NMB Bank IT Resource Usage Standards

Questions and Answers

Who is responsible for ensuring the effective implementation of the procedure?

• Human Resources Department
• Head of Departments
• All Bank Employees
• Information Security Department (correct)

What is a primary reason for employees to be aware of cyber security threats?

• To enhance customer service
• To become a cyber resilient bank (correct)
• To ensure compliance with regulatory bodies
• To improve financial performance

Which group of individuals is included in the scope of this procedure?

• Only permanent employees
• Only contract employees
• Only the executive management
• All internal and external users (correct)

What is expected from users while using the Bank's IT assets?

To familiarize themselves with organizational security policies (D)

What is indicated as the weakest link in the cyber security chain?

Human chain (B)

What must users do concerning legal obligations relevant to their role?

Be familiar and comply with the relevant obligations (D)

Who arranges for awareness of acceptable use of information and assets among employees?

Information Security Department (A)

What is required from users regarding the Bank’s policies?

Familiarize and comply with policies (B)

What must users ensure regarding their user ID and password?

They must keep it confidential and not allow others to use it. (C)

How should users handle the storage of the Bank's data?

Only on authorized equipment, devices, or platforms. (C)

What action should users take if they notice unusual activity in the IT resources?

Report it to the IS and IT Department immediately. (A)

Which of the following is NOT a responsibility of users regarding IT assets?

To switch off antivirus tools if they hinder productivity. (A)

What is the primary consequence of unauthorized access to data?

Possible termination and legal action against the user. (B)

What should users do with their passwords to maintain security?

Create strong passwords and never share them. (A)

Which action is allowed under the acceptable use of IT resources policy?

Following clear directions on the limits of their authority. (C)

Which of the following statements about unauthorized device connection is true?

Unauthorized devices may disrupt network security and must not be connected. (B)

What is the primary purpose of providing Internet access on organization-owned devices?

To access information relevant to the organization's business obligations (C)

Which of the following is considered an unsuitable use of the bank's Internet connection?

Transmission of pornographic materials (B)

Which activity is explicitly prohibited while using the bank’s Internet connection?

Performing work for personal profit without authorization (D)

What must users do to gain access to the Internet at the bank?

Fill out an Internet access form for IT Department approval (B)

What is one restriction on the kind of content users can transmit over the Internet connection?

Users cannot transmit illegal materials such as copyrighted content (C)

Which of the following actions is allowed when using the bank's Internet connection?

Purchasing necessary equipment for work purposes (A)

Which purpose cannot be served by the bank’s Internet connection?

Conducting personal business transactions (B)

What should users avoid doing with network traffic while using the bank's Internet connection?

Interception of network traffic without authorization (B)

What is one of the responsibilities of an Authorized User regarding IT resources?

To ensure compliance with established policies and procedures (D)

Which of the following actions constitute unacceptable use of IT resources?

Auto forwarding official emails to a personal email account (A)

Which practice is encouraged to maintain desktop organization?

Clearing unwanted files regularly and organizing confidential information (A)

What must users avoid when using organizational IT resources?

Connecting to unauthorized wireless networks while on a wired connection (C)

What is a recommended security practice for users connecting to public Wi-Fi?

Use a Virtual Private Network (VPN) for security (A)

What is prohibited regarding the sharing of organizational IT assets?

Providing access to family and friends (D)

What should users do regarding security updates for their computing devices?

Ensure that the latest security updates and antivirus tools are installed (D)

Which of the following is an example of acceptable use of IT resources?

Accessing organizational information as part of job responsibilities with approval (D)

What is the effective date of the NMB Bank Limited's Acceptable Use of IT Resources procedure?

12th Aug 2024 (B)

Which department is responsible for the Information Security Standard Procedures?

Information Security Department (C)

What does the abbreviation 'MFA' stand for in the context of IT security?

Multi Factor Authentication (A)

Who approved the Acceptable Use of IT Resources procedure?

Sunil KC (A)

What section in the procedure specifically addresses unacceptable use?

5.11 Unacceptable Use (D)

Which of the following is included under the scope of acceptable use?

Access control procedures (C)

Which one of the following roles was not listed as a supporter in the approval log?

IT Technician (C)

What is the total number of pages for the Acceptable Use of IT Resources procedure?

12 (C)

Which section details procedures around mobile devices?

5.3 Mobile Devices (B)

What does 'PII' refer to in the list of abbreviations?

Personal Identifiable Information (A)

What procedure is listed under the responsibilities in the table of contents?

Policy Compliance (A)

What is the purpose of the acceptable use procedure?

Provide rules for acceptable use of IT assets (D)

Which of the following is a key component of the Acceptable Use of IT Resources procedure?

Clear Desk and Clear Screen (C)

How often was the last review conducted according to the document?

It is a new release (B)

Study Notes

NMB Bank Limited - Information Security Standard Procedures

Acceptable Use of IT Resources

• Effective from 12th August 2024, Version 1.0, this document outlines the acceptable use of NMB Bank's IT assets.
• Applicable to all employees and external users accessing the bank's information systems and physical infrastructure.

Purpose

• Aims to protect information and IT assets from unauthorized use.
• Promotes awareness of cybersecurity threats, emphasizing the need for user vigilance in safeguarding data.

Responsibilities

• CISC: Executive owner responsible for reviewing and releasing the procedure.
• Information Security Department (ISD): Ensures effective implementation and user awareness about acceptable use.
• Head of Departments: Implement acceptable use guidelines for compliance within their teams.
• Users: Required to follow guidelines and protect bank's data and IT resources.

General Guidelines

• Users must act responsibly with IT assets and comply with security policies.
• Sharing or misuse of user IDs and passwords is prohibited.
• Laptop and sensitive information damage or loss is the user's liability.
• Users should report any suspicious activity to IS and IT departments immediately.

Internet Usage

• Internet access allowed primarily for job-related activities, including research and posting updates.
• Prohibited activities include accessing illegal content, using resources for personal profit, and circumventing security measures.
• Clean desktop policy: Users advised to organize files and save confidential information in designated folders.

Unacceptable Use Examples

• Unauthorized disclosure of information or resources.
• Dissemination of offensive or illegal content.
• Connecting unauthorized devices to the network or using unapproved networks.
• Using bank IT resources for unauthorized solicitations or advertisements.
• Accessing public Wi-Fi without VPN and not updating security tools.

Compliance

• Users are solely responsible for adhering to the procedures outlined for acceptable use.
• Non-compliance may lead to disciplinary actions as per bank policy.

Key Abbreviations

• CISC: Corporate Information Security Committee
• ISD: Information Security Department
• VPN: Virtual Private Network
• MFA: Multi Factor Authentication
• PII: Personal Identifiable Information

This document serves as a critical framework for ensuring security and compliance in the use of IT resources at NMB Bank.

Description

This quiz covers the information security standard procedures at NMB Bank Limited, specifically focusing on the acceptable use of IT resources. It highlights the procedures and guidelines necessary to ensure the proper handling of bank assets and information security. Familiarize yourself with the latest practices and amendments to reinforce compliance and security.