1. Distinguish training and learning. Does training guarantee learning?
Training is the term used to describe learning processes guided by an expert.
Generally, training is used when the skill
What are the top three challenges small firms faces in managing their
The top three challenges are likely to relate to resourcing, technological and
systems capability, and know
1. Identify ways in which leaders can support knowledge management and five ways in
which they may obstruct the development of a knowledge culture.
- integrating knowledge principles
What are they key features for tools in the knowledge creation and capturing phase, knowledge sharing
and dissemination phase, knowledge acquisition and application phase?
2013, Ian Tan
TSC2211 Computer Security
Recap : Concepts of Cryptography
Data Encryption Standard (DES)
Advance Encryption Standard (AES)
Reason of Program flaws
: can be derived from any kind of software fault
- problem in a single code
- failure of several programs
- failure program pieces to interact through a shared interface (compatibly)
Types of Flaws
- Intentional (Non-Mali
Mix networks are routing protocals that create hard to trace communication by using chain of
proxy servers known as mixes which take in messages from multiple senders, and send them
back out in random order to the next destination (possibly a
database security requirement
-user authentication = positively identify every user of the database with user permission to access the
-access control = specify who has authroized to the data in hte database and to hwat extend is the
database security requirement
-user authentication = positively identify that every user of the database with user permission to access
-access control = specify who has authorized to access the data in the database and to what extend is the
What is computer security?
-The protection of computer system from the theft and the damage to the hardware , software , and
- Principle of penetration : the weakest link
- Principle of the effectiveness : control
Computer emergency readiness team
"Computer emergency response team" is a name given to expert groups that handle computer security
incidents. In the US, two distinct organization exist, although they do work closely together.
US-CERT: part of the N
Computer emergency response teams
Main article: Computer emergency response team
Most countries have their own computer emergency response team to protect network security.
On October 3, 2010, Public Safety Canada unveiled Canada's Cybe
Intrusion-detection systems can scan a network for people that are on the network but who should not
be there or are doing things that they should not be doing, for example trying a lot of passwords to gain
access to the network.
A microkernel is the near
Typical cybersecurity job titles and descriptions include:
Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates
using available tools and countermeasures to remedy the detected vuln
Cryptographic techniques can be used to defend data in transit between systems, reducing the
probability that data exchanged between systems can be intercepted or modified.
Cyberwarfare is an internet-based conflict that involves politically motivated att
Public Safety Canada's Canadian Cyber Incident Response Centre (CCIRC) is responsible for mitigating
and responding to threats to Canada's critical infrastructure and cyber systems. The CCIRC provides
support to mitigate cyber threats, technical support t
The Department of Homeland Security has a dedicated division responsible for the response system, risk
management program and requirements for cybersecurity in the United States called the National Cyber
Security Division. The division is home t
Access authorization restricts access to a computer to group of users through the use of authentication
systems. These systems can protect either the whole computer such as through an interactive login
screen or individual services, such as an FTP server.
Role of government
The role of the government is to make regulations to force companies and organizations to protect their
systems, infrastructure and information from any cyber-attacks, but also to protect its own national
infrastructure such as th
ollowing cyberattacks in the first half of 2013, when government, news-media, television station, and
bank websites were compromised, the national government committed to the training of 5,000 new
cybersecurity experts by 2017. The South Korean government
n 2013 and 2014, a Russian/Ukrainian hacking ring known as "Rescator" broke into Target Corporation
computers in 2013, stealing roughly 40 million credit cards, and then Home Depot computers in
2014, stealing between 53 and 56 million credit card num
Backups are a way of securing information; they are another copy of all the important computer files
kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, tapes and more recently on
the cloud. Suggested locations for backups are a f
Main article: Cyberwarfare
Cybersecurity is becoming increasingly important as more information and technology is being made
available on cyberspace. There is growing concern among governments that cyberspace will become the
development and co-ordination of major issues related to network security and information technology.
Economic, political, cultural, social and military fields as related to network security and information
technology strategy, planning and major macroeco
Some provisions for cybersecurity have been incorporated into rules framed under the Information
Technology Act 2000.
The National Cyber Security Policy 2013 is a policy framework by Ministry of Electronics and Information
Technology (MeitY) which aims to
TJX customer credit card details
In early 2007, American apparel and home goods company TJX announced that it was the victim of an
unauthorized computer systems intrusion and that the hackers had accessed a system that stored
data on credit car
Legal issues and global regulation
Conflict of laws in cyberspace has become a major cause of concern for computer security community.
Some of the main challenges and complaints about the antivirus industry are the lack of global web
Notable attacks and breaches
Further information: List of cyber-attacks and List of data breaches
Some illustrative examples of different types of computer security breaches are given below.
Robert Morris and the first computer worm
Hardware protection mechanisms
See also: Computer security compromised by hardware failure
While hardware may be a source of insecurity, such as with microchip vulnerabilities maliciously
introduced during the manufacturing process, hardware
Response to breaches
Responding forcefully to attempted security breaches (in the manner that one would for attempted
physical security breaches) is often very difficult for a variety of reasons:
Identifying attackers is difficult, as they are often