DoS (DDoS) attack

Business Continuity Planning

-Disaster Recovery Plan -Business Continuity -Business Continuity Plan

Deliberate Threats

-Espionage or Trespass -Information extortion -Theft of equipment or information -Identity theft -Sabotage or vandalism -Compromises to intellectual property -Supervisory control and data acquisition (SCADA) attacks -Cyberterrorism and cyberwarfare -Software attacks (malware) -Alien software

Revenue Streams (R$)

-For what value are our customers really willing to pay? -For what do they currently pay? -How are they currently paying? -How would they prefer to pay? -How much does each Revenue Stream contribute to overall revenues?

Customer Segments (CS)

-For whom are we creating value? -Who are our most important customers? -Mass Market -Niche Market -Market segmentation -Diversification -Multi-sided Platform

Blockchain

-It is a distributed database leveraging distributed processing -Multiple parties (peer) share it by keeping an identical copy -Transactions are recorded (write) in the database -Each new record (write) to the database is a Block -Transactions/Blocks are processed one at a time, no new transaction/block is committed until the prior one is approved -All participants must give approval to the new recording = new Block -New Block is concatenated with prior Block by using a cryptographic hash (like a fingerprint of predecessor Block) -Every recording uses private cryptographic key or digital signature -The process is repeated over and over creating a ...

Alien software (or postwar)

-Programs installed on a computer without user's consent or knowledge -Use up valuable system resources and may report user activities back to the creator -not designed to disrupt system functioning nor to steal data from files EX: oCookies oAdware oSpyware - Keystroke loggers or Screen scrapers Spamware

Company Report (for Proposed App)

-Technical Viability (How doable) -Business Viability (how will it generate revenue?) -Originality (New ideas or improved idea) -User's Data (Collection, Marketability, Privacy/security) -User Interface Design (appealing, Simple but with substances) oUsability (ease of use) oUsability Testing (ease of use) -Engagement Factor: (Engaging, Motivating, Challenging) oSocial Media Integration oLoyalty oGamification

while loop (repetition)

-The expression provides an entry condition to the loop -The statement (body of the loop) continues to execute until the expression is no longer true

Channels (CH)

-Through which Channels do our Customer Segments want to be reached? -How are we reaching them now? -How are our Channels integrated? -Which ones work best? -Which ones are most cost-efficient? -How are we integrating them with customer routines? CHANNEL PHASES: -Awareness oHow do we raise awareness about our company's products and services? -Evaluation oHow do we help customers evaluate our organization's Value Proposition? -Purchase oHow do we allow customers to purchase specific products and services? -Delivery oHow do we deliver a Value Proposition to customers? -After sales oHow do we provide post-purchase customer support?

Factors Contributing to Vulnerability

-Today's interconnected (IoT), interdependent, wirelessly networked business environment -Management support has not increased as quickly as threats --Low security awareness among employees -Smaller computers (laptops, smartphones) and storage devices -Decreasing skills necessary to be a computer hacker --New and easier tools make it very easy to attack the network --Attacks are becoming increasingly sophisticated -Lack of skilled personnel to protect information -International organized crime taking over cybercrime

Attacks by programmers

-Trojan horse -Back door or trap door -Logic bomb (malware)

Remote attack needing user action

-Virus -Worm -Phishing attack -Spear phishing attack

Key Activities (KA)

-What Key Activities do our Value Propositions require? -Our Distribution Channels? -Customer Relationships? -Revenue streams? CATEGORIES -Production -Problem Solving -Platform/Network

Key Resources (KR)

-What Key Resources do our Value Propositions require? -Our Distribution Channels?--Customer Relationships? -Revenue Streams? TYPES OF RESOURCES -Physical -Intellectual (brand patents, copyrights, data) -Human -Financial

Cost Structure (C$)

-What are the most important costs inherent in our business model? -Which Key Resources are most expensive? -Which Key Activities are most expensive? IS YOUR BUSINESS MORE: Cost Driven (leanest cost structure, low price value proposition, maximum automation, extensive outsourcing) -Value Driven (focused on value creation, premium value proposition) SAMPLE CHARACTERISTICS: -Fixed Costs (salaries, rents, utilities) -Variable costs -Economies of scale -Economies of scope

Customer Relationships (CR)

-What type of relationship does each of our Customer Segments expect us to establish and maintain with them? -Which ones have we established? -How are they integrated with the rest of our business model? -How costly are they? EXAMPLES -Personal assistance -Dedicated Personal Assistance -Self-Service -Automated Services -Communities -Co-creation

Value Propositions (VP)

-What value do we deliver to the customer? -Which one of our customer's problems are we helping to solve? -What bundles of products and services are we offering to each Customer Segment? -Which customer needs are we satisfying? CHARACTERISTICS -Newness -Performance -Customization -Design Price -Accessibility -Convenience/Usability

Key Partners (KP)

-Who are our Key Partners? -Who are our key suppliers? -Which Key Resources are we acquiring from partners?-Which Key Activities do partners perform? MOTIVATIONS FOR PARTNERSHIPS: -Optimization and economy -Reduction of risk and uncertainty -Acquisition of particular resources and activities

Worm

-a standalone malware computer program that replicates itself in order to spread to other computers -uses a computer network to spread itself, relying on security failures on the target computer to access it.

Sabotage and Vandalism

-deliberate acts that involve defacing an organization's Web site, potentially damaging the organization's image and causing its customers to lose faith. -Occurs when an intruder maliciously alters a Web page by inserting or substituting provocative and frequently offending data oExample: Syrian Electronic Army defaces Forbes Magazine website, Feb 2014

Blockchain

-is an emerging technology that can radically improve banking, supply chain, and other transaction networks and can create new opportunities for innovation. -can reduce friction between organizations, increase trust through immutability of data and the use of smart contracts, and save time by making parties more efficient.

Information Security Controls

-physical controls -access controls -communication controls -business continuity plan

Awareness Evaluation Purchase Delivery After sales

5 CHANNEL PHASES

Business Transactions

A transaction always happens between, at least, two organizations -Buyer and seller, no business operates in isolation

Machine Learning Natural Language Processing Robotics Vision

AI Subfields:

Risk Acceptance

Accept the potential risk, continue operating with no controls, and absorb any damages that occur

Careless Internet surfing

Accessing questionable Web sites; can result in malware and/or alien software being introduced into the organization's network.

new Block

All participants must give approval to the new recording = -it is concatenated with prior Block by using a cryptographic hash (like a fingerprint of predecessor Block)

alexa and siri

Allowing scientists to embed the technology into objects around us, whether or not they have a screen: AI infused virtual assistants - _________ __________ Relating sensing and responding with emotion

Bitcoin

An unregulated international shadow-currency -Created as a decentralized digital currency exchange system to exchange digital currency without the banks as intermediaries, while keeping (pseudo) anonymity -A decentralized clearing system -A decentralized system of payments -A decentralized currency

Programming Steps

Analyze the problem using these steps: Step 1: Outline the problem Step 2: Understand the problem requirements -Does program require user interaction? -Does program manipulate data? -What is the expected output? Step 3: If complex, divide the problem into sub-problems -Treat each sub-problem independently and follow same steps to program Check the correctness of algorithm -Test the algorithm using sample data Once the algorithm is designed and correctness is verified -Write the equivalent code in high-level language Enter the program using a text editor Run code through the compiler If compiler generates errors: -Look at code and remove errors -Run code again through compiler If there are no syntax errors -Compiler generates equivalent machine code Link machine code with the system's resources -Performed by the linker Once compiled and linked, the loader can place program into main memory for execution The final step is to execute the program

ledgers

Ancient History of __________ -Mesopotamia clearing system -Public Ledger 'written in stone'! Every transaction documented in a stone -Everybody could verify it -Transactions are not reversible -Hard to commit fraud

applied general

Artificial Intelligences - devices designed to act intelligently - are often classified into one of two fundamental groups:

learn from data

Artificial intelligence systems that ______ ________ _________. Examples are: -Optical character recognition -Face recognition -Fraud detection -Customer segmentation -Topic identification

DoS attack (Denial-of-Service)

Bombarding and crashing a target computer with bogus requests

key partners key activities, key resources cost structure value propositions customer relationships customer segments revenue streams

Business Model Canvas component

Contracts

Businesses agree on ____________, which set conditions of transactions

networks of individuals and organizations

Businesses contain many examples of these that collaborate to create value and wealth -These networks work together in markets that exchange assets--tangible(house, product, cash) or intangible (mortgage, services, online music/video)-- in the form of goods and services between the participants.

Topic identification

Categorize news articles as to whether they are about politics, sports, entertainment, and so on.

Poor password selection and use

Choosing and using weak passwords (see strong passwords in the "Authentication" section)

public nonpublic

Companies collect ________ and __________ data and integrate them (profiling) to produce electronic description of you and your habits (digital dossiers).

Trade Secret Patent Copyright

Compromises to Intellectual Property (3)

Theft of Equipment or Information

Computing devices and storage devices are becoming smaller yet more powerful with vastly increased storage and as a result these devices are becoming easier to steal and easier for attackers to use to steal information. -Smaller equipment are easier to steal -Larger storage means more information lost Ex. Dumpster diving

initiator supporters mediator

Crowdfunding involves three main entities: -the __________, who proposes their thoughts to the public; -the __________ of the idea or project, who actually help the initiator by raising money; and -the __________, who brings the two parties together and acts as their communication channel (kickstarter.com)

Adware

Display pop-up advertisements on computer screens

Block

Each new record (write) to the database is a

Firewalls (packet filter)

Enforces access-control policy to prevent certain information from moving between untrusted and private networks -a system that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network. -software which monitors network traffic and connection attempts into and out of a network or computer and determines whether or not to allow it to pass. -Depending on the sophistication, this can be limited to simple IP/port combinations or do full content-aware scans. -can be thought of as a screen that categorically filters out potentially harmful data.

Public Key Cryptography (PKC) (asymmetric encryption)

Here two keys are used: -public key: anyone can access -private key: only the owner can access it 1.The sender encrypts the information using the receiver's public key. 2.The receiver decrypts the message using his/her private key. -For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender's public key to decrypt it. Thus, the receiver knows who sent it

Business Continuity strategies

Hot Sites Warm Site Cold Site

Machine Learning Algorithms

How well the program is trained makes the difference in the outcome. -Supervised -Unsupervised -Reinforcement

CONVERSATIONAL

Human-Computer Interaction shifts from command base, on-screen interaction to __________________, giving computers the ability to interact with us in a more natural way.

Anti-malware systems (AV)

Identify and eliminate malicious software (viruses and worms, and other malicious programs) -finds programs/files/software/etc that might compromise your computer, either by being executable or by exploiting a vulnerability in the program normally supposed to process them (Rootkits, trojans, or other types of malware) -detects these kinds of harmful programs that are already installed on your computer or about to be installed -performs various protective measures (based on the security settings in this software) such as quarantine, permanent removal, fix, etc -looks for potentially harmful files that are downloaded from the internet or attached to an email and notifies/removes it to protect your computer.

Fraud detection

Identify credit card transactions that may be fraudulent.

Face recognition

Identify faces in images.

Customer segmentation

Identify which customers may respond positively to a particular promotion.

Risk management

Identify, control, and minimize the impact of threats

Phishing

Impersonating a trusted organization in an electronic communication

Risk mitigation

Implement controls and develop recovery plan

you

In App websites, What _______ want: - Strong app branding in the upper left corner - Demonstration of value app brings (via video/screenshots) - Engagement with customer base (via twitter/contact email) - Multiple, prominent Calls to Action (download/buy this app!)

users

In App websites, what ________ want: - Bullet points of what your app will do for them (or their readers, in the case of bloggers/journalists) - Video demo - Screenshots - Social proof (via twitter feed) that shows others find the app useful - Bios that prove you're human (serious business) - Contact info for press inquiries or support - Ease navigation within the website

Production Problem Solving Platform/Network

Key Activities CATEGORIES

Physical Intellectual Human Financial

Key Resources (KR): 4 TYPES OF RESOURCES

Carelessness with one's office

Leaving desks and filing cabinets unlocked when employees go home at night; not logging off the company network when leaving the office for any extended period of time.

Risk limitation

Limit the risk by implementing controls that minimize the impact of threat

Carelessness with mobile devices

Losing laptops, smartphones, leaving them in taxis, etc, not having security controls installed on them.

oCarelessness with computing devices

Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization's network.

Employee monitoring systems

Monitor employees' computers, e-mail, and Internet activities

bigger potential exposure

More data being collected about customers, represents ________ _________ ____________ -The more data that needs to be protected the more money might be required for Information Technology - bigger servers to handle encrypting an decrypting data very fast, more money on the encryption software, bigger databases, etc.

Opening questionable e-mails

Opening e-mails from someone unknown, or clicking on links embedded in e-mails (phishing and spear-phishing attack).

Spear phishing attack

Phishing attack on specific target

Optical character recognition

Printed, handwritten characters are recognized automatically based on previous examples.

Communications Controls

Protect the movement of data across networks -Firewalls -Whitelisting and Blacklisting -Anti-malware systems (AV)

Information Security

Protecting organization's information resources from unauthorized access, use, disclosure, disruption, modification, or destruction


Set pelajaran terkait

CHC Compliance Program Administration

View Set

NURS 7215: Section 1 Review Questions

View Set

Chapter 6 (DOMAIN 3): Cryptography and Symmetric Key Algorithms:

View Set

The Giver Characters, The Giver Exam

View Set

Nur 112 HESI review/practice questions

View Set

Genetica 1.2 (Postulado de Mendel)

View Set