the poem you were expecting him to write? or the poem you've always been waiting to read?

italics is tommy pico, communicates with teebs

battles with his relationship as an english speaking poet and being an ndn

goes against what a lot of nature poems are about

saying that the earth will be fine it's just the human race that'll die out

VERY personal

something that I empathize with a lot nature threatening you with the existence of god

poetic and nature

meter + sibilance

Nature

in poetry we personify nature a lot, this also builds off the other one I highlighted about nature threatening you with the existence of god

nature

Tone

goes with the rambling style of prose that he keeps using

personal

Poetic

"Grief is" metaphor

Tone

all of the #death stuff, mentioned in the blurb

poetic

I just really like this passage

Personal

Tone combines nature with fucking...I think...

similar to the first step of activism - getting people to become aware of the issue and think about it - you can't do that without the proper words to describe it

Applied criminology focuses on reducing crime through actionable means. Theoretical criminology seeks to explain criminal behavior by developing and refining theories.

Determinism and positivism are two frameworks that attempt to explain human behavior. Determinism argues that it is influenced by factors outside of one's control. Positivism, on the other hand, asserts that, through scientific observation, human behavior can indeed be studied and understood.

In the field of criminology, rational choice theory suggests that individuals engage in crimes they believe are a low risk activity through comparing the benefits of committing a crime with the risks of getting caught.

Determinism is a theoretical framework in criminology that suggests human behavior is influenced by factors beyond individual control.

The variables used during social science inquiry are socioeconomic status, education, and environment.

Edwin Sutherland work, emphasizing the role of socialization in the development of criminal behavior, has been a key contribution to the role of criminology. Criminology has evolved to become more nuanced, with multiple frameworks emerging to explain why and what types of individuals commit crimes.

Criminologists aim to advance the understanding of crime through research-based methods. Through identifying variables that contribute to crime, criminologists develop and apply theories to explain why individuals engage in crime.

While criminology is the study of crime and criminals, criminal justice refers to methods established by the government that are used to prevent, deter, and control crime.

Criminology is a field of study that focuses on analyzing crime and criminals to understand why crime happens, what types of people are prone to criminal action. Research is used to find ways to promote social justice and prevent crime from happening.

referring to a moment of destruction, some singularity leading to some apocalyptic event

a lot of religious references, with prophets, the same hand, paradise, potentially the 12 prophets

perhaps a nod to the 12 prophets of islam?

nightingales are significant to poetry John Keats' "ode to a nightengale"

wtf does this mean

cardbOard, ORchArd

alliteration

translated from farsi

contrasts with "budding flowers" and "lemon trees"

plastic making beautiful examples of nature

lemon trees represent a lot of stuff

is he referring to trees?

Frank Abagnale's video talked about why this was a bad idea- most stolen PII isn't even used for at least like 3 years

going under my "royal fuckups" header for notes on this case study

According to Equifax, the key factors for why they got breached were failures in identification, detection, segmentation, and data governance.

When arriving on scene, the investigator must be able to classify the event and discern what, if any offence has been committed.

Based on the type of offence and the classification of the event, the law provides certain powers for taking action. Officers must know the law when taking action and entering a property.

Officers need to be able to recognize if and what offence is taking place while also trying to classify the event.

Knowing what offence has taken place is important because the investigator will then know what type of evidence they need to look for and under what circumstances can they enter an property legally.

While on the scene of the event, the investigator has to know the legal grounds to which they are able to enter the property: * consent of the property owner * obtain a warrant * exigent circumstance * in active pursuit of the suspect

If the investigator determines that the event is active and the offence poses a threat to Level One Priorities, then they know that they can make an arrest if they can find evidence to support reasonable grounds to do so.

If an officer suspects that a crime has been committed, they need to discern whether they need to catch the suspect in the act (summary conviction) or if there is already enough evidence (indictable/dual procedure) to make an arrest.

When called on scene, a police officer will have to determine if the event taking place is active or inactive. If it is active, thus requiring a tactical investigative response, they need to discern if there is a threat to Level One Priorities.

Because information is limited in these scenarios, the law allows for "exigent circumstances" - scenarios in which an officer can rely on certain powers to protect Level One Priorities.

circumstances predetermined by law for when an officer can enter a property and make an arrest without a warrant

active event + explicit or implied threat to life or safety = exigent circumstances

This dilemma arises when a crime is actively being committed that presents a direct threat to the safety of others. For example, an active shooter scenario poses this dilemma because the responding officer must weigh the available information and decide if they should respond or wait for backup.

Requires a Strategic Tactical Investigative Response 1. The criminal act has concluded at the scene. 2. The suspect or suspects have left the scene or have been arrested or detained. 3. The situation at the scene no longer represents a danger to the life or safety of a person, including police officers.

When at the scene of an event, the investigator must always assume that the event is inactive until proven otherwise. Knowing if an event is active or inactive is imperative to deciding further action.

Requires a Tactical Investigative Response 1. The criminal act is or may still be in progress at the scene. 2. The suspect is or may still be at the scene of the event. 3. The situation is, or may be, a danger to the life or safety of a person, including the life or safety of attending police officers.

The recognition of the specific offense being committed to further aid in the investigators thought process when looking for evidence.

Classify the event as "active" or "inactive" to know whether to conduct a tactical or strategic investigative response.

When entering an investigation, investigators must be able to identify two important situational elements to aid in the investigative process: Event classification and Offence Recognition.

Offence recognition

Event Classification

Criminal events fall into two categories, "active" and "inactive". An active event, where a crime is actively being committed, requires a tactical investigative response from an officer on the front lines. Once the event becomes inactive, after the scene is brought under control, an investigator will conduct strategic investigative response.

It is important to understand these two types on response as they require different protocols and legal proceedings.

Once the investigator has arrived on scene and the event is under control (event is now "inactive" and Level One Priorities are met). In court, police investigators will have to explain their thinking process based on information they were given and whether they felt the need to take action.

Pertains to "active" events where operational officers take action (by using force, making an arrest, etc) as a front-line response to criminal events. In these scenarios, there is limited information at hand but critical decisions must be made. If an officer takes action, they are accountable for said action and may have to explain their reasoning for doing so in court.

Criminal investigations may change wildly and in unpredictable ways. As such, methodologies pertaining to the investigative process must be sufficiently flexible while also ensuring that results and priorities are met.

When conducting an investigation - the progression from initial evidence gathering to the arrest and charge of a suspect - the results and priorities sought after in an investigation will always be the same.

The steps to the investigative process.

Criminal incidents are dynamic and unpredictable. As such, the rules to conducting an investigation must be general in nature and flexible.

These steps ensure that, in spite of the unpredictable nature of a criminal investigation, all necessary milestones are hit to ultimately lead to the arrest and charge of a suspect.

When conducting an investigation, it is important to keep your priorities straight; distinguishing from priorities and results will ensure that an investigation is conducted in a manner that will not compromise it's integrity or validity.

AKA "Level One priorities"

The protection of lives and safety of people, including first responders. Level One priorities will always supercede Level Two priorities (results). It is justifiable to prioritize a Level One priority at the expense of a Level Two priority.

AKA "Level Two priorities"

These come after "Level One priorities" (just called "Priorities") have been ensured. Under no circumstances will Level Two priorities come at the expense of Level One priorities.

There are 4 general results which are considered equal to each other, meaning that it may be justified to concentrate on one result at the expense of another. 1. Identifying, gathering, and preserving evidence 2. Establishing reasonable grounds to identify and arrest suspects 3. Accurately recording and documenting the event in notes and reports 4. Protecting property

Investigative tasks are concerned with the act of actually gathering the information. Investigative thinking is the analysis of this information to develop theories based on it.

The analysis of information and development of theories of what happened.

The collection of evidence and information information gathered in investigative tasks is to be later processed, or "chewed on" during investigative thinking

what supply chain management actually is

when you outsource you now have to worry about both your risks and whoever else is involved in outsourcing

essence of supply chain management

risks of outsourcing should be considered just as much as the benefits of it

examples of risks related to the supply chain

supply chain management reduces risk to supply chain

the process of that starts by sourcing raw materials and ends with the delivery of product to end users. The supply chain includes all aspects of this process such as vendors, manufactures, factories, warehouses, etc.

purposes of internal controls

all of these help the organization achieve their objectives in some way or another

relation of internal controls to risk assurance and the audit committee

the internal auditor should have the answer to this question

risk assurance is the assurance that risks are managed and that controls and implementation thereof are effective

monitors the use and effectiveness of internal controls

audit committee functions: ensure compliance evaluate governance standards advocate for risk management

audit committee is meant to be objective facilitates the evaluation of activities in the organization and it's board

the measure of an organization's risk culture a good control environment is indicative of future success with implementation of risk management and internal control activities

internal controls overlap with governance

Outcomes of effective (use of) internal control(s)

The system(s) in place that ensure a business meets its objectives. These include managerial actives that facilitate the direction of actions that increase the chance of objectives being achieved.

stakeholder treatment and influence, and transparency are essential parts of governance

lists the 4 major risks posed towards their company and some mitigation strategies

Is a risk acceptable? if not then develop contingency plans loss scenarios are to be investigated and documented

identify, analyze, evaluate, respond, monitor, and communicate risks that relate to said manager's domain compares levels of risk against predefined risk appetite

identification, evaluation, management measures, control, and review/lessons learned

1. Establish a time frame for the recovery of mission-critical activities
2. Define resource requirements for remediation and their impact potential
3. Determine whether the impact is within the risk appetite to determine further response.

Assesses the impact of interruption from each critical function. Required to identify the continuity stages of each function. Emphasis is on the importance of a function rather than what could influence it (that is what risk assessments are for)

We are reduced to x% functionality, if we want to get to y% by the agreed date, we will need these resources

A business impact analysis (BIA) will identify the criticality of a function while a risk assessment will identify events that could undermine said function

Three components of BCP: 1. Activate crisis management plan. Respond to crisis and make stakeholders aware of situation. 2. Implement disaster recovery plan. Restore infrastructure in a capacity that allows for minimum required functionality for organizational operation. May overlap with first component. 3. Work to restore full functionality

working towards full recovery

proactively making a plan for reactive measures

plan for restoring organizational infrastructure in the event of a crisis

definition of BCP

the identification of potential threats to a business, their impacts, and a plan for responding to such scenarios

delays in obtaining settlement disputes on extent of coverage potential for being over or under insured

reduces uncertainty regarding hazard risks may save money because losses could be greater than insurance premiums can provide access to specialist services through insurer

insurance provider pays for losses suffered by the victims of the activities of the insured

insurance providers pays for losses suffered by insured

based

Senior officials from the organization promoting good cyber hygene, see 6 steps

Comfort: low-likelihood/low-impact events Cautious & Concerned: acceptable variability of the level of risk, risk tolerance Critical: outside tolerance limits

Preventative provides the most control while Detective provides the least control

Preventative: Limit the possibility of an undesirable event happening. Preventative controls become more important with the priority to prevent a certain outcome. Most controls implemented in response to hazard risks fall under this.

Corrective: Reduce the impact of any outcomes that have already been realized and remedy risk exposure. Treatment is focused on making the risk less likely to occur and/or the impact is reduced.

Directive: Give directions to people in an effort to ensure a particular outcome is achieved and loss is prevented. Examples include training on how to respond to a specific event. Similar to processes in PPT.

Detective: If an outcome has already been realized, detective controls figure out when and how. The goal is to ensure that circumstances do not deteriorate further or happen again

the 4 T's falls under risk response

basically just working to move the risk to the tolerable quadrant through the use of T's that are adjacent to terminate

there is overlap between the 4T's, I imagine that distinction comes when looking at likelihood/impact and type of control used

employee training, security cameras, redundant backups, etc

so does this mean that implementing controls is a form of risk treatment?

In the summer we'll use our factories to make swimsuits and in the winter we'll make mittons

To tolerate a risk means to accept and retain it, even if it is more risky than the organization would like (We may lose 40k in product but it would cost more to replace it so we're just not going to)

The concept of risk tolerance is the range of risk that is acceptable (We've prepared ourselves so that we're comfortable with up to 20k in losses)

the point of controls are to ultimately move risk to a tolerable level

if the benefit is high and in alignment with the organization's goals

residual risk

Tolerate: No further action is taken. The exposure is either tolerable or the cost of taking action is disproportionate to any benefit gained. | low likelihood / low impact

Treat: Action is taken to reduce the risk back down to a tolerable level. | high likelihood / low impact

Transfer: A third party to takes on the risk. Cyber insurance is the most common example of this. | low likelihood / high impact

Terminate: The only way to achieve an acceptable level of risk is to completely stop the activity. | high likelihood / high impact

the "T" that you use is dependent on the location of said risk when graphed on a risk matrix

4Ts generally just applies to hazard risks then

in terms of priority significant risk

What is a risk management standard?

I think these are the program management outcomes

The book's definition of risk

like how boise state parking will account for x many spots being taken up by trespassers when deciding how many permits to give out

3 separate things beginning to melt together into the larger cyber security pot

mitigation actions are traced using the plan of action milestones The controls are then reassessed to determine remediating efficacy. Assessment reports and security and privacy plans are updated accordingly

The authorizing official determines what amount of risk can be accepted based on how well the organization can deal with risk (I think?) Prioritization (I call this triaging) of risk is crucial to this form of risk response. From prioritizing risk, you can then determine an acceptable amount of residual risk

basically the monitor and refine phase

specific guidelines for responding to risk in the context of the risk type and organizational goals navigating risk response in a ways threat does inadvertently harm the organization

RM strategies give a guide for how organizations address risk

The amount of risk the organization can deal with. This can be expressed with quantitative numbers like money lost.

The pursuit of risk in terms of the organization's goals and methods of achieving them

Key Principles: 1. Risk appetite can be complex so it is best to address said complexity 2. Risk appetite must be measurable in a way that directors and stakeholders can understand. 3. Risk appetite is dynamic, changing in range and breadth based on organizational goals 4. Risk appetite should be developed within the context of the capabilities of the organization. These capabilities are influenced by the culture and resources of the organization. 5. Risk appetite should be addressed throughout every aspect of the organization 6. Risk appetite is influenced by the organization's propensity to take risk and exercise control

risks that are closely related may snowball into each other priority is then based on the likelihood of said risks actually materializing

takes into account the CIA triad/impact from it's fracture

prob needs stakeholder input

previous questions define base for risk prioritization weighing current and future impact to the organizations

A method is needed to take risks and respond to them in a way that can be easily repeated and understood

Triage of risk because there is a lot of it

Respond to findings from the monitor phase in accordance to the organization's risk tolerance. This control stresses the importance of defining appropriate responses to risks before generating a plan of action.

Identify the harm to assets and the potential impact of them being...harmed

how likely a threat will attempt to be exploited, how likely the exploitation will succeed, and how likely there will be negative impact from said exploitation

define what vulnerabilities you have and how exploitable they are

come up with every threat you can think of, divided into adversarial and non-adversarial then compile them into criticality

not completely true hahaha

Find adversarial and non-adversarial threats assess them in terms of things that COULD happen

scope and the 3 parts of context

I assume that the answers to the questions should be ones that non-industry pros could understand

what data you're protecting, how you're protecting it, and how it's being stored

key is to make it relevant to BoD and Stakeholders who may not be tech-savvy

Indicates that CRMs are still relatively new and not as high of a concern when compared with traditional ideas of "risk"

the level of risk they can tolerate for a given scenario and it's objective

a team of senior members that oversee all tasks related to risk within their field

should contain diverse skillsets and backgrounds and have strong leadership skillz

generally has some lebel of expertise in whatever field they're "directing"

Falls under GRM

Make sure the stakeholders have an understanding of what the IRM program does and how it aligns with thier goals

being healthy and happy are byproducts of brushing your teeth, working out, and eating good foods

every company has different goals so the use of frameworks should be tailored to fit those goals franken-framework???

An ordered arrangement of groups or categories

why the sales rep is a cog in the greater cybersecurity machine

whoever has the least failed phishing tests gets a gift card

Ashley Rose in the first video talks about this Remembering your first college party vs the last test they took

security-oriented company culture

asset 1 is very important to us, how could it fail?

can identify patterns of risky behavior

proactive and preemptive response to risk as opposed to reactive

find ways to measure risk in a meaningful way, then use that data effectively

resiliency

comparison between the amount of risk transferred via insurance vs the amount of risk retained

risk retention is inversely related to the cost of risk insurance

Internal: stuff that goes wrong within a firm

External: stuff that goes wrong that effects a firm's clients and third parties (I think??)

statistics, particularly relating to insurance

This part is very heavy on the use of cyber insurance It goes into a lot insurance stuff that kinda just went over my head

Proactively mitigate risk by analyzing main security concerns and how to satisfy them

Also goes into detail on how to properly invest in information security by comparing each investment with the value of the risk (I still don't understand how this is done)

Technical mitigations defined by established security considerations and their associated techniques

Like the CIA triad but more detailed, containing 6 pillars as opposed to the original 3

Avoiding risk wherever possible This treatment is not as relevant today because it isn't resilient-focused (I think)

They use the example of requiring security policies of IoT devices bc they're usually cheap They also say that this example could be under mitigation

The proper treatment for a cyber incident is determined by: the likelihood of the event the potential impact of said event

The three types of treatments are: Avoidance Mitigation to reduce likelihood/potential impacy Transfer Retention

The CIA triad

gives historical account of how cyber risks have been identified

noun

the act of making a law or decree known, or formally putting it into effect, by public declaration: Upon adoption, signing, and promulgation of these provisions in the established procedure, they acquire the power of law.

the act of publicly teaching or setting forth an idea, doctrine, etc.: The systematic study of parasites began with the promulgation of the germ theory.

Short phrase describing what the metric does and what it measures

ST-#-#

ST: structural design principle metric first number is number of said design principle

TE-AP-#

TE: technique AP: approach #: number assignment

generally formatted as: OO-S#-A#-# ex. PA-S1-A2-2

OO: any one of the cyber resiliency objectives; A for Prevent/Avoid, PR for Prepare, CN for Continue, CS for Constrain, RE for Reconstitute, UN for Understand, TR for Transform, and RA for Re-Architect.

S# and A# are the sub objective and activity, respectively

The last space is to assign a number to the objective

catalog entries include information about cyber resilient TTP's and accompanying information about them

design principles are driven by organization goals and risk management strategy

determine which design principles are used, how to use them for the target environment, and how to describe said design principles

re-architect is supported by strategic design principles and drives structural design principles

Prepare comes as a result of arch, des, and impl

reason for this paper