Information Security Policy Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By MichaelHoward
M
MichaelHoward
Community Contributor
Quizzes Created: 1 | Total Attempts: 4,155
Questions: 19 | Attempts: 4,155

SettingsSettingsSettings
Information Security Policy Quiz - Quiz

Information security is essential to protect sensitive information. This quiz contains questions related to information security policy. The quiz is loaded with certain examples that will help you know more about the subject. This Information security policy quiz has been created to mitigate the multiple risks that the organization faces by handling data and using technical equipment. Please attempt the quiz to demonstrate your understanding of the policies, procedures, and best practices laid out within the document.


Questions and Answers
  • 1. 

    What should you do if you exceed your 300MB storage limit? (Select all that are applicable)

    • A.

      Create a personal folder (also known as a PST or archive file)

    • B.

      Perform some 'housekeeping' on your email account

    • C.

      Contact IT for assistance

    • D.

      Do nothing as my department is allowed to store large amounts of data

    Correct Answer(s)
    A. Create a personal folder (also known as a PST or archive file)
    B. Perform some 'housekeeping' on your email account
    C. Contact IT for assistance
    Explanation
    You should create a personal folder on your Y drive. This moves storage away from the inbox folder which is subject to size limits. This folder should be maintained and checked regularly. All email folders should be reviewed periodically and emails deleted when not required. If an email is important to a department, they can be saved on the shared S drive under the relevant departmental folder. Regular housekeeping should also take place so that storage limits aren't breached. Contact the IT department for assistance.

    Rate this question:

  • 2. 

    If you receive a warning about a virus threat from a friend what should you do? (Select all that apply)

    • A.

      Delete and ignore it as these type of emails can contain viruses or are a hoax

    • B.

      Forward it to all staff in the organisation

    • C.

      Send a new email to my friend and ask that they do not send me personal emails to my work email address

    • D.

      All of the above 

    Correct Answer(s)
    A. Delete and ignore it as these type of emails can contain viruses or are a hoax
    C. Send a new email to my friend and ask that they do not send me personal emails to my work email address
    Explanation
    Never forward chain e-mail messages or virus warnings. The vast majority are a hoax or they can propagate viruses. The organisation has antivirus and antispyware protection that filters most suspect emails and attachments. If you receicve a chain email or a virus warning from a friend create a brand new email and contact them to ask that they do not send personal emaisl to your work email address. Do not reply to their original email as this could propagate any viruses contained within the email.

    Rate this question:

  • 3. 

    Which of the following actions is classed as unauthorised use of systems / electronic equipment? (Select all that apply)

    • A.

      Using profanity while chatting by email to a colleague

    • B.

      Logging in to my bank account at lunch time

    • C.

      Using my work telephone or mobile to make a personal call without authorisation

    • D.

      Sending an email to the Sports Leaders UK mailing list telling them that there are cakes in the kitchen at Head Office

    • E.

      Sending an email to the Milton Keynes mailing list telling them that there are cakes in the kitchen at Head Office

    Correct Answer(s)
    A. Using profanity while chatting by email to a colleague
    B. Logging in to my bank account at lunch time
    C. Using my work telephone or mobile to make a personal call without authorisation
    D. Sending an email to the Sports Leaders UK mailing list telling them that there are cakes in the kitchen at Head Office
    Explanation
    The organisation will not tolerate the use of the Internet or mobile technologies for personal use unless authorised by your line manager.

    Please consider the impact of using large distribution groups. For example, an email to inform the Milton Keynes office of cakes in the kitchen is relevant to many, but the same email to the entire Sports Leaders UK organisation may not be.

    Rate this question:

  • 4. 

    If you are provided with Sports Leaders UK portable equipment and you need to leave this in a vehicle overnight, how should this be stored? (Select all that apply)

    • A.

      The vehicle is protected by an intruder alarm system which is in full working order, which will operate in the event of interference with the vehicle

    • B.

      The portable equipment is concealed from view under a seat or floor mat and not visible from outside of the vehicle

    • C.

      The doors of the vehicle are locked and all windows of the vehicle closed

    • D.

      The portable equipment is concealed from view in a locked boot or covered luggage department

    Correct Answer(s)
    A. The vehicle is protected by an intruder alarm system which is in full working order, which will operate in the event of interference with the vehicle
    C. The doors of the vehicle are locked and all windows of the vehicle closed
    D. The portable equipment is concealed from view in a locked boot or covered luggage department
    Explanation
    Our insurance does not pay out on theft from vehicles unless it is protected with an intruder alarm, the doors are locked and the windows closed, and the equipment is concealed in the boot or in a covered luggage compartment. Equipment must not be left under or on any of the car seats.

    Rate this question:

  • 5. 

    If a visitor requires internet access at Sports Leaders UK head office they may use which of the following facilities? (Select all that apply)

    • A.

      The Sports Leaders UK primary wireless network (SportsLeadersUK)

    • B.

      The Sports Leaders UK secondary wireless network (SLUK Guest)

    • C.

      The Microsmiths / Linford Forum wireless network

    • D.

      The Sports Leaders UK ‘Secured Port’

    Correct Answer(s)
    B. The Sports Leaders UK secondary wireless network (SLUK Guest)
    C. The Microsmiths / Linford Forum wireless network
    D. The Sports Leaders UK ‘Secured Port’
    Explanation
    A visitor has three options of accessing the internet at Sports Leaders UK head office. The first option is to connect to Microsmiths' wireless facility, a free service provided by the company Microsmiths for the whole of Linford Forum - It is a network unrelated to the Sports Leaders UK network and therefore poses no security risk for Sports Leaders UK. The second options is to connect to the Sports Leaders UK guest wireless network, a network sectioned off from the main Sports Leaders UK IT systems. The third option is for a visitor to connect to one of the designated 'Secure Ports' within Head Office. These are located around the office marked with green stickers and a sign. These 'Secure Ports' provide an active internet connection but sit outside of the main Sports Leaders UK network, adding an added level of security to Sports Leaders UK systems.

    Rate this question:

  • 6. 

    What should you do if you receive a suspicious email? (Select all that apply)

    • A.

      Move it to your junk folder or delete it

    • B.

      Contact IT for assistance

    • C.

      Open and read the email

    • D.

      None of the above

    Correct Answer(s)
    A. Move it to your junk folder or delete it
    B. Contact IT for assistance
    Explanation
    Staff should be cautious about opening any e-mails and attachments from e-mails that have dubious or missing subject lines. Don't open attachments unless sure of the source. Report any suspected virus activity to the IT Service Desk.

    Rate this question:

  • 7. 

    What is the AC1 form used for?

    • A.

      To advise the IT Service Desk another user may be misusing equipment

    • B.

      Requesting a new password because yours has been compromised

    • C.

      To request a new user account for a new member of staff

    • D.

      To extend the period of time a mailbox remains available

    • E.

      To advise the IT Service Desk a staff member is about to leave the organisation

    Correct Answer
    E. To advise the IT Service Desk a staff member is about to leave the organisation
    Explanation
    An AC1 form is used to inform the IT Service Desk that a member of staff is leaving the organisation. It allows the IT department to close down the user account at the appropriate time and setup any relevant forwarding of files and emails. A minimum of one weeks notification is required when using an AC1 form.

    Rate this question:

  • 8. 

    What should you do if you believe your password has been compromised?

    • A.

      Advise your Operations Support Advisor contact

    • B.

      Contact the IT Service Desk immediately

    • C.

      Contact your line manager immediately

    • D.

      Email the Sports Leaders UK distribution group to let everybody know

    Correct Answer
    B. Contact the IT Service Desk immediately
    Explanation
    A password is often all that stands between an intruder and the Sports Leaders UK IT systems. If your password has been compromised you must contact the IT department immediately.

    Rate this question:

  • 9. 

    Which of the following actions break data protection legislation? (Select all that apply)

    • A.

      When logged in to terminal services I will save an organisational document on to my personal laptop/computer/tablet so I can work on it off line. I then upload it again after I have finished.

    • B.

      I save a list of learner and tutor information on to my encrypted memory stick / flash drive.

    • C.

      The responsible tutor assessor has requested I send them the list of learner names and dates of birth on their current course so they can check they are all correct. I have confirmed that I am speaking with the right person following the correct procedure. I then email them the list using my Sports Leaders UK account.

    • D.

      All of the above

    Correct Answer(s)
    A. When logged in to terminal services I will save an organisational document on to my personal laptop/computer/tablet so I can work on it off line. I then upload it again after I have finished.
    C. The responsible tutor assessor has requested I send them the list of learner names and dates of birth on their current course so they can check they are all correct. I have confirmed that I am speaking with the right person following the correct procedure. I then email them the list using my Sports Leaders UK account.
    Explanation
    Terminal services is a secure environment but if information is transferred and saved on to your personal computer then this organisational data is then stored outside of the corporate network. Any personal information stored outside the corporate network breaks data protection law. It is acceptable to save learner and tutor information to an encrypted flash drive. Data protection states that any personal information about an individual must be stored in a safe and secure environment and encrypted in transit. Sports Leaders UK is the data collector and is therefore responsible for the personal information collected. We provide computers for those based in the office and laptops that are encrypted for those on the move. Encryption means that the information is stored in a secure format, so if the laptop was ever stolen the data would not be retrievable. Our email accounts are not encrypted, therefore if any data is sent to the wrong individual, they would be able to open up this data and see information they are not entitled to view. When sending any information that includes personal data about our customers, employees or corporate partners we should ensure that this is not sent without added protection. This could be by sending the data as an attachment and locking it with a password or by allowing the user to retrieve their data through another medium such as an external storage area (IT Support can advise). If a tutor assessor requests information about their learners it is best to advise them how they can retrieve this by logging on to LEAP. Alternatively a password protected document can be emailed (PDF, Excel or Word). The password should be sent in a separate email after the document has been confirmed as being received by the recipient.

    Rate this question:

  • 10. 

    Which of the following actions break Sports Leaders UK policy? (Select all that apply)

    • A.

      I save all of my information to my department’s folder on the shared S drive or to my personal Y drive only

    • B.

      I forward work emails to my personal email so I can work on this information from home

    • C.

      When logged in to terminal services I will save a document on to my personal laptop/computer/tablet so I can work on it offline. I then upload it again after I have finished

    • D.

      I take a list of learner and tutor information with me out of the office on my memory stick/flash drive because it is encrypted

    Correct Answer(s)
    B. I forward work emails to my personal email so I can work on this information from home
    C. When logged in to terminal services I will save a document on to my personal laptop/computer/tablet so I can work on it offline. I then upload it again after I have finished
    Explanation
    The S and Y drive are part of the corporate computer network and are therefore acceptable areas to store data.

    Any emails that we send from our Sports Leaders UK email account represent the organisation. Emails can contain personal information about our staff, our customers, other corporate partners and supporters and corporate information that should not be shared. We ensure that any data contained and distributed through Outlook is stored safely, follows corporate identity rules by ensuring it has the right signature, uses the right font, contact details and disclaimers; is stored and backed up and therefore available if required again in the future for reference or to support regulatory requirements. If an email is forwarded to a home email account the corporate data is then taken out of the corporate environment, does not protect the data, does not archive and store the message within context and does not provide a clear tracking route to support regulatory and legislative requirements. For this reason we do not allow anyone to forward emails containing corporate information to their personal email address.

    Terminal services is a secure environment through which staff can access their Sports Leaders UK account and data without being in the office and by using any computer, but it does require an internet connection to be able to access the information which means that some staff will save data on to the personal computer they are working with so they can work offline. The problem with this is that the data is then stored outside the corporate network and is subject to all the above concerns in the previous paragraph.

    It is acceptable to store personal information on an encrypted flash drive as the data is protected by the encryption process.

    Rate this question:

  • 11. 

    You are unexpectedly called by an external company. You have heard of the company before but are not sure if they have a contract with us or not. They ask that you allow them access to your computer so that they can fix a problem. What should you do? (Select all that apply)

    • A.

      Give them your password and other login details that they may need to fix the problem

    • B.

      Tell them they cannot have your password as we are not allowed to pass this out but let them connect to your computer to fix the problem as our support company have fixed issues by connecting to your computer on previous occasions

    • C.

      Explain that you have not been notified and need to check that their request is valid. Call the IT Service Desk to verify and do not grant access until this has been confirmed

    • D.

      All of the above

    Correct Answer
    C. Explain that you have not been notified and need to check that their request is valid. Call the IT Service Desk to verify and do not grant access until this has been confirmed
    Explanation
    If unsure you should never allow an external company access to your computer without verifying with the IT department that their request is valid. Anybody who is granted access to connect to your computer must be supervised at all times.

    Rate this question:

  • 12. 

    Where appropriate, which category of report can be distributed to members of the public?

    • A.

      Category 1

    • B.

      Category 2

    • C.

      Category 3

    • D.

      Category 4

    Correct Answer
    D. Category 4
    Explanation
    Only Category 4 can be distributed to members of the public. Most reports will be restricted to internal staff either due to the data they hold. Category 1 is restricted to internal departments or groups listed in the report and Category 2 to internal organisational distribution only (contracted staff). Alternatively Category 3 allows external distribution, but restricted to the listed people or organisations.

    Rate this question:

  • 13. 

    When a customer contacts us to confirm/edit data we hold on them, how should we verify their identity? (Select all that apply)

    • A.

      Information from their database record (e.g. email address)

    • B.

      Name of first Pet

    • C.

      Date of Birth

    • D.

      Mothers Maiden Name

    Correct Answer(s)
    A. Information from their database record (e.g. email address)
    C. Date of Birth
    Explanation
    Dates of birth are requested for all individuals registering on to our database. Therefore the date of birth is a form of verification. In addition we request an additional set of information contained on their record. We do not currently ask for mother’s maiden name or name of first pet.

    Rate this question:

  • 14. 

    If you are going to be using personal equipment in the organisation what should you do? (Select all that apply)

    • A.

      Inform the IT Service Desk

    • B.

      Get consent from your line manager

    • C.

      Ensure the equipment meets standards as defined in the Information Security Policy

    • D.

      None of the above

    Correct Answer(s)
    A. Inform the IT Service Desk
    B. Get consent from your line manager
    C. Ensure the equipment meets standards as defined in the Information Security Policy
    Explanation
    All personal equipment must be reported to the IT Service Desk after receiving consent from your line manager to ensure that it meets all hardware and software requirements as stated in the Information Security Policy. All personal equipment must have anti-virus software installed that is regularly updated.

    Rate this question:

  • 15. 

    What are staff responsibilities to physical security in their work surroundings?  (Select all that apply)

    • A.

      If they use any organisational mobile equipment they are responsible for ensuring it is kept safe and secure

    • B.

      They are responsible for ensuring that no equipment is taken from their surroundings without authorisation

    • C.

      They are responsible for ensuring that filing cabinets and doors that are their responsibility are locked and that any electronic equipment is locked or switched off before leaving the premises

    • D.

      All of the above

    Correct Answer(s)
    A. If they use any organisational mobile equipment they are responsible for ensuring it is kept safe and secure
    B. They are responsible for ensuring that no equipment is taken from their surroundings without authorisation
    C. They are responsible for ensuring that filing cabinets and doors that are their responsibility are locked and that any electronic equipment is locked or switched off before leaving the premises
    Explanation
    Staff are reponsible for all equipment given to them during their employment with Sports Leaders UK. An equipment signout sheet must be signed for all mobile equipment to show that the equipment you have been provided with is in operable condition. Staff are also repsonsible for ensuring that no equipment is taken from their surroundings and that all secure areas are kept locked where appropriate.

    Rate this question:

  • 16. 

    A member of Sports Leaders UK has been recruited to my department and will be starting to work in my team in two weeks time. What should I do before they start their new position?

    • A.

      Request access to our S drive departmental folder and any database systems that my team use

    • B.

      Request that they have any new equipment that may be relevant to their new position. (Monitor, laptop, mobile phone etc)

    • C.

      Submit an NA1 form to the IT Service Desk

    • D.

      Submit an AC1 form to HR

    Correct Answer
    C. Submit an NA1 form to the IT Service Desk
    Explanation
    A new user account or a change in job role will only be actioned on receipt of an NA1 form. This must be filled out by the line manager and forwarded to the IT department a minimum of two weeks before the start date. An NA1 form provides the IT department with the level of detail required to setup the account such as file access, mailing groups, equipment details, terminal services access, etc.

    Rate this question:

  • 17. 

    If a third party of contractor wishes to work in an area that contains Sports Leaders UK information or needs computer access to a system what should you do to ensure confidentiality and to secure the area? (Select all that apply)

    • A.

      Ensure that the third party or contractor has a formal agreement with us for the work and that it has been agreed

    • B.

      Consider the risk of the third party or contractor having access and the necessity of the work then decide if access should be granted, denied or if their access should be monitored

    • C.

      Ensure that keys are not left in filing cabinets and papers are filed away

    • D.

      Ensure that computer equipment is locked, turned off or removed from the area

    • E.

      Ensure that private rooms containing critical equipment of confidential information cannot be accessed

    • F.

      Make other staff aware of their presence and where they are expected to need access to

    Correct Answer(s)
    A. Ensure that the third party or contractor has a formal agreement with us for the work and that it has been agreed
    B. Consider the risk of the third party or contractor having access and the necessity of the work then decide if access should be granted, denied or if their access should be monitored
    C. Ensure that keys are not left in filing cabinets and papers are filed away
    D. Ensure that computer equipment is locked, turned off or removed from the area
    E. Ensure that private rooms containing critical equipment of confidential information cannot be accessed
    F. Make other staff aware of their presence and where they are expected to need access to
    Explanation
    A third party or contractor includes any external organisation or individual that is not classed as a member of staff. These may or may not be contracted to the organisation. When third partiesor contractors are involved in providing support and maintenance of the organisation’s facilities it may be necessary for them to access systems using the highest levels of privilege. It is essential that privileged access to computer areas by third parties or contractors is approved by the IT Service Desk and that a member of staff is responsible for managing the access and that the access is monitored and / or logged.

    A risk assessment must be made before third parties or contractors are given access to normally secure areas where confidential information is stored or processed. The outcome may be to deny access, grant access or provide access with provisos to manage the risk such as allowing access while being observed.

    Precautions in the form of formal agreements should be taken to protect the information security interests of the organisation where external organisations or individuals are allowed access to the organisation’s equipment, network or systems.

    Third parties or contractors should have appropriate assurances within the contract to safeguard the organisation in relation to privacy, access to data and accidental damage. Any third party or contractor who is under agreement with the organisation may have unsupervised access if appropriate.

    Rate this question:

  • 18. 

    What is a bulk email? (Select all that apply)

    • A.

      Any email sent to 10 or less external users

    • B.

      Any email sent to 15 or more external users

    • C.

      Any email with an attachment larger than 10MB sent to an external user

    • D.

      None of the above 

    Correct Answer(s)
    B. Any email sent to 15 or more external users
    C. Any email with an attachment larger than 10MB sent to an external user
    Explanation
    An email sent to 15 or more external users, or a single email sent with an attachment larger than 10Mb is considered a bulk email. Contact the IT department for advice if you have a vaild reason for needing to send emails to more than 15 people external to the organisation.

    Rate this question:

  • 19. 

    What should you do if you require software downloading that is not already supplied by the Sports Leaders UK IT Service Desk?

    • A.

      Contact the IT Service Desk

    • B.

      Obtain managerial authorisation

    • C.

      Request through the IT Service Desk and obtain managerial authorisation

    • D.

      All of the above

    Correct Answer
    C. Request through the IT Service Desk and obtain managerial authorisation
    Explanation
    If there is a requirement for additional software to be downloaded contact the IT Service Desk and request authorisation from your manager.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Dec 12, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 05, 2015
    Quiz Created by
    MichaelHoward
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.