IAS REV-FINALS (1).pdf

Transcript

- This growing collection of data can help
The Cybersecurity World - Cybersecurity people save energy, improve
Domains efficiencies, and reduce safety risks.

WEBSITES AND POWER OF DATA 1.2 CYBERSECURITY CRIMINALS VS
- GREAT BUSINESSES HAVE BEEN CYBERSECURITY SPECIALISTS
CREATED BY COLLECTING AND CYBERSECURITY CRIMINALS
HARNESSING THE POWER OF DATA - Hackers – This group of criminals
AND DATA ANALYTICS breaks into computers or networks to
- THESE BUSINESSES HAVE THE gain access for various reasons.
RESPONSIBILITY TO PROTECT THIS - White hat attackers break into
DATA FROM MISUSE AND networks or computer systems
UNAUTHORIZED ACCESS THE to discover weaknesses in
GROWTH OF DATA HAS CREATED order to improve the security
GREAT OPPORTUNITIES FOR of these systems.
CYBERSECURITY SPECIALISTS - Gray hat attackers are
somewhere between white and
DOMAINS black hat attackers. The gray
- BUSINESS LARGE AND SMALL HAVE hat attackers may find a
RECOGNIZED THE POWER OF BIG vulnerability and report it to the
DATA AND DATA ANALYTICS owners of the system if that
- ORGANIZATIONS LIKE GOOGLE, action coincides with their
LINKEDIN, AMAZON PROVIDE agenda.
IMPORTANT SERVICES AND - Black hat attackers are
OPPORTUNITY FOR THEIR unethical criminals who violate
CUSTOMERS computer and network
- THE GROWTH IN DATA COLLECTION security for personal gain, or
AND ANALYTICS POSES GREAT for malicious reasons, such as
RISKS TO INDIVIDUALS AND attacking networks.
MODERN LIFE
- IF PRECAUTIONS ARE NOT TAKEN Criminals come in many different forms. Each
TO PROTECT SENSITIVE DATA FROM have their own motives:
CRIMINALS OR OTHERS WHO HAVE - Script Kiddies - Teenagers or
INTENT TO HARM hobbyists mostly limited to
pranks and vandalism, have
CYBERSECURITY DOMAINS little or no skill, often using
- Cyber experts now have the technology existing tools or instructions
to track worldwide weather trends, found on the Internet to launch
monitor the oceans, and track the attacks.
movement and behavior of people, - Vulnerability Brokers - Grey hat
animals and objects in real time. hackers who attempt to
- New technologies, such as Geospatial discover exploits and report
Information Systems (GIS) and the them to vendors, sometimes for
Internet of Everything (IoE), have prizes or rewards.
emerged. Each depends on collecting - Hacktivists - Grey hat hackers
and analyzing tremendous amounts of who rally and protest against
data. different political and social
ideas. Hacktivists publicly
protest against organizations
 or governments by posting real-time visualization of
articles, videos, leaking attacks.
sensitive information, and https://www.honeynet.org/node/
performing distributed denial 960
of service (DDoS) attacks. - Share Cyber Intelligence:
- Cyber Criminals -These are InfraGard is an example of wide
black hat hackers who are spread sharing of cyber
either self-employed or intelligence. The InfraGard
working for large cybercrime program is a partnership
organizations. Each year, between the public and the
cyber criminals are responsible private sector. The participants
for stealing billions of dollars are dedicated to sharing
from consumers and information and intelligence
businesses. to prevent hostile
- State Sponsored Hackers - cyberattacks.
Depending on a person’s https://www.infragard.org/
perspective, these are either - ISM Standards: The ISO 27000
white hat or black hat hackers standards are an example of
who steal government Information Security
secrets, gather intelligence, Management Standards. The
and sabotage networks. Their standards provide a
targets are foreign framework for implementing
governments, terrorist groups, cybersecurity measures
and corporations. Most within an organization.
countries in the world participate http://www.27000.org/
to some degree in - New Laws: The ISACA group
state-sponsored hacking. track law enacted related to
cyber security. These laws can
Thwarting the cyber criminals is a difficult task, address individual privacy to
company, government and international protection of intellectual
organizations have begun to take coordinated property. Examples of these
actions to limit or fend off cyber criminals. The laws include: Cybersecurity
coordinated actions include: Act, Federal Exchange Data
- Vulnerability Database: The Breach Notification Act and
Nation Common Vulnerabilities the Data Accountability and
and Exposures (CVE) database Trust Act.
is an example of the http://www.isaca.org/cyber/page
development of a national s/cybersecuritylegislation.aspx
database. The CVE National
Database was developed to 1.3 COMMON THREATS
provide a publicly available COMMON THREATS THREAT ARENAS
database of all known - Cybersecurity specialists possess the
vulnerabilities. insight to recognize the influence of
http://www.cvedetails.com/ data and harness that power to build
- Early Warning Systems: The great organizations, provide services
Honeynet project is an example and protect people from cyberattacks
of creating Early Warning - Cyber Security specialists recognize
Systems. The project provides a the threat that data poses if used
HoneyMap which displays against people
 - A cybersecurity threat is the possibility
that a harmful event, such as an attack, - On a personal level, everyone needs to
will occur safeguard his or her identity, data, and
- Cyber vulnerability is a weakness that computing devices.
makes a target susceptible to an attack - At the corporate level, it is the
- Cyber threats are particularly dangerous employees’ responsibility to protect the
to certain industries and the type of organization’s reputation, data, and
information they collect and protect customers.
- At the state level, national security and
The following examples are just a few the citizens’ safety and well-being are at
SOURCES OF DATA that can come from stake.
established organizations: - In the U.S., the National Security
- Personal Information Agency (NSA) is responsible for
- Medical Records intelligence collection and
- Education Records surveillance activities.
- Employment and Financial Records - The efforts to protect people’s way of life
often conflicts with their right to privacy.
Network services like DNS, HTTP and Online
Databases are prime targets for cyber criminals. 1.4 SPREADING CYBERSECURITY THREATS
- Criminals use packet-sniffing tools to HOW THREATS SPREAD
capture data streams over a network. Attacks can originate from within an organization
Packet sniffers work by monitoring or from outside of the organization, as shown in
and recording all information coming the figure.
across a network.
- Criminals can also use rogue devices, Internal Security Threats
such as unsecured Wi-Fi access - An internal user, such as an employee
points. or contract partner, can accidentally or
- Packet forgery (or packet injection) intentionally
interferes with an established network - Internal threats have the potential to
communication by constructing cause greater damage than external
packets to appear as if they are part threats because internal users have
of a communication. direct access to the building and its
Domains include: infrastructure devices. Internal attackers
- Manufacturing typically have knowledge of the
- Industry Controls corporate network, its resources, and its
- Automation confidential data. They may also have
- SCADA knowledge of security countermeasures,
- Energy Production and Distribution policies and higher levels of
- Electrical Distribution and Smart administrative privileges.
Grid
- Oil and Gas External Security Threats
- Communication - External threats from amateurs or skilled
- Phone attackers can exploit vulnerabilities in
- Email networked devices, or can use social
- Messaging engineering, such as trickery, to gain
- Transportation systems access.
- Air Travel - External attacks exploit weaknesses or
- Rail vulnerabilities to gain access to internal
- Over the Road resources.
Vulnerabilities of Mobile Devices - In the past, - The variety or range of data types and
employees typically used company issued sources
computers connected to a corporate LAN. There are numerous examples of big corporate
- Today, mobile devices such as iPhones, hacks in the news. As a result, enterprise
smartphones, tablets, and thousands of systems require dramatic changes in security
other devices, are becoming powerful product designs and substantial upgrades to
substitutes for, or additions to, the technologies and practices. Additionally,
traditional PC. governments and industries are introducing
- More and more people are using these more regulations and mandates that require
devices to access enterprise better data protection and security controls to
information. Bring Your Own Device help guard big data.
(BYOD) is a growing trend.
- The inability to centrally manage and SPREADING CYBERSECURITY THREATS
update mobile devices poses a growing THREAT COMPLEXITY
threat to organizations that allow Advanced Weapons
employee mobile devices on their - Advanced persistent threat (APT) is a
networks. continuous computer hack that occurs
- under the radar against a specific
Emergence Internet-of-Things - The Internet object. Criminals usually choose an APT
of Things (IoT) is the collection of for business or political motives.
technologies that enable the connection of - Algorithm attacks can track system
various devices to the Internet. self-reporting data, like how much
- IoT technologies enable people to energy a computer is using, and use
connect billions of devices to the that information to select targets or
Internet. These devices include trigger false alerts. Algorithmic attacks
appliances, locks, motors, and are more devious because they
entertainment devices, to name just a exploit designs used to improve
few. energy savings, decrease system
- This technology affects the amount of failures, and improve efficiencies.
data that needs protection. Users - Intelligent selection of victims. In the
access these devices remotely, which past, attacks would select the low
increases the number of networks hanging fruit or most vulnerable victims.
requiring protection. Many of the most sophisticated attacks
- With the emergence of IoT, there is will only launch if the attacker can match
much more data to be managed and the signatures of the targeted victim.
secured. All of these connections, plus Broader Scope and Cascade Effect
the expanded storage capacity and - Federated identity management refers
storage services offered through the to multiple enterprises that let their
Cloud and virtualization, has led to the users use the same identification
exponential growth of data. credentials gaining access to the
networks of all enterprises in the
Impact of Big Data – Big data is the result of group. The goal of federated identity
data sets that are large and complex, making management is to share identity
traditional data processing applications information automatically across
inadequate. Big data poses both challenges and castle boundaries.
opportunities based on three dimensions: - The most common way to protect
- The volume or amount of data federated identity is to tie login ability to
- The velocity or speed of data an authorized device.
Safety Implications maintenance required to ensure IT
- There are many safety implications system performance and security
associated with the dark forces of - Protect and Defend includes the
cyber security including emergency identification, analysis, and
call centers in the U.S. are vulnerable to mitigation of threats to internal
cyberattacks that could shut down 911 systems and networks
networks, jeopardizing public safety. - Investigate includes the investigation
- A telephone denial of service (TDoS) of cyber events and/or cyber crimes
attack uses phone calls against a involving IT resources
target telephone network tying up the - Collect and Operate includes
system and preventing legitimate calls specialized denial and deception
from getting through. operations and the collection of
- The next generation 911 call centers are cybersecurity information
vulnerable because they use - Analyze includes highly specialized
Voice-over-IP (VoIP) systems rather review and evaluation of incoming
than traditional landlines. cybersecurity information to
determine if it is useful for intelligence
Heightened Recognition of Cybersecurity - Oversight and Development provides
Threats for leadership, management, and
- The defenses against cyberattacks at direction to conduct cybersecurity
the start of the cyber era were low. A work effectively
smart high school student or script - Securely Provision includes
kiddie could gain access to systems. conceptualizing, designing, and
- Now, countries across the world have building secure IT systems
become more aware of the threat of
cyberattacks. The threat posed by Within each category, there are several specialty
cyberattacks now heads the list of areas. The specialty areas then define common
greatest threats to national and types of cybersecurity work.
economic security in most countries.
ONLINE CYBERSECURITY COMMUNITIES
1.5 CREATING MORE EXPERTS ] Professional Organizations
CREATING MORE EXPERTS A WORKFORCE - Cybersecurity specialists must
FRAMEWORK FOR CYBERSECURITY collaborate with professional
Addressing the Shortage of Cybersecurity colleagues frequently. International
Specialists technology organizations often sponsor
- In the U.S., the National Institute of workshops and conferences. Visit each
Standards and Technologies (NIST) site with your class and explore the
created a framework for companies and resources available.
organizations in need of cybersecurity
professionals. The framework enables Cybersecurity Student Organizations and
companies to identify the major types Competitions
of responsibilities, job titles, and - Cybersecurity specialists must have
workforce skills needed. the same skills as hackers, especially
black hat hackers, in order to protect
The Seven Categories of Cybersecurity Work against attacks.
The Workforce Framework categorizes - How can an individual build and practice
cybersecurity work into seven categories. the skills necessary to become a
- Operate and Maintain includes providing cybersecurity specialist?
the support, administration, and
 - Student skills competitions are a great is a globally recognized industry
way to build cybersecurity knowledge certification in the security field.
skills and abilities. - ISACA Certified Information Security
- There are many national cybersecurity Manager (CISM) – Cybersecurity
skills competitions available to specialists responsible for managing,
cybersecurity students. developing and overseeing
information security systems at the
CYBERSECURITY CERTIFICATIONS enterprise level or for those developing
Industry Certifications best security practices can qualify for
In a world of cybersecurity threats, there CISM.
is a great need for skilled and knowledgeable - Company Sponsored Certifications -
information security professionals. The IT Another important credential for
industry established standards for cybersecurity specialists are
cybersecurity specialists to obtain company-sponsored certifications.
professional certifications that provide proof These certifications measure
of skills, and knowledge level. knowledge and competency in
installing, configuring, and maintaining
- CompTIA Security+ - Security+ is a vendor products. Cisco and Microsoft
CompTIA-sponsored testing program are examples of companies with
that certifies the competency of IT certifications that test knowledge of their
administrators in information products.
assurance. - Cisco Certified Network Associate
- EC-Council Certified Ethical Hacker Security (CCNA Security) - The CCNA
(CEH) – CEH is an intermediate-level Security certification validates that a
certification that asserts that cybersecurity specialist has the
cybersecurity specialists holding this knowledge and skills required to
credential possess the skills and secure Cisco networks
knowledge for various hacking
practices. How to Become a Cybersecurity Specialist
- SANS GIAC Security Essentials (GSEC)
- The GSEC certification is a good Cybersecurity specialists must be able
choice for an entry-level credential for to respond to threats as soon as they occur. This
cybersecurity specialists who can means that the working hours can be somewhat
demonstrate that they understand unconventional. Cybersecurity specialists also
security terminology and concepts analyze policy, trends, and intelligence to
and have the skills and expertise understand how cyber criminals think. Many
required for “hands-on” security times, this may involve a large amount of
roles. The SANS GIAC program offers a detective work. Here is good advice for
number of additional certifications in the becoming a cybersecurity specialist:
fields of security administration, - Study: Learn the basics by completing
forensics, and auditing. courses in IT. Be a life-long learner.
- (ISC)^2 Certified Information Systems Cybersecurity is an ever-changing
Security Professional (CISSP) - The field, and cybersecurity specialists
CISSP certification is a vendor-neutral must keep up.
certification for those cybersecurity - Pursue Certifications: Industry and
specialists with a great deal of company sponsored certifications
technical and managerial experience. from organizations such as Microsoft
It is also formally approved by the and Cisco prove that one possesses the
U.S. Department of Defense (DoD) and
 knowledge needed to seek employment - Availability means data are
as a cybersecurity specialist. accessible when you need
- Pursue Internships: Seeking out a them.
security internship as a student can
lead to opportunities down the road. SECURITY GOVERNANCE PRINCIPLES
- Join Professional Organizations: Join Security governance principles play a
computer security organizations, crucial role in maintaining an
attend meetings and conferences, organization’s cybersecurity posture.
and join forums and blogs to gain There are six key principles:
knowledge from the experts. - Responsibility
- Strategy
- Acquisition
- Performance
What is security and risk Management? - Conformance
- Human Behavior
- Security and risk management involve
identifying, assessing, and - Responsibility- Clearly define roles and
controlling risks to an organization’s responsibilities for security across the
capital, earnings, and critical assets. organization.
These risks can arise from various - Strategy- Align security efforts with the
sources, including financial uncertainty, overall business strategy
legal liabilities, strategic management - Acquisition- When acquiring new
errors, accidents, and natural disasters. technologies or services, evaluate their
Specifically, cyber risk management security implications.
focuses on information systems, aiming - Performance- Continuously monitor
to reduce the impact and likelihood of and assess security performance.
threats such as cyberattacks, employee - Conformance- Ensure compliance with
mistakes, and natural disasters. It’s an relevant regulations, standards, and
essential part of broader enterprise risk policies.
management efforts, allowing - Human Behavior- Promote secure
companies to safeguard their profits, behaviors among employees.
data, and reputation
CYBERATTACK - Is an attempt by
WHAT IS CIA TRIAD? cybercriminals, hackers or other digital
- The CIA Triad or Confidentiality, adversaries to access a computer network or
Integrity, and Availability is a guiding system, usually for the purpose of altering,
model in information security. A stealing, destroying or exposing information
comprehensive information security Common types cyberattacks
strategy includes policies and security - Malware- or malicious software — is
controls that minimize threats to these any program or code that is created
three crucial components. with the intent to do harm to a
- Confidentiality refers to computer, network or server.
protecting information from - Ransomware- an adversary encrypts a
unauthorized access. victim’s data and offers to provide a
- Integrity means data are decryption key in exchange for a
trustworthy, complete, and payment.
have not been accidentally - Fileless Malware- Fileless malware is a
altered or modified by an type of malicious activity that uses
unauthorized user.
 native, legitimate tools built into a C-level executive employees with the
system to execute a cyber attack. purpose of stealing money or
- Spyware- type of unwanted, malicious information, or gaining access to the
software that infects a computer or other person’s computer in order to
device and collects information about execute further cyberattacks.
a user’s web activity without their - Smishing- is the act of sending
knowledge or consent. fraudulent text messages designed to
- Adware- type of spyware that trick individuals into sharing
watches a user’s online activity in sensitive data such as passwords,
order to determine which ads to show usernames and credit card numbers.
them. While adware is not inherently - Vishing- a voice phishing attack, is
malicious, it has an impact on the the fraudulent use of phone calls and
performance of a user’s device and voice messages pretending to be from
degrades the user experience. a reputable organization to convince
- Trojan- malware that appears to be individuals to reveal private information
legitimate software disguised as such as bank details and passwords.
native operating system programs or - Spoofing- is a technique through which
harmless files like free downloads. a cybercriminal disguises themselves
Trojans are installed through social as a known or trusted source.
engineering techniques such as - Man-in-the-middle attack- is a type of
phishing or bait websites. cyberattack in which an attacker
- Worm- a self-contained program that eavesdrops on a conversation
replicates itself and spreads its copies between two targets with the goal of
to other computers. collecting personal data, (passwords
- Rootkits- a collection of software or banking details).
designed to give malicious actors - Social engineering- is a technique
control of a computer network or where attackers use psychological
application. Once activated, the tactics to manipulate people into
malicious program sets up a backdoor taking a desired action.
exploit and may deliver additional - Tailgating/piggybacking- is a type of
malware. physical security breach in which an
- Keylogger- are tools that record what unauthorized person follows an
a person types on a device. authorized individual to enter secured
- Denial -of-Service (DoS) attacks- is a premises.
malicious, targeted attack that floods a
network with false requests in order to
disrupt business operations.
- Phishing- a type of cyberattack that What is Information classification?
uses email, SMS, phone, social
media, and social engineering Information classification is a process
techniques to entice a victim to share used in information security to categorize
sensitive information — such as data based on its level of sensitivity and
passwords or account numbers. importance. The purpose of classification is
- Spear Phishing- type of phishing attack to protect sensitive information by
that targets specific individuals or implementing appropriate security controls
organizations typically through based on the level of risk associated with
malicious emails. that information.
- Whaling- is a type of social engineering Information classification also includes a
attack specifically targeting senior or process of labeling the information with the
appropriate classification level and asset, according to the risk of loss or
implementing access controls to ensure that harm from disclosure.
only authorized individuals can access the Confidential Information – information
information. This is done through the use of that is protected as confidential by all
security technologies such as firewalls, intrusion entities included or impacted by the
detection systems, and encryption. information. The highest level of security
measures should be applied to such
There are several different classification data.
schemes that organizations can use, but they Classified Information – information
generally include a few common levels of that has restricted access as per law or
classification, such as: regulation.
- Public- Information that is not sensitive Restricted Information – information
and can be shared freely with anyone. that is available to most but not all
- Internal- Information that is sensitive employees.
but not critical, and should only be Internal Information – information that
shared within the organization. is accessible by all employees
- Confidential- Information that is Public Information – information that
sensitive and requires protection, and everyone within and outside the
should only be shared with authorized organization can access
individuals or groups.
- Secret- Information that is extremely Label each information asset
sensitive and requires the highest - After classifying information by its value,
level of protection, and should only be the asset owner should implement a
shared with a select group of authorized clear and consistent labeling system
individuals. for both physical and digital data.
- Top Secret- Information that if disclosed This system can use numeric or
would cause exceptionally grave alphabetic order, as long as it's easy to
damage to the national security and understand and follow. Adding visual
access to this information is restricted to labels to document headers and footers
a very small number of authorized helps raise security awareness,
individuals with a need-to-know. encouraging employees to avoid sharing
sensitive information through USB
How to classify information? drives, email, or cloud services.
Classifying information may seem easy, but
when we talk about information in high volume, Method of handling each information asset
variety and importance, carrying out this task - Finally, after classifying and labeling
becomes a lot more complex. There are three its information assets, the organization
steps that make this process easier to follow: should establish rules and a plan to
1. Assigning value to the information protect them according to their
assets. classification. For example, public
2. Label each information asset. information can be stored in accessible
3. Method of handling each information locations or shared on the company’s
asset. social media, while classified
information should be securely locked
Assigning value to the information assets away, either on a safe server or
- To have an efficient classification of physically monitored by security
information, the organization should personnel
assign a value to each information
Data and System ownership responsibility for maintaining data accuracy,
completeness, and consistency. They are
Data Ownership motivated to implement data quality measures,
- a fundamental concept within data establish data validation processes, and enforce
governance that plays a crucial role in data governance policies to safeguard data
ensuring the effective management, integrity.
accountability, and utilization of data
assets. Data ownership refers to the Compliance and Regulatory Requirements-
designation of authority over specific Data ownership is closely linked to compliance
sets of data. It defines who has the with regulatory requirements. Designating data
legal right to control, utilize, and manage owners ensures that individuals are
that data. accountable for understanding and adhering
System Ownership to data protection and privacy regulations.
- on the other hand, involves Data owners can monitor data usage,
responsibility for the maintenance, implement necessary security measures, and
operation, and security of a specific IT ensure compliance with legal obligations,
system. The system owner ensures the mitigating risks associated with data breaches
system runs smoothly, is updated and non-compliance.
regularly, and is protected against
security threats. How can i Protect my privacy?

Importance of Data Ownership Privacy concerns have become increasingly
Accountability and Decision-Making - Data significant as more personal and sensitive data
ownership provides a clear line of is collected and shared online. Here are some
accountability for the management and key aspects to consider:
integrity of data. When a designated owner is - Privacy Concerns
responsible for a specific data set, they take - Privacy Laws
ownership of its quality, accuracy, and - Measures to Protect Personal Data
compliance with regulatory requirements. This
accountability ensures that data-related Privacy Concerns
decisions can be made promptly, - Data Breaches: Unauthorized access
leading to faster and more effective to personal data can lead to identity
decision-making processes theft, financial loss, and privacy
violations.
Data Governance Framework- Data ownership - Surveillance: Governments and
serves as a foundational element of a robust organizations may monitor individuals’
data governance framework. It establishes activities, raising concerns about
roles, responsibilities, and decision-making privacy and civil liberties.
authority, enabling organizations to define and - Data Misuse: Companies may use
enforce data-related policies, standards, and personal data for purposes beyond
processes. Without clear data ownership, data what users consented to, such as
governance initiatives can become fragmented, targeted advertising or selling data to
leading to inconsistent practices and hindered third parties.
data management efforts
Privacy Laws
Data Quality and Integrity- Data ownership - General Data Protection Regulation
plays a pivotal role in ensuring data quality and (GDPR): This EU regulation provides
integrity. When data ownership is clearly comprehensive data protection and
assigned, the designated owner takes privacy for individuals within the
 European Union. It mandates strict rights, allowing Americans to have
consent requirements and gives more control over who can access their
individuals the right to access and personal data.
delete their data.
- Health Insurance Portability and
Accountability Act (HIPAA): In the
U.S., HIPAA protects sensitive health
information from being disclosed
without the patient’s consent or
knowledge.
- California Consumer Privacy Act
(CCPA): This law gives California
residents the right to know what
personal data is being collected about
them, to whom it is being sold, and the
ability to access and delete their data.

Measures to Protect Personal Data
- Encryption: Encrypting data ensures
that it is unreadable to unauthorized
users.
- Access Controls: Implementing strict
access controls helps ensure that only
authorized individuals can access
sensitive data.
- Regular Audits: Conducting regular
audits and assessments can help
identify and mitigate potential
vulnerabilities.
- User Education: Educating users about
privacy risks and safe practices can
empower them to protect their own data.

Recent Development In 2024, President Biden
issued an executive order to protect Americans’
sensitive personal data from exploitation by
countries of concern. This order includes
regulations to safeguard genomic data,
biometric data, personal health data, geolocation
data, financial data, and other personal
identifiers.
Key Aspects:
- Regulation of Sensitive Data: The
order imposes new restrictions on
sharing and processing sensitive
personal data, particularly when it could
be accessed by foreign governments.
- Stronger Consumer Protections: The
executive order strengthens consumer
MINDMAP FOR MODULE 1

MINDMAP FOR MODULE 2
MINDMAP FOR MODULE 3