Information Security Assessment Quiz! Trivia

Explanation
Information security is a collective responsibility that involves every individual within an organization. All employees play a crucial role in ensuring the security of information by following security protocols, being aware of potential threats, and adhering to best practices. While the Chief Information Officer, Board of Directors, Managing Director, and Chief Risk Officer may have specific roles and responsibilities related to information security, ultimately, it is the combined effort of all employees that helps protect sensitive information and maintain a secure environment.

Explanation
Compliance with the Information Security Policy of the Bank is mandatory because it is a requirement that must be followed by all individuals and entities within the bank. This policy is in place to ensure the protection of sensitive information, mitigate risks, and maintain the overall security of the bank's systems and data. Failure to comply with this policy may result in disciplinary actions or legal consequences.

Explanation
The lack of adequate personnel is not a threat to information security because it refers to a shortage of staff or personnel, which may result in a lack of efficiency or productivity, but it does not directly pose a risk to the security of information. The other options listed - exposure to sensitive documentation, virus attacks, natural disasters, theft, sabotage, and misuse - all represent potential threats to information security as they can lead to unauthorized access, data breaches, or loss of information integrity.

Explanation
The statement contradicts common workplace policies where personal software is typically not allowed to be installed on official workstations. This is done to maintain security, prevent unauthorized software installations, and ensure the smooth functioning of the workstation for official purposes.

Explanation
Both the Chief Information Officer and the Head of Corporate Services have the authority to approve the introduction and removal of information assets from the premises. This means that either one of them can grant permission for these actions to take place. It is important for these individuals to have control over the movement of information assets in order to ensure their security and proper management within the organization.

Explanation
The statement suggests that users have the discretion to decide whether or not to carry items like laptops as hand luggage while in transit. However, the correct answer is "False" because the decision of carrying such items as hand luggage is not left to the users' discretion. Airlines and airport authorities have specific rules and regulations regarding what items can be carried as hand luggage, and laptops are generally required to be screened separately at security checkpoints.

Explanation
Users are not expected to keep a clear desk only on the last working day of the week. The statement implies that users are only required to have a clear desk on the last working day, which is not true. Users are expected to keep a clear desk at all times, regardless of the day of the week.

Explanation
Users should not write out passwords for safe keeping as it poses a security risk. Writing down passwords increases the chances of them being lost, stolen, or accessed by unauthorized individuals. It is recommended to use password managers or other secure methods to store and manage passwords.

Explanation
Sharing of user IDs or passwords is not permitted, even with adequate justification. This practice poses a significant security risk as it compromises the confidentiality and integrity of the system. User IDs and passwords are meant to be kept private and should not be shared with others, as it can lead to unauthorized access and potential misuse of sensitive information. It is essential to maintain strong security practices by keeping user credentials confidential and not sharing them with anyone.

Explanation
The given statement is true because it states that malware incidents should be reported and resolved according to SunTrust Bank's Incident Management Procedures. This implies that the bank has specific procedures in place to handle malware incidents, which is important for ensuring the security and integrity of the bank's systems and data. By following these procedures, the bank can effectively respond to and mitigate the impact of malware incidents, protecting both the bank and its customers from potential harm.

Explanation
The statement suggests that any SunTrust Bank information stored in removable media should be deleted once it is no longer needed. This indicates that the bank follows a policy of ensuring that sensitive information is not kept on removable media for longer than necessary, which helps to protect against potential data breaches or unauthorized access. Therefore, the correct answer is True.

Explanation
The statement suggests that the use of third party email services for official purposes may be allowed at the discretion of someone. However, the correct answer is "False" because the use of third party email services for official purposes is generally not permitted. Organizations usually have their own email systems or designated platforms for official communication to ensure security, confidentiality, and control over official correspondence.

Explanation
The statement suggests that users should not solely rely on the IT Department for protection against threats to their systems. Instead, they should take proactive measures to identify and eliminate potential threats themselves. This implies that users have a responsibility to be vigilant and take necessary precautions to safeguard their systems, in addition to seeking assistance from the IT Department when needed.

Explanation
The correct answer is true because reporting lost or stolen devices immediately to the CIO is an important step in ensuring information security. By doing so, the necessary actions can be taken to protect sensitive data and prevent unauthorized access. This helps in mitigating potential risks and maintaining the overall security of the organization's information assets.

Explanation
The statement suggests that users should use personal modems to connect to the Bank's internal network in case there is downtime from the Bank's internet service providers. However, this is not a recommended practice as it can pose security risks and may not be in compliance with the Bank's policies and procedures. It is important for users to follow the Bank's guidelines and protocols during such situations.