1.
What are the objectives of organizational security efforts?
- Keeping digital assets secure while maintaining business effectiveness and efficiency
- Complying with all federal and state laws as well as industry standards
- Executing a security plan that employees understand and commit to
- All of the above
2.
Why is phishing a threat to organizational security efforts?
- Due to growing sophistication of these efforts, employees are more likely to become complicit in security breaches like this.
- Phishing is intended to gain access to organizational data and or systems perhaps compromising data privacy and/or confidentiality.
- Phishing is no real threat.
- Server capacity can be strained and computing response time reduced.
3.
Why is “shadow IT” a problem for security groups?
- Shadow IT is problematic because the security group does not know these systems are installed and cannot protect the organization from their known vulnerabilities.
- Shadow IT can be problematic when security groups are not responsive enough to user requests for application they deem useful to their jobs
- Shadow IT is a problem because it results in redundant systems running within the organization.
- Shadow IT is a problem because these are system users who are undocumented.
4.
What should every CISO know?
- Everyone is a target
- Training is the key to winning the fight
- Compliance is not security
- All of the above
5.
Why is there not a solely technical solution to an organization’s security needs?
- Technology has yet to evolve to handle every aspect of security
- Hackers are always dreaming up new attacks
- Because security solutions operate in a socio-technical system
- Because the systems and data being protected are organizational assets that must be accessible by employees who need them.
6.
What is Shadow IT?
- a term reserved for systems that do not connect to the Internet
- a term meant to describe contract IT staff
- a term used to describe back up systems
- a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval.
7.
What is phishing?
- is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.
- is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC
- is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication
- Attacks directed specifically at senior executives and other high profile targets within businesses
8.
Are people the best line of defense in securing organizational data assets?
- Yes
- No
9.
Which of the following is a formal organizational structure supporting effective information security?
- Separation of security governance from operations
- Top-down security
- Information security organization
- Balancing technical and business needs
10.
"Senior management actively supports information security as a vital enterprise-wide function," is the definition of what?
- Executive commitment
- information security mentoring
- Top-down security
- information security executive
answers?
ReplyDelete1.What are the objectives of organizational security efforts?
ReplyDeleteans:
All of the above
Why is phishing a threat to organizational security effort
ans:
Phishing is intended to gain access to organizational data and or systems perhaps compromising data privacy and/or confidentiality.