BMGT301 Final Exam Study Guide PDF

Summary

This document is a study guide for a business management final exam. It covers the topics of the sharing economy, collaborative consumption, and efficient markets, utilizing various technologies. It also discusses information security.

Full Transcript

BMGT301 Final Exam SG (Ch. 11,15,19 [T10-12] & Tableau [P13-16])

Chapter 11: The Sharing Econ, Collaborative Consumption, and Efficient Markets
through Tech
Tech allows diverse prod and service providers to connect w/ consumers
○ Offers far greater reach and efficiency
Efforts are enabling a gen of “citizen suppliers”
○ Prod owners become providers of rentals
Rooms (Airbnb)
Cars (Turo)
Boats (Boatsetters)
○ New class of micro-entrepreneurs providing personal services
Car rides (Uber)
Pet Sitting (Rover)
Meal prep (Feastly)
Home Services (Care.com)
Some firms are buying inv and renting it out
○ Rent the Runway
○ Zipcar
○ Chegg
These categories of products are “collaboratively consumed”
○ Indiv takes possession of an item for a period of time then returns it for
use by others
○ Consumers collab as financiers, pooling capital to back projs (Kickstarter,
GoFundMe) and provide loans (LendingClub)
○ Internet-enabled market makers
○ Roots in eBay and Craigslist
Goods:
○ Pre-owned: eBay, craigslist, thredUP
○ Loaner products: Zilok, Rent the Runway, Chegg
○ Custom Products: Etsy
Services:
○ Professional: Upwork, crowdSPRING
○ Personal: Angie’s List, Handy, TaskRabbit
○ Delivery: Doordash, grubhub
Transportation:
○ Services: Uber, Lyft, Didi
○ Loaner Vehicles: Turo, Zipcar
Places to Stay:
○ Office space: LiquidSpace, ShareDesk
 ○ Places to stay: Airbnb, HomeAway, Couchsurfing
Money & Finance:
○ Money lending: LendingClub, Kiva, Prosper
○ Crowdfunding: Kickstarter, GoFundMe
Many sharing econ firms were born during a prolonged, worldwide econ
recession
○ Stagnant wages have boosted consumer interest in low-cost alts
○ Encouraged a whole new class of lay people to offer services for hire
○ Many of the services also have an environmental benefit by fostering
reuse and diminished consumption
Early players gain scale, brand, and fin resources
Tech allows for peer-to-peer supply w/out need for inv
○ Airbnb doesn’t own its hotel rooms
○ Uber and Lyft don’t own cars
Some services do oversee inv to gain more control + offer higher quality
○ Rent the Runway: packs prod for delivery, runs a massive in-house
garment cleaning, and retires dresses that are noticeably worn
In fragmented markets, marketplaces extend the value chain by connecting
suppliers and customers w/ search and discover, scheduling, payment,
reputation, mgmt, and more
Social Media
Word of mouth through social media accelerate the growth of the sharing econ
○ 47% of participants in the sharing econ learn by WoM
○ Uber=inherently viral. Every 7 riders attract 1 new Uber user. Uber
coupons to rec friends
○ 91% recommend last service to a friend or colleague
○ Social proof: pos influence created when someone finds out that others
are doing something
○ Drivers and customers link to lyft through their FB accs
Some concerns include trust + safety issues
○ Audit trails help w/ trust
○ Ratings can help w/ trust, safety, service
Can also reflect crowd’s bias and reinforce discrimination
○ Instilling trust doesn’t mean firms are w/out safety issues
○ Participating in sharing econ raises questions for insurers
Will firms pay out if there is a “sharing econ” incident w/ a supplier,
or will they try to refuse?
Some sharing econ firms offer service providers additional
coverage and protection guarantees
 Some govts have explored additional insurance regulation for
sharing econ participants
○ Many local firms also benefit from taxes and regulatory fees from inds
threatened by the sharing econ
Groups opposed to new, rival efforts can rep very powerful lobbies
○ Another major concern: uncertainty about ability of these firms to continue
to consider their workers as indep contractors and not employees
If improperly classified, employees may not receive important
workplace protections:
Min wage
Overtime comp
Unemployment insurance
Workers’ comp
Issue has gained state and federal attention, specter of class action
lawsuits
WePay Winning Big
WePay is a firm that has stepped up to offer simple pmt solutions that specifically
target challenges of buyer/seller platform operators
○ Veda fraud-fighting tech analyzes social profiles to get firms running w/
payments in a streamlined process
○ Has transac history from hundreds of thousands of customers currently
sending billions of $ a year through the firm’s systems
○ ML tech continually updates the firm’s fraud models to adapt to new
patterns it uncovers
○ Makes adding pmt capabilities to any site as easy as embedding a
Youtube vid, w/ a cut-and-paste pregenerated code
Future Outlook
Alphabet & Toyota: invested in uber
Alphabet & GM: invested in Lyft
VW: invested in Gett (Get Taxi)
Apple: invested in Didi
Conde Nast: invested in rent the runway
Walgreens: TaskRabbit partnership
IBM: worked with Deliv
Avis: acquired Zipcar
Airbnb
Multibillion-dollar hospitality industry empire
○ Over 200M guests so far
○ W/ listings in 81k cities and 192 countries, approaches firm’s worldwide
reach
 Listings include:
○ Yurts, Castles, Caves, Water towers, priv islands, igloos, glass houses,
tree houses
Trust is essential
○ No one is anonymous on Airbnb- guest identity is verified via a 2-step
process
○ Firm offers a $1M guarantee for hosts, secure pmt guarantees, and 24/7
phone support
Monitor transac and comm at deep level
○ Reservations
○ Pmt
○ Host/Guest comm
○ Subsequent rvws
○ Tech hunts for scams
In many areas where Airbnb operates, providers are breaking law
○ Running a business in an area not zoned for it
○ Health and safety laws governing hotels req things like sprinkler systems,
exit signs, and clean towels
Competition threat, including HomeAway
○ Several hotel firms have experimented w home sharing (Marriott, Hyatt)
○ Travel sites like Booking.com and TripAdvisor now incorporate competitors
into their search
Uber
Raised $21B so far, and boasts a priv valuation of over $70B
Claims to create 50k new jobs a month, w nearly all being drivers
○ Uber drivers do better than taxi drivers (flexibility and pay)
Uber services:
○ Trust and convenience
○ Customers summon ride w app
○ Riders can set pickup and drop off and get quote for trip
○ All pmt handled in app
Product-Market fit: conveys degree to which a prod satisfies market demand.
Successful efforts should be desired by customers, and scale into large,
profitable business
Runs a lean cost of doing business:
○ Eliminating capital cost of a fleet (cars owned by drivers, not Uber)
○ Customer feedback reduces cost associated with auditing driver quality
and provides a continual eval of performance
Customers regularly complain of 1 downside-surge pricing
 ○ Uber raises prices when supply does not meet demand to encourage
drivers to work
Problems:
○ Strikes by drivers, protests by taxi ind, aggressive political push-back
○ Accusations of the theft of self driving car tech
○ Dishonesty = seen as Uber cultural trait
○ Rival Lyft accuses Uber of unethical behavior (including calling and
cancelling Lyft rides to crater the efficiency)
○ Culture shown to be hostile to women and minorities
○ Has been hacked, exposing data of 57M riders and drivers
Unclear how damaging fallout has been
○ Network effects may make customers remain w/firm, even if they’d rather
not remain
○ Talent and fundraising wallet may be stronger in pushing a firm to
recognize and deal w repellant behavior
Tech helps Uber keep a high safety bar
○ Uber app knows who drivers are, who was picked up, and where they
were taken
○ Bad performance is exposed and customers (and drivers) are empowered
to shine spotlights on bad performance
Unlike traditional cabs
○ Uber continues to invest in new technologies:
Exploring voice recog and biometrics to further strengthen driver
verification
Implementing panic button linked to emergency services
Employs mathematicians w/ PhDs
Staff optimizes algorithms to determine # of drivers, where demand is and
dynamic pricing
“God View”: software system that shows maps, cars, and locations of customers
Massive data haul allows it to cut prices and attract drivers to power continued
growth and expansion
Uber is embedding everywhere in digital world
○ Firm offers an API (app programming interface) : published guideline on
how other developers can embed Uber into their own apps
○ Service launched w/ 11 partners: OpenTable, United Airlines, TripAdvisor,
Hyatt, etc
○ UberHealth, offers APIs for integration into healthcare prods
Ex of networking effects helping to solidify a firm as a winning
platform
Challenges include:
 ○ Regulatory concerns
○ Maintenance of quality service
○ Uncertainty of expanding in global markets where competitors exist
Analysts differ on Ubers val but some speculate firm may be laying groundwork
for expansion into a variety of logistics businesses
○ Former CEO stated he sees firm as a “software platform for shipping and
logistics”
○ Experimented w bike messenger, restaurant, and same-day delivery
service
○ Begun to test its own self driving car tech
○ Firm has a prototype vertical take off and landing vehicle thats a cross btw
helicopter and prop plane
Network effects in Ubers favor
○ Riders choose apps w more drivers
○ Drivers make more $ if theres more riders
Ubers growth concerns:
○ Rival Lyft put up growth numbers much stronger than Uber’s recent
declines
During Ubers 5.2B loss quarter, revs for Lyft up 72% and active
riders up 41%
Firm has made terrible invests
Auto-leasing program
Uber Freight Initiative
Sloppy w excessive hiring and has had to cut jobs
Chapter 15: Open Source, Cloud, Virtualized, and App-Driven Shifts

Marginal Costs: associated with each additional unit produced.
○ For software prods, MC=0
Software business is very attractive
○ Bill Gates and Oracle Founder (Larry Ellson) among wealthiest ppl
Open-Source Software (OSS): free and where anyone can look at and potentially
modify the code
○ Giant’s shudder: “how can we compete w free”
Cloud computing: replacing computing w/ services provided over the Internet, on
other’s hardware
Software as a Service (SaaS): form of cloud computing where a firm subscribes
to a 3rd party software and receives a service that is delivered online. No burden
of buying, managing, or maintaining
Virtualization: tech that can make a single computer behave like many separate
computers. Helps consolidate computing resources and creates additional
savings and efficiencies (Ex: VMWare)
Open Source
Linux: open source software op system
Source code for OSS prods is openly shared
Powers cell phones to stock exchanges, set-up boxes to super computers
Can be changed and redistributed by anyone
Contrast to practice of conventional software firms who
○ Treat their IP as closely guarded secrets
○ Almost never provide the source code for their commercial software prods
Seen by some firms as a threat that undermines their econ model
○ Former Microsoft CEO called Linux a “cancer”
Linux makes 92% of servers in AWS
40% Linux in Azure Cloud
LAMP
LAMP: Linux, Apache Web server software, MYSQL DB, and any of several
programming languages that start w P (Perl/Python/PHP)
○ Powering many of sites today from FB to YT
Why OSS?
Cost: free alts to costly commercial code can be a tremendous motivator.
Banking giant Barclays is helping to reduce costs by 90% by switching to OSS
Reliability: open source community tries to improve quality. More people who look
at a program’s code, the greater the likelihood an error will be caught and
corrected. Quality of OSS outperforms commercial competitors
 Security: by allowing “many eyes” to examine the code, the security
vulnerabilities come to light and can be addressed quicker
○ Security-focused: tech products that contain particularly strong security
features. Checking file size and others like code has not been copied
Scalability: ability to either handle increasing workloads or to be easily expanded
to manage workload increases
○ Allows a firm to grow from startup to blue chip w/out having to significantly
rewrite their code
Agility and Time to Market: vendors able to skip whole segments of software
development process, allowing new prods to reach market faster than if entire
software system had to be developed from scratch
Lessons from OSS not showing up
Many OSS projs are very well maintained w tightly coordinated contribution
armies overseen by well-funded, paid professionals. Red Hat helped to improve
Linux, Google for Python
In spring 2014, some OSS prods which had been neglected were exposed to the
Heartbleed bug
○ Heartbleed: error in OpenSSL security toolkit, a prod used by some ⅔ of
internet websites, and underpinning security related when sending secure
info over the internet
○ A routine coding error opened a hole that potentially could allow hackers
to gather passwords, encryption keys, and other sensitive information,
triggering “largest security breach in history of human race”
Linux Foundation developed a multimillion $ proj (Core Infrastructure Initiative):
to fund OSS projs that are in the critical path for core computing functions
Heartbleed cautions: just bc a tool is used by many doesnt mean we shouldnt
audit its software prods to understand strength of support + potential risks
Ex of OSS
WordPress- software for running a blog or website
Firefox
LibreOffice- competitor to MSOffice
Gimp- graphic tool w features found in Photoshop
Magento- ecommerce software
TensorFlow- OSS ML Software
Alfresco- collab sw that competes w MS Sharepoint and EMC’s Documentum
Marketcetera- enterprise trading platform for hedge fund managers competes w
FlexTrade and Portware
Zimbra- OSS email sw that competes w Outlook server
MySQL, Ingres, and PostgreSQL- OSS relational database sw packages that go
head to head w commercial prods from Oracle, MS, SAP, + IBM
 MongoDB, Hbase, and Cassandra- nonrelational distributed DBs, used to power
massive file systems (on FB, twitter, LinkedIn, and Amazon)
SugarCRM- customer relationship management sw that competes with
Salesforce
Docker- tools for containerization, an evolution beyond virtualization
Asterisk- OSS implementation for running a PBX corp telephony system that
competes w offerings from Nortel and Cisco, among others
Git- version control sw, critical to managing most commerical sw prods
Free BSD and Sun’s OpenSolaris- OSS versions of the Unix op system
The Business of OSS
OSS is a $60B ind, but it has disproportionate impact on trillion-$ IT market
Lowers cost of computing and makes computing options accessible to smaller
firms
Encourages innovation
OSS firms valued > $1B:
○ Hortonworks
○ Cloudera
○ MapR
○ MongoDB
○ Docker
Red Hat= first OSS firm having market cap of $30B
Vendors make $ on OSS by selling support and consulting services. Red Hat
brings $3B/yr from customers subscribing to sw services
Oracle provides linux for free: firm make more from services than from selling hw
and sw
Industry’s evolution (standards comp):
○ Pre-Linux days: almost every major hw manufacturer made its own
incompatible version of the Unix operating system
They had difficulty attracting 3rd party vendors to write app sw
○ Now all major hw firms run Linux, resulting in a large, unified market
attracting sw developers
Linux
Common on mobiles, consumer electronics, and on enterprise solutions, but not
desktops
○ Not easy to install
○ Complexity can raise total cost of ownership bc no specific gains from free
sw
○ Total cost of ownership (TCO): all of costs associated with design, dev,
testing, implementation, documentation, training, and maintenance of a sw
system
 ○ Small # of desktop users also dissuades 3rd party firms from porting
popular desktop apps over to Linux
Legal Risks and OSS
Certain prods difficult to install and maintain
Adopters w/out support contracts may have to rely on an uncertain community of
volunteers to support their probs and provide innovative upgrades
Legal Exposure:
○ Firms adopting OSS may be at risk if they distribute code and arent aware
of licensing implications
○ Some commercial sw firms have pressed legal action against users of
OSS prods when there is a perceived violation of sw patents or other
unauthorized use of their proprietary code
○ Complicated by varying OSS license agreements, each w slightly diff
provisions- evolving over time
Cloud Computing
2 categories:
○ SaaS
○ Utility Computing: firm develops own sw and then runs it over the internet
on a service provider’s computers, includes:
Platform as a service (PaaS)- delivers tools including programming
langs, DBs, OS prod testing and deployment sw so an org can
develop, test, and deploy sw in a cloud
Infrastructure as a service (IaaS): offers a more bare bones set of
services that are an alt to buying its own physical hw
Some are developing own priv clouds (Virtualization)- pools of computing
resources that reside inside an org and that can be served up for specific tasks
as need arrives
Evolution of cloud computing has huge implications:
○ Fin future of hw and sw firms
○ Cost structure and innovation of adopting orgs
○ Skill sets likely to be valued by employers
Software in the Cloud
Firms using SaaS prods can lower several costs (sw licenses, IT staff, server hw,
system maintenance)
SaaS- an assault on traditional sw firms
Most SaaS firms earn $ via usage-based pricing model similar to subscription
Other SaaS firms:
○ Offer free services that are supported by ads
○ Promote sale of upgraded or premium versions for additional fees
○ Compete directly w biggest names in sw
 NetSuite: ERP suite bought by oracle
Workday: launched by peoplesoft for managing HR
HubSpot: provides marketing sw
Splunk: SaaS based analytical techniques
ServiceNow: manages firms IT infrastructure
Benefits of SaaS:
○ Lower Costs
○ Faster deployment times
○ Variable operating exp (bc they never buy)
○ Mitigate fin risk (reduce pmt during slow season)
○ Scalable systems
○ Higher quality and service levels (huge customer case pushes)
○ Remote access and availability
○ SaaS provider develops, tests and supports single platform
Unlike SAP that provide diff versions for Windows, Linux, etc
○ Tighter feedback loop to understand why prods fail
○ Ability to instantly deploy bug fixes and prod enhancements
○ Lower distribution costs
○ Less sw piracy
Risks of SaaS
○ Dependence on a single vendor
○ Concern abt long-term viability of partner firms
○ Users may be forced to migrate to new versions-possibly incurring
unforeseen training costs and shifts in procedures (Traditional software do
not change)
○ Reliance on a network connection that may be:
Slower
Less stable
Less secure
○ Firm allowing employees to view data from remote locations can be
vulnerable to abuse and infiltration
○ Contract or legal issues from another country
○ Limited configuration, customization, and system integration options
compared to packaged sw or alts developed in-house
○ Costs might be lower in homegrown solutions
○ UI of web-based sw is less sophisticated and lacks the richness of most
desktop alts
○ Ease of adoption may lead to pockets of unauthorized IT being used
throughout an org
PaaS, IaaS
 Sometimes a firm develops its own custom sw but wants to pay someone else to
run it for them- cloud offerings
○ Hw and sw exists “in the cloud”
○ Only pay for amnt of processing, storage, and telecommunications
(Gartner- 80% of spend is on data maintenance)
○ Cloud vendors typically host your sw on their systems
Ex of hw cloud services:
○ Salesforce.com offers Force.com
Includes several cloud-supporting tools to write apps specifically
tailored for web-based delivery
○ Google’s App Engine offers developers several tools- including a DB prod
called Bigtable
○ MS offers Windows Azure
PaaS: cloud providers offer services for customers to build their own apps on the
provider’s infrastructure. Provide one complete platform (op system, DB, tools,
and hosting hw) for clients to build their own apps
IaaS: cloud providers offer services that include running the remote hw, storage,
and networking. Client firms can choose the sw used
○ Good alt for firms that want even more control
○ Offered by a wide variety of firms including Amazon, CSC, Rackspace,
HP, IBM, and VMWare
Clouds in Action
Cloudbursting: use of cloud computing to provide excess capacity during periods
of spiking demand. Scalability solution provided as an overflow service, kicks in
as needed (seamlessly shift part of workload to IBM’s cloud)
Black swans: events that can not be predicted but can cause an impact. Scalable
computing resources can help a firm deal w spiking impact from Black swan
events
Challenges
Firms considering cloud computing need to do thorough fin analysis
○ System maintenance costs often include need to clean up old files or put
them on tape
○ Costs can add up if unlimited data is stored in the cloud
Firms should enter cloud cautiously, particularly where mission-critical systems
are concerned
○ If a cloud vendor fails, you and all your eggs are in one basket, then you’re
down, too
Cloud firms argue their expertise translates into less downtime and failure than
corp data, but no method is w out risk
Clouds and Tech Ind Impact
 In past, firms seeking to increase computing capacity invested heavily in
expensive high-margin server hw
○ Now IBM saw server sales fall
Shifting to cloud computing alters margin structure
Server Farm: massive network of computer servers running software to
coordinate their collective use. Provide the infrastructure backbone to SaaS, hw
cloud efforts, and many large-scale internet services
Cloud computing can accelerate innovation
○ Changes desired skill mix
○ Enables orgs to spend less on hw infrastructure and reinvest in strategic
innov
Firms need to think abt the strategic advantages that can be created
Area surrounding Columbian River in Pacific NW is tailor-made for creating the
kinds of massive data installations needed for cloud computing
○ Cheap land
○ Low-cost power
○ Ultrafast fiber-optic connections
○ Mild climates
Google, Sun, MS, IBM, and HP have all developed rapid-deployment server farm
modules
MS Data Center (Server Farm) in Holland is over 27 acres + worth >$2B
Virtualization
Can be used to reduce an orgs hw needs
Create a firms own priv cloud of scalable assets
Cut energy consumption + lower carbon footprint
Containers: type of virtualization that allows for shared op systems for more
resource savings and faster execution
Virtual Desktops: running an instance of a PC’s sw on another machine and
delivering the image of what is executing to the remote device
○ Allows firms to scale, back up, secure, and upgrade systems far more
easily than if they had to maintain each indiv PC
VMWare owned by Dell= current leader in virtualization sw
Apps
Compared w packaged sw, apps lower the cost of sw distribution and
maintenance
Apps offer a richer UI and integrate more tightly w a device’s op system
Huge firms have leveraged smartphone apps as their only or primary interface w
consumers
Critics say apps force consumers into smartphone walled gardens and raise
consumer switching costs
Make, Buy, or Rent
To satisfy sw needs of companies, manager needs to consider:
○ Competitive Advantage: do we rely on unique processes or tech that
create competitive advantage?
○ Security: risk? Secure + reliable? Trust prospective vendor? Policies for
on-site auditing?
○ Legal and Compliance: Is firm prohibited outright from using techs? Are
there specific legal and compliance requirements related to deploying our
products or services?
○ Skill, Expertise, and Available Labor
○ Cost
○ Time
○ Vendor Issues- reputability, guarantee, provisions in case of failure,
standards, certifications, trust

Chapter 19: Information Security
Info is the oil of 21st century
Large data breach occurred in summer 2017 against Equifax
○ Grabbed data of 143M customers (credit card + SSNs)
○ Impacted those beyond US (400k in UK and 100k in Canada)
○ Equifax confirmed their high-profile, high impact data breach was due to
exploit of vulnerabilities in OSS component, Apache Struts product
Target Hack
Hackers installed malware in Target’s security sys in 2013 before thanksgiving
○ Every credit card used in company’s US stores
○ 40 M credit cards stolen + additional personal info on 70M consumers
exposed
○ Breach followed by firms largest ever decline in transactions, falling
profits, lawsuits, and CEO’s dismissal
Target had sw security from FireEye:
○ Paid $1.6M for sw
○ Warnings ignored several times - had they been listened to, firm could
have prevented data theft
 ○ Firms security sw has an option to automatically delete malware as
detected but Target’s team turned that function off
Security=Priority
Firm suffering a data breach can experience direct fin loss, exposed proprietary
info, court costs, damaged rep
Loss of $45B in >2M cyber incidents in 2018
95% of attacks seen as preventable
Annual worldwide cybercrime costs $600B/yr
No text can provide 100% secure approach
Determine whether firm has tech, training, and policies in place to assess risks,
lessen likelihood of damage and respond in event of breach
Why, who, what?
Data harvesters: cybercriminals who infiltrate systems and collect data for illegal
resale
Cash-out Fraudsters: criminals that purchase assets from data harvesters to be
used for illegal financial gain. They might buy goods using solen cc’s or false
accounts
Extortionist might leverage hacked data to demand payment
○ US based extortionist plot against VA threatened to reveal names, SSN,
and other info stolen from medical records DB
○ Victims of French cyber-extortionist group included Domino’s, Swiss
Banks, and European medical testing firm
Cyberware has become legit threat
Tech disruptions by terrorists are devastating
60 min news program showed by white hat hackers:
○ Key component in oil refinery force it to overheat + cause explosion
○ Taking out key components of US power grid is devastating
Equip is expensive
Not made in US
3-4 months to replace
Stuxnet (new era of cyberwarfare) showed that w computers at heart of so many
systems, its now possible to destroy critical infrastructure
Twitter brought down and FB hobbled as hackers target accounts of Georgian
blogger (Cyxymu- outspoken critic)
Revenge by employees: San Fran city govt lost control of a large portion of its
own computer network over 10-day period when an employee refused to share
critical passwords
Is your govt spying on you?
 Govt surveillance came under scrutiny when former CIA employee and NSA
contractor, Edward Snowden, gathered over 1.7M digital docs from US, British,
and Australian agencies and began leaking them to the prpess
○ Disclosures revealed several US govt agencies had data-monitoring
efforts far more pervasive than many realized
○ XKeyscore, allows collection of data on “nearly everything a user does on
the internet”
Hackers
Hacker : term that may be applied to 1) someone who breaks into a computer or
2) particularly clever programmer
White hat hackers: someone who uncovers computer weaknesses wout
exploiting them
○ Contribute to improving system security
○ Share their knowledge in hopes security will be improved
Black hat hackers: computer criminals/bad guys
User and Admin Threats
Bad Apples: dishonest employees who steal secrets, install malware, or hold a
firm hostage
Social Engineering: con games that trick employees into revealing info or
performing other tasks that compromise a firm
○ Ex of methods used in social engineering:
Impersonating management or staff
Identifying key individuals by name or title
Making claims w confidence
Baiting someone to add, deny, or clarify info
Using harassment or guilt
Using an attractive person to charm others into getting info or
access
Answering bogus surveys
Passwords: most users employ inefficient or insecure password systems
○ Some sites force users to change passwords regularly, but this results in
compromises (ppl only make minor tweaks)
○ Building a better password: biometrics (measure and analyze human body
characteristics for id or authentication), Multi-factor Authentication: when
identity is proven by presenting 1+ item for proof of credentials
Tech Threats
Malware: seeks to compromise a computing system without permission
Methods of infection:
○ Viruses: infect other sw or files
 ○ Worms: programs that take advantage of security vulnerability to
automatically spread. Unlike viruses, worms do not require an executable.
○ Trojans: mislead users of its true intent by disguising itself as a standard
program
The Encryption Prescription
Deploying encryption dramatically lowers the potential damage from lost or stolen
laptops, or from hw recovered from dumpster diving
○ Encryption: scrambling data using a code, thereby hiding it from those
who do not have the unlocking key
○ Key: code that unlocks encryption
○ Brute-force attacks: exhausts all possible password combos to break into
an acc
Tips for Users
Surf smart
Stay vigilant
Stay updated
Stay armed- install full suit of sec sw
Be settings smart- secure home networks and encrypt hard drives
Regularly update passwords
Be disposal smart
Regularly back up your system
Check w your admin
Taking Action as an Org
Follow frameworks, standards, and compliance
○ ISO27000 series provides a “model for establishing, implementing,
operating, monitoring, reviewing, maintaining, and improving an IS Mgmt
System”
○ Compliance Reqs: legal or professionally binding steps that must be taken