I want to take some time here to get a little philosophical and talk about the purpose of cyber security, what it's all about. It's important thing for you, as you are learning this topic, to think through yourself. Because what will happen is, you spend weeks and weeks and weeks learning about cyber security, and then your friend, your mom, your cousin, your spouse or coworker says, "Hey, what is cyber security all about?" And you say, "You know, I am not really sure. I have all this information in my head but, I don't really have a good solid understanding." So, what we are going to do is take a minute here and make sure that we are all in agreement around what this boils down to. Now, years ago in the 1970's, there was a man, James Anderson was his name, a pioneer in cyber security, and he was pondering this question as computers were becoming more powerful. The question was, what is, we call that at the time, computer security? We call it cyber security now. Here is what he came up with. He came up with something called the reference monitor concept, and think of reference monitor as a box. And on one side of the box, you have active entities: users, hackers, processes, things doing stuff. And on the other side of the box, you have resources or assets: files, databases, systems, things you want access to. So this is like a repository, this is an active process, and you drop this thing in the middle called the reference monitor. And here is what James Anderson said, and I still think it's a wonderful way of thinking about cyber security, albeit it a little operationally. But what he said was, the main purposes that as active entities try to reach passive repositories, cyber security sits in the middle, and when those requests come in for access to a resource, cyber security says yes or no. Not the most technical concept in the world, but he said, "Based on policy, the idea is to either allow or disallow access to a resource. Isn't that interesting? From that, a whole body of cyber security modeling and technology kind of emerge, where we formalize terms here. We started to call these things, these active entities, subjects, and we started calling these more passive entities, objects, and we called that the subject-object model of cyber security or computer security. And it really stood for a long period of time. Now, a lot of you would say, "Well, wait a minute. What if there's two entities, they're both subjects and they want to communicate, send each other e-mail and stuff?" You are absolutely correct that the model in some sense doesn't fit all possibilities. But the bottom line is, that you've got an active entity wanting to do something and a piece of cyber security that is saying yes or no. What this has caused in our industry is the observation amongst many people, a lot of you who were here listening, part of our learning community, will say, "You know what? It's always those cyber security people saying no." It may be you have a job somewhere and you get this idea that, when you work in the security department, you have to go ask and they usually say no. And that comes from that original concept, that cyber security is this thing and they can access the reference monitor. The cyber security says, "Oh, who are you? Okay, you are allowed. I'll let you through." Or I say, "Oh, who are you? I'm sorry, you are not allowed." And I would say no. That concept, I think. Increasingly has given way to I think a much more collegial notion of cyber security and that security is an enabler. And what that means is that under normal circumstances, you might be very nervous about whether subjects can or should be accessing objects. For example, subject with credit card wants to buy something from website and you go, "Wait a minute. We can't do that. That's too dangerous." And suddenly you say, "Wait, I have an enabling idea. Let's put this piece of security there." Now watch. Now, subject with credit card can come in and I can invent protocols to make sure that everything is okay. Check to make sure we are good and go ahead and use the credit card. It enables the ability of subjects and objects to communicate. Is that a better way of thinking about it? It's really the same picture but it's a much more reasonable way of thinking about cyber security in the context of business, the internet of all the things that we do, security is an enabler instead of as a blocker. So keep that in mind as we go through our discussions. It's a better way of thinking about cyber security and it'll purveyed a lot of the discussions that we do. Thanks.
