Cybersecurity things to know

by John Bandler

Here are some "things to know" about basic cybersecurity. This will aid most everyone in understanding this topic, which affects all of us.

If you are a student of mine, you will probably see these questions in the future (depending on what course you are taking).

  • What is the difference between information security and cybersecurity?
    • Information security is about securing all information (no matter the form). Cybersecurity secures digital information. Thus, cybersecurity is a subset of infosec.
  • List the three information security objectives (CIA)
    • Confidentiality, Integrity, Availability
  • Briefly summarize the three information security objectives (CIA)
    • A good summary goes here (my articles get you started)
  • List the three types of controls (safeguards) to help achieve good cybersecurity (PAT)
    • Physical, administrative, technical
  • Briefly summarize the three types of controls (safeguards) to help achieve good cybersecurity (PAT)
    • A good summary goes here (my articles get you started)
  • What is authentication in context of computers?
    • The process of an information system identifying a user and granting access
  • List the three factors of authentication (and give an example of each).
    • Something you  know, have, are
  • What is two factor authentication?
  • Why should we employ two-factor authentication on important cloud and internet accounts?
  • What is the principle of least privilege?
    • The principle of giving a person or system the least amount of privileges (abilities) needed to do their job
  • What is social engineering? (simply and briefly)
    • Trickery, con artistry
  • What are the two main types of encryption? (hint: cryptographic key types)
    • symmetric (same keys), asymmetric (public/private key)
  • Encryption can be done on data in two stages/phases, what are they?
    • When data is at rest and when data is in motion
  • What is the one-way encryption (cryptography) used to store password representations, or to verify integrity (e.g. the data is the same and has not been changed)?
    • Hashing  (Cryptographic hash function)
  • True/False, attorneys have a duty to have reasonable cybersecurity
    • True!
  • Every attorney should be aware of and protect against the pernicious social engineering fraud known as ...
    • Business email compromise, CEO fraud, email based funds transfer frauds
  • Every person should be aware of and protect against the pernicious social engineering fraud known as ...
    • Business email compromise, CEO fraud, email based funds transfer frauds
  • How will you protect from business email compromise and CEO fraud?
    • Secure email accounts with strong password and 2 factor authentication. Realize others might not. Confirm all funds transfer instructions verbally. Tell clients to do so also.
  • List the Four Pillars of Cybersecurity from Bandler
    • Knowledge/awareness, Secure devices,  Secure data, Secure networks (Internet usage)
  • List some cybersecurity frameworks (voluntary guidance to organizations to organize their cybersecurity programs)
  • List some laws or regulations that relate to information security
    • NYS SHIELD Act, NYS DFS 500, GLBA, SOX, HIPAA/HITECH, FTC Act (sort of)
  • Why are governments implementing civil laws or regulations requiring information security?
    • Protect consumers, prevent cybercrime

Disclaimer

These are short Q&As and cannot be expected to capture all nuances of all terms.

Many people have different understanding of various terms.

Purpose of this page

This page is a study aid for my students, and a place for me to draw quiz and assignment questions from.

The goal is for students to learn important concepts, especially foundational concepts that provide footholds for learning more complex concepts. This is the learning concept of "scaffolding", where you start low, learn things, build the knowledge and concept complexity up.

I used to emphasize these things only in class, quizzes, and assignments, but then realized more was needed, because by the end of the semester, some students had not learned some of these things. By providing this study page and linking to it, I find that students have more opportunity to study and then learn better.

Links

This page is hosted at https://johnbandler.com/things-to-know-cybersecurity/, copyright John Bandler, all rights reserved.

Posted 12/12/2022 based on years of teaching. Updated 11/21/2023