MIST part A final

Ace your homework & exams now with Quizwiz!

What is a database? DBMS?

- A database is an organized collection of data. - The software application that lets you create and work with a database is called a database management system (DBMS)

Security controls (administrative, technical, physical)

- Administrative Controls: Policies, standards, procedures, guidelines, personnel screening, training - Technical Controls ("logical controls"): Authentication, encryption, firewalls, biometrics, etc. - Physical Controls: Locks, monitoring, mantraps, environmental control

Relationship between security controls and security frameworks

- An organizational security framework is your organization's suite of security controls - It is made up of many entities, protection mechanisms, processes, and procedures that all work together and rely on each other to protect the company

AIC Triad (Availability, Integrity, Confidentiality)

- Availability refers to the ability for authorized parties to access data and systems when necessary - Data integrity means maintaining and assuring the accuracy and reliability of the information and systems over its lifecycle - Confidentiality is the property that information is not disclosed or otherwise made available to unauthorized individuals, entities, or processes.

"Best practice" security control illustrations (e.g., continuity planning, employment/HR, data management)

- Continuity planning typically relies on backup sites - Rotation of duties - Mandatory vacations - Split knowledge - Unlink sensitive data from other data to minimize the damage if it is stolen - Encrypt data both in transit and in storage so that it is unreadable if it does fall into the wrong hands

The role of good management in the companies of the future; how to lead effectively

- Egalitarianism—especially of ideas. Everything is fair game. - Transparency of information

Major components of a relational database model (entities, attributes, relationship)

- Entities are things and concepts for which you wish to store data in the database - Entities are connected through relationships - Fields are often referred to as attributes and correspond to columns of the tables.

The relationship between transaction cost economics and self-organizing (why might companies be considered passe?)

- Markets have lower production costs (the costs of making goods and services) - Hierarchies have lower coordination costs (the costs of setting up production and keeping it running) - As coordination costs go down, markets become more and more attractive Competition in markets bring prices down, but it costs more to hire new people every time.

When and why outsiders can be more effective than experts

- New knowledge is being created in other fields and it is slow to enter the core - Many problems, opportunities, and projects benefit from different perspectives, people, and teams - The crowd is so valuable, in large part, because it's massively marginal: it contains huge numbers of people who are some combination of smart, well-trained, experienced, tenacious, and motivated

Characteristics of effective self-organizing structures (e.g., openness, non-credentialism, etc.)

- Openness - Noncredentialism - Verifiable and reversible contributions - Clear outcomes - Self-organization

Database vs. spreadsheet as a tool for data storage

- Security: Administrator can grant each user a different level of access, - Elimination of redundant data via relational model - Data Access: Multiple types of users can query a single database simultaneously - Big Data: Databases can handle much larger datasets

Definitions of the core vs. the crowd

- The Core: Dominant organizations, institutions, groups, and processes of the pre-Internet era (p. 231) - The Crowd: New participants and practices enabled by the net and its attendant technologies

Cryptocurrencies and the blockchain - Specifically, I want you to recognize the tension that exists between a digital currency and the free, perfect, instant properties of digital information goods. - You should also know, in general terms, what the role of the blockchain is with respect to

- The bitcoin is a digital good - It is essential that BTC not follow the free, perfect, and instant economics of information goods - Blockchain acts as a distributed/decentralized ledger system that logs transactions

Primary keys and foreign keys

- The primary key is an attribute that can have a unique value for every instance (record) that you store in a table (social security number, student ID number, etc.) - A foreign key in one table is always the primary key in another table

Ways to organize the crowd (e.g., formal hierarchies, markets, self-organizing structures like Wikipedia/Open Source)

Formal hierarchy is good when the work has to be perfect (medical equipment) Markets let people freely transact with each other without centralized control.

Conventional technical approaches to security (e.g., MFA, monitoring, software updates)

Multifactor authentication (MFA) - Something you know - Something you have - Something you are (e.g., your fingerprint) Monitoring and anomaly detection - Intrusion detection (e.g., flagged account after numerous failed login attempts) - Intrusion prevention (e.g., blocked access to critical systems from international IP addresses) Routine patching of newly-discovered vulnerabilities; software update

Shortfalls of the conventional technical approach (e.g., Social engineering, insider threats)

Skilled hackers prefer social engineering attacks over brute force attacks - It is easier to fool a human than a machine "Insider threats" - Motives for malicious attacks include financial gain; revenge Conventional technical approaches to IT security risks overemphasize identifiable risks

Ox weight example (incl. the four criteria to make crowd-based estimation effective)

The guy made everyone guess the weight of the cow and the average ended up being the correct answer. - Independence - Diversity - Decentralization - Aggregation

Problems arising from the non-hierarchical/messy crowd

This presents two difficult problems: - Overload: It can be hard to find what you're looking for in an ocean of uncontrolled information (The core can curate information, but there's just too much in the crowd) - Malicious Intent: Some of its members behave in hurtful ways (The core can evict bad actors, but that's hard to do on the web)

How to model a database, generally (e.g., the use of Crow's Foot notation, etc)

entities are connected by crows feet. a branch means it is a many to many or one to many notation

Types of relationships (1:1, 1:m, m:m)

o One-to-one: When an instance of one entity can have a relationship with one and only one instance of the other entity. o One-to-many: When an instance of the first entity can have a relationship with one or more instances of the second entity, but instances of the second entity can be related to only one instance of the first. o Many-to-many: When instances of each entity can be related to one or more instances of the other entity.

The "stories" behind the hacking methods illustrated in the in-class videos

phishing the telephone company email password hack


Related study sets

apush 1-24 test (adapted from fall 2017 CB)

View Set

2: Sensations and Perception [EAR]

View Set

SGQ 13, SGQ 14, SGQ 15, SGQ 16, SGQ 18, SGQ 19

View Set

Professional Cooking - Chapter 15 "Understanding Meats and Game"

View Set

Google Search Optimization Course

View Set

Unidad 6 Las costumbres, los valores y los comportamientos

View Set