Cybersecurity Controls and Methods Quiz

Questions and Answers

What is the purpose of the document described in the text?

To review compliance for quality and compliance teams

To outline procedures for managing and using passwords (correct)

To establish guidelines for customer support teams

To create strong passwords for all employees

Who is responsible for approving the suitability and adequacy of the Password Management Procedure?

Mamatha.N

Jishnu Mitra (correct)

All employees

Quality and compliance teams

What type of passwords does Stratogent discourage employees from using?

Passwords with special characters

Easy-to-remember passwords

Passwords with only numbers

Common phrases or sequences like 'Welcome@123' (correct)

Which section of the document focuses on sharing passwords using a one-time secret tool?

Sharing passwords using onetime secret tool

Who does the Password Management Procedure strictly apply to?

All employees and contract employees with access to systems

What is the focus of the training and awareness section in the document?

Raising employee knowledge and consciousness

Which part of the document emphasizes the establishment of controls for password policy compliance testing?

Control Testing

What is encouraged for password generation in the Password Management Procedure?

Using a Password Safe application

Who is responsible for reviewing clarifications and improvements related to the policy described?

Mamatha.N

Which section of the document outlines the purpose of creating, managing, and using passwords?

Password Creation

Study Notes

User Training and Awareness Assessments

• New hires undergo mandatory password security training during onboarding; all employees receive quarterly updates.
• Stratogent’s InfosecIQ platform tracks training assignment and completion status.

Procedure Compliance Testing - Customer Support Teams

• Quarterly automatic tickets are assigned to PMO Analysts for policy adherence reviews across business units.
• PMO Analysts and Service Delivery Leads ensure compliance for local accounts of all clients managed by the Stratogent Support team.

Procedure Compliance Testing - Quality and Compliance Teams

• Quality teams receive automatic quarterly tickets to monitor the compliance status of password review tickets completed by PMO Analysts.

Policy Review

• The password policy undergoes an annual review to ensure its relevance and effectiveness.
• "Burn this secret" feature allows users to delete passwords before expiration.

Reporting

• Employees must report any suspicious password-related activities immediately to the Quality & Compliance Lead or via [email protected].
• Investigations are conducted on reported security incidents.

Training and Awareness Programs

• PMOs receive education on effective password creation and management practices through training sessions.
• Policy documents are shared with employees; regular Infosec trainings on Password Security include assessments.

Compliance

• Non-compliance with the Stratogent Password Policy may lead to disciplinary actions, such as account suspension or termination.

Continuous Improvement

• Password management is an ongoing process aimed at continuous improvement.
• Stratogent evaluates policy effectiveness routinely, making necessary adjustments to enhance security.

Control Testing

• Testing of password policy controls is vital to confirm the implementation and enforcement of the password policy.

Description

Test your knowledge of cybersecurity controls and testing methods including user training and awareness assessments, tracking training completion status, and procedure compliance testing for customer support teams.