SlideShare a Scribd company logo

Sit in a common area and observe. This may be in your office, a co.docx

Download as DOCX, PDF
J
jennifer822

Sit in a common area and observe. This may be in your office, a coffee shop, or on a park bench. Begin to look at the world around you. Take notes of common problems people have. Is there a way to make these problems disappear with an innovative product or process? Research the company that currently owns the process or product. Observe people that use the product or process. Scrutinize the product or process. Observe the product or process in use. Research the creator of the product or process. Research the changes that the product or process has gone through. Determine why the product needs to change. Describe a product and its attraction in the marketplace. Demonstrates why it is a positive move for the company and the expected effect. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n 5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Security Through Obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 Copyright © 2012,.

Education
1 of 20
Sit in a common area and observe. This may be in your office, a coffee shop, or on a park bench. Begin to look at the world around you. Take notes of common problems people have. Is there a way to make these problems disappear with an innovative product or process? Research the company that currently owns the process or product. Observe people that use the product or process. Scrutinize the product or process. Observe the product or process in use. Research the creator of the product or process. Research the changes that the product or process has gone through. Determine why the product needs to change. Describe a product and its attraction in the marketplace. Demonstrates why it is a positive move for the company and the expected effect. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed.
2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 –
D is c re tio n Security Through Obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.3 – Vulnerability disclosure lifecycle
9 • Information sharing may be inadvertent, secretive, or willful • Government most aggressive promoting information sharing • Government requests information from industry for the following reasons – Government assistance to industry – Government situational awareness – Politics • Government and industry have conflicting motivations Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c
re tio n Information Sharing 10 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.4 – Inverse value of information sharing for government and industry
11 • Adversaries regularly scout ahead and plan before an attack • Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
n Information Reconnaissance 12 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.5 – Three stages of reconnaissance for cyber security 13
• At each stage of reconnaissance, security engineers can introduce information obscurity • The specific types of information that should be obscured are – Attributes – Protections – Vulnerabilities Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Information Reconnaissance
14 • Layering methods of obscurity and discretion adds depth to defensive security program • Even with layered obscurity, asset information can find a way out – Public speaking – Approved external site – Search for leakage Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
Obscurity Layers 15 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.6 – Obscurity layers to protect asset information 16
• Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified – Groups of individuals are granted clearance • Compartmentalization defines boundaries, which helps guides decisions • Private companies can benefit from this model Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Organizational Compartments
17 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.7 – Using clearances and classifications to control information disclosure 18 Copyright © 2012, Elsevier Inc.
All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.8 – Example commercial mapping of clearances and classifications 19 • To implement a national discretion program will require – TCB definition – Reduced emphasis on information sharing – Coexistence with hacking community
– Obscurity layered model – Commercial information protection models Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n National Discretion Program 1. Watch the Ted Talk: Four ways to fix a broken legal system 2. Watch the Ted Talk: Laws that choke creativity 3. Review Creative Commons Website 4. Initial Post (600 words) What role does the law play in your business life? Can you recall a story where the law intersected with your life. Share your story. Do you think that creative commons will open up
creative avenues for you and your business? Do you agree with Lawrence Lessig's ideas? Why or Why not? The World's Most Innovative Companies · The Business Dictionary defines innovation as "The process of translating an idea or invention into a good or service that creates value or for which customers will pay." In other words, a company can create, or invent all day long, but without satisfying a customer need, what is the point? In a start-up, entrepreneurs can come up with a list of ideas, but without converting the idea into an opportunity, the entrepreneur remains a hobbyist. From corporate to start-up, innovation is required in products as well as business models. · Read Part 1 of the Drive Book. · For this discussion, pick one company from Fast Company's article, "The World's 50 Most Innovative Companies." (http://www.fastcompany.com/section/most-innovative- companies-2015). Please select one different than what your classmates choose. Describe the company's business model. What makes it an innovative business model? Do you believe it is a sustainable business model? Why or why not? Name one of the company's competitors. How does their business model differ from the company that you selected? · Please review the Rubric for Online Discussions before starting.

Recommended

Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Open Data Center Alliance
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxwoodruffeloisa
 
Leveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesLeveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesDianaGray10
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekomChristina Azzam
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 

Recommended

Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Open Data Center Alliance
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxwoodruffeloisa
 
Leveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesLeveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesDianaGray10
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekomChristina Azzam
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...FaithWestdorp
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
social PRESENTATION.pptx
social PRESENTATION.pptxsocial PRESENTATION.pptx
social PRESENTATION.pptxMdMinhajulAbedin1711
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsTechWell
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesLiberteks
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfMarkCooke38
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfRachelFreegard1
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS AdoptionAlexei Fedotov
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Atlantic Security Conference
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxannettsparrow
 
Smallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxSmallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxjennifer822
 
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxSmall Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxjennifer822
 

More Related Content

Similar to Sit in a common area and observe. This may be in your office, a co.docx

Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...FaithWestdorp
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsTechWell
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesLiberteks
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfMarkCooke38
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfRachelFreegard1
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS AdoptionAlexei Fedotov
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Atlantic Security Conference
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxannettsparrow
 

Similar to Sit in a common area and observe. This may be in your office, a co.docx (20)

Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
social PRESENTATION.pptx
social PRESENTATION.pptxsocial PRESENTATION.pptx
social PRESENTATION.pptx
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global Edition
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS Adoption
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crime
 
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docx
 

More from jennifer822

Smallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxSmallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxjennifer822
 
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxSmall Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxjennifer822
 
Small mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docxSmall mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docxjennifer822
 
SMALL GROUP LESSON .docx
SMALL GROUP LESSON .docxSMALL GROUP LESSON .docx
SMALL GROUP LESSON .docxjennifer822
 
Small Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docxSmall Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docxjennifer822
 
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docxSM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docxjennifer822
 
Small Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docxSmall Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docxjennifer822
 
Small Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docxSmall Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docxjennifer822
 
Small Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docxSmall Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docxjennifer822
 
Small business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docxSmall business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docxjennifer822
 
SMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docxSMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docxjennifer822
 
Small Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docxSmall Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docxjennifer822
 
Small Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docxSmall Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docxjennifer822
 
SlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docxSlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docxjennifer822
 
SLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docxSLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docxjennifer822
 
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docxSlowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docxjennifer822
 
SLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docxSLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docxjennifer822
 
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docxSLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docxjennifer822
 
slides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docxslides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docxjennifer822
 
Slides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docxSlides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docxjennifer822
 

More from jennifer822 (20)

Smallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxSmallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docx
 
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxSmall Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
 
Small mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docxSmall mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docx
 
SMALL GROUP LESSON .docx
SMALL GROUP LESSON .docxSMALL GROUP LESSON .docx
SMALL GROUP LESSON .docx
 
Small Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docxSmall Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docx
 
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docxSM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
 
Small Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docxSmall Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docx
 
Small Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docxSmall Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docx
 
Small Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docxSmall Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docx
 
Small business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docxSmall business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docx
 
SMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docxSMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docx
 
Small Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docxSmall Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docx
 
Small Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docxSmall Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docx
 
SlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docxSlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docx
 
SLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docxSLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docx
 
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docxSlowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
 
SLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docxSLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docx
 
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docxSLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
 
slides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docxslides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docx
 
Slides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docxSlides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docx
 

Recently uploaded

internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 

Recently uploaded (20)

internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 

Sit in a common area and observe. This may be in your office, a co.docx

  • 1. Sit in a common area and observe. This may be in your office, a coffee shop, or on a park bench. Begin to look at the world around you. Take notes of common problems people have. Is there a way to make these problems disappear with an innovative product or process? Research the company that currently owns the process or product. Observe people that use the product or process. Scrutinize the product or process. Observe the product or process in use. Research the creator of the product or process. Research the changes that the product or process has gone through. Determine why the product needs to change. Describe a product and its attraction in the marketplace. Demonstrates why it is a positive move for the company and the expected effect. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed.
  • 2. 2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
  • 3. Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
  • 4. tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
  • 5. 5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
  • 6. tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 –
  • 7. D is c re tio n Security Through Obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
  • 8. n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.3 – Vulnerability disclosure lifecycle
  • 9. 9 • Information sharing may be inadvertent, secretive, or willful • Government most aggressive promoting information sharing • Government requests information from industry for the following reasons – Government assistance to industry – Government situational awareness – Politics • Government and industry have conflicting motivations Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c
  • 10. re tio n Information Sharing 10 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.4 – Inverse value of information sharing for government and industry
  • 11. 11 • Adversaries regularly scout ahead and plan before an attack • Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
  • 12. n Information Reconnaissance 12 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.5 – Three stages of reconnaissance for cyber security 13
  • 13. • At each stage of reconnaissance, security engineers can introduce information obscurity • The specific types of information that should be obscured are – Attributes – Protections – Vulnerabilities Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Information Reconnaissance
  • 14. 14 • Layering methods of obscurity and discretion adds depth to defensive security program • Even with layered obscurity, asset information can find a way out – Public speaking – Approved external site – Search for leakage Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
  • 15. Obscurity Layers 15 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.6 – Obscurity layers to protect asset information 16
  • 16. • Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified – Groups of individuals are granted clearance • Compartmentalization defines boundaries, which helps guides decisions • Private companies can benefit from this model Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Organizational Compartments
  • 17. 17 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.7 – Using clearances and classifications to control information disclosure 18 Copyright © 2012, Elsevier Inc.
  • 18. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.8 – Example commercial mapping of clearances and classifications 19 • To implement a national discretion program will require – TCB definition – Reduced emphasis on information sharing – Coexistence with hacking community
  • 19. – Obscurity layered model – Commercial information protection models Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n National Discretion Program 1. Watch the Ted Talk: Four ways to fix a broken legal system 2. Watch the Ted Talk: Laws that choke creativity 3. Review Creative Commons Website 4. Initial Post (600 words) What role does the law play in your business life? Can you recall a story where the law intersected with your life. Share your story. Do you think that creative commons will open up
  • 20. creative avenues for you and your business? Do you agree with Lawrence Lessig's ideas? Why or Why not? The World's Most Innovative Companies · The Business Dictionary defines innovation as "The process of translating an idea or invention into a good or service that creates value or for which customers will pay." In other words, a company can create, or invent all day long, but without satisfying a customer need, what is the point? In a start-up, entrepreneurs can come up with a list of ideas, but without converting the idea into an opportunity, the entrepreneur remains a hobbyist. From corporate to start-up, innovation is required in products as well as business models. · Read Part 1 of the Drive Book. · For this discussion, pick one company from Fast Company's article, "The World's 50 Most Innovative Companies." (http://www.fastcompany.com/section/most-innovative- companies-2015). Please select one different than what your classmates choose. Describe the company's business model. What makes it an innovative business model? Do you believe it is a sustainable business model? Why or why not? Name one of the company's competitors. How does their business model differ from the company that you selected? · Please review the Rubric for Online Discussions before starting.