Information Security Basics Quiz
45 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is one of the primary goals of information security awareness?

  • To maintain awareness and skills among employees (correct)
  • To minimize employee salaries
  • To manage social media accounts
  • To increase internet speed
  • Which type of malware is NOT discussed in the session agenda?

  • Spyware
  • Worms
  • Zombie malware (correct)
  • Viruses
  • What was highlighted as a top security concern in 2015?

  • Increased hardware sales
  • New software installations
  • Top security breaches (correct)
  • Social media marketing
  • Which of the following is considered a human-based attack?

    <p>Phishing attacks</p> Signup and view all the answers

    Which of the following is NOT a security tip mentioned in the session?

    <p>Using HTTP instead of HTTPS</p> Signup and view all the answers

    What does 'clearing your screen' refer to in the context of security tips?

    <p>Ensuring no sensitive information is visible</p> Signup and view all the answers

    Which security measure is recommended for protecting mobile devices?

    <p>Installing security software</p> Signup and view all the answers

    What is a key component of incident reporting?

    <p>Documenting security incidents</p> Signup and view all the answers

    What does 'business continuity' refer to in the context of information security?

    <p>Continuing operations after security incidents</p> Signup and view all the answers

    What should you do to protect sensitive data?

    <p>Always backup sensitive data</p> Signup and view all the answers

    Which action should you take when stepping away from your workstation?

    <p>Lock the workstation using Windows key + L</p> Signup and view all the answers

    Why is it important to keep your operating system and applications updated?

    <p>To ensure they contain security patches</p> Signup and view all the answers

    What is a recommended practice when using strong passwords?

    <p>Try not to confuse it with personal account passwords</p> Signup and view all the answers

    What should you avoid when charging your smartphone?

    <p>Charging from the PC</p> Signup and view all the answers

    What percentage of information security is attributed to behavior rather than technology?

    <p>80%</p> Signup and view all the answers

    What security measure should be taken for a strong password?

    <p>At least 8 characters</p> Signup and view all the answers

    Which statement is true regarding social networking security?

    <p>Limit personal information posted.</p> Signup and view all the answers

    What is one recommended action for email security?

    <p>Contact the sender if you are unsure about an attachment.</p> Signup and view all the answers

    What does the Web of Trust (WOT) help users determine?

    <p>It informs trusted websites for safe browsing.</p> Signup and view all the answers

    Which of the following is a suggestion for mobile phone security?

    <p>Always use a screen lock.</p> Signup and view all the answers

    What is a best practice for physical security at a workstation?

    <p>Always lock the workstation when leaving.</p> Signup and view all the answers

    What should you do with sensitive documents after use?

    <p>Shred them for disposal.</p> Signup and view all the answers

    Which of the following is NOT a recommended practice for mobile security?

    <p>Plug your phone into any PC.</p> Signup and view all the answers

    Which characteristic is essential for a password phrase?

    <p>Mix of characters and words.</p> Signup and view all the answers

    What precaution should be taken regarding third-party applications in social networking?

    <p>Limit the sharing of personal data.</p> Signup and view all the answers

    What is the first step in incident reporting?

    <p>Report</p> Signup and view all the answers

    What is an example of a successful phishing attack?

    <p>A customer complaining about unauthorized transfer</p> Signup and view all the answers

    What does the acronym IRC stand for in incident reporting?

    <p>Incident Response Coordinator</p> Signup and view all the answers

    Which of the following reflects a countermeasure to information security risks?

    <p>Proactively identifying potential leaks</p> Signup and view all the answers

    What is one common misconception about digital information?

    <p>It is inherently safe from attacks</p> Signup and view all the answers

    What is a key characteristic of digital information?

    <p>It is easy to leak</p> Signup and view all the answers

    Which of the following is a type of social engineering attack?

    <p>Shoulder surfing</p> Signup and view all the answers

    In the case of a phishing email detected, what is the typical content of the email?

    <p>A request for account verification</p> Signup and view all the answers

    What should be avoided when dealing with potential security incidents?

    <p>Delayed action</p> Signup and view all the answers

    What is a characteristic of phishing emails?

    <p>Forged sender’s address</p> Signup and view all the answers

    Which department usually addresses an incident after it has been reported?

    <p>Repair and support unit (RSU)</p> Signup and view all the answers

    What does APT stand for in information security?

    <p>Advanced Persistent Threat</p> Signup and view all the answers

    What does successfully falling for phishing lead to?

    <p>Unauthorized financial transfers</p> Signup and view all the answers

    The first line of defense against social engineering attacks is:

    <p>Staff awareness and training</p> Signup and view all the answers

    Which method is NOT considered a form of information gathering for phishing?

    <p>Online purchase transactions</p> Signup and view all the answers

    What should be reported as a potential sign of an APT attack?

    <p>Odd user behavior after hours</p> Signup and view all the answers

    Which of the following is NOT a human-based social engineering attack method?

    <p>Online Scams</p> Signup and view all the answers

    What is a common tactic of an attacker who conducts a phishing campaign?

    <p>Using forged content</p> Signup and view all the answers

    Which of the following is a countermeasure against APTs?

    <p>Reporting strange user activity</p> Signup and view all the answers

    Which of the following tactics is used in dumpster diving?

    <p>Collecting discarded documents</p> Signup and view all the answers

    Study Notes

    Information Security Goals

    • Maintain an appropriate level of knowledge and skills among employees and managers
    • Ensure business continuity if information security incidents occur

    Types of Malware

    • A type of social engineering attack where unauthorized personnel gain access to the network undetected for a long time to steal data
    • Often uses social engineering to gain access to the network via legitimate means
    • Establishes a backdoor once access is achieved
    • Countermeasures include reporting odd user behavior, keeping aware of social engineering attempts, and understanding information/credentials disclosure compromises the entire information system

    Top Security Breaches of 2015

    • Not mentioned in provided material

    Social Engineering

    • Human based attacks:
      • Information gathering (Social media vectors)
      • Shoulder surfing
      • Dumpster diving
      • Impersonation
      • Phishing
    • Computer based attacks:
      • Online Scams

    Incident Reporting

    • Report, fix, follow-up
    • Repair and Support unit (RSU)
    • Incident Reporting Coordinator (IRC)
    • Concerns about business line

    ###Security Tips & Counter-measures

    • HTTPs:
      • Protect by encrypting information sent between computer and website
    • WOT:
      • Shows a colored traffic light to indicate the trustworthiness of websites
    • Social networking security:
      • Limit the amount of personal information you post
      • Be cautious of third-party applications
      • Use strong passwords
      • Check privacy policies
    • Password security:
      • At least 8 characters
      • Mix of upper and lowercase characters
      • Mix of alpha and numeric characters
      • Don't use dictionary words
      • Change passwords frequently
      • Don't share or reuse passwords
      • Use different passwords for different accounts
      • Don't write down passwords
      • Use password phrases
    • Clear desk & clear screen:
      • Clear away paperwork
      • Use shredders when disposing of sensitive documents
      • Lock desks and filing cabinets
      • Lock away portable devices such as tablets
      • Lock your workstation when you leave
      • Make sure no documents are left in the printer
      • Treat mass storage devices (CDROM, DVDs, USB drives) as sensitive and secure
      • them in a locked drawer
    • Email Security
      • Never open an attachment from an unknown sender
      • Make sure the email references the attachment
      • Don't hesitate to contact the sender of an email that contains an attachment
      • Never send anyone your personal data (name, address, phone number, password, account numbers)
      • In case of suspicion, contact the IT department or the information security officer
    • Mobile threat & security:
      • Number of malicious installation packages and new malicious programs detected (Q3 2014 – Q1 2015)
      • Never plug in your phone to the PC
      • Download applications only from trusted sources
      • Install antimalware controls
      • Never store business-related documents on your phone
      • Always change the factory pin code (0000)
      • Always use a screen lock
      • Install locking features
      • Use secure messaging applications
      • Secure personal email
    • How to protect your PC:
      • Always back up sensitive data
      • Always lock your workstation when away from your desk
      • Ensure that antivirus definitions are updated regularly
      • Reboot your system after applying new updates
      • Use a strong password and try not to be confused with passwords used for personal accounts
      • Never charge smartphones from the PC
      • Never insert a USB or any storage device into your PC

    Conclusion

    • Security is 20% technical and 80% behavior

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Test your knowledge on the fundamentals of information security including malware types, social engineering attacks, and incident reporting. This quiz covers key concepts that are vital for maintaining a secure environment in any organization.

    More Like This

    Cybersecurity Basics
    10 questions

    Cybersecurity Basics

    AwesomeRuthenium avatar
    AwesomeRuthenium
    Use Quizgecko on...
    Browser
    Browser