What is the main goal of implementing information security?
To protect an organization's information assets.
What is an Information Security Program?
A framework that protects an organization's information assets.
Which document provides high-level security rules?
Security Policies.
What are the three types of security controls?
Administrative, Technical, and Physical Controls.
What is the purpose of Security Awareness Programs?
To educate employees about cybersecurity threats and safe practices.
What are the three principles of the CIA Triad?
Confidentiality, Integrity, Availability.
Name one component of an Information Security Program.
Risk Assessment, Security Policies, Security Standards, Security Procedures, Security Controls, Security Awareness Training, Incident Response, or Continuous Monitoring.
Which document contains mandatory technical requirements?
Security Standards.
Which security control includes employee training?
Administrative Controls.
Name one Security Awareness activity.
Cybersecurity training, Phishing simulations, Password awareness campaigns, Security newsletters, or Workshops and seminars.
What does Confidentiality mean?
Preventing unauthorized access to information.
Which component identifies threats and vulnerabilities?
Risk Assessment.
Which document explains step-by-step security tasks?
Security Procedures.
Which security control includes firewalls and antivirus software?
Technical Controls.
Name one challenge in implementing information security.
Limited budget, Employee resistance, Rapidly evolving cyber threats, Lack of security awareness, Legacy systems, or Compliance requirements.
What does Integrity mean?
Ensuring information is accurate and unchanged.
Which component prepares an organization to respond to cyberattacks?
Incident Response.
Give one example of a Security Policy.
Password Policy, Acceptable Use Policy, Data Classification Policy, Access Control Policy, Remote Work Policy, or Incident Response Policy.
Which security control includes CCTV cameras and door locks?
Physical Controls.
Name one best practice for implementing information security.
Update security policies, Conduct employee training, Use MFA, Perform risk assessments, Apply software updates, Monitor systems continuously, or Create incident response plans.
What does Availability mean?
Ensuring authorized users can access information when needed.
Which component continuously checks systems for threats?
Continuous Monitoring.
Give one example of a Security Procedure.
Password Reset, User Account Creation, Data Backup, Malware Removal, or Incident Reporting.
What does MFA stand for?
Multi-Factor Authentication.
Complete the sentence:
"Security is everyone's responsibility—not just the ______ department."
IT