Information Security Awareness Assessment Quiz for Employees
Are you an asset or a vulnerability?
Information Security Awareness Assessment Quiz for Employees
The first step in building a security awareness program is to establish baseline by doing some assessment quizes, phishing campaign and some other methods to check employees awareness level and start building the awareness program accordingly.
The following security awareness assessment quiz is a beginner-level, 10 questions quiz that can determine, for a certain extent, whether an employee is a security asset or a vulnerability that needs to be remediated. However, it is worth mentioning that there is no way to cover all information security domains in such a short quiz.
Similar information security trainings and phishing simulations, along with comprehensive information security awareness material are all part of CIATEC’s information security awareness program. You can check program packages here.
Ready? Let’s go
Your passwords should be easy to remember and hard to guess, which of the following is an example of strong password?
Image by Gerd Altmann from Pixabay
A password should be at least 8 characters long and includes special characters, numbers, a mix of uppercase and lowercase letters and doesn't not contain a dictionary word or phrase. This will make it hard to guess by hacking scripts.
Personal Identifiable Information (PII) is used to verify your identity and distinguish one person from another. Which of the following is an example of PII?
Image by TheDigitalWay from Pixabay
Personal identifiable information are "Personal" and should only be shared on need-to-know basis. Keep all your personal identifiable information (PII) to yourself and do NOT share it with any untrusted party.
True or False? A phishing attack can harm your personal computer only, but not your company’s network.
A phishing attack may download a worm or other form of malware that can easily spread over the network and cause harm to all computers, servers and network peripherals.
Information security is the responsibility of:
Information security is everyone's responsibility.
True or False? It is OK to use the same password for all your online accounts as long as you keep it a secret.
Image by Gerd Altmann from Pixabay
Don't put all your eggs in one basket. You don't want all your accounts to be comprised just because one account is hacked. Use a separate password for each account. To remember your passwords, you can fix a part of the password and make the second part variable and linked some how to the service used.
Spear Phishing is:
Spear phishing is a unique form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party. Spear phishing works better than phishing because it uses information that it can find about you from email databases, friends’ lists, and the like. You can learn about the different types of phishing here
Hackers can crack your passwords by repeatedly trying to guess it. This password cracking method is called:
Photo by Soumil Kumar from Pexels
A brute-force attack works by repeatedly trying to guess your password until it is cracked. That is why you should always use long and complex passwords that will take ages to guess.
True or False: Physical security is NOT related to information security.
Image by PublicDomainPictures from Pixabay
Physical security controls are at the heart of any information security program. At the end of the day, information assets are stored on physical media such as hard disks, flash drives or simply papers.
The FIRST objective of a "Security Aware Employee" is to be able to:
Photo by Miguel Á. Padriñán from Pexels
The first step in the information security awareness ladder is to make sure that the average employee is able to identify threats and then report it to the right party. Threat avoidance and management are not the main responsibility of an average employee.
Tailgating is a form of social engineering that allows hackers to:
In information security, tailgating is a social engineering technique used by hackers to deceive organization's officials through direct speech or actions in order to gain access into restricted areas. An example of tailgating is when one person tags along with an authorized employee to access a building or pass a certain checkpoint.
Share your results and challenge your friends.
A well implemented security awareness program will harden the human layer of security of security.Learn more
Share your results and challenge your friends.
Share your Results:
