Richard J. Bocchinfuso

"Be yourself; everyone else is already taken." – Oscar Wilde

FIT – MGT 5115 – Wk8 Assignment

Create a PowerPoint presentation to address the question below. Your PowerPoint presentation should be 8-12 slides, and developed as if you are presenting to fellow colleagues within the IT industry. 

Discuss whether cognitive overload is a problem in your work or education. Based on your experience, what personal and organizational solutions can you recommend for this problem?

[google-drive-embed url=”https://docs.google.com/presentation/d/1QkVfDsgU2A8LnnlAcwZvzzmPAankTSzx1Q9QpI3591o/preview?usp=drivesdk” title=”FIT MGT 5115 Week 8 Presentation” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google-apps.presentation” width=”100%” height=”400″ style=”embed”]

FIT – MGT 5115 – Wk8 Discussion Post

Visit two or more social media sites and review information that people post about themselves and information friends post about them. What types of information is available? What challenges do corporations face with regards to social media? Do companies have social media policies for sharing information? Provide an example.

43% of all social media traffic pictures. This is not surprising given the meteoric rise of Snapchat and conversely the fall of Twitter. Facebook’s acquisition of Instagram for one billion dollars was also a good barometer for this statistic.

Massive social media sites like Facebook and Google+ are dominated by photo sharing while Twitter is more focused on updates about on what’s happening right now, aka your status, news sharing is also widespread on Twitter. And of course services like Snapchat, Pinterest and Instagram are focused on photos.

Social news sites like Reddit, Hacker News, and Digg use social sentiment to curate new stories. Users of these services vote new stories up or down to curate the relevance of the content.

Social Q & A sites like StackExchange, StackOverflow and Quora allow users to ask questions and vote responses up or down. This process identifies the most probable answer using the social sentiment. Responses are validated, and users are given a rating as time goes on.

People post all kinds of data about themselves on social media, some examples include:

  • Photos of themselves (selfies), friends, family, strangers, inanimate objects, etc… you name it, it has been photographed, linked to someones social media profile and shared for the world to see.
  • Opinions on anything and everything.
    • The mobile device and social media have become the immediate way to connect with like-minded individuals, the mobile couch.  I have two words: “vanity search”.  It’s always a good idea to take a deep breath when your angry and sleep on it before taking pen to paper, the same should be true before composing a questionably literate 140 character message that will likely alienate 50% of the people who inhabit the planet with you.
  • Status updates, again about anything and everything. There’s a disturbing notion with the idea that people care that you’re eating a bean burrito, so you need to stop to photograph it, share it on social media with a witty tagline and wait for others to like it, only to slip into a funk when you don’t get the likes you expected. #freakshow
  • Recommendations and warnings of all types.
  • Links to things people read, news stories, other posts, etc..
  • Videos of any variety.
    • E.g. – A video of the United passenger being forcefully removed from an airplane.
      • WARNING:  Everyone is wearing a body cam, and they are excited to use it and share the footage with the world.  Facial recognition algorithms will identify you even when you’re not looking.
  • Travel plans and itineraries. (e.g. – linking TripIt to your social media profile, why no let the world know you’ll be in Europe for a month, sounds reasonable and safe.)
  • Personal and professional accomplishments.

My golden rule is I never mix alcohol and my mobile device.  Shut it off, respond to that tweet in the morning, no need for pictures, there is plenty of Budweiser in the world and as much as I think I need preserve this picture for future generations, I don’t.

Probably more interesting than what we are sharing directly, is the metadata we are creating and sharing.  How you move, where you go, who you connect with, etc… All this metadata has immense value and it’s the data we protect the least.
One of my favorite use cases for social media data and metadata is how we will determine creditworthiness in the future.  Startups like Tala are using social media and mobile metadata to determine creditworthiness and large consumer credit rating agencies like Fair Issac Corporation (FICO) and TransUnion are also adopting this approach to determining creditworthiness.

Here are some challenges that business face with social media:

  • Integration: Where does social media live within the organization? Every business knows it is essential to engage but who should own it. Social media data and social media analytics are providing such strategic value to organizations today that I am seeing Chief Marketing Officers replacing Chief Information Officers in some organizations. Social media and big data analytics have become more powerful than the internal data that drove traditional BI. CMO’s own the social engagement so in some cases they are taking over the conventional CIO role.
  • Governance: I call this reputation management or defense.
  • Culture: Social media shift the employee and consumer engagement model.
  • Human Resources: This all about establishing a social media policy.
  • Measurement & ROI: How will the organization measure the effectiveness of social media on the business and what is the ROI.
  • Security: Social media is a great place for hackers to look for vulnerabilities, using both sophisticated and unsophisticated approaches.

Most companies do establish a social media policy. An example is Adidas’ Socail Media Policy.

Here are some highlights from Adidas’ Social Media Policy:

  1. Employees are allowed to associate themselves with the company when posting but they must clearly brand their online posts as personal and purely their own. The company should not be held liable for any repercussions the employees’ content may generate.
  2. Content pertaining to sensitive company information (particularly those found within Adidas internal networks) should not be shared to the outside online community. Divulging information like the company’s design plans, internal operations and legal matters are prohibited.
  3. Proper copyright and reference laws should be observed by employees when posting online.

Source: http://blog.hirerabbit.com/5-terrific-examples-of-company-social-media-policies/

References

5 Terrific Examples of Company Social Media Policies. (n.d.). Retrieved October 18, 2017, from http://blog.hirerabbit.com/5-terrific-examples-of-company-social-media-policies/

Armano, D. (2014, July 23). Five Challenges Social Media Will Bring to Business. Retrieved October 18, 2017, from https://hbr.org/2009/08/a-recent-survey-conducted-by

Hardekopf, B. (2015, October 23). Your Social Media Posts May Soon Affect Your Credit Score. Retrieved October 18, 2017, from https://www.forbes.com/sites/moneybuilder/2015/10/23/your-social-media-posts-may-soon-affect-your-credit-score-2/#104ef232f0e4

Nations, D. (n.d.). Check Out These Social Sites to Get Your News Fix. Retrieved October 18, 2017, from https://www.lifewire.com/top-social-news-sites-3486498

Top five risks companies face when using social media. (n.d.). Retrieved October 18, 2017, from http://techxb.com/top-five-risks-companies-face-when-using-social-media

Turban, E., Volonino, L., & Wood, G. R. (2015). Information technology for management digital strategies for insight, action, and sustainable performance. New Jersey (Estados Unidos): Wiley.

What People Share On Social Networks – Statistics and Trends [Infographic]. (n.d.). Retrieved October 18, 2017, from https://www.go-gulf.ae/blog/what-people-share-on-social-networks/

FIT – MGT 5115 – Wk7 Assignment

Create a PowerPoint presentation to address the question below. Your PowerPoint presentation should be between 8-12 slides, and developed as if you are presenting to fellow colleagues within the IT industry.

Define ERP, SCM, and CRM. Use your textbook as a resource and find additional resources to assist you.

[google-drive-embed url=”https://docs.google.com/presentation/d/1epWKxu1Bnx-HhsJXN822feCWUyyWbAiG3VQBDXb5UDI/preview?usp=drivesdk” title=”FIT MGT 5115 Week 7 Presentation” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google-apps.presentation” width=”100%” height=”400″ style=”embed”]

FIT – MGT 5115 – Wk7 Discussion Post

Find examples of how two of the following organizations can improve their supply chains: manufacturing, hospitals, retailing, education, construction, agribusiness, and shipping. Discuss the benefits to the organizations.

Regardless of industry, a good quote-to-cash (Q2C) process is critical to improving the supply chain. Forecasting is an essential component to managing the supply chain, the tighter the forecast, the better the supply chain management process becomes which ultimately improves time to delivery.

Retailers can leverage market and customer intelligence to try to predict demand concerning volume and products more accurately, allowing them to align their inventory management practices with customer demand. No one does this better than Amazon. Amazon has built a platform that leverages machine learning algorithms to create and predict demand; these algorithms also help Amazon masterfully manage the supply chain. Amazon collaborates with customers, allowing customers to create lists, build shopping carts, performing predictive analytics all along the way and making suggestions based on customer buying patterns, steering customer toward specific shipping options and subdividing customers by providing a premium membership option which gives Amazon even more predictability. Amazon also collaborates with suppliers, providing them with analytics on purchases, buyer demographics, and leveraging EDI to for product availability in both the Amazon fulfillment centers as well as marketplace fulfiller warehouses, managing re-orders based on demand and automagically adjusting reorder thresholds. These are just a few of the ways that every retailer can streamline their supply chain. Amazon uses technology to solve an age-old problem elegantly. Because Amazon has become the place people go on the Internet to search for products their market intelligence is incredible, this coupled with their automated fulfillment process, and the scale they have been able to achieve has made them a retail titan.

Manufacturing companies who rely on components or materials from various suppliers can leverage CRM (customer relationship management), ERP (enterprise resource planning), and MRP (manufacturing resource planning) systems to improve visibility and enable quicker and more accurate decision making. In many cases, EDI (electronic data interchange) can be used to create connections to supplier allowing manufacturers to understand supplier inventories in real-time and suppliers to understand manufacturer demand. EDI can benefit both the consumer and supplier.

Regardless of industry good forecasting, efficient communications between buyer and suppliers, standard operating procedures (algorithmic and automated, even better), and an empowered workforce (information is power) can help to address the “bullwhip effect”. The “bullwhip effect” is a term used to describe the impact on the supply chain when there is a significant variance between orders places with suppliers and sales to end customers. When an inability to forecast demand occurs and consumers over order buy, regardless of demand this ripple effect on the supply chain is known as the “bullwhip effect”.

There is no magic bullet to supply chain improvement. Those who endeavor to leverage efficiencies in supply chain management for competitive advantage need to be committed to continuous improvement and the realization that the optimizations put in place today may be different tomorrow.

References

4 Ways Supply Chain Management Can Reduce the Bullwhip Effect. (2016, October 27). Retrieved October 11, 2017, from https://manufacturing.gppcpa.com/2015/07/30/4-ways-supply-chain-management-can-reduce-the-bullwhip-effect/

Glatzel, C., Niemeyer, A., & Röhren, J. (n.d.). Three ways CEOs can improve the supply chain. Retrieved October 11, 2017, from https://www.mckinsey.com/business-functions/operations/our-insights/three-ways-ceos-can-improve-the-supply-chain

Kunert 2 Nov 2016 at 07:01 tweet_btn(), P. (n.d.). Str-NAND-ed: Flash chip drought hits tech world. Retrieved October 11, 2017, from https://www.theregister.co.uk/2016/11/02/nand_flash_supply_shortage/

Mandell, P. (2014, April 23). Three Steps to Integrating Continuous Improvement Into Your Procurement Organization’s DNA. Retrieved October 11, 2017, from http://www.scmr.com/article/three_steps_to_integrating_continuous_improvement_into_your_procurement_org

Order to Cash and Quote-to-Cash… What’s the Difference? (2017, March 30). Retrieved October 11, 2017, from https://apttus.com/blog/order-to-cash/

The secrets behind Amazon’s success. (2016, January 21). Retrieved October 11, 2017, from https://www.cips.org/supply-management/analysis/2016/february/the-secrets-behind-amazons-success/

Turban, E., Volonino, L., & Wood, G. R. (2015). Information technology for management digital strategies for insight, action, and sustainable performance. New Jersey: Wiley.

FIT – MGT 5115 – Wk 6 Assignment

Create a PowerPoint presentation to address the question below. Your PowerPoint presentation should be 8-12 slides and developed as if you are presenting to fellow colleagues within the IT industry. 

Explain both low-tech and high-tech methods used to gain access to a company’s networks and databases, the vulnerabilities of information systems, and cybercrime symptoms.

[google-drive-embed url=”https://docs.google.com/presentation/d/1bcZ65QjMQu2yj7zR6VuPYXlg_sLYRveRVX21d8xm_Bk/preview?usp=drivesdk” title=”FIT MGT 5115 Week 5 Presentation” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google-apps.presentation” width=”100%” height=”400″ style=”embed”]

FIT – MGT 5115 – Wk 6 Discussion Post

Define social media and explain why these technologies are different from earlier manifestations of the web. 

The definition of “social media” that I liked the most broke down the components of the term and defined them individually before deriving a combined meaning.

  • “Social” refers to the social interaction of people bidirectionally sharing information with others.
  • “Media” refers to the form of communication, in this case, the internet vs. traditional forms of media such as television, radio, and newspapers.

Given this contextual understanding of the words “social” and “media,” we can now define “social media” as the use of the internet and internet-based platforms that allow people to share and consume information.  I will add to this definition that this sharing and consumption happens in a near-synchronous fashion.

Unlike traditional forms of media (e.g. – tv, radio, and print) where data is compiled, and the information presented to the consumer in what I will call a two-dimensional world. In the age of “social media” raw data may be shared by the user, and this data may be combined with other user data to create information which can be gleaned only through the aggregation multiple data points volunteered by social media users. The creation of this information, knowledge and alternate perspectives happens knowingly and unknowingly to the users who volunteered the data and metadata.

One of my all-time favorite examples of this was a website called Please Rob Me (now defunct, but still a great example). The use of social media, in particular, Twitter and FourSquare (check-in craze seems to be over but was hot a few years ago; another dead unicorn) check-in data is used to let bad guys know when you won’t be home so they can rob you unencumbered. This is a perfect example of how social media platforms take tangential data and leverage it to create new information.

When we contrast social media with early manifestations of the web, meaning the World Wide Web (and Gopher, can’t forget about Gopher), these were an alternate digital publishing platforms where the creator published information to the web. Early internet protocols like IRC built social communities and sub-cultures, but the data was transient, unlike social media which has turned transient 140 character snippets into information. Social media focuses on capturing the data and metadata (e.g. – geolocation data), the data provided by a single user is aggregated with other user data to determine things like sentimentstatistical inference, etc…

When we look at the difference between social media and traditional media (the early web was just a new delivery method for traditional media), with social media we opt-in to a system where marketing is cheaper, has greater reach and is targeted because of our endless desire to share so many things about ourselves. The quid pro quo created is the ability to interact and influence in a way not possible before the dawn of social media. The benefits to the marketers are obvious; we provide a continuous stream of data which they convert to information and pivot as required.

One of my favorite social media stories is the story of The Ritz-Carlton and Joshie the Giraffe (great read that highlights the power of social media).

I travel a quite a bit, and I write code for a living and for fun; I’ll spare you the details of an unpleasant recent travel situation, but I will share the social media story. Let’s just say I had a situation in a Hilton hotel which required me to check out of the hotel and move to another hotel. When I arrived home later that week traumatized, I called Hilton and filed a report online.  A week later there was no movement on the issue, it was like I was banging my head against the wall. At this point I decided to take to Twitter, my approach was two-fold, one, post a message hashtagging #Hilton, and two, write a Twitterbot that would look for tweets hashtagged with #Hilton and send a reply with a note and a picture of my #Hilton experience. Less than 24 hours later Hilton made restitution for my experience. The power of social media, but it cuts both ways.

My dialog with Hilton on Twitter:

Early manifestations of the web were unidirectional and asynchronous, near-synchronous communication protocols like IRC never really made it to the masses, and IRC was built around closed communities. There is talk that a shift may once again be underway, with social media groups giving way to smaller more target groups like Slack style communities.

The internet and the web are ever-evolving, the pace of innovation is increasing as are unicorn mortality rates. Twitter was the darling of social media four years ago and today they are seemingly embroiled in a sell or fizzle out scenario. No one even knows who Foursquare is anymore. Dare I say Facebook is for the elder generation, blogging seems to be dead, and the world seems to be hooked on pictures and filters (aka Snapchat). I don’t get the Snapchat revolution, but I am part of that elder generation who is still using Twitter, blogs, RSS, IRC, etc… I consider myself more a consumer of information than a sharer of information, I try not to share too much raw data and metadata, but we all do it. Social Media is everywhere; it’s not just the platforms we are all familiar with like Facebook, Twitter, Instagram, LinkedIn, Reddit, Snapchat, Pinterest, Google+, etc… but there are sites I frequent like Stack Overflow, GitHub, Hacker News, figshare, etc… that have changed the way we live and communicate.  The internet (web) experience today is no longer a way to publish and consume static digital content, it is a near-synchronous platform which delivers an immersive experience.

References

Bennett, S. (2012, July 13). Marketing 101 – Social Media vs Traditional Media [INFOGRAPHIC]. Retrieved October 04, 2017, from http://www.adweek.com/digital/social-vs-traditional-media-marketing/

Frost, A. (2016, April 03). How and Why to Create a Community With Slack. Retrieved October 04, 2017, from https://blog.bufferapp.com/slack-community

Hurn, C. (2012, May 17). Stuffed Giraffe Shows What Customer Service Is All About. Retrieved October 04, 2017, from http://www.huffingtonpost.com/chris-hurn/stuffed-giraffe-shows-wha_b_1524038.html

Nations, D. (n.d.). Serious Question: What Exactly Is Social Media? Retrieved October 04, 2017, from https://www.lifewire.com/what-is-social-media-explaining-the-big-trend-3486616

Turban, E., Volonino, L., & Wood, G. R. (2015). Information technology for management digital strategies for insight, action, and sustainable performance. New Jersey (Estados Unidos): Wiley.

FIT – MGT 5115 – Wk 5 Reponses

Question:  Regarding the vulnerabilities, I have had the same concerns that you have mentioned with Open Source applications. Do you believe with Open Source projects with code available to anyone, that having more programmers with access to the code to quickly identify vulnerabilities and correct them outweighs the potential for hackers realizing a vulnerability? I don’t have first hand experience, but from previous classes we learned that programers are normally on a time crunch with approaching deadlines, and therefore neglect security and take shortcuts in the applications design. I also read that the programers will often will change companies, leaving another programer in place to fix the identified vulnerabilities and code errors, often times, with no notes from the out-going programer to help in the process. 

 

Response:  I think the Open Source conversation cuts both ways.  With source code readily available, vulnerabilities can be identified quicker and either exploited or patched.  There is also a tangential effect of the Open Source movement where tools are being built in the ecosystem which helps us to detect threats and close vulnerabilities, tools like Snort.  Software development cycles are moving at a much faster pace today than they were ten years ago, rigid release cycles have given way to CI/CD (Continuous Integration / Continuous Delivery) and Blue-Green Deployments.  It’s said that 111 billion new lines are code will be put into production in 2017, that is a lot of code and a massive new attack surface, which will likely be targeted using vectors not previously used.  It’s unrealistic to think that all this code will be vulnerability-free, the question in my mind is always focused on progress, if we live in fear, if we slow release cycles, do we reduce risk and at what cost?  I think the Open Source community is critical to the overall ecosystem, yes there are vulnerabilities, for example, Shellshock which impacted a large number of UNIX and Linux based systems using bash and while we might think that tighter controls and release cycles might have avoided this, it’s unlikely.  With all that said I believe the Open Source pros far outweigh the cons.  When we look around at where we are today most of the progress would not have been possible without the Open Source movement.

 

Question:  So I would like your opinion on a thought process. Which came first, the chicken or the egg? He is what I mean, Lets look at hospitals being held by ransomware. Did this come about from tv shows portraying it then some hacker saying I can do that. Or did it start from a hacker and tv saying what a great idea? Look at how many ideas can from TV and movies and because of fantasy became reality (cell phones, tablets, etc). I’m still new in the IT world, but I don’t ever remember hearing about ransomware attacks on hospitals until after I saw about 3 tv shows with it. Of course I have seen the same trend, not just in hospital ransomware attacks, but other kind of terrorist attacks around the world. So your opinion, are we making hackers famous, or are we giving them ideas? Of course this post is open for anyone to throw their ideas out here on it.

 

Response:  Scott, my general thought is that art imitates life, life does not imitate art so I believe that TV series like Mr. Robot and others are merely just replaying events which have already taken place in a context that can be easily understood by the masses (Law and Order for the cyber enthusiast).  TV dramatizes the stereotype of a hacker because the truth is probably a little dry for mass consumption but I don’t think TV is providing hackers with any new ideas and most hackers prefer anonymity to fame.  The hacktivist group Anonymous (portrayed as fsociety on Mr. Robot) represents a cyber activist group interested in taking credit (anonymously hopefully) for their activities but the number of hacks they take credit for pale in comparison to the hacks that go undetected or undisclosed.

Interesting fact:  100% of ransomware attacks like (CrytoLockerWannaCry, etc…) decrypt the data once the victim pays the ransom.  These are hacks for economic gain.  If there was a report that the ransom was paid but the data was not decrypted then no one would pay the ransom so ironically the idea of ransomware really hinges on the idea that you will get your data back if pay the ransom.  Couple this with the idea that most organizations don’t want to disclose that they were exploited and you have the perfect storm for a booming business.

The first documented ransomware virus was identified in 1989 and was called the AIDS Trojan.
This week I simulated something similar my presentation as an example of a high-tech method of hacking using a device called a USB Rubber Ducky (video:  https://www.youtube.com/watch?v=bOBgquwpvTc).

As for new ideas discovered on TV, let’s explore this for a minute, maybe using the Star Trek Communicator as a good example.  HAM radio started being used in the 1890s and Star Teck debuted in 1966.  My point is that good Hollywood is rooted in reality, even good science fiction is rooted in the ability to visualize what could be based on what is.  With that said I would be willing to agree that Hollywood probably played a significant role in in design and adoption rates, not sure if this or will continue to be the case in the future though.  The Motorola StarTAC and the Star Trek Communicator look pretty similar, coincidence, I think not.  Hollywood clearly played a role in the design choices and adoption rate of the StarTAC but these are consumer goods and the tech was the tech.

There is a sub-culture out there and when you’re not living it is all seems new and shiny.  John Draper (aka Cap’n Crunch) hacked the pay phones with a toy whistle from a box of Cap’n Crunch cereal box in the 1960s, yet phreaking (the idea not the name) wasn’t really done by Hollywood until 1983 in the movie War Games.  The whistle emitted a 2600 MHz tone that allowed free phone calls to be made from pay phones, though the 70s and 80s phreaking persisted as a vibrant sub-culture where hackers, mostly enthusiast tinkerers but some malicious looked at the ever-expanding telephony system as a gauntlet laid down before them. Sound familiar. 🙂

I am an avid reader of 2600 magazine; if you are interested in the hacker sub-culture I recommend it.
If you just want to read some of the best stories they 2600 had published a couple of books which I recommend:
– The Best of 2600: A Hacker Odyssey
– Dear Hacker: Letters to the Editor of 2600

FIT – MGT 5115 – Wk 5 Discussion Post

Why is cybercrime expanding rapidly? Discuss some possible solutions, including acceptable-use policies, security procedures, and policies.

One of my favorite websites is the Norse Attack Map.
The Norse Attack Map does a good job graphically depicting the amount of suspicious activity occurring on the Internet. I am also an avid reader of Kerbs on Security and it’s clear that hackers are motivated by differing agendas and that attack surface and entry points are increasing at an exponential rate. IOT is creating an unprecedented attack surface and with the number of Internet-connected devices growing exponentially I think it’s fair to expect that cyber attacks will remain on the rise.  Companies like Cisco are introducing what they call “The Network Intuitive” (if this is the only link you click, I suggest watching this video)which will leverage machine learning and AI to protect the network and its connected devices.

Our connected evolution from the ARPANET to the Internet we are all so familiar with and have come to rely on, to the Internet of Everything (IoE) is what provides the basis for the rapid expansion of cybercrime. A quick look at the growth of the Internet and the connected devices provides insight to an attack surface that is growing bigger and bigger with each passing day.

The Target breach was highlighted in the text (Turban, 2015, p. 149) and this was a violation that was a probably avoidable with simple layer one isolation. Why Fazio Mechanical Servies, Target’s HVAC contractor would have credentials on a network that had access to Target’s POS systems is a bit astounding. Hindsight is 20/20 and hackers have proven capable of penetrating facilities which are off the grid; this was the case with Stuxnet. In the case of Stuxnet, a worm purportedly developed under an unacknowledged government operation called Olympic Games which was a campaign to use cyberwarfare to disrupt Iran’s nuclear program. I highly recommend the movie Zero Days.

The Internet is the modern-day battlefield, the keyboard is the weapon of choice, the ideal soldier is adept at sleep deprivation and enjoys jolt cola and cold pizza. Whether you hack for the challenge (e.g. – Kevin Mitnick), hack for hacktivism (e.g. – Barrett Brown), hack for money (e.g. – black, white and gray hat hackers for hire) or you hack for a nation-state, you likely live inside a sub-culture which is which is experiencing exponential growth.

I think it’s important to note that amount of Open Source software being deployed has exploded; this is important because the source code is easily accessible, this makes it easier for hackers to find and exploit vulnerabilities. This software is everything from operating systems like Linux which powers the Internet in the form of servers, mobile devices, IoT devices, routers, switches, etc… to platforms like WordPress which is said to power 28% of the websites on the Internet.  Linux and platforms like WordPress are honeypots because a vulnerability found in the Linux kernel, a GNU binary or in the WordPress code can be exploited and impact maximum damage.  It’s also important to recognize how important simple things like password length and complexity are, tools like hashcat, cloud computing, and the accessibility to GPU computing have made cracking reasonably complex passwords a speedy task, what used to take years now takes minutes.

Cloud computing and rapid adoption have not made these problems any easier to deal with.  As developers race to the cloud to become the next Unicornsecurity practices are weakening.  One of my favorite stories is about a company called Code Spaces who was put out of business by a hacker who gained root access to their AWS account and essentially deleted all their instances, data, and backups.  There are stories every day about developers placing keys on Github inadvertently and there are bots which are actively crawling code repositories looking for keys.  In this connected world access to information awesome and so is the ability to expose information that should not be exposed, good policies, procedures, automation, etc… are required to mitigate risk.

Acceptable use policies and training can be an effective means of influencing how users interact with systems that can either pose a direct or tangential cybersecurity threat.

Security policies and procedures define how to prevent and respond to security incidents. These policies and procedures focus on enforcement, designated and empowered incident response personnel, notification procedures, communication plans and monitoring external sources of information.

Examples of computer security related incidents and items that might be addressed in an acceptable use policy might include items such as:

  • A denial of service attack (DOS, DDOS).
  • Malware infections.
  • Policy violations, such as sharing offensive material, deliberate violation of information security policies, inappropriate use of systems and assets, and unauthorized escalation of privileges or subversion of access controls.
  • A user who defaces another organization’s public website.
  • Unauthorized access is gained to a critical information system.
  • Internal hacking.
  • External hacking, including defacement of websites and malicious intrusion attempts into the internal network.
  • Unauthorized access using VPN or wireless remote access.
  • Abuse of authorized internal and external services.
  • Unauthorized changes to live systems.
  • An event requiring forensic investigation to obtain evidence (e.g. point of entry, compromise of data, etc.).
  • Information systems and assets being used to commit unlawful activity.
  • The actions of third parties who use computer systems to harm the reputation of an organization.
  • Theft of database content.
  • Theft of mobile computing property.
  • Misuse of an employee’s or customer’s personal information.
  • User disclosure of confidential information to external parties.

A security policy might include items such as the following:

  • An incident response plan that serves as a guideline for an overall approach to addressing information security incidents.
  • An intrusion detection procedure that establishes an intrusion detection system and parameters related to maintaining this system.
  • Processes that flow through all phases of a response to an information technology-related incident (preparation, identification, containment, eradication, recovery, and lessons learned).
  • A procedure within the plan that includes classifying an event and assigning a severity rating or priority.
  • Regular reporting requirements for summary reports to management.
  • Provisions for documentation of critical information necessary in the event of an incident and guidelines for all personnel to report observed suspicious activity.
  • Incident management procedures that include a severity rating assignment.
  • Establishment of guidelines for communication of incidents to outside parties.
  • Selection of an incident response team with designated roles and responsibilities.
  • Ongoing and scheduled training for the incident response team.

Outlining what is acceptable use and how to respond to incidents, can reduce risk and improve the ability to contain potential damages should a security incident arise.

References

Bate, Ben, et al. “WordPress now powers 28% of all websites.” Envato, 5 Sept. 2017, envato.com/blog/wordpress-now-powers-28-websites/. Accessed 27 Sept. 2017.

Finley, Klint. “Linux Took Over the Web. Now, It’s Taking Over the World.” Wired, Conde Nast, 3 June 2017, www.wired.com/2016/08/linux-took-web-now-taking-world/. Accessed 27 Sept. 2017.

“Krebs on Security.” Brian Krebs, krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. Accessed 27 Sept. 2017.

Tung, Liam. “ IoT devices will outnumber the world’s population this year for the first time.” ZDNet, ZDNet, 13 Feb. 2017, www.zdnet.com/article/iot-devices-will-outnumber-the-worlds-population-this-year-for-the-first-time/. Accessed 27 Sept. 2017.

Turban, Efraim, et al. Information technology for management digital strategies for insight, action, and sustainable performance. New Jersey (Estados Unidos), Wiley, 2015.

FIT – MGT 5115 – Wk 4 Assignment

Use a mobile device (smartphone or tablet) to record several examples of organizations using mobile technologies in order to relate to customers, become more efficient, productive, and profitable.

Password: floridatech

FIT – MGT 5115 – Wk 4 Discussion Post

Explain how e-business processes improve productivity, efficiency, and competitive advantage for business organizations and the public sector (government and nonprofit organizations).

I think it it is important to define the “e” in e-business. The “e” stands for “electronic” and implies that the business is networked (i.e. – connected). E-businesses typically make heavy use of technologies such as the internet and electronic data interchange (EDI) to improve productivity, efficiency, and competitive advantage. An e-business applies technology and process to both external and internal business requirements but tends to apply more focus on internal processes as a means to improve productivity, efficiency, cost structures and competitive advantage.

E-businesses are connected businesses who leverage technology to operate effectively in a truly global economy.
These technologies might include:

  • Various wired, wireless and mobile networking technologies
  • APIs (application program interfaces) to streamline how applications talk to each other and exchange information
  • Collaboration and communication tools to like e-mail, Cisco WebEx, Cisco Spark, Slack, etc… are critical in a truly global economy
  • BI (business intelligence) tools
  • CRM (customer relationship management)
  • ERP (enterprise resource planning) systems
  • EDI (electronic data interchange)

These technologies allow organizations to better communicate both internally and externally using empirical data that is both accurate and relevant.
EDI extends this communication ecosystem by connecting disparate buyers, suppliers, and partners. In a B2B context, this helps organizations significantly improve operational efficiencies via the exchange of data that is critical to all stakeholders. This exchange of data can facilitate JIT (just-in-time) inventory strategies where buyers understand the inventory and lead time of suppliers, and suppliers understand potential demand. Exchange of information such as this allows both the buyer and the supplier to streamline their operations making them more efficient, increasing productivity and ultimately makes them more competitive in the market.

The implementation of e-business practices in the public sector can provide similar benefits to e-business practices in the private sector. While the private sector focuses heavily on B2B (business-to-business) applications as well as B2C (business-to-consumer) applications of technology the private sector may be willing to abandon a particular segment of the population if it does not align with their mission and/or vision. A good example of this is Amazon, if you don’t have an internet connected device you likely are not viewed by Amazon as their target market and Amazon is willing to forego you as a customer. Although the launch of brick and mortar Amazon stores, Amazon’s acquisition of Whole Foods and their recent partnership with Kohls might imply that Amazon wants to capture this segment of the market. The public sector has a responsibility to ensure that the services they are providing are available to everyone. The public sector has more of a B2C (business-to-consumer) and C2C (consumer-to-consumer) focus, and the use of websites, social media, and electronic communications has changed the way in which citizen access information, the information available to citizens and the information transparency. Public sector organizations capture a significant amount of data on citizens, or members and this data can now be better aggregated and analyzed allowing public sector organizations to serve their constituents more efficiently and cost-effectively. Public sector organizations have to contend which challenges that the private sector can afford to ignore, simply stating this is not a target market.

The lines are very blurry and becoming more blurred with each passing day.  Many technical disruptors are building both B2B and B2C platforms, data captured from both business partners as well as consumers make the platforms more robust and meaningful to all the stakeholders.  I think about the companies like Uber and their relationship with drivers and the riders.  The Uber to driver relationship is a B2B relationship while the relationship between Uber and the rider is a B2C relationship.  This same paradigm exists with Amazon and the Amazon marketplace, and there are many more examples.  What’s clear is that as we become more connected the productivity, efficiencies, new entrants, opportunities, etc… are exponential, not linear.

References

Bartels, A. (2000, October 30). The difference between e-business and e-commerce. Retrieved September 21, 2017, from https://www.computerworld.com/article/2588708/e-commerce/e-commerce-the-difference-between-e-business-and-e-commerce.html

Ripley, H. -. (2014, January 29). How e-business transforms public sector services in the UK. Retrieved September 21, 2017, from http://www.accaglobal.com/in/en/technical-activities/technical-resources-search/2014/january/How-e-business-transforms-public-sector-services.html

Turban, Efraim, et al. Information technology for management digital strategies for insight, action, and sustainable performance. New Jersey (Estados Unidos), Wiley, 2015.