Cybersecurity things to know

by John Bandler

Here are some "things to know" about basic cybersecurity. This will aid most everyone in understanding this topic, which affects all of us.

If you are a student of mine, you will probably see these questions in the future (depending on what course you are taking).

List the three information security objectives (CIA)
- Confidentiality, Integrity, Availability
List the three types of controls (safeguards) to help achieve good cybersecurity (PAT)
- Physical, administrative, technical
List the three factors of authentication
- Know, have, are
- Something you know, something you have, something you are
List the Four Pillars of Cybersecurity from Bandler
- 1. Knowledge/awareness, 2. Devices, 3. Data, 4. Networks (and internet usage)
- 1. Improve Knowledge/awareness, 2. Secure devices, 3. Secure data, 4. Secure networks (and internet usage)
What is the difference between information security and cybersecurity?
- Information security is about securing all information (no matter the form). Cybersecurity secures digital information. Thus, cybersecurity is a subset of information security (infosec).
Briefly summarize the three information security objectives (CIA)
- A good summary goes here (my book/articles can help you)
Briefly summarize the three types of controls (safeguards) to help achieve good cybersecurity (PAT)
- A good summary goes here (my book/articles can help you)
What is authentication in context of computers?
- The process of an information system identifying a user and granting access to that user
List the three factors of authentication (and give an example of each).
- Know, have, are
- Something you know (password), something you have (phone, token), something you are (fingerprint, face)
What is two factor authentication?
- Two factor authentication
Why should we employ two-factor authentication on important cloud and internet accounts?
- Two factor authentication
What is the principle of least privilege?
- The principle of giving a person or system the least amount of privileges (abilities) needed to do their job (but not giving them more than they need)
What is social engineering? (simply and briefly with synonyms)
- Trickery, con artistry
What are the two main types of encryption? (hint: cryptographic key types)
- symmetric, asymmetric
- symmetric encryption (same keys), asymmetric encryption (public/private key)
- symmetric encryption (same key to encode and decode), asymmetric encryption (different keys to encode and decode, a public key and a private key)
Encryption can be done on data in two stages/phases, what are they?
- When data is at rest and when data is in motion
What is the one-way encryption (cryptography) used to store password representations, or to verify integrity (e.g. the data is the same and has not been changed)?
- Hashing (Cryptographic hash function)
True/False, attorneys have a duty to have reasonable cybersecurity
- True!
Every attorney should be aware of and protect against the pernicious social engineering fraud known as ...
- Business email compromise, CEO fraud, email based funds transfer frauds
Every person should be aware of and protect against the pernicious social engineering fraud known as ...
- Business email compromise, CEO fraud, email based funds transfer frauds
How will you protect from business email compromise and CEO fraud?
- Secure email accounts with strong password and 2 factor authentication. Realize others might not. Confirm all funds transfer instructions verbally. Tell clients to do so also.
List some cybersecurity frameworks (voluntary guidance to organizations to organize their cybersecurity programs)
- Four Pillars of Cybersecurity (from Bandler), NIST Cybersecurity Framework, CIS Critical Security Controls, ...
Bandler’s Four Pillars of Cybersecurity ise helpful (I think) but not well known (alas). Name the respected cybersecurity framework that is free and you should know about
- NIST Cybersecurity Framework (NIST CSF)
List some laws or regulations that relate to information security
- NYS SHIELD Act, NYS DFS 500, GLBA, SOX, HIPAA/HITECH, FTC Act (sort of)
Why are governments implementing civil laws or regulations requiring information security?
- Protect consumers, prevent cybercrime
True/False: Cybersecurity principles are important to cyberlaw
- True
True/False: Some knowledge of cybersecurity is essential to understand cybersecurity law and privacy law.
- True
True/False: Cybersecurity principles are important to privacy and privacy law
- True
True/False: Some knowledge of technology is essential to understand cybersecurity
- True
Where can I learn cyberlaw things to know?
- Cyberlaw things to know (and resources listed at bottom of that page)
Where can I learn technology things to know?
- Technology things to know (and resources listed at bottom of that page)
Where can I dive deeper into cybersecurity?
- John's books that relate to cyber and policies
- Technology certification study
- Other books and resources

Disclaimer

These are short Q&As and cannot be expected to capture all nuances of all terms.

This represents "scaffolding" level 1 and a little of level 2 (see my article and video on scaffolding, link below).

Many people have different understanding of various terms.

Purpose of this page

This page is a study aid for my students, and a place for me to draw quiz and assignment questions from.

The goal is for students to learn important concepts, especially foundational concepts that provide footholds for learning more complex concepts. This is the learning concept of "scaffolding", where you start low, learn things, build the knowledge and concept complexity up. See my article on scaffolding and learning (link below).

I used to emphasize these things only in class, quizzes, and assignments, but then realized more was needed, because by the end of the semester, some students had not learned some of these things. By providing this study page and linking to it, I find that students have more opportunity to study and then learn better.