Cybersecurity things to know

by John Bandler

  • What is the difference between information security and cybersecurity?
    • Information security is about securing all information (no matter the form). Cybersecurity secures digital information. Thus, cybersecurity is a subset of infosec.
  • List the three information security objectives (CIA)
    • Confidentiality, Integrity, Availability
  • List the three types of controls to help achieve good cybersecurity (PAT)
    • Physical, administrative, technical
  • What is authentication in context of computers?
    • The process of an information system identifying a user and granting access
  • What are the three factors of authentication.
    • Something you  know, have, are
  • What is the principle of least privilege?
    • The principle of giving a person or system the least amount of privileges (abilities) needed to do their job
  • What is social engineering? (simply and briefly)
    • Trickery, con artistry
  • What are the two main types of encryption? (hint: cryptographic key types)
    • symmetric (same keys), asymmetric (public/private key)
  • Encryption can be done on data in two stages/phases, what are they?
    • When data is at rest and when data is in motion
  • What is the one-way encryption (cryptography) used to store password representations, or to verify integrity (e.g. the data is the same and has not been changed)?
    • Hashing  (Cryptographic hash function)
  • True/False, attorneys have a duty to have reasonable cybersecurity
    • True!
  • Every attorney should be aware of and protect against the pernicious social engineering fraud known as ...
    • Business email compromise, CEO fraud, email based funds transfer frauds
  • Every person should be aware of and protect against the pernicious social engineering fraud known as ...
    • Business email compromise, CEO fraud, email based funds transfer frauds
  • How will you protect from business email compromise and CEO fraud?
    • Secure email accounts with strong password and 2 factor authentication. Realize others might not. Confirm all funds transfer instructions verbally. Tell clients to do so also.
  • List the Four Pillars of Cybersecurity from Bandler
    • Knowledge/awareness, Secure devices,  Secure data, Secure networks (Internet usage)
  • List some cybersecurity frameworks (voluntary guidance to organizations to organize their cybersecurity programs)
  • List some laws or regulations that relate to information security
    • NYS SHIELD Act, NYS DFS 500, GLBA, SOX, HIPAA/HITECH, FTC Act (sort of)
  • Why are governments implementing civil laws or regulations requiring information security?
    • Protect consumers, prevent cybercrime

Disclaimer

These are short Q&As and cannot be expected to capture all nuances of all terms.

Many people have different understanding of various terms.

Links

Posted 12/12/2022 based on years of teaching. Updated 2/28/2023