Cybersecurity things to know

Cybersecurity things to know

by John Bandler

• What is the difference between information security and cybersecurity?
  • Information security is about securing all information (no matter the form). Cybersecurity secures digital information. Thus, cybersecurity is a subset of infosec.
• List the three information security objectives (CIA)
  • Confidentiality, Integrity, Availability
• List the three types of controls to help achieve good cybersecurity (PAT)
  • Physical, administrative, technical
• What is authentication in context of computers?
  • The process of an information system identifying a user and granting access
• What are the three factors of authentication.
  • Something you  know, have, are
• What is the principle of least privilege?
  • The principle of giving a person or system the least amount of privileges (abilities) needed to do their job
• What is social engineering? (simply and briefly)
  • Trickery, con artistry
• What are the two main types of encryption? (hint: cryptographic key types)
  • symmetric (same keys), asymmetric (public/private key)
• Encryption can be done on data in two stages/phases, what are they?
  • When data is at rest and when data is in motion
• What is the one-way encryption (cryptography) used to store password representations, or to verify integrity (e.g. the data is the same and has not been changed)?
  • Hashing  (Cryptographic hash function)
• True/False, attorneys have a duty to have reasonable cybersecurity
  • True!
• Every attorney should be aware of and protect against the pernicious social engineering fraud known as ...
  • Business email compromise, CEO fraud, email based funds transfer frauds
• Every person should be aware of and protect against the pernicious social engineering fraud known as ...
  • Business email compromise, CEO fraud, email based funds transfer frauds
• How will you protect from business email compromise and CEO fraud?
  • Secure email accounts with strong password and 2 factor authentication. Realize others might not. Confirm all funds transfer instructions verbally. Tell clients to do so also.
• List the Four Pillars of Cybersecurity from Bandler
  • Knowledge/awareness, Secure devices,  Secure data, Secure networks (Internet usage)
• List some cybersecurity frameworks (voluntary guidance to organizations to organize their cybersecurity programs)
• List some laws or regulations that relate to information security
  • NYS SHIELD Act, NYS DFS 500, GLBA, SOX, HIPAA/HITECH, FTC Act (sort of)
• Why are governments implementing civil laws or regulations requiring information security?
  • Protect consumers, prevent cybercrime

Disclaimer

These are short Q&As and cannot be expected to capture all nuances of all terms.

Many people have different understanding of various terms.

Links

• Course Resources
• Introduction to Law (Outline)
• Other "things to know"
  • Miscellaneous things to know
  • Cybersecurity things to know (this page)
  • Introduction to law things to know
  • Cyberlaw things to know

Posted 12/12/2022 based on years of teaching. Updated 2/28/2023