Security Awareness Flashcards
What is Security Awareness?
Knowledge and understanding of security threats and mitigation measures
The goal is to equip individuals to recognize and respond to threats for data protection.
What are Insider Threats?
Security risk from individuals within an organization
Sources include employees, former employees, contractors, or business partners.
What is the goal of Password Management?
Ensure strong, unique passwords; securely stored; reduces unauthorized access risk.
What are Social Engineering Attacks?
Techniques that manipulate individuals into breaching security procedures
Prevention includes avoiding unauthorized media and recognizing phone scams.
What is the purpose of Policies in an organization?
Formal guidelines defining organization operations and decisions.
What is Remote Work?
Performing job functions outside the office using technology.
What is Hybrid Work?
Combining in-office and remote work for flexibility.
What characterizes a Culture of Security?
Organizational mindset prioritizing security in daily tasks and decision-making
Characteristics include continuous education and proactive risk mitigation.
What are Behavior Indicators of Insider Threats?
Signs may include altered state or substance abuse, emotional distress, and lifestyle incongruences.
What should organizations do to support employees under Financial Struggles?
Have policies in place for handling scenarios like financial counseling or monitoring for unusual data access.
What is a Password Manager?
Specialized tool, plugin, or extension used with web browsers to securely store and manage various usernames and passwords.
What are the risks of Password Reuse?
Reusing passwords across multiple websites increases the risk of exposure if one site is breached.
Name some advantages of Password Managers.
- Securely store and manage multiple credentials
- Prevent password reuse
- Simplify password management
- Encrypt stored passwords.
What does Operational Security (OPSEC) protect?
Critical information from being used by adversaries.
What is the role of Organizational Change Management in creating a Culture of Security?
Recognizes the role of the human element in security and emphasizes staff engagement.
What does the Execution Phase of creating a Culture of Security involve?
Rolling out policies, conducting training, and adapting to evolving security threats.
True or False: Training employees on recognizing phishing attempts is part of creating a proactive culture of security.
True.
Fill in the blank: Policies and handbooks should be reviewed at least _______.
annually.
What are the security challenges faced in Remote and Hybrid Work Environments?
- Increased risk due to lack of physical security controls
- Data transmitted can be exposed
- Weaker security controls on home and public networks.
What is the importance of Employee Involvement in security?
Encourages open communication with management and collective responsibility in promoting a secure culture.
What measures can be taken to address security challenges in remote work?
- Establish comprehensive policies
- Use secure connections like VPN
- Implement multi-factor authentication.
What should be included in a robust Insider Threat Program?
- Training to recognize warning signs
- Encouraging reporting of suspicious activities
- Providing mental health support.
What are common techniques used in Social Engineering?
- Shoulder surfing
- Eavesdropping
- Piggybacking and tailgating.
What is the goal of the Development Phase in creating a Culture of Security?
Developing specific and actionable security plans.
