Why is Cybersecurity important?
- Protection of Confidential Information: Cybersecurity measures are put in place to protect sensitive and confidential information such as personal data, financial information, and intellectual property. Breaches can result in identity theft, financial loss, and reputational damage to individuals and businesses.
- Preservation of Business Continuity: Cyber attacks can disrupt critical business operations, leading to loss of productivity, revenue, and customer trust. Cybersecurity helps prevent such incidents and ensures business continuity.
- Compliance with Regulations: Various laws and regulations require organizations to safeguard their information and systems from cyber threats. Failing to comply with these regulations can result in penalties, fines, and legal action.
- Defense Against Cybercrime: Cybercrime is a growing threat to individuals, businesses, and governments. Cybersecurity measures help defend against these threats, including phishing scams, ransomware, and other forms of malware.
ITS Project Security Forms
- Start Here First! Queens College stakeholders, complete this form first and send to CISO@qc.cuny.edu
- The Initial Review Form will direct you to one or more of these forms, to be completed by either the QC Stakeholder or the Vendor. Complete and email to CISO@qc.cuny.edu
- QC Stakeholders
These are information gathering forms and do not imply approval. They are not to be completed by ITS employees unless otherwise directed by the CISO/CIO. Delayed submission of forms could cause delay of project approval.
CUNY Information Security – https://security.cuny.edu
This division involves the comprehensive management processes that identify potential impacts that threaten the IT assets of the University and its colleges.The CIS Security function will provide a framework of policies, assessments, tools and tested procedures for building defensive strategies and capabilities for effective responses to safeguard the information technology interests of CUNY and its stakeholders.
Cybersecurity Policies – https://www.cuny.edu/about/administration/offices/cis/information-security/security-policies-procedures/
NYC Office of Technology & Innovation – https://www.nyc.gov/content/oti/pages/
The Office of Technology and Innovation (OTI) creates tech-based solutions for a more effective, future-ready New York City. We make services work better across all sectors, from emergency services to benefits screening. We pool combined expertise from across the city to get stuff done for all New Yorkers.
Cybersecurity Policies – https://www.nyc.gov/content/oti/pages/vendor-resources/cybersecurity-requirements-for-vendors-contractors
NYC Emergency Management – https://www.nyc.gov/site/em/index.page
The agency is responsible for coordinating citywide emergency planning and response for all types and scales of emergencies. It is staffed by more than 200 dedicated professionals with diverse backgrounds and areas of expertise, including individuals assigned from other City agencies.
EDUCAUSE – https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program
Through the EDUCAUSE Cybersecurity Program, you can find the tools, resources, and peer connections you need to learn about, better understand, or help promote information security and privacy to everyone across your campus, including institutional leadership, students, faculty, staff, and external partners.
CISA – https://www.cisa.gov/stopransomware
CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. We are designed for collaboration and partnership. Learn about our layered mission to reduce risk to the nation’s cyber and physical infrastructure.
BYOD (Bring Your Own Device)
Bring Your Own Device (BYOD) is a company policy that permits, encourages, or mandates employees to access enterprise systems and data using their own personal devices, such as laptops, tablets, and smartphones, for work-related activities.
The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down.
The result of a hacker successfully breaking into a system, gaining control of its network and exposing its data, usually personal data covering items such as credit card numbers, bank account numbers, Social Security numbers, and more.
Any technology, be it software or hardware, used to keep intruders out.
A portmanteau of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It most often delivered via spam emails.
Man in the Middle Attack
An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system.
Multifactor Authenticaton (MFA)
Multi-factor authentication (MFA), also referred to as two-factor authentication, makes it more difficult for hackers to access your account by requiring you to provide at least two different credentials. MFA requires a second factor to confirm your identity in addition to your username and password, such as a one-time security code, a fingerprint scan, or a face recognition scan.
Phishing and Spam
A scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware. Some of these schemes are extremely well done, others are sloppy and amateurish and can be spotted with just a little extra vigilance.
A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. In other words, it kidnaps your computer and holds it for ransom, hence the clever name.
Instead of breaking in or utilizing technical hacking techniques, social engineering is a growingly popular way to access restricted resources. This strategy relies on user manipulation and human psychology. An employee might get an email from a social engineer purporting to be from the IT department in order to deceive him into disclosing private information rather than trying to uncover a software weakness in a company system. Spear phishing assaults are built on a foundation of social engineering.
Sadly, this has nothing to do with Weird Al Yankovic doing a parody version of a popular song. Rather, it’s when a hacker changes the IP address of an email so that it seems to come from a trusted source.
A form of malware used by hackers to spy on you and your computer activities. If a mobile device such as a smartphone is infected with spyware, a hacker can read your text messages, redirect your phone calls, and even track down where you are physically located!
An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users get Internet anonymity, making it difficult for hackers to attack.