Monday, September 26, 2016

CyberSecurity and X-Factor


Security Education: Training and Awareness Quiz
[if you are looking for an answer comment in the post and we can discuss]



Learn Business English Skills with University of Washington and Coursera. Prepay and receive a 10% discount. Learn Business and Financial Modeling with The Wharton School and Coursera. Prepay and receive a 10% discount. Become a Digital Marketer in 2016 with Coursera.

1.
SETA programs are intended to:

  • Identify bad actors in an organization
  • Communicate to employees the consequences of failing to comply with security rules
  • Improve employee behavior, communicate a structure for reporting violations, and hold employees accountable
  • Protect organizations against hackers
    Become a Web Developer in 2016 with Coursera Data science is one of today‰Ûªs fastest-growing fields. Become a Data Scientist in 2016 with Coursera. New Skills, New You: Transform your career in 2016 with Coursera

2.
What does it mean to make employees complicit in security management?

  • Employees are often complicit (knowingly or unknowingly) in successful hacks.
  • Employees must follow the rules in order to keep organizational assets secure.
  • Employees need to master the know-what, know-how, and know-why of security so that they can adapt to new situations.
    Learn Corporate Finance with BNY Mellon and Coursera AnÌÁlisis de Datos con Tec de Monterrey MÌ©xico y Coursera InglÌ©s Empresarial con ASU y Coursera

3.
What is the best method for delivering security awareness?

  • Emails
  • Posters
  • Some combination of posters, email, other informal channels
  • Formal meetings
    Bienvenidos a Coursera en Espa̱ol Desarrollo y Dise̱o de Videojuegos con UniAndes y Coursera Learn Social Media Marketing with Northwestern and Coursera

4.
Why do different user groups (i.e., novice versus experienced, technical versus managerial) benefit from different training?

  • Because their jobs require them to use different systems
  • Because their system knowledge is different
  • Because they could be differentially targeted by hackers
  • These answers are all so good, I can’t pick just one
    Master Big Data with UCSD and Coursera Build New Business Skills on Coursera Discover Data Science with Coursera

5.
From a security perspective what is know-what?

  • Know what is awareness of security concerns within an organization and your role in them
  • Know what includes training is security practices
  • Know what is the contextualized understanding of your organization’s security needs
  • Know what means knowing what to do in the event of a security breach.


CyberSecurity and X-Factor - Week 1

Introduction to the X-Factor Quiz

Coursera AH Purple Design 2

1.
What are the objectives of organizational security efforts?

  • Keeping digital assets secure while maintaining business effectiveness and efficiency
  • Complying with all federal and state laws as well as industry standards
  • Executing a security plan that employees understand and commit to
  • All of the above
   
2.
Why is phishing a threat to organizational security efforts?

  • Due to growing sophistication of these efforts, employees are more likely to become complicit in security breaches like this.
  • Phishing is intended to gain access to organizational data and or systems perhaps compromising data privacy and/or confidentiality.
  • Phishing is no real threat.
  • Server capacity can be strained and computing response time reduced.
    Coursera Business Vertical Orange Design 10
3.
Why is “shadow IT” a problem for security groups?

  • Shadow IT is problematic because the security group does not know these systems are installed and cannot protect the organization from their known vulnerabilities.
  • Shadow IT can be problematic when security groups are not responsive enough to user requests for application they deem useful to their jobs
  • Shadow IT is a problem because it results in redundant systems running within the organization.
  • Shadow IT is a problem because these are system users who are undocumented.
    Coursera General Design 2 Green
4.
What should every CISO know?

  • Everyone is a target
  • Training is the key to winning the fight
  • Compliance is not security
  • All of the above
    Coursera DS Design 10
5.
Why is there not a solely technical solution to an organization’s security needs?

  • Technology has yet to evolve to handle every aspect of security
  • Hackers are always dreaming up new attacks
  • Because security solutions operate in a socio-technical system
  • Because the systems and data being protected are organizational assets that must be accessible by employees who need them.
    Coursera CS

6.
What is Shadow IT?

  • a term reserved for systems that do not connect to the Internet
  • a term meant to describe contract IT staff
  • a term used to describe back up systems
  • a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval.
   
7.
What is phishing?

  • is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.
  • is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC
  • is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication
  • Attacks directed specifically at senior executives and other high profile targets within businesses
    Coursera Data Science

8.
Are people the best line of defense in securing organizational data assets?


  • Yes
  • No
    Coursera Business Vertical

9.
Which of the following is a formal organizational structure supporting effective information security?

  • Separation of security governance from operations
  • Top-down security
  • Information security organization
  • Balancing technical and business needs
    Coursera Arts & Humanities

10.
"Senior management actively supports information security as a vital enterprise-wide function," is the definition of what?

  • Executive commitment
  • information security mentoring
  • Top-down security
  • information security executive