ISM 3004 Exam 4

Ace your homework & exams now with Quizwiz!

How does DoS - Denial of Service - attack work

Overwhelm the target server with service requests. Deny service to regular customers. -Attack consumes all normally available server capacity. -Nothing left for regular customers. -Regular customers frustrated, go elsewhere. The straw that broke the camel's back. You want to overwhelm the victim - send the target more legitimate service requests than it is able to handle, denies service to regular customers. Adding that one more request so that the server CAN'T respond or crashes.

Asymmetric or Public Key Encryption

Pair of keys, each with a different function.

What are endpoint protection - anti-virus software?

Patching: Eliminate Software vulnerabilities with patches. Anti-malware: detect viruses, trojans, to stop the from infecting your machines. Firewall: To stop undesired incoming network traffic. Idea that we would call antivirus software, looks more holisticaly at everything that is neccessary to protect, endpoint could be laptop, desktop, or mobile device. Software that patches the operating system and applications so that you eliminate software vulnerabilities on client devices.

Mobile devices are largely unprotected because they spend much time ________________________.

Outside the castle walls.

How does digital dexterity enable an employee to participate in organizational transformation?

Recognize opportunity Design the solution Deliver the solution execute Digital dexterity lets your participate.

As a rule of thumb, each data record lost costs a company about $_____?

$200

Frequency of DDos

Only 6% were NOT attacked. 11% attacked 11-50 times a month. 11% attacked more than 50 times a month.

Explain the steps in the virtual assistant workflow:

-UI - your request - User Interface -Processing -Handling -Feedback -Exception Handling

What can a private key do and who should have it?

Only know to recipients. Decrypts messages.

Three reasons to secure data

1. It's the most valuable asset. 2. Privacy Regulations. 3. Systems can be hijacked.

How do cybercriminals make phishing emails look authentic?

1. They start by using a technique called SPOOFING - which is phishing email appearing to be from a legitimate sender, but it is not. You can easily do this by just altering who the email is from. 2. The graphics also look legit, they look legit because they are, they took them directly from the source - from the real site/URL. 3. With authentic graphics, even the links look legit - that's just text, it means nothing - need to find out what the real URL is and you can do that most times by just hovering over the link.

Why is engagement important?

17% more productive and 21% more profitable. Makes a big difference on the bottom line.

Size of DDoS attacks

2003: 1 gbps 2012: 60 gbps 2014: 400 gbps

In 2014, nearly _____% of the URLs received via email are unsolicited malicious links.

25%

Explain the problem with Direct Data Flow with Gartner research data.

25% of all corporate data traffic can go directly from the mobile device to corporate provider. Huge amount of data flowing around the world without protection.

Explain the problem with Mobile Sync with Gartner research data.

40% of enterprise contact information will have leaked into Facebook such as customer information.

Percentage of smartphones lost EACH YEAR?

5%

About _____% of lost smartphones had sensitive data?

60%

Gartner analyzed 38 mil job postings over the last 4 years and found that there were a _______% growth in tech skills required for NON-IT jobs. Also, _______% of the CEO's that Gartner surveyed think digital dexterity should be a key requirement when hiring new employees.

60% 80%

According to the PWC report, what is the annual growth rate for security incidents?

66%

Percentage of laptops lost over their service life?

7%

_____% of companies surveyed suffered loss of sensitive/confidential information from lost flash drives?

70%

Cryptowall is an example of what type of malware payload?

Ransonware.

Are Robo Bosses unbiased?

A human has bias based on personal opinion. We are human. A computer doesn't have that.

Why can the supervisor job be automated?

A lot of things that a supervisor does is relatively routine.

How can the Gig Economy benefit employers?

A manager can quickly assemble a team of skilled, engaged, digital agile workers to work on a project. Once task is done, you can easily disman the team.

What is a bug?

A programming flaw or oversight that can be exploited.

What is phishing and what its goal?

A scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.

What does Elon Musk think about AI?

AI is the biggest risk that we face as a civilization. AI will threaten ALL jobs.

What is a New Media Mogul?

Able to use all different kinds of media to persuade and educate people your message.

What is ACL?

Access Control Lists

What is Shoulder Surfing?

Acquiring sensitive information just by looking over somebody's shoulder.

Reading: Beautiful Social Engineering Attack. What method did the hacker use to gain access to the target company's entire email system?

An 8GB flash drive.

Reading: Biggest hack in history. How did hackers get in ?

An employee opened a bad email.

What is a Robo Boss?

Applying the task of supervision to the RPA's.

What is AI?

Artificial Intelligence is a set of related technologies that seems to emulate human thinking and action. -Learn from experience. -Arrive at its own conclusion. -Appear to understand complex content. -Participate in natural language dialogues with people. -Enhance human cognitive performance -Replace people in executing routine tasks.

Implication #1 of Moore's law.

At a fixed price point, computers get much more powerful.

What is AR?

Augmented Reality. Real time addition of virtual world superimposed on the physical world. Enhances they physical environment by overlaying virtual data information on top of it.

How can VA's make meetings better?

BEFORE: -Making arrangements. -Decide if you should have a meeting. -Who should you invite -When you should have a meeting. DURING: -Take notes. -Create Tasks. AFTER: -Creates a transcript -Sends follow-up notes to people -reminder before deadlines.

What is malware?

Bad software; disables computer systems, disrupts operations, stealing data - intended to do something harmful to you or your organization. Malware is software; must be executed to have an impact.

Explain the Legos metaphor.

Basically, we are all using the same tools. We've all got the same legos. The real question is who is better at building amazing things with those legos. The employee who can really build well with legos are going thrive. They will be in high-demand.

Tips for avoiding phishing scams:

Be careful of urgent email requests. Be very suspicious of requests for personal info. Check with the company - don't use phone number they give you in the email. Don't use links in an email. Just type those characters in the browser instead.

What is a Virus?

Behaves like a biological virus - hides itself inside a host file, could be any sort of file.

What impact does Erik Brynjolfsson think AI will have on society?

Book: The Second Machine Age. They are allowing us to blow past previous limitations taking us into new territory. We are running WITH machines, combining our strengths with the machine's strengths to achieve otherwise impossible heights. "A vast and unprecedented boost to mental power should be a great boost to humanity, just as the earlier boost to physical power (train) clearly was."

What is CEO Fraud? How does it work?

Business email compromise. Sophisticated swindle and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

Reading: Beautiful Social Engineering Attack. How did the hacker gain the chemical engineer's confidence?

By talking to him.

What can a public key do and who should have it?

Can ONLY encrypt. Can give to anybody.

What is Penetration Testing?

Can be done externally or internally. Authorized a group of people to pretend they are hackers and attempt to break into your network by whatever means they see necessary. Test all barriers.

How does Smart Contract work?

Codes within a transaction. Takes actions based on conditions. Runs as long as it has money.

What is a Zombie?

Computer that a remote attacker has accessed and set up to forward transmissions - including spam and viruses - to other computers on the internet.

Types of systems targeted by malware:

Computers - Windows, Mac, Linux, mobile devices.

What risk must be considered when disposing of obsolete equipment?

Computers and copy machines at risk due to their hard drives.

What is the level Actively Disengaged?

Consistently negative. Vocal Create toxic environment.

How does CERT define the term Insider?

Current or former employee, contractor, or other partner that has or had authorized access and intentionally misused that access against the organization.

What is the impact of a DoS - Denial of Service - attack?

Customers will get frustrated and shop somewhere else. Server will crash. Cannot handle the volume.

What is the source of most malicious hacking?

Cyber crime syndicates.

What are containers.

Create a container within the mobile device, all the corporate data is on the inside of the container, protected from external attack and also secures the employee's personal data.

Disaster Recovery DR - What are the elements of a disaster recovery plan?

Data protected with good backup systems. Business Continuance. Ensure business can continue operations even if main data center goes up in flames. DR site - have a backup Disaster Recovery site for when main site goes down, acceptable recovery time.

Distributed Denial of Service - DDoS - how does this differ from a normal DoS attack?

Denial of service but the attack comes from every direction simultaneously; it's distributed.

Some people think that the attackers are just kids showing off their tech skills. True?

FALSE

What is a Vulnerability Scan?

Device within the company that will scan every computer on corporate network testing for broad range of vulnerabilities. If it detects any, it will then report them back to IT staff so that they can be repaired. Repeat until fixed. Goal is informative - how are we doing? Reaffirm success in building secure environment.

What is a Bitcoin?

Digital currency. Decentralized Secure and confidential

What is key-based cryptograhy?

Digital key, which is much like a physical key, used to encrypt data/make cipher text which is unreadable without appropriate digital key. these keys can be lost or stolen, Key Management System.

2 examples of mobile/BYOD technical risks are:

Direct data flow. Mobile Sync.

What is Blockchain?

Distributed ledger system. Enables trusted transactions in UNTRUSTED environment.

Why do Blockchain systems have distributed ledgers?

Distributed ledgers enables trusted transactions in an untrusted environment.

Why might employees like the Gig Economy?

Don't have to work for The Man anymore. Freelance Work for yourself, only on projects you care about. Enjoy a fantastic work life balance that you control.

The article suggests that CEO fraud works because __________ is inherently insecure.

EMAIL

How can orgs address the ever-increasing security threats to their mobile devices?

EMM: Enterprise Mobility Management Containers App Wrapping

What are the root causes of problems with user passwords?

Easily remembered. Resistant to change.

How is email used to distribute malware?

Email is ubiquitous - its everywhere, everyone uses it, and everyone uses it a LOT, multiple distribution methodologies. Send malware as an attachment or a link to a website, excellent high speed distribution tool, large threat.

Why is encryption used with Blockchain distributed ledgers?

Encryption locks them down, so they cannot be changed. They are welded together digitally.

What is Engagement Profit Chain?

Engaged employees equals better service, productivity, quality equals equals increased sales, higher profits, and shareholder benefits.

What is EMM?

Enterprise Mobility Management. Mobile App security. Mobile threat defense. User education.

How do viruses propagate?

Even if it doesn't have any obvious negative payload, it can still be a problem - it could introduce instability into your computer system, it's not designed to be there and can cause problems.

What is a zero day exploit?

Everyday vulnerability becomes known to the world, because bad guys are using it to break into other people's systems. A hole in the software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it.

What is Gartner's advice to business leaders regarding wearables?

Few wearable devices have solutions that will improve enterprise efficiency and lower net costs. IT leaders must differentiate among many types of wearables to determine the right opportunites for investment. We should evaluate wearable devices for specific targeted roles. They are not broadly generally, they will not broadly improve society or costs, but if we're wise, we can find ways to invest now to learn so we're ready when technology becomes mature.

Explain one example of a Smart Garment.

Fitness and Health - detecting your heartrate, breathing, motion data, temperature, ultraviolet lights, radiation. Safety officers of industrial companies should look at the ways that smart garments could protect workers on shop floors - biometric data for stress, etc.

Why does Gartner believe that AI will be so pervasive within the next 5 years?

Five years ago, we struggled to find 10 AI-based business applications. In five years, we will struggle to find 10 that are not.

Implication #2 of Moore's Law.

For a fixed amount of power, computers will become much cheaper.

What is DBAN? How does it help with information security?

Free program that will repeatedly write patterns of 1s and 0s all over the hard drive so that it wipes out all traces of data. So, if someone gets ahold of it, they have no access to your data. DBAN - equipment disposal.

What's a typical methodology for stealing IP?

Gain Access: Step by Step, Social Engineering, brute force passwords, dump all passwords. Unauthorized file access. Intercept email. STAY HIDDEN. "Break into a company's IT assets, dump all the passwords, and over time, steal gigabytes of confidential information."

A company's dumpster can be a "_________________________" to cybercriminals.

Gold Mine of Information

What is the vulnerability being exploited in a Denial of Service -DoS - attack?

Heavy reliance on servers: - E-Commerce - revenue - Communications - email - Enterprise applications - efficiency Capacity - Servers have maximum capacity Exceeding maximums equal problems! Businesses today rely heavily on servers, both for generating revenue and for reducing costs. Servers have a fixed capacity. They are not infinitely powerful. As long as you dont exceed the performance capacity of the server or cluster of servers, everything's done in a timely manner. but, when you exceed those maximums, the server will go slower, productivity will drop, and/or if the server runs out of memory, it might crash.

What's the FBI's advice to those organizations?

If you had no backup, it was best to pay the ransom to get your files back.

Key length - impact on security and system performance.

Impact on security and system performance. keys are basically numbers, a sequence of bits that is used to lock or unlock the data. The longer the key is in terms of bit, the more secure things are going to be - also means it will be slower. More bits means more possible keys.

As one example, why was one healthcare company over $1 million?

Improper photocopy equipment disposal.

Reading: Biggest Hack in History. What damage was suffered?

In a matter of hours, 35,000 computers were partially wiped or totally destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco's ability to supply 10% of the world's oil was suddenly at risk. Employees had to use typewriters since they could not use the computer to prevent the virus from spreading further.

Where does the typical Lindt sales executive have their office?

In their car

Where are Smart Garments on the hype cycle?

Innovative Trigger. 10+ years

What is IP?

Intellectual Property. That refers to the creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce - World Intellectual Property Org. Trade Secrets! The competitive advantage.

What is level of Engaged?

Involved and enthusiastic about their work and workplace. Real emotional connections Commit their time, talent, and energy. Advance the organization's objective.

What is the term Digital Dexterity?

Is the ability and desire of the workforce to use existing and emerging technology for better business outcomes.

What is multi-factor Authentication?

Is the idea that there is something that you know - password - and something that you have. Greater level of confidence that the person logging in is who they say they are. Example: Google - you have to know your password AND enter a verification code texted to your mobile device.

What is meant by the term Everyday AI?

It's invisible, integrated. Subtle. What: -AI helping in normal course of work -Not perceived as AI- just a feature. Where: -SaaS 75% by 2020 will include useful AI services -VPAs

What is a Smart Contract?

Just program code that is baked into that transaction, making it conditional.

What are the real drivers behind modern cyber-attacks.

Money and power.

Stolen Veteran's Affairs laptop incident: What data was exposed, what was the impact?

One laptop stolen! Exposure: name, SSN, birth date for 26.5 million people. Lawsuit settlement: 20 Mil Individual impact: ID theft

What are physical vulnerabilities?

Laptops, desktops, etc. You want to have a good inventory: know what they are, who has them, where they are, and encrypt their hard drives so lost data is not out in the open.

What is Botnet of Zombies?

Large army of computers that have become infected by malware and become Zombies or BOts - Malware Victims.

Describe the characteristics of modern cybercrime syndicates.

Large groups. Very Professional. Lots of money. Effective.

Explain one AI Tumult

Legal eDiscovery. Law firms used to hire thousands of people to do eDiscovery. That is now being done largely by machine algorithms. Not entry level. Quantitative legal prediction. AI algorithms can predict if you are going to Win your case or not. or use an appeal. It uses big data to outperform some of the most experienced lawyers.

What is app wrapping?

Lets you take an app and add a security layer, wrapping security around it without damaging the look, feel, or functionality of the app.

What are digital identities and why protect them?

Log-in credentials such as usernames and passwords. To protect your identity.

Hacktivists - what characteristics typify hacktivist groups?

Loose confederations of individuals dedicated to political activism, who seek publicly/fame on behalf of their political cause.

What can Robo Bosses do?

Machine Learning and can process routine tasks: Approve Time Schedule employees Resume Screening Performance evaluation

What steps can be taken to protect mobile devices?

Make sure your mobile device is encrypted. By using a Mobile Device Management.

What are access controls?

Making sure the right people get the right access to things.

What is the level Not Engaged?

Might be satisfied or even happy at work. Do the bare minimum required. Have not bought into the organization's mission, values, vision, or goals.

What is Bimodal IT and its two modes?

Mode 1: traditional, keeps the lights on. Runs those systems that gives you the exact amount of money every two weeks. Rock solid, reliable. Changes at a glacial pace. Mode 2: experimental, innovative. Takes risks and learns from it. Tweaks, changes, and grows. OK to make small errors. Where the digital dexterity employee is.

What strategies do hacktivists use to accomplish their goals?

Monetary pain to victims to force them to change behavior. Embarrass the target and damage their reputation. Seek to gain public support against the target.

What is intrusion detection system?

Monitor all the network traffic coming in and out of the internet connection, looking for sequences of packets that are indicative of certain types of information technology security attacks. When it detects those, it'll then notify the system managers so then they can take appropriate action. For example: going to the router on the internet and blocking a host that is attacking them. not taking action, but notifies.

Defense in depth - how does the castle metaphor apply to information security?

Multi-layer defenses; castles have lots of ground around the castle itself. So, they could see invaders approaching from a distance. Then there was a moat that had to be crossed, then outer and inner walls. Invaders had to get past all these defenses. Information security should have multiple layers of defense and each should warn you of their attack.

Were the lost smartphone protected?

NO

Is it reasonable to expect that large software systems would be truly and totally bug-free? Why?

NO. There are millions of lines of codes that could contain bugs.

What is a Conversational Interface?

Natural Interface Context Aware Evolution of VPA: Informal and bidirectional platforms

Do Trojans rely on software vulnerabilities to compromise a system?

No. They exploit a weakness in the human character, not the computer software. Exploit human vulnerabilities, responsible for hundreds of millions of hacks every year.

In IP theft, one is often facing a determined human adversary. What characterizes this type of opponent?

Not deterred by early failure. Repeated attacks. Variety of techniques. Significant resources from sponsors.

What is Moore' Law?

Number of transistors on a chip that doubles every two years, at the same price.

How does Everyday AI affect Office Suite software?

Office 365: -Word: Editing. with copy-editing to avoid the grammar police. -Outlook - prioritize your mail so important stuff comes first. -Google calendar - autoscheduling.

What is a keylogger?

Once it's on your computer, the malware will monitor every keystroke you type and send back to the cybercriminals.

How is spearphishing different from phishing?

Phishing is just a broadcast attack whereas with spearphishing, you are much like a sniper. You research your target and then go after it with extreme dedication and effort. Narrow effect. Target - research target. Find out about the victim. The victim's company, all the information we can so we can make a super custom, exactly crafted email that is tailored to knock down the big game. Apparently valid source Personalized: Nicknames, habits, preferences, recent purchases, recent promotions or job changes.

What kinds of things actually contain the desired information from dumpster diving?

Phone Lists, Print outs, and media

What are the broad categories of IT vulnerability?

Physical Technological Human

Reading: Beautiful Social Engineering Attack. What did the chemical engineer do that enabled the hacker to find him?

Posted information on social media.

What kinds of information might be in a company's 'dumpster'?

Pre-attack research

What is spoofing?

Pretending to be someone your are not.

What is Social Engineering?

Process where outsiders exploit naive insiders; tricking.

What kind of tasks can an RPA system perform?

Processes routine tasks. Works with existing applications.

Moore's Law Results in extremely cheap:

Processors Memory Sensors Connections

How is the public key encryption used?

Protect web transactions, SSL, Secure - HTTP Data encrypt between client and server, passwords, confidential data, medical, financial.

Proximity-Aware System example:

RFID in a badge. Chip in a badge, everywhere you go, they know that, your information.

What is a bot?

Remote control payload. Allows cybercriminals to do anything they want remotely. You can still operate your computer, but without your knowledge, they can send a control command to your machine whenever they want.

What steps can be taken to protect USB flash drives?

Requiring the use of encrypted USB flash drives - actually having encryption hard drives built into them. Some companies banned this sort of storage - disable computer USB ports.

How does RPA - Robotic Process Automation work?

Robot machines. Behaves as if it were an employee. It will eliminate routine tasks, leaving humans free to address non-routine tasks. Machine Learning. Natural Language Interface.

What is RPA

Robotic Process Automation - software robot employees.

What can an attacker do with a bug?

Run undesired programs. Unauthorized data access. Gain full control.

How would the cyber-criminal use the information from the dumpster dive?

SELL IT

How do worms propagate?

Searching for vulnerabilities in the operating networks or software installed on a network, once it identifies another vulnerable machine, it will exploit its vulnerabiliites and install itself on that machine and being its own execution, second machine joins the attack, can generate a lot of traffic on your network, carry a payload, typically negative.

Gartner thinks that ________________________ have the greatest growth potential of any wearable device technology.

Smart Garments.

How do Trojans fool a user into executing them?

Social engineering - the key - you are tricked to invite that malware into your computer.

Human vulnerabilities - how to address them?

Social engineering - the reason it succeeds is because people are naive. Education and Awareness Training. An ounce of PREVENTION is work a POUND of cure. Uniformed risky behavior. Good HR practices - hiring - background checks, good exit procedure - when someone leaves.

Reading: How to Stop Guilible Employees: The most prevalent, successful threats rely on what vulnerability?

Social engineering, one way or another. That could be a phishing email, a rogue link, or an offer of a free download that pops up on a trusted website. In rare instances, it's a physical phone call asking for credentials to be reset or for the person to install needed diagnostics software to remove malware.

What vulnerabilities are exploited with compromised websites?

Software; incredibly complex and therefore there are bugs - vulnerable browsers and plug ins. This presents the opportunity for cyber criminals to take advantage of the fact that we are out there on the internet.

What are worms? And do they rely on host files?

Standalone malware - doesn't insert itself like a virus. It's just the worm's job to propagate itself via your network; once a worm is on one computer on a network ,it starts looking for other computers on the network it could infect.

How do attackers use shoulder surfing?

Stealing confidential data. Stealing mobile devices.

What steps are involved in risk assessment?

Step 1: List IT assets and assign them a value - trying to identify if something is critical for ongoing business success. Step 2: Identify threats - How could an attacker potentially get at assets? Step 3: If assets are destroyed - what would it cost to replace, assign cost to replace. Step 4: how long is it OK to be down? Determine acceptable downtime.

What are the three user password vulnerabilities?

Sticky Notes: writing the passwords down. Guessable: people who know you. Lack on complexity: too simple.

What is a Firewall?

Stop undesired incoming network traffic.

What does it mean for something to be vulnerable?

Susceptible to attack or harm.

How is social engineering done?

Take baby steps. Research your victim. Ask for help: plausible requests to the right people mentioning the right names.

Three Broad areas of change, trends demanding digital dexterity.

Technology is changing. Working is changing. IT is changing.

What is meant by the term, Digital Workplace?

The digital workplace program is a business strategy to boost employee engagement and ability through a more consumerized work environment.

What is employee engagement?

The emotional commitment an employee has to the organization and its goals.

What does the French phrase La Fin du monde have to do with AI?

The end of the world. What impact will AI have on us as individuals, orgs, society at large. Some people think it will be the end of the world.

What is the real cost of Cryptowall to organizations who are compromised by it?

The real cost is not the ransom, it is the downtime caused by data not being accessible and IT overtime hours to fix things, and sometimes whole departments sitting on their hands.

How do viruses and host files relate?

When you become infected with a computer virus, it starts executing in your computer's memory/processor and then its going to go looking through your hard drive for files it can infect, once it finds a program, it inserts a piece of itself in there. the program will run normally as allows but now has the virus integrated in its DNA. Hopes that you will share this file. Program with a colleague. when you execute it, they will get the virus! And the virus starts its whole process over again. REALLY BAD WITH SHARED FILES SYSTEMS IN COMPANIES.

What is Gartner's opinion of AI's likely impact over the next 5 years?

Thru 2022, few jobs are fully replaceable, but most occupations will have at least some activities augmented by AI.

Why do IP thieves typically steal it?

To SELL it.

Risk assessment - what is the purpose?

To know how much to spend to protect assets.

Why do businesses put sensors on things?

To take care of our things. To keep track of our things like GPS, something getting too hot.

Where are Head-mounted displays on hype cycle?

Trough of disillusionment. 5-10 yrs. for performing tasks hands free.

How common is engagement among US workers? Worldwide?

US 33% Globally 15% UK 8% France - 3%

Reading: How to Stop Gullible Employees: What's the fastest and cheapest bang for your buck when it comes to information security?

User education training to counteract those threats.

What is the alleged benefit to workers of RPA Systems?

VPA - Virtual Personal Assistant can free us up from routine tasks. Smart Workplaces - smart conferences rooms. BYOD and BYOA can use our favorite tools to complete tasks.

What is VEA

Virtual Employee Assistant -A VEA is owned by the company, controlled by the company, but used by the employee. It's company's software.

What is VPA?

Virtual Personal Assistant. Conversational UI Perform Tasks -Research -Interface with productivity apps Something YOU own. Outside of an org.

What is VR

Virtual Reality. Takes us away from reality. it surrounds us with a simulated virtual computer generated 3D environment. Isolates us from physical reality. Presents us with only the digital world.

What endpoint changes in recent years affect telecommunications?

Voice-only Telephone. Limited Video. Video conferences. Content Centric. Web conferences. Video first: High quality video conferences. ENDPOINT changes: -Mobile First -Better networks. -HD Video.

What is Principle of Least Privilege?

We have a business technology with the purpose of doing work. Give me the access that I need to do my job, nothing more. User given no more privilege than necessary to perform the job.

Risk posed by fraudulent mobile apps:

We use these devices for high stakes activities; high level of popularity of mobile banking apps has led to unauthorized banking apps written by cybercriminals, predonminately an Android problem.

How does a website visitor's computer also become compromised?

We visit compromised sites, click on a link and let the malware in; CAN HAPPEN AT LEGITIMATE WEBSITE. Cyber criminals compromise website, loads malware on there, and thousands become victims before it's detected.

Why are default password a potential security problem?

Weak. Easily guessable. Doesn't change network identifier.

What is Ransomware?

When you execute the malware, it immediately installs on your machine and encrypts all your files with a password; sends message demanding money and giving instructions and passwords - great reason to have data backups.

What is a gig economy?

With remote work with all these technologies, a lot of people are saying, you know what I don't want to go work for The Man, I want to work for myself. I want to be a freelancer.

Explain why mobile is a cornerstone of the Digital Workplace.

Work: no longer a place to go. 14% decreased in deskbound workers from 2016-2019. One in three workers will soon be mobile workers. Endpoint Diversity: -Average knowledge worker used 3 devices for work purposes in 2016 -They will employ 5 devices for work purposes by 2020!

Are insiders a serious threat?

Yes, because 70% of incidents involve insiders.

What is a Process Hacker?

You are able to look at a work situation and come up with a novel way to bring together different tools to improve work, to make things better, faster, and easier for people to use.

Why is digital dexterity important for an individual employee? ...for an organization?

You will thrive, be in high-demand, be happier at work. By 2020, the greatest source of competitive advantage for 30% of organizations will come from the workforce's ability to creatively exploit digital technologies. Disruption. Tumult and treasure.

What are Drive-by Downloads?

Your machine can be infected simply by visiting a page, you don't have to click on anything; no interaction, just open and BAM.

Organizations spend most of their IT security dollars protecting _________________________.

castle walls. These are corporate sites.

What's the goal of encryption?

to make sure data can only be read by authorized parties or at least until the info is no longer useful to an authorized user.

What is Malvertising?

use of online advertising to spread malware. Involves injecting malware laden advertisement into legitimate online advertisement network.


Related study sets

Chapter 13 - Retailing and Wholesaling

View Set

mother baby unit 1 eaq questions

View Set

A&P I: Unit 3: Chapter 15 Extensive Review Questions (C)

View Set

Chapter 6 Fall History Final, Chapter 7: The Progressive Era, mr lucas history, HIS- Ch. 4(1-20) Ch. 8(21-..)

View Set