Securing Your Knowledge

Questions and Answers

Which of the following is NOT a purpose of security awareness training?

• To help us deal with problems when they arise
• To implement technical controls (correct)
• To meet compliance training requirements
• To make all employees aware of information security policies

What are the risks associated with not following information security policies?

• Monetary risk
• Legal risk
• Reputation risk
• All of the above (correct)

Why is it important for employees to follow information security policies?

• To prevent legal consequences
• To protect the company's reputation (correct)
• To avoid monetary fines
• To implement technical controls

What can happen if an employee violates the law knowingly or unknowingly?

Both the employee and the company may face legal consequences (C)

What are some reasons for data breaches?

All of the above (D)

The purpose of security awareness training is to make employees aware of information security policies, help deal with problems when they arise, and meet compliance training requirements.

True (A)

If an employee violates the law, only the company is at risk of legal consequences.

False (B)

Data breaches can lead to monetary fines and damage a company's reputation.

True (A)

Security awareness training is not necessary if a company has strong technical controls in place.

False (B)

New viruses are a common reason for data breaches.

True (A)

Flashcards are hidden until you start studying