Information Security Online Quiz

Tip - if you need to discuss confidential information, consider doing so in a secure meeting room.

All of the options listed (network security, cloud security, and application security) are types of information security. Network security focuses on protecting networks and their infrastructure from unauthorized access or attacks. Cloud security involves protecting data and applications that are stored in the cloud from breaches or data loss. Application security aims to secure software applications and prevent vulnerabilities that can be exploited by hackers. Therefore, all three options are valid types of information security measures.

The statement is false because Information Security Policy and related policies apply to both electronic and hardcopy records as well as verbal discussions. Verbal discussions can also involve sensitive information that needs to be protected, and therefore, should be subject to the same security measures and policies as other forms of records.

In this situation, the best course of action would be to inform the client that you will call them back once you return to the office. This is because discussing the case quietly with the client or answering their query while on the tram may compromise the confidentiality of the conversation. It is important to ensure that sensitive information is not overheard by others in a public setting. Therefore, it is best to wait until you are in a private and secure location before discussing the case further with the client.

The Inappropriate Access to Personal Information Policy requires employees to report suspected instances where there may have been unauthorised access to personal information so that the Privacy Officer and other relevant staff can decide whether to notify an affected individual.

Leaving a departmental laptop on your desk when you are not using it or at the end of the day would breach the Clear Desk and Screen Policy. This policy requires employees to ensure that all sensitive information is securely stored and not left unattended. Leaving a laptop on the desk increases the risk of unauthorized access or theft of confidential data. Locking the computer when away from the desk and locking confidential information in a cabinet are both actions that align with the policy, as they help protect sensitive information from being accessed by unauthorized individuals.

Consider whether access to particular records/folders should be restricted

While disasters, such as fires, floods, or earthquakes, can impact the availability and integrity of information, they are typically not considered intentional threats like eavesdropping, unchanged default passwords, or information leakage. Disasters are more often associated with business continuity and disaster recovery planning rather than direct information security threats.

Anti-malware tools in browsers are designed to detect and prevent malicious activities, including browser-based hacking attempts. These tools help protect users from various online threats such as malware, phishing, and other types of attacks that may target web browsers.

Compromising confidential information is considered an attack. In the context of information security, an attack refers to any unauthorized action that seeks to exploit vulnerabilities in a system, network, or application. In this case, compromising confidential information involves an intentional and unauthorized attempt to access, disclose, or misuse sensitive data, which is considered an attack on the information's confidentiality. Security measures are implemented to prevent, detect, and respond to such attacks to safeguard the integrity, availability, and confidentiality of information.