�ݺ�ߣ

Editor's Notes

• #7: TOR is a encrypted network comprises volunteers all over the world. It works by relaying the connection from its origin through some nodes before it reaches the destination. Bitcoin is a digital currency and over anonymity of the owner.
• #9: A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device. A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw. This initial code that is downloaded is often very small (so you probably wouldn’t notice it), since its job is often simply to contact another computer where it can pull down the rest of the code on to your smartphone, tablet, or computer. Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on your computer. These downloads may be placed on otherwise innocent and normal-looking websites. You might receive a link in an email, text message, or social media post that tells you to look at something interesting on a site. When you open the page, while you are enjoying the article or cartoon, the download is installing on your computer. https://blogs.mcafee.com/consumer/drive-by-download https://support.evvnt.com/hc/en-us/article_attachments/200859568/browsers.jpg
• #10: A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device. A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw. This initial code that is downloaded is often very small (so you probably wouldn’t notice it), since its job is often simply to contact another computer where it can pull down the rest of the code on to your smartphone, tablet, or computer. Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on your computer. These downloads may be placed on otherwise innocent and normal-looking websites. You might receive a link in an email, text message, or social media post that tells you to look at something interesting on a site. When you open the page, while you are enjoying the article or cartoon, the download is installing on your computer. https://blogs.mcafee.com/consumer/drive-by-download https://support.evvnt.com/hc/en-us/article_attachments/200859568/browsers.jpg
• #26: Crypt32.dll is the module that implements many of the Certificate and Cryptographic Messaging functions in the CryptoAPI, such as CryptSignMessage. https://msdn.microsoft.com/en-us/library/windows/desktop/aa379884%28v=vs.85%29.aspx
• #40: Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy. • Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. • Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. • Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.