Security Awareness Training

Questions and Answers

What is the primary goal of a phishing attack?

• To spread malware
• To steal sensitive data (correct)
• To cause a denial of service
• To disrupt computer systems

Which type of malware is designed to extort money from victims?

• Virus
• Trojan horse
• Worm
• Ransomware (correct)

What is the primary difference between a malware and a virus?

• A virus is a type of malware
• A virus is a type of Trojan horse
• Malware is a broader term that includes viruses (correct)
• Malware is a type of virus

What is the main purpose of a Man-in-the-Middle attack?

To steal sensitive data (B)

What is a best practice for protecting sensitive paper documents?

Securing them in a locked cabinet (D)

What is the first step to verify the legitimacy of a link?

Hover before clicking (D)

What should you do if you encounter an IT-Security incident?

Recognize the incident and report immediately (D)

What should you avoid when dealing with an IT-Security incident?

Unauthorized communication (D)

What should you do when completing a training session?

Show the QR code for participants to scan and join the survey (B)

What is a common tactic used by scammers to create a sense of urgency?

Urgency to create a sense of panic (C)

Flashcards are hidden until you start studying

Study Notes

Security Awareness Training

• Security is everyone's responsibility.

Purposes

• The CIA Triangle is a model for security purposes.

Threats

• Phishing: fraudulent emails, text messages, phone calls, or websites trick people into sharing sensitive data, downloading malware, or exposing themselves to cybercrime.
• Malware: malicious software that steals data, disrupts computers, networks, and systems, with 669M malware variants (according to Symantec's 2018 report).
• Insider Threat: malicious, negligent, or compromised insiders.
• Supply Chain Attacks: attacks on an organization's supply chain.
• Denial of Service Attacks: volume-based attacks that saturate a target's bandwidth with large amounts of data, or application-layer attacks that target specific vulnerabilities.
• Man in the Middle Attacks: attacks that intercept communication between two parties.

Security Best Practices

• Use strong passwords with length, complexity, uniqueness, randomness, and password managers.
• Utilize multi-factor authentication.
• Perform hardware/software updates.
• Use VPNs.
• Do not use personal email accounts for work purposes.
• Avoid opening attachments from strange emails and clicking on suspicious links.
• Be cautious of 'too good to be true' offers.
• Do not download software from unknown sources.
• Avoid using public Wi-Fi for sensitive actions.
• Lock screens when away.
• Beware of shoulder surfing.
• Secure sensitive paper documents.

Safe Web Browsing

• Use a security padlock.
• Enable spelling checks.
• Avoid clicking on suspicious links.
• Use Command + W to close windows.

Avoid Phishing

• Verify links before clicking.
• Check for typos.
• Don't fall for urgency.
• Be cautious of 'too good to be true' offers.

IT-Security Incident Reporting

• Recognize security incidents.
• Report incidents immediately to [email protected].
• Provide detailed information.
• Preserve evidence.
• Avoid unauthorized communication.
• Monitor for updates.

Training Completion

• Show QR code for participants to scan and join the survey.
• Complete questionnaires.