SlideShare a Scribd company logo

Sit in a common area and observe. This may be in your office, a co.docx

Download as DOCX, PDF
J
jennifer822

Sit in a common area and observe. This may be in your office, a coffee shop, or on a park bench. Begin to look at the world around you. Take notes of common problems people have. Is there a way to make these problems disappear with an innovative product or process? Research the company that currently owns the process or product. Observe people that use the product or process. Scrutinize the product or process. Observe the product or process in use. Research the creator of the product or process. Research the changes that the product or process has gone through. Determine why the product needs to change. Describe a product and its attraction in the marketplace. Demonstrates why it is a positive move for the company and the expected effect. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n 5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Security Through Obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 Copyright © 2012,.

Education
1 of 20
Sit in a common area and observe. This may be in your office, a coffee shop, or on a park bench. Begin to look at the world around you. Take notes of common problems people have. Is there a way to make these problems disappear with an innovative product or process? Research the company that currently owns the process or product. Observe people that use the product or process. Scrutinize the product or process. Observe the product or process in use. Research the creator of the product or process. Research the changes that the product or process has gone through. Determine why the product needs to change. Describe a product and its attraction in the marketplace. Demonstrates why it is a positive move for the company and the expected effect. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed.
2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 –
D is c re tio n Security Through Obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.3 – Vulnerability disclosure lifecycle
9 • Information sharing may be inadvertent, secretive, or willful • Government most aggressive promoting information sharing • Government requests information from industry for the following reasons – Government assistance to industry – Government situational awareness – Politics • Government and industry have conflicting motivations Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c
re tio n Information Sharing 10 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.4 – Inverse value of information sharing for government and industry
11 • Adversaries regularly scout ahead and plan before an attack • Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
n Information Reconnaissance 12 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.5 – Three stages of reconnaissance for cyber security 13
• At each stage of reconnaissance, security engineers can introduce information obscurity • The specific types of information that should be obscured are – Attributes – Protections – Vulnerabilities Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Information Reconnaissance
14 • Layering methods of obscurity and discretion adds depth to defensive security program • Even with layered obscurity, asset information can find a way out – Public speaking – Approved external site – Search for leakage Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
Obscurity Layers 15 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.6 – Obscurity layers to protect asset information 16
• Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified – Groups of individuals are granted clearance • Compartmentalization defines boundaries, which helps guides decisions • Private companies can benefit from this model Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Organizational Compartments
17 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.7 – Using clearances and classifications to control information disclosure 18 Copyright © 2012, Elsevier Inc.
All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.8 – Example commercial mapping of clearances and classifications 19 • To implement a national discretion program will require – TCB definition – Reduced emphasis on information sharing – Coexistence with hacking community
– Obscurity layered model – Commercial information protection models Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n National Discretion Program 1. Watch the Ted Talk: Four ways to fix a broken legal system 2. Watch the Ted Talk: Laws that choke creativity 3. Review Creative Commons Website 4. Initial Post (600 words) What role does the law play in your business life? Can you recall a story where the law intersected with your life. Share your story. Do you think that creative commons will open up
creative avenues for you and your business? Do you agree with Lawrence Lessig's ideas? Why or Why not? The World's Most Innovative Companies · The Business Dictionary defines innovation as "The process of translating an idea or invention into a good or service that creates value or for which customers will pay." In other words, a company can create, or invent all day long, but without satisfying a customer need, what is the point? In a start-up, entrepreneurs can come up with a list of ideas, but without converting the idea into an opportunity, the entrepreneur remains a hobbyist. From corporate to start-up, innovation is required in products as well as business models. · Read Part 1 of the Drive Book. · For this discussion, pick one company from Fast Company's article, "The World's 50 Most Innovative Companies." (http://www.fastcompany.com/section/most-innovative- companies-2015). Please select one different than what your classmates choose. Describe the company's business model. What makes it an innovative business model? Do you believe it is a sustainable business model? Why or why not? Name one of the company's competitors. How does their business model differ from the company that you selected? · Please review the Rubric for Online Discussions before starting.

Recommended

Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Open Data Center Alliance
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxwoodruffeloisa
 
Leveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesLeveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesDianaGray10
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekomChristina Azzam
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 

Recommended

Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Forecast 2014: eDiscovery and Forensics
Forecast 2014: eDiscovery and Forensics Open Data Center Alliance
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxwoodruffeloisa
 
Leveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesLeveraging Generative AI & Best practices
Leveraging Generative AI & Best practicesDianaGray10
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekomChristina Azzam
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...FaithWestdorp
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
social PRESENTATION.pptx
social PRESENTATION.pptxsocial PRESENTATION.pptx
social PRESENTATION.pptxMdMinhajulAbedin1711
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsTechWell
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesLiberteks
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfMarkCooke38
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfRachelFreegard1
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS AdoptionAlexei Fedotov
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Atlantic Security Conference
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxannettsparrow
 
Smallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxSmallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxjennifer822
 
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxSmall Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxjennifer822
 

More Related Content

Similar to Sit in a common area and observe. This may be in your office, a co.docx

Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...FaithWestdorp
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainabilityCleantechOpen
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsTechWell
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesLiberteks
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfMarkCooke38
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfRachelFreegard1
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS AdoptionAlexei Fedotov
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Atlantic Security Conference
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxannettsparrow
 

Similar to Sit in a common area and observe. This may be in your office, a co.docx (20)

Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...Elastic's recommendation on keeping services up and running with real-time vi...
Elastic's recommendation on keeping services up and running with real-time vi...
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability
 
13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability13 0827 webinar q & a sustainability
13 0827 webinar q & a sustainability
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
social PRESENTATION.pptx
social PRESENTATION.pptxsocial PRESENTATION.pptx
social PRESENTATION.pptx
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global Edition
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
 
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdfORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
ORX Risk Innovation and introducing iDP (Innovation Data Platform).pdf
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS Adoption
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crime
 
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
Rafal m. los wh1t3 rabbit - ultimate hack - layers 8 & 9 of the osi model -...
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docx
 

More from jennifer822

Smallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxSmallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxjennifer822
 
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxSmall Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxjennifer822
 
Small mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docxSmall mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docxjennifer822
 
SMALL GROUP LESSON .docx
SMALL GROUP LESSON .docxSMALL GROUP LESSON .docx
SMALL GROUP LESSON .docxjennifer822
 
Small Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docxSmall Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docxjennifer822
 
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docxSM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docxjennifer822
 
Small Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docxSmall Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docxjennifer822
 
Small Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docxSmall Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docxjennifer822
 
Small Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docxSmall Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docxjennifer822
 
Small business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docxSmall business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docxjennifer822
 
SMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docxSMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docxjennifer822
 
Small Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docxSmall Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docxjennifer822
 
Small Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docxSmall Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docxjennifer822
 
SlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docxSlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docxjennifer822
 
SLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docxSLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docxjennifer822
 
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docxSlowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docxjennifer822
 
SLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docxSLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docxjennifer822
 
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docxSLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docxjennifer822
 
slides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docxslides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docxjennifer822
 
Slides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docxSlides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docxjennifer822
 

More from jennifer822 (20)

Smallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docxSmallpox has been widely reported as a possible bio-terror weapon..docx
Smallpox has been widely reported as a possible bio-terror weapon..docx
 
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docxSmall Group Research41(5) 621 –651© The Author(s) 2010.docx
Small Group Research41(5) 621 –651© The Author(s) 2010.docx
 
Small mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docxSmall mistakes are the steppingstones to large failures. How mig.docx
Small mistakes are the steppingstones to large failures. How mig.docx
 
SMALL GROUP LESSON .docx
SMALL GROUP LESSON .docxSMALL GROUP LESSON .docx
SMALL GROUP LESSON .docx
 
Small Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docxSmall Group Discussion Grading RubricParticipation for MSNSmal.docx
Small Group Discussion Grading RubricParticipation for MSNSmal.docx
 
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docxSM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
SM Nonprofit Ad Campaign Term Project InstructionsOverview.docx
 
Small Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docxSmall Business State of the UnionInterest and involvement in s.docx
Small Business State of the UnionInterest and involvement in s.docx
 
Small Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docxSmall Business and Forms of Business Ownershiphttpwww.wil.docx
Small Business and Forms of Business Ownershiphttpwww.wil.docx
 
Small Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docxSmall Business Management, 18eLongeneckerPettyPalichH.docx
Small Business Management, 18eLongeneckerPettyPalichH.docx
 
Small business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docxSmall business was considered the future. Is it still amidst ev.docx
Small business was considered the future. Is it still amidst ev.docx
 
SMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docxSMALL BUSINESS LAW .docx
SMALL BUSINESS LAW .docx
 
Small Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docxSmall Business Data BreachThesis statement In this i.docx
Small Business Data BreachThesis statement In this i.docx
 
Small Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docxSmall Business Consulting Report I. INTRODUCTION In this sma.docx
Small Business Consulting Report I. INTRODUCTION In this sma.docx
 
SlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docxSlumlordsAssume you are the Chief of Police in a large city..docx
SlumlordsAssume you are the Chief of Police in a large city..docx
 
SLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docxSLP- IT Governance Dashboards, which display data using graphi.docx
SLP- IT Governance Dashboards, which display data using graphi.docx
 
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docxSlowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
Slowing Down Global WarmingAs Hite and Seitz (2016) discuss .docx
 
SLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docxSLO 4 - Technology Use the computer for research, computation and.docx
SLO 4 - Technology Use the computer for research, computation and.docx
 
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docxSLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
SLO # 1Apply knowledge of the roles of interdisciplinary team m.docx
 
slides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docxslides10 Crusade and the Twelfth Century.pptx.docx
slides10 Crusade and the Twelfth Century.pptx.docx
 
Slides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docxSlides should include highlight major points with detailed speaker n.docx
Slides should include highlight major points with detailed speaker n.docx
 

Recently uploaded

Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Sit in a common area and observe. This may be in your office, a co.docx

  • 1. Sit in a common area and observe. This may be in your office, a coffee shop, or on a park bench. Begin to look at the world around you. Take notes of common problems people have. Is there a way to make these problems disappear with an innovative product or process? Research the company that currently owns the process or product. Observe people that use the product or process. Scrutinize the product or process. Observe the product or process in use. Research the creator of the product or process. Research the changes that the product or process has gone through. Determine why the product needs to change. Describe a product and its attraction in the marketplace. Demonstrates why it is a positive move for the company and the expected effect. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 7 Discretion Cyber Attacks Protecting National Infrastructure, 1st ed.
  • 2. 2 • Proprietary information will be exposed if discovered by hackers • National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused mainly on the most critical information Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
  • 3. Introduction 3 • A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security • A national infrastructure security protection program will include – Mandatory controls – Discretionary policy • A smaller, less complext TCB is easier to protect Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
  • 4. tio n Trusted Computing Base 4 Fig. 7.1 – Size comparison issues in a trusted computing base Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
  • 5. 5 • Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re
  • 6. tio n Trusted Computing Base 6 • Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information • Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 –
  • 7. D is c re tio n Security Through Obscurity 7 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
  • 8. n Fig. 7.2 – Knowledge lifecycle for security through obscurity 8 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.3 – Vulnerability disclosure lifecycle
  • 9. 9 • Information sharing may be inadvertent, secretive, or willful • Government most aggressive promoting information sharing • Government requests information from industry for the following reasons – Government assistance to industry – Government situational awareness – Politics • Government and industry have conflicting motivations Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c
  • 10. re tio n Information Sharing 10 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.4 – Inverse value of information sharing for government and industry
  • 11. 11 • Adversaries regularly scout ahead and plan before an attack • Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio
  • 12. n Information Reconnaissance 12 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.5 – Three stages of reconnaissance for cyber security 13
  • 13. • At each stage of reconnaissance, security engineers can introduce information obscurity • The specific types of information that should be obscured are – Attributes – Protections – Vulnerabilities Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Information Reconnaissance
  • 14. 14 • Layering methods of obscurity and discretion adds depth to defensive security program • Even with layered obscurity, asset information can find a way out – Public speaking – Approved external site – Search for leakage Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n
  • 15. Obscurity Layers 15 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.6 – Obscurity layers to protect asset information 16
  • 16. • Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified – Groups of individuals are granted clearance • Compartmentalization defines boundaries, which helps guides decisions • Private companies can benefit from this model Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Organizational Compartments
  • 17. 17 Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.7 – Using clearances and classifications to control information disclosure 18 Copyright © 2012, Elsevier Inc.
  • 18. All rights Reserved C h a p te r 7 – D is c re tio n Fig. 7.8 – Example commercial mapping of clearances and classifications 19 • To implement a national discretion program will require – TCB definition – Reduced emphasis on information sharing – Coexistence with hacking community
  • 19. – Obscurity layered model – Commercial information protection models Copyright © 2012, Elsevier Inc. All rights Reserved C h a p te r 7 – D is c re tio n National Discretion Program 1. Watch the Ted Talk: Four ways to fix a broken legal system 2. Watch the Ted Talk: Laws that choke creativity 3. Review Creative Commons Website 4. Initial Post (600 words) What role does the law play in your business life? Can you recall a story where the law intersected with your life. Share your story. Do you think that creative commons will open up
  • 20. creative avenues for you and your business? Do you agree with Lawrence Lessig's ideas? Why or Why not? The World's Most Innovative Companies · The Business Dictionary defines innovation as "The process of translating an idea or invention into a good or service that creates value or for which customers will pay." In other words, a company can create, or invent all day long, but without satisfying a customer need, what is the point? In a start-up, entrepreneurs can come up with a list of ideas, but without converting the idea into an opportunity, the entrepreneur remains a hobbyist. From corporate to start-up, innovation is required in products as well as business models. · Read Part 1 of the Drive Book. · For this discussion, pick one company from Fast Company's article, "The World's 50 Most Innovative Companies." (http://www.fastcompany.com/section/most-innovative- companies-2015). Please select one different than what your classmates choose. Describe the company's business model. What makes it an innovative business model? Do you believe it is a sustainable business model? Why or why not? Name one of the company's competitors. How does their business model differ from the company that you selected? · Please review the Rubric for Online Discussions before starting.