QUIZ 8 - SETA

Questions and Answers

PDF Questions PDF Answers

What should the Board put in place to adequately protect the information resources of the organization?

ISMS (correct)

Information Security Policy

Executive approval

COBIT compliance

Which Organizational Management Level is responsible for identifying, implementing and maintaining Information Security controls and technologies?

Tactical Level (correct)

Strategic Level

Operational Level

Technical Level

The ____ authenticates the user.

User ID

Password (correct)

Biometrics

Security access level

At what stage of the Conscious Competence Model must an employee, through practice, make Information Security-related practices inherent to their normal daily actions?

Unconscious Competence

Security education should ideally lead onto secure...

Behaviour

Which of the following are objectives of a SETA Programme?

All of the above

Which Organizational Management Level is responsible for ensuring that all organizational Information Security controls and technologies are functioning effectively?

Operational Level

Which one is wrong? Security awareness should...

Only be presented to new employees

Which Organizational Management Level is responsible for defining an Information Security vision that is formalized into policy?

Strategic Level

What is the third stage of the Conscious Competence Model?

Conscious Competence

Study Notes

Security Awareness Training (SETA)

• The Board of Directors are responsible for establishing a robust Information Security Management System (ISMS) to protect organizational information resources.
• The Tactical Level of an organization is responsible for implementing and maintaining Information Security controls and technologies.
• The Operational Level of an organization is responsible for ensuring these controls are functioning effectively.
• The Strategic Level of an organization is responsible for defining a vision for Information Security that is formalized into policy.
• The Conscious Competence Model describes the stages of learning: Unconscious Incompetence, Conscious Incompetence, Conscious Competence, Unconscious Competence.
• Key objectives of a SETA Program:
  • Increase awareness of the need to protect organizational information resources.
  • Develop necessary skills to perform job duties securely.
  • Foster understanding of the importance of protecting organizational information assets.
• Security awareness training should be presented continuously to everyone in the organization, not just new employees.
• Security education should ideally lead to secure behavior.
• User passwords are the primary means of authenticating a user.
• Security awareness training helps employees develop secure behavior and reach the Unconscious Competence stage.

Description

This quiz explores the key elements of Security Awareness Training (SETA) including the roles of various organizational levels in Information Security Management Systems (ISMS). It also covers the Conscious Competence Model stages of learning and the objectives of a SETA program. Test your knowledge on how to protect organizational information resources effectively.