Cob 204 ( Test 3 Review for Tom Dillon)

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Specific Data Safeguards (DS)

- Data Policies (Admin/DB Admin) - Data Rights/Responsibilities > (Order/laws/structure) - Enforced Rights (Via user account/authenticated passwords) - Data Encryption - Backup/Recovery Procedures - Physical Security > (Walls, locked/fireprood doors, locks, badges, guards, alarm systems, fencing, gates, etc.)

Support Activity Examples

(A&M) - Legal, Accounting, Finance, and Management > Ex: (Hiring a lawyer/using quickbooks) (HR) - Personnel, Recruiting, Training, Career Development > Ex: (Using the internet to advertise job openings) (TD) - Engineering, Software, Hardware, Research, and Development > Ex: N/A, we leave this space blank (PR) = Supplier management; purchasing products we buy but don't sell > Ex: Ordering office supplies online

Assets/Target Threat Vulnerabilities Safeguards/Controls

- A) Resource of information that needs to be protected. (Cost of repair or replacement) - T) Capabilities, intentions, and methods for harm to an asset. (Can be human error, computer crime, or natural event) - V) Weaknesses in an information system that allows a threat the opportunity to compromise or gain access to an asset - S) Used to block or minimize the impact of threats *Use the acronym ATVS!

Vulnerabilities (V)

- Built in weaknesses considered too expensive or not undertaken for another reason (Often Human Error) - Mistakes IT & Non-IT people make - Socially engineering a person out of security knowledge - Unknown holes that only become visibile after the attack (Human error, mistakes, engineering, holes)

Big Picture Organization (BPO)

- Industry Structure - Competitive Strategy - Value Chain - Business Process - Information Systems

Hardening (HS)

- Special versions of an operating system; made to lock down features and functions not required by application. - Protects users from internal company security problems

Ransomware

A type of malicious software designed to block access to a computer system until a sum of money is paid.

General Data Protection Regulation (GDPR)

An EU privacy law enacted in 2018 that outlines data protection regulations designed to protect personal data

Data Administration

An organization-wide function that develops and enforces data policies and standards

Human Safeguard Examples (HS)

Hiring, Training, Education, Procedure Design, Administration, Assessment, Compliance

Human Safeguards

Hiring, training, education, procedure design, administration, assessment, compliance, accountability

Pretexting

Occurs when someone deceives by pretending to be someone else

SQL Injection Attack

Occurs when users enter a SQL statement into a form in which they are supposed to enter a name or other data

Perimeter Firewall

Restrict unauthorized access to internal data and prevent outside intrusion

Adware

Similar to spyware in that it is installed without the user's permission and resides in the background and observes user behavior

Symmetric Encryption

The same key is used to encode and decode.

Business Process (Porter's Model) (#4)

A network of activities that generate value by transforming inputs into outputs.

Value Chain

A network of value-creating activities (Primary + Support)

Advanced Persistent Threat (APT)

A sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments

Phishing

A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail

Key Escrow

A trusted party handles a copy of the encryption key of encrypted data

ERP

Enterprise Resource Planning

Payment Card Industry Data Security Standard (PCI DSS)

Governs (ensures) the secure storage and processing of credit card data

Denial of Service (DoS)

Hackers use an application to overrun a system's DBMS and cease transactions/access

Assets/Targets (A)

Hardware, Software, Data, Procedures, People + Network Infrastructure & Intellectual Property

Non-employees that work for you (HS)

- Temporary personnel, vendors, business partners, and the public - Requires appropriate screening/training - Contract specific security responsibilities - Provide accounts and passwords w/ least privilege and remove accounts asap

Losses Categorized As:

- Unauthorized data disclosure - Incorrect Data Modification - Faulty Service - Denial of Service - Loss of Infrastructure

Malware Symptoms

- slow system startup - sluggish system performance - many pop-up advertisements - suspicious browser homepage changes - suspicious changes to the taskbar and other system interfaces - unusual hard-disk activity

Non employees w/ Access (HS) (Continued)

1.) Account Management --> Standards for new user accounts, modification of account permissions, removal of unneeded accounts, etc. 2.) Password Management --> Users change passwords frequently 3.) Help Desk Policies --> Provide means of authenticating users

Industry Structure (Porter's Competitive Model) (#1)

1.) Bargaining power of customers 2.) Bargaining power of suppliers 3.) Firms - (Existing Rivalry Firms & Your firm) 4.) Threat of Substitutes 5.) Threat of New Entrants

Competitive Advantage Strategies (Examples)

1.) Cost Leadership - "Walmart's Everyday Low Prices" 2.) Differentiation - "Southwest Airlines offering low-cost, short-haul, express flights" 3.) Innovation - "Apple Watch" (Traditional to Smart Watches) 4.) Organizational Effectiveness - "Fed-ex fastest delivery option" 5.) Customer Orientation - "Amazon's Customer Ordering System"

Business Process Overlap & Integration

1.) Execute a process (i.e, input for one process is the output for another) 2.) BP creates the need for "enterprise-wide" systems 3.) Capture and store process data (Dates, times, prices, etc.) 4.) Monitor process performance/identify problems

Value Chain (Porter's Model for Structural Change) (#3)

9 Total Support and Primary activities. (In order of chart) 4 Support Activities - Contribute to competitive advantage by supporting the primary activities, but don't directly add value directly to the firm's products or services - Administration & Management (A&M) - Human Resources (HR) - Technology Development (TD) - Procurement (PR) 5 Primary Activities - The production and distribution of products and services. Purpose: To create value for which customers are willing to pay. - Inbound Logistics - Operations/Manufacturing - Outbound Logistics - Marketing and Sales - Customer Service

Non-employees w/ access (HS)

> Public users, websites and other openly accurate information systems > Hardening

Activity

A business function that receives inputs and produces outputs (Human, computer, or both)

Repository

A collection of something (Ex: Database is a repository of Data)

Virus

A computer program that replicates itself and consumers computer resources using a PAYLOAD (Main host/brain) to alter data.

Intrusion Detection System (IDS)

A computer program that senses when another computer is attempting to scan or access a computer or network

Packet-filtering firewall

A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.

Spoofing

Another term for someone pretending to be someone else. Types: IP spoofing, email spoofing, etc.

Customer Service

Assisting customer's use of the product and thus maintaining and enhancing the product's value

Hacking

Bringing down computers, servers, or networks to steal important data/information/money...

Business Process Improvement

Changes that consider where the input came from and where the output was going. - Improves EFFICIENCY (faster/error-free) and EFFECTIVENESS (allows for better decision-making -Increases customer/employee satisfaction

Outbound Logistics

Collecting, storing, and physically distributing the products to buyers

Usurpation

Computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones (Categorized under faulty service)

Authentication (TS)

Confirms the identity of the person requiring access

Cost of Business Process

Cost of Inputs + Cost of Activities

Competitive Strategy (Porter's Model w/in Industry Structure) (#2)

Cost/Industry-wide: - Lowest cost across the industry Differentiation/Industry-wide: - Better product/service across the industry Cost/Focus: - Lowest cost within an industry segment Differentiation/Focus: - Better product/service within an industry segment

Data Safeguard Examples (DS)

Data Rights & Responsibilities, Passwords, Encryption, Backup & Recovery, Physical Security

Authorization (TS)

Determines which actions, rights, or privileges the person has, based on his or her verified identity

Malware Protection (TS)

How to protect data from malware - Install Anti-virus and Anti-Spyware - Scan devices frequently - Update malware definitions - Open email attachments only from known sources - Install software updates - Browse only reputable internet neighborhoods

Threats (T)

Human Error/Action > Entering the wrong data or accidentally changing the data > Normally effects the 5 com. of a CIS Computer Crime > Person or Org. that seeks to obtain or alter data or assets > Includes viruses, worms, phishing, terrorism, extortion, etc. Natural Events or Disasters > Problems result from initial loss of capability, service, and then recovery methods > Includes fire, floods, hurricanes, earthquakes, etc.

Technical Safeguard Examples (TS)

ID & Authorization, Encryption, Firewalls, Malware Protection, Application Design

Primary Activity Examples

Inbound logistics - Tasks: Quality control, raw materials control, supply scheduling (Ex --> Automated Warehouse Systems) Operations/Manufacturing - Tasks: Manufacturing, packaging, production control, quality control (Ex --> Computer controlled & aided equipment) Outbound Logistics - Tasks: Finishing goods, order handling, dispatch, delivery, invoicing (Ex --> Automated shipping/scheduling systems) Sales & Marketing - Tasks: Customer management, order taking, advertising/promotion, sales analysis, market research (Ex --> Data per target audience marketing) Customer serviceterm-19 - Warranty, education & training, upgrades, service on products (Ex --> Customer relationship management systems)

Sales and Marketing

Inducing buyers to purchase the products and providing a means for them to do so

BPO Components (Simplified)

Industry Structure (1) - (Competitive forces in your industry) Competitive Strategy (2) - (How you decide to respond to the forces) Value Chains (3) - (Changes you make to your structure) Business Process (4) - (How those changes effect your process) Information Systems (5) - (Hardware, Software, Data, Procedures, People)

Typical Business Process Format

Input - Process - Output (Ex: Online website - placed order - shipped product)

Linkages

Interactions across value activities

Gramm-Leach-Bliley Act (GLBA)

Passed by congress in 1999, the doctrine protects consumer financial data stored by financial institutions such as banks, securities firms, insurance companies, and organizations that supply financial advice, prepare tax returns, etc.

Health Insurance Portability and Accountability Act (HIPAA)

Passed in 1996, this doctrine gives individuals the right to access health data created by doctors and other health care providers, as well as limits/rules on who can read or receive your health information.

Malware Definitions

Patterns that exist in malware code

(HS) Examples

Postition definition > Separate duties & authorities > Determine least privilege > Document position sensitivity Hiring & Screening > Processes to ensure trust, knowledge, and capability of employees > Most JMU CIS majors acquire a security clearance for gov. jobs Disemination & Enforcement > Responsibility, Accountability, and Compliance Termination > Friendly or Unfriendly

Internal Firewall

Prevent the leak of or retrieval of suspicious data/malware

Spyware

Programs that are installed on the user's computer without the user's knowledge or permission to track key strokes for account info, passwords, etc.

Data Safeguards (DS)

Protect databases and other organizational data. (The organization units are responsible for data safeguards)

Push vs pull Publishing

Push- Data does not need to be requested Pull- data needs to be requested

Inbound Logistics

Receiving, storing, and disseminating inputs to the products

Authentication Methods (TS)

Something the user is (Biometrics) > Examines a person's innate physical characteristics > (Ex: fingerprint/palm/retina scans, iris & facial recognition) Something the user has > A mechanism that includes regular identification > ID Cards, Smart ID Cards, (mag strip w/ microchip that requires a pin) Something the user does > A mechanism that includes voice and signature recognition, giving off body heat, or perspiration Something the user knows > A mechanism that includes passwords and phrases

Firewalls (TS)

Special purpose computer, regular computer, or router

Safeguards (S)

Technical Safeguards - Hardware & Software Data Safeguards - Data Human Safeguards - Procedures & People

Value

The amount of money that a customer is willing to pay for a resource, product, or service

Credential Stuffing

The automated injection of breached username/password pairs to gain user accounts access fraudulently.

Margin

The difference between the value that an activity generates and the cost of the activity

Brute-Force Attack

The password cracker tries every possible combination of characters

Encryption (TS)

Transforming clean text into coded text. (For secure storage and communication)

Operations/Manufacturing

Transforming inputs into the final products

Asymmetric Encryption

Two keys are used; one key encodes the message, and the other key decodes the message

Private key encryption

Used to decrypt or decode (the combination for the lock)

Public key encryption

Used to encrypt or encode (the lock)

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

Uses a combo of public key and symmetric encryption

Sniffling

Using IP packets and wardrivers to take advantage of vulnerabl networks

Worm

Virus that SELF-PROPAGATES using the INTERNET or other computer network

Trojan horses

Viruses that MASQUERADES as useful programs or files


Set pelajaran terkait

Real Estate Law -UNIT FOURTEEN - ESCROW AND TITLE INSURANCE

View Set

Lesson 5.06: Pronoun-Antecedent Agreement

View Set

Trauma Systems, Blunt and Penetrating

View Set

MKTG 4280 Ch. 13 McGraw-Hill Connect

View Set

social cognition and social influences on behaviour

View Set

communication NCLEX practice questions

View Set