Business Engineering Cheat Sheet

Opt-out model of informed consent allows a company to collect personal info until the customers specifically requests otherwise – Opt-in model of informed consent prohibits a company to collect personal info unless the customers specifically authorizes it Social engineering getting around security systems by tricking computer users inside a company into revealing sensitive info or gaining unauthorized access – impersonation on the phone/tailgating/shoulder surfing Espionage or Trespass – unauthorized individual trying to gain illegal access to org info: crosses the legal boundary Info Extortion – attacker either threatens to steal, or actually steals info from a company and demand payment Sabotage or Vandalism – defacing an org’s website causing org to lose its image/cyberactivist/protest
Trade Secret – intellectual work ex: business plan a company info that is not publicized/patent/copyright Dumpster diving is always illegal because it involves trespassing on private property – False IT security is the responsibility of everyone in the organization – True Risk mitigation org takes concrete actions against risks acceptance accept the potential risk, continue operating w no controls and absorb any damage that occur limitation limit the risk by implementing controls that minimize the impact of threat transference transfer the risk by using other means to compensate for the loos such as by purchasing insurance Physical controls prevents unauthorized access to a company’s facilities – walls/doors Access controls restrict unauthorized individuals from using info resources Authentication determines the identity of the person requiring access Authorization determines which actions, rights, or privileges the person has, based on verified identity Something the user is – biometric: authentication that examines person’s innate physical characteristics fingerprint/palm Something the user does – authentication that include voice and signature recognition Something the user