Binary Code

Computers and other electronic devices store information as Binary Code (which is a series of 1s and 0s that might look like this: 10101001 01101100 11001010).
Network Topology Map

A Network Topology Map is a diagram of a computer network's components, including network access points and connections between its various parts.
Fake Anti-Virus Software

Fake Anti-Virus Software - also known as 'scareware' - is designed to trick you into buying worthless anti-virus protection that you do not need.
Domain Name System

The Domain Name System (DNS) is like the ‘telephone book’ of the Web – it translates a website's name into its corresponding numerical IP address on the Internet.
Social Engineering

A Phishing e-mail is an attempt to trick the recipient into giving up information, such as account, credit card or password information.
Data Encryption

Data Encryption is the intentional scrambling of information into unreadable form - until it is later converted back into its original form by the intended recipient.
Botnet, or Compromised Computers

A Botnet is a collection of computers compromised by a malware attack that can be controlled remotely (via the Internet) to attack websites, send out spam emails, etc.
Distributed Denial of Service Attack

A Distributed Denial of Service (DDoS) Attack can use a botnet to force a website, network or other resource to shut down by overloading it with requests for data.
USB Flash Drive

A USB Flash Drive, aka a 'stick drive' or 'thumb drive' is a portable data storage device which connects to a computer's USB port to send and receive data.
Electronic vs. Static Media

Static Media is something like a book, magazine or printed photo, while Electronic or Digital Media (websites, digital photos, etc.) requires power to be viewed.
Administrative Access

A user with Administrative Rights has unrestricted power to create, modify or delete files, folders, settings and programs on a particular computer.

Getting to Know Scott Aurnou

Posted on March 11, 2020 by Scott Aurnou

Lawline recently posted a profile of Scott Aurnou, founder of The Security Advocate. In it, Scott talks about combining a cyber security and legal background, as well as his interests outside of the office.

Tagged with: attorney cybersecurity, cybersecurity advocate, Cybersecurity Law, GRC, Lawline, lawline cle, Scott Arnou, Scott Aurnou
Posted in Uncategorized

What Is Your “Attack Surface” and Why Does It Matter?

Posted on December 20, 2019 by Scott Aurnou

Scott Aurnou, Esq., CISSP discusses the importance of understanding your organization’s potential exposure to online (and other) attacks in this excerpt from the Lawline program The NY SHIELD Act: What You and Your Clients (In and Out of NY State) Should Know. The full program is available here:

https://www.lawline.com/course/the-ny-shield-act-what-you-and-your-clients-in-and-out-of-ny-state-should-know.

Tagged with: attack surface, Cyber Risk, cybersecurity cle, lawline cle, NY SHIELD Act, Risk Management
Posted in Cloud Security, Fraud & Scams, Laptops & Desktops, Network Security

Multi-Factor Authentication and the NY DFS Cybersecurity Regulation

Posted on May 9, 2019 by Scott Aurnou

Scott Aurnou, Esq., CISSP discusses multi-factor authentication requirements under New York State’s Department of Financial Services’ Cybersecurity Regulation in this excerpt from the Lawline program The New DFS Cybersecurity Regulation: What Every Attorney Should Know. The full program is available here:

https://www.lawline.com/course/the-new-dfs-cybersecurity-regulation-what-every-attorney-should-know.

Tagged with: 2FA, access control, cybersecurity cle, cybersecurity regulation, lawline cle, NY DFS part 500, NYDFS part 500, two-factor authentication
Posted in Laptops & Desktops, Network Security

How to Avoid Business E-Mail Compromise Scams

Posted on October 9, 2018 by Scott Aurnou

Scott Aurnou, Esq., CISSP discusses the danger posed by business e-mail compromise scams (and how to identify and avoid them) in this excerpt from the Lawline program Ethical Risks & the Human Element of Information Security: Insiders and Social Engineering. The full program is available here:

https://www.lawline.com/course/ethical-risks-the-human-element-of-information-security-insiders-and-social-engineering.

Tagged with: attorney cybersecurity, BEC scam, Business Email Compromise, Cyber Risk, cybersecurity cle, lawline cle, lawyer cybersecurity, Social Engineering
Posted in Fraud & Scams, Network Security

Third Party Risk and the NY DFS Cybersecurity Regulation

Posted on April 6, 2018 by Scott Aurnou

Scott Aurnou, Esq., CISSP discusses third party risk requirements under New York State’s Department of Financial Services’ Cybersecurity Regulation in this excerpt from the Lawline program The New DFS Cybersecurity Regulation: What Every Attorney Should Know. The full program is available here:

https://www.lawline.com/course/the-new-dfs-cybersecurity-regulation-what-every-attorney-should-know.

Tagged with: cybersecurity cle, cybersecurity regulation, lawline cle, NY DFS part 500, third party risk, vendor risk management
Posted in Cloud Security, Network Security

RT @JimBlasingame: How the government cyber-security forces guard the U.S. election. @saurnou joins Jim to report on how the #government #c… 01:44:47 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @AndreiCherny: A family of Muslim immigrants from Turkey newly arrived in Germany. The boy in the yellow t-shirt went on to lead the te… 01:43:10 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @_marcba: Developers can be cruel sometimes https://t.co/kpYvO9aZsu 03:46:39 PM June 29, 2020 from Twitter Web App Reply Retweet Favorite

@saurnou