Category 1 – Information Security Basics
Category 2 – Information Security Program
Category 3 – Policies, Standards & Procedures
Category 4 – Security Controls
Category 5 – Security Awareness, Challenges & Best Practices
1

What is the main goal of implementing information security?  

To protect an organization's information assets.

1

What is an Information Security Program?

A framework that protects an organization's information assets.

1

Which document provides high-level security rules?

Security Policies.

1

What are the three types of security controls?
 

Administrative, Technical, and Physical Controls.

1

What is the purpose of Security Awareness Programs?
 

To educate employees about cybersecurity threats and safe practices.

2

What are the three principles of the CIA Triad?

Confidentiality, Integrity, Availability.

2

Name one component of an Information Security Program.

Risk Assessment, Security Policies, Security Standards, Security Procedures, Security Controls, Security Awareness Training, Incident Response, or Continuous Monitoring.

2

Which document contains mandatory technical requirements?
 

Security Standards.

2

Which security control includes employee training?
 

Administrative Controls.

2

Name one Security Awareness activity.
 

Cybersecurity training, Phishing simulations, Password awareness campaigns, Security newsletters, or Workshops and seminars.

3

What does Confidentiality mean?
 

Preventing unauthorized access to information.

3

Which component identifies threats and vulnerabilities?
 

 Risk Assessment.

3

Which document explains step-by-step security tasks?
 

Security Procedures.

3

Which security control includes firewalls and antivirus software?
 

Technical Controls.

3

Name one challenge in implementing information security.

Limited budget, Employee resistance, Rapidly evolving cyber threats, Lack of security awareness, Legacy systems, or Compliance requirements.

4

What does Integrity mean?

Ensuring information is accurate and unchanged.

4

Which component prepares an organization to respond to cyberattacks?
 

Incident Response.

4

Give one example of a Security Policy.
 

Password Policy, Acceptable Use Policy, Data Classification Policy, Access Control Policy, Remote Work Policy, or Incident Response Policy.

4

Which security control includes CCTV cameras and door locks?
 

Physical Controls.

4

Name one best practice for implementing information security.

Update security policies, Conduct employee training, Use MFA, Perform risk assessments, Apply software updates, Monitor systems continuously, or Create incident response plans.

5

What does Availability mean?

Ensuring authorized users can access information when needed.

5

Which component continuously checks systems for threats?
 

Continuous Monitoring.

5

Give one example of a Security Procedure.
 

Password Reset, User Account Creation, Data Backup, Malware Removal, or Incident Reporting.

5

What does MFA stand for?
 

Multi-Factor Authentication.

5

 Complete the sentence:

"Security is everyone's responsibility—not just the ______ department."


IT