Cybersecurity things to know

Cybersecurity things to know

by John Bandler

Here are some "things to know" about basic cybersecurity. This will aid most everyone in understanding this topic, which affects all of us.

If you are a student of mine, you will probably see these questions in the future (depending on what course you are taking).

• List the three information security objectives (CIA)
  • Confidentiality, Integrity, Availability
• List the three types of controls (safeguards) to help achieve good cybersecurity (PAT)
  • Physical, administrative, technical
• List the three factors of authentication
  • Something you know, something you have, something you are
• List the Four Pillars of Cybersecurity from Bandler
  • 1. Improve Knowledge/awareness, 2. Secure devices,  3. Secure data, 4. Secure networks (and internet usage)
• What is the difference between information security and cybersecurity?
  • Information security is about securing all information (no matter the form). Cybersecurity secures digital information. Thus, cybersecurity is a subset of infosec.
• Briefly summarize the three information security objectives (CIA)
  • A good summary goes here (my book/articles can help you)
• Briefly summarize the three types of controls (safeguards) to help achieve good cybersecurity (PAT)
  • A good summary goes here (my book/articles can help you)
• What is authentication in context of computers?
  • The process of an information system identifying a user and granting access
• List the three factors of authentication (and give an example of each).
  • Something you know, something you have, something you are
• What is two factor authentication?
  • Two factor authentication
• Why should we employ two-factor authentication on important cloud and internet accounts?
  • Two factor authentication
• What is the principle of least privilege?
  • The principle of giving a person or system the least amount of privileges (abilities) needed to do their job
• What is social engineering? (simply and briefly)
  • Trickery, con artistry
• What are the two main types of encryption? (hint: cryptographic key types)
  • symmetric (same keys), asymmetric (public/private key)
• Encryption can be done on data in two stages/phases, what are they?
  • When data is at rest and when data is in motion
• What is the one-way encryption (cryptography) used to store password representations, or to verify integrity (e.g. the data is the same and has not been changed)?
  • Hashing  (Cryptographic hash function)
• True/False, attorneys have a duty to have reasonable cybersecurity
  • True!
• Every attorney should be aware of and protect against the pernicious social engineering fraud known as ...
  • Business email compromise, CEO fraud, email based funds transfer frauds
• Every person should be aware of and protect against the pernicious social engineering fraud known as ...
  • Business email compromise, CEO fraud, email based funds transfer frauds
• How will you protect from business email compromise and CEO fraud?
  • Secure email accounts with strong password and 2 factor authentication. Realize others might not. Confirm all funds transfer instructions verbally. Tell clients to do so also.
• List some cybersecurity frameworks (voluntary guidance to organizations to organize their cybersecurity programs)
  • Four Pillars of Cybersecurity (from Bandler), NIST Cybersecurity Framework, CIS Critical Security Controls, ...
• List some laws or regulations that relate to information security
  • NYS SHIELD Act, NYS DFS 500, GLBA, SOX, HIPAA/HITECH, FTC Act (sort of)
• Why are governments implementing civil laws or regulations requiring information security?
  • Protect consumers, prevent cybercrime
• True/False: Cybersecurity principles are important to cyberlaw
  • True
• Where can I learn cyberlaw things to know?
  • Cyberlaw things to know

Disclaimer

These are short Q&As and cannot be expected to capture all nuances of all terms.

Many people have different understanding of various terms.

Purpose of this page

This page is a study aid for my students, and a place for me to draw quiz and assignment questions from.

The goal is for students to learn important concepts, especially foundational concepts that provide footholds for learning more complex concepts. This is the learning concept of "scaffolding", where you start low, learn things, build the knowledge and concept complexity up. See my article on scaffolding and learning (link below).

I used to emphasize these things only in class, quizzes, and assignments, but then realized more was needed, because by the end of the semester, some students had not learned some of these things. By providing this study page and linking to it, I find that students have more opportunity to study and then learn better.

Links

• Other "things to know"
  • Things to know (the main jump-off page)
  • Introduction to law things to know
  • Cyberlaw things to know
  • Cybersecurity things to know  (this page)
  • Fourth Amendment cases things to know
  • Private security cases things to know
  • Miscellaneous things to know
• Scaffolding, Layering, and Learning
• My cybersecurity course at Udemy
• More on this topic
  • Introduction to Cybersecurity and Information Security
  • Cyberlaw
  • My Cyberlaw book

This page is hosted at https://johnbandler.com/things-to-know-cybersecurity/, copyright John Bandler, all rights reserved.

Posted 12/12/2022 based on years of teaching. Updated 3/4/2025