Laws And Lists Flashcards
Morovec’s Paradox
AI can compete high level reasoning with little effort but simple tasks (walking) require enormous computational resources
4th industrial revolution
Digital tech interacting with biology
3 laws of robotics
1) robot may not injure human
2) robot must obey orders
3) robot must protect itself as long as 1 and 2 are not broken
Boston dynamics
Robots move more like animals than humans to reduce paradox
Moore’s law
Digital computing power double every 2 years
4 Ts (risk)
Tolerate, Treat, Transfer, Terminate
Risk mgt principles (Hopkins)
1) framework and processes should be customized and proportionate
2) appropriate and timely involvement of stakeholders
3) structured and comprehensive approach
4) RM is part of all org activities
5) RM anticipates, detects, acknowledges and responds to change
6) RM explicitly considers any limitations of available info
7) human culture factors influence all aspects of RM
8) RM is continually improved through learning and experience.
Evan’s 5 digital business models
1) Digitizing products & services (Netflix)
2) Running or participating in digital platforms (Amazon)
3) Tapping into sharing economy/crowd sourcing (Tesla)
4) Reshaping Value Networks (Uber, Airbnb)
5) New models of monetization- free network (Facebook)
Risk of Digital Business
Customer satisfaction rating are public and can cause a loss of business. Bad web design, payment hacking, badly written electronic communications, fraud due to online anonymity. (TSB Bank)
Hopkin’s 4 kind of digital risks
1) Compliance risks (regulations)
2) Hazard risks (hacking, denial of service attacks)
3) Control risks (software bugs)
4) Opportunity risks (risk taken to gain return)
6 Cyber Defense Points
1) Data
2) Devices
3) Applications
4) Systems
5) Networks
6) Other communication channels
4 categories of cyber security control
1) physical
2) technical
3) procedural
4) legal
5 Steps - Cyber Security Framework
steps 1-2 are proactive
steps 3-5 are reactive
1) Identify (asset value)
2) Protect (with security)
3) Detect (any compromised account or device)
4) Respond (quarantine the problem)
5) Recover (replace and fix compromised data)
5 Types of Insider Information
1) unauthorized disclosure of data
2) process corruption
3) facilitation of 3rd party access
4) physical sabotage
5) electronic/it sabotage
3 dimensions of value classification
1) confidentiality
2) integrity
3) availability
and sometimes consent
3 modes of cyber security control
1) preventative
2) detective
3) corrective
Lifecycle of a Malware Attack
1) Reconnaissance
2) Tooling/Preparation
2) Infection
4) Persistence
5) Connection
6) Control
7) Realizing the value
Cyber Essentials
1) Firewall
2) Secure device settings
3) Control access
4) Protect from viruses
5) Keep devices up to date
14 Point Framework of Cyber Defense - key point
Management/Board Support
3 levels of coordinating an overall security position
1) governance - policies/procedures
2) compliance - verification of governance
3) risk - anything that can have a substantial impact
8 Groups of Threat Actors
1) Nation States (intelligence)
2) Terrorist Groups (Money, profile)
3) Organized Crime (money)
4) Hacktivist Communities (greater good)
5) Skilled Professional Hackers (assassins’ for hire)
6) Disaffected or Opportunistic Insiders (rouge employee)
7) Armature Hacker (for them
8) Anyone
75% of attacks are from insiders
5 ways of treating risk
1) prevention
2) reduction
3) acceptance
4) contingency
5) transfer
Security Incident Lifecycle
1) Detection and Reporting
2) Verification
3) Isolation (quarantine)
4) Cleaning
5) Review
(Detect, Respond, Recover)
US Cert - 6 Categories of a security incident
1) Unauthorized Access
2) Denial of Service
3) Malicious Code (Malware)
4) Improper Usage
5) Attempted Intrusion
6) Investigation
Change Management Process
1) Formally request a change
2) Categorize and prioritize change
3) Analyze and justify change
4) Approve and schedule change
5) Plan and complete implementation
6) Post implementation review
10 Guiding Principles of Change
1) Address the human side of change systematically
2) Change starts at the top and begins on day 1
3) Real change happens at the bottom
4) Confront reality, demonstrate faith
5) Create ownership not just buy in
6) Practice targeted over-communication
7) Explicitly address culture
8) Assess the cultural landscape early
9) Prepare for the unexpected
10) Speak to the individual as well as the institution
