Cybersecurity things to know
by John Bandler
- What is the difference between information security and cybersecurity?
- Information security is about securing all information (no matter the form). Cybersecurity secures digital information. Thus, cybersecurity is a subset of infosec.
- List the three information security objectives (CIA)
- Confidentiality, Integrity, Availability
- List the three types of controls to help achieve good cybersecurity (PAT)
- Physical, administrative, technical
- What is authentication in context of computers?
- The process of an information system identifying a user and granting access
- What are the three factors of authentication.
- Something you know, have, are
- What is the principle of least privilege?
- The principle of giving a person or system the least amount of privileges (abilities) needed to do their job
- What is social engineering? (simply and briefly)
- Trickery, con artistry
- What are the two main types of encryption? (hint: cryptographic key types)
- symmetric (same keys), asymmetric (public/private key)
- Encryption can be done on data in two stages/phases, what are they?
- When data is at rest and when data is in motion
- What is the one-way encryption (cryptography) used to store password representations, or to verify integrity (e.g. the data is the same and has not been changed)?
- Hashing (Cryptographic hash function)
- True/False, attorneys have a duty to have reasonable cybersecurity
- True!
- Every attorney should be aware of and protect against the pernicious social engineering fraud known as ...
- Business email compromise, CEO fraud, email based funds transfer frauds
- Every person should be aware of and protect against the pernicious social engineering fraud known as ...
- Business email compromise, CEO fraud, email based funds transfer frauds
- How will you protect from business email compromise and CEO fraud?
- Secure email accounts with strong password and 2 factor authentication. Realize others might not. Confirm all funds transfer instructions verbally. Tell clients to do so also.
- List the Four Pillars of Cybersecurity from Bandler
- Knowledge/awareness, Secure devices, Secure data, Secure networks (Internet usage)
- List some cybersecurity frameworks (voluntary guidance to organizations to organize their cybersecurity programs)
- List some laws or regulations that relate to information security
- NYS SHIELD Act, NYS DFS 500, GLBA, SOX, HIPAA/HITECH, FTC Act (sort of)
- Why are governments implementing civil laws or regulations requiring information security?
- Protect consumers, prevent cybercrime
Disclaimer
These are short Q&As and cannot be expected to capture all nuances of all terms.
Many people have different understanding of various terms.
Links
- Course Resources
- Introduction to Law (Outline)
- Other "things to know"
Posted 12/12/2022 based on years of teaching. Updated 2/28/2023