CyberSecurity and X-Factor

Security Education: Training and Awareness Quiz
[if you are looking for an answer comment in the post and we can discuss]





1.
SETA programs are intended to:

• Identify bad actors in an organization
• Communicate to employees the consequences of failing to comply with security rules
• Improve employee behavior, communicate a structure for reporting violations, and hold employees accountable
• Protect organizations against hackers

   

2.
What does it mean to make employees complicit in security management?

• Employees are often complicit (knowingly or unknowingly) in successful hacks.
• Employees must follow the rules in order to keep organizational assets secure.
• Employees need to master the know-what, know-how, and know-why of security so that they can adapt to new situations.

   

3.
What is the best method for delivering security awareness?

• Emails
• Posters
• Some combination of posters, email, other informal channels
• Formal meetings

   

4.
Why do different user groups (i.e., novice versus experienced, technical versus managerial) benefit from different training?

• Because their jobs require them to use different systems
• Because their system knowledge is different
• Because they could be differentially targeted by hackers
• These answers are all so good, I can’t pick just one

   

5.
From a security perspective what is know-what?

• Know what is awareness of security concerns within an organization and your role in them
• Know what includes training is security practices
• Know what is the contextualized understanding of your organization’s security needs
• Know what means knowing what to do in the event of a security breach.

CyberSecurity and X-Factor - Week 1

Introduction to the X-Factor Quiz

1.
What are the objectives of organizational security efforts?

• Keeping digital assets secure while maintaining business effectiveness and efficiency
• Complying with all federal and state laws as well as industry standards
• Executing a security plan that employees understand and commit to
• All of the above

   
2.
Why is phishing a threat to organizational security efforts?

• Due to growing sophistication of these efforts, employees are more likely to become complicit in security breaches like this.
• Phishing is intended to gain access to organizational data and or systems perhaps compromising data privacy and/or confidentiality.
• Phishing is no real threat.
• Server capacity can be strained and computing response time reduced.

   
3.
Why is “shadow IT” a problem for security groups?

• Shadow IT is problematic because the security group does not know these systems are installed and cannot protect the organization from their known vulnerabilities.
• Shadow IT can be problematic when security groups are not responsive enough to user requests for application they deem useful to their jobs
• Shadow IT is a problem because it results in redundant systems running within the organization.
• Shadow IT is a problem because these are system users who are undocumented.

   
4.
What should every CISO know?

• Everyone is a target
• Training is the key to winning the fight
• Compliance is not security
• All of the above

   
5.
Why is there not a solely technical solution to an organization’s security needs?

• Technology has yet to evolve to handle every aspect of security
• Hackers are always dreaming up new attacks
• Because security solutions operate in a socio-technical system
• Because the systems and data being protected are organizational assets that must be accessible by employees who need them.

   

6.
What is Shadow IT?

• a term reserved for systems that do not connect to the Internet
• a term meant to describe contract IT staff
• a term used to describe back up systems
• a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval.

   
7.
What is phishing?

• is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.
• is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC
• is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication
• Attacks directed specifically at senior executives and other high profile targets within businesses

   

8.
Are people the best line of defense in securing organizational data assets?

• Yes
• No

   

9.
Which of the following is a formal organizational structure supporting effective information security?

• Separation of security governance from operations
• Top-down security
• Information security organization
• Balancing technical and business needs

   

10.
"Senior management actively supports information security as a vital enterprise-wide function," is the definition of what?

• Executive commitment
• information security mentoring
• Top-down security
• information security executive