Laws And Lists

Question 1

Morovec’s Paradox

Answer 1

AI can compete high level reasoning with little effort but simple tasks (walking) require enormous computational resources

Question 2

4th industrial revolution

Answer 2

Digital tech interacting with biology

Question 3

3 laws of robotics

Answer 3

1) robot may not injure human
2) robot must obey orders
3) robot must protect itself as long as 1 and 2 are not broken

Question 4

Boston dynamics

Answer 4

Robots move more like animals than humans to reduce paradox

Question 5

Moore’s law

Answer 5

Digital computing power double every 2 years

Question 6

4 Ts (risk)

Answer 6

Tolerate, Treat, Transfer, Terminate

Question 7

Risk mgt principles (Hopkins)

Answer 7

1) framework and processes should be customized and proportionate
2) appropriate and timely involvement of stakeholders
3) structured and comprehensive approach
4) RM is part of all org activities
5) RM anticipates, detects, acknowledges and responds to change
6) RM explicitly considers any limitations of available info
7) human culture factors influence all aspects of RM
8) RM is continually improved through learning and experience.

Question 8

Evan’s 5 digital business models

Answer 8

1) Digitizing products & services (Netflix)
2) Running or participating in digital platforms (Amazon)
3) Tapping into sharing economy/crowd sourcing (Tesla)
4) Reshaping Value Networks (Uber, Airbnb)
5) New models of monetization- free network (Facebook)

Question 9

Risk of Digital Business

Answer 9

Customer satisfaction rating are public and can cause a loss of business. Bad web design, payment hacking, badly written electronic communications, fraud due to online anonymity. (TSB Bank)

Question 10

Hopkin’s 4 kind of digital risks

Answer 10

1) Compliance risks (regulations)
2) Hazard risks (hacking, denial of service attacks)
3) Control risks (software bugs)
4) Opportunity risks (risk taken to gain return)

Question 11

6 Cyber Defense Points

Answer 11

1) Data
2) Devices
3) Applications
4) Systems
5) Networks
6) Other communication channels

Question 12

4 categories of cyber security control

Answer 12

1) physical
2) technical
3) procedural
4) legal

Question 13

5 Steps - Cyber Security Framework
steps 1-2 are proactive
steps 3-5 are reactive

Answer 13

1) Identify (asset value)
2) Protect (with security)
3) Detect (any compromised account or device)
4) Respond (quarantine the problem)
5) Recover (replace and fix compromised data)

Question 14

5 Types of Insider Information

Answer 14

1) unauthorized disclosure of data
2) process corruption
3) facilitation of 3rd party access
4) physical sabotage
5) electronic/it sabotage

Question 15

3 dimensions of value classification

Answer 15

1) confidentiality
2) integrity
3) availability
and sometimes consent

Question 16

3 modes of cyber security control

Answer 16

1) preventative
2) detective
3) corrective

Question 17

Lifecycle of a Malware Attack

Answer 17

1) Reconnaissance
2) Tooling/Preparation
2) Infection
4) Persistence
5) Connection
6) Control
7) Realizing the value

Question 18

Cyber Essentials

Answer 18

1) Firewall
2) Secure device settings
3) Control access
4) Protect from viruses
5) Keep devices up to date

Question 19

14 Point Framework of Cyber Defense - key point

Answer 19

Management/Board Support

Question 20

3 levels of coordinating an overall security position

Answer 20

1) governance - policies/procedures
2) compliance - verification of governance
3) risk - anything that can have a substantial impact

Question 21

8 Groups of Threat Actors

Answer 21

1) Nation States (intelligence)
2) Terrorist Groups (Money, profile)
3) Organized Crime (money)
4) Hacktivist Communities (greater good)
5) Skilled Professional Hackers (assassins’ for hire)
6) Disaffected or Opportunistic Insiders (rouge employee)
7) Armature Hacker (for them
8) Anyone

75% of attacks are from insiders

Question 22

5 ways of treating risk

Answer 22

1) prevention
2) reduction
3) acceptance
4) contingency
5) transfer

Question 23

Security Incident Lifecycle

Answer 23

1) Detection and Reporting
2) Verification
3) Isolation (quarantine)
4) Cleaning
5) Review

(Detect, Respond, Recover)

Question 24

US Cert - 6 Categories of a security incident

Answer 24

1) Unauthorized Access
2) Denial of Service
3) Malicious Code (Malware)
4) Improper Usage
5) Attempted Intrusion
6) Investigation

Question 25

Change Management Process

Answer 25

1) Formally request a change
2) Categorize and prioritize change
3) Analyze and justify change
4) Approve and schedule change
5) Plan and complete implementation
6) Post implementation review

Question 26

10 Guiding Principles of Change

Answer 26

1) Address the human side of change systematically
2) Change starts at the top and begins on day 1
3) Real change happens at the bottom
4) Confront reality, demonstrate faith
5) Create ownership not just buy in
6) Practice targeted over-communication
7) Explicitly address culture
8) Assess the cultural landscape early
9) Prepare for the unexpected
10) Speak to the individual as well as the institution