Information Security Policies and Best Practices Quiz

Questions and Answers

Which of the following is the main purpose of security awareness training?

• To prevent data breaches
• To implement technical controls
• To enforce compliance training requirements
• To make employees aware of information security policies (correct)

What are some risks associated with not following security policies?

• Physical risk, financial risk, and loss of productivity
• Cybersecurity risk, compliance risk, and reputational risk
• Monetary risk, legal risk, and damage to company's reputation (correct)
• Loss of data, loss of customer trust, and loss of revenue

What can happen if an employee violates the law knowingly or unknowingly?

• Both the company and the individual can face legal risk (correct)
• There are no legal consequences
• Only the company can face legal risk
• Only the individual can face legal risk

What is one of the technology-related reasons for data breaches?

New viruses (B)

Why is it important to avoid data breaches?

To prevent financial penalties and damage to company's reputation (C)

Which of the following is NOT a risk associated with not following security policies?

Risk of losing customer data (C)

What is the purpose of security awareness training?

To make employees aware of information security policies (D)

Why is it important to avoid data breaches?

All of the above (D)

What can happen if an employee violates the law knowingly or unknowingly?

All of the above (D)

What are some technology-related reasons for data breaches?

New viruses (C)