Information Security Policy Quiz

  • ISO/IEC 27001
  • NIST SP 800-53
Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By MichaelHoward
M
MichaelHoward
Community Contributor
Quizzes Created: 1 | Total Attempts: 4,248
| Attempts: 4,248 | Questions: 19
Please wait...
Question 1 / 19
0 %
0/100
Score 0/100
1. What should you do if you believe your password has been compromised?

Explanation

A password is often all that stands between an intruder and the Sports Leaders UK IT systems. If your password has been compromised you must contact the IT department immediately.

Submit
Please wait...
About This Quiz
Information Security Policy Quiz - Quiz

Information security is essential to protect sensitive information. This quiz contains questions related to information security policy. The quiz is loaded with certain examples that will help you know more about the subject. This Information security policy quiz has been created to mitigate the multiple risks that the organization faces... see moreby handling data and using technical equipment. Please attempt the quiz to demonstrate your understanding of the policies, procedures, and best practices laid out within the document. see less

Personalize your quiz and earn a certificate with your name on it!
2. You are unexpectedly called by an external company. You have heard of the company before but are not sure if they have a contract with us or not. They ask that you allow them access to your computer so that they can fix a problem. What should you do? (Select all that apply)

Explanation

If unsure you should never allow an external company access to your computer without verifying with the IT department that their request is valid. Anybody who is granted access to connect to your computer must be supervised at all times.

Submit
3. What should you do if you require software downloading that is not already supplied by the Sports Leaders UK IT Service Desk?

Explanation

If there is a requirement for additional software to be downloaded contact the IT Service Desk and request authorisation from your manager.

Submit
4. What should you do if you receive a suspicious email? (Select all that apply)

Explanation

Staff should be cautious about opening any e-mails and attachments from e-mails that have dubious or missing subject lines. Don't open attachments unless sure of the source. Report any suspected virus activity to the IT Service Desk.

Submit
5. A member of Sports Leaders UK has been recruited to my department and will be starting to work in my team in two weeks time. What should I do before they start their new position?

Explanation

A new user account or a change in job role will only be actioned on receipt of an NA1 form. This must be filled out by the line manager and forwarded to the IT department a minimum of two weeks before the start date. An NA1 form provides the IT department with the level of detail required to setup the account such as file access, mailing groups, equipment details, terminal services access, etc.

Submit
6. Where appropriate, which category of report can be distributed to members of the public?

Explanation

Only Category 4 can be distributed to members of the public. Most reports will be restricted to internal staff either due to the data they hold. Category 1 is restricted to internal departments or groups listed in the report and Category 2 to internal organisational distribution only (contracted staff). Alternatively Category 3 allows external distribution, but restricted to the listed people or organisations.

Submit
7. What are staff responsibilities to physical security in their work surroundings?  (Select all that apply)

Explanation

Staff are reponsible for all equipment given to them during their employment with Sports Leaders UK. An equipment signout sheet must be signed for all mobile equipment to show that the equipment you have been provided with is in operable condition. Staff are also repsonsible for ensuring that no equipment is taken from their surroundings and that all secure areas are kept locked where appropriate.

Submit
8. What is the AC1 form used for?

Explanation

An AC1 form is used to inform the IT Service Desk that a member of staff is leaving the organisation. It allows the IT department to close down the user account at the appropriate time and setup any relevant forwarding of files and emails. A minimum of one weeks notification is required when using an AC1 form.

Submit
9. If you receive a warning about a virus threat from a friend what should you do? (Select all that apply)

Explanation

Never forward chain e-mail messages or virus warnings. The vast majority are a hoax or they can propagate viruses. The organisation has antivirus and antispyware protection that filters most suspect emails and attachments. If you receicve a chain email or a virus warning from a friend create a brand new email and contact them to ask that they do not send personal emaisl to your work email address. Do not reply to their original email as this could propagate any viruses contained within the email.

Submit
10. If you are going to be using personal equipment in the organisation what should you do? (Select all that apply)

Explanation

All personal equipment must be reported to the IT Service Desk after receiving consent from your line manager to ensure that it meets all hardware and software requirements as stated in the Information Security Policy. All personal equipment must have anti-virus software installed that is regularly updated.

Submit
11. When a customer contacts us to confirm/edit data we hold on them, how should we verify their identity? (Select all that apply)

Explanation

Dates of birth are requested for all individuals registering on to our database. Therefore the date of birth is a form of verification. In addition we request an additional set of information contained on their record. We do not currently ask for mother’s maiden name or name of first pet.

Submit
12. If a third party of contractor wishes to work in an area that contains Sports Leaders UK information or needs computer access to a system what should you do to ensure confidentiality and to secure the area? (Select all that apply)

Explanation

A third party or contractor includes any external organisation or individual that is not classed as a member of staff. These may or may not be contracted to the organisation. When third partiesor contractors are involved in providing support and maintenance of the organisation’s facilities it may be necessary for them to access systems using the highest levels of privilege. It is essential that privileged access to computer areas by third parties or contractors is approved by the IT Service Desk and that a member of staff is responsible for managing the access and that the access is monitored and / or logged.

A risk assessment must be made before third parties or contractors are given access to normally secure areas where confidential information is stored or processed. The outcome may be to deny access, grant access or provide access with provisos to manage the risk such as allowing access while being observed.

Precautions in the form of formal agreements should be taken to protect the information security interests of the organisation where external organisations or individuals are allowed access to the organisation’s equipment, network or systems.

Third parties or contractors should have appropriate assurances within the contract to safeguard the organisation in relation to privacy, access to data and accidental damage. Any third party or contractor who is under agreement with the organisation may have unsupervised access if appropriate.

Submit
13. If you are provided with Sports Leaders UK portable equipment and you need to leave this in a vehicle overnight, how should this be stored? (Select all that apply)

Explanation

Our insurance does not pay out on theft from vehicles unless it is protected with an intruder alarm, the doors are locked and the windows closed, and the equipment is concealed in the boot or in a covered luggage compartment. Equipment must not be left under or on any of the car seats.

Submit
14. What is a bulk email? (Select all that apply)

Explanation

An email sent to 15 or more external users, or a single email sent with an attachment larger than 10Mb is considered a bulk email. Contact the IT department for advice if you have a vaild reason for needing to send emails to more than 15 people external to the organisation.

Submit
15. What should you do if you exceed your 300MB storage limit? (Select all that are applicable)

Explanation

You should create a personal folder on your Y drive. This moves storage away from the inbox folder which is subject to size limits. This folder should be maintained and checked regularly. All email folders should be reviewed periodically and emails deleted when not required. If an email is important to a department, they can be saved on the shared S drive under the relevant departmental folder. Regular housekeeping should also take place so that storage limits aren't breached. Contact the IT department for assistance.

Submit
16. Which of the following actions break data protection legislation? (Select all that apply)

Explanation

Terminal services is a secure environment but if information is transferred and saved on to your personal computer then this organisational data is then stored outside of the corporate network. Any personal information stored outside the corporate network breaks data protection law. It is acceptable to save learner and tutor information to an encrypted flash drive. Data protection states that any personal information about an individual must be stored in a safe and secure environment and encrypted in transit. Sports Leaders UK is the data collector and is therefore responsible for the personal information collected. We provide computers for those based in the office and laptops that are encrypted for those on the move. Encryption means that the information is stored in a secure format, so if the laptop was ever stolen the data would not be retrievable. Our email accounts are not encrypted, therefore if any data is sent to the wrong individual, they would be able to open up this data and see information they are not entitled to view. When sending any information that includes personal data about our customers, employees or corporate partners we should ensure that this is not sent without added protection. This could be by sending the data as an attachment and locking it with a password or by allowing the user to retrieve their data through another medium such as an external storage area (IT Support can advise). If a tutor assessor requests information about their learners it is best to advise them how they can retrieve this by logging on to LEAP. Alternatively a password protected document can be emailed (PDF, Excel or Word). The password should be sent in a separate email after the document has been confirmed as being received by the recipient.

Submit
17. If a visitor requires internet access at Sports Leaders UK head office they may use which of the following facilities? (Select all that apply)

Explanation

A visitor has three options of accessing the internet at Sports Leaders UK head office. The first option is to connect to Microsmiths' wireless facility, a free service provided by the company Microsmiths for the whole of Linford Forum - It is a network unrelated to the Sports Leaders UK network and therefore poses no security risk for Sports Leaders UK. The second options is to connect to the Sports Leaders UK guest wireless network, a network sectioned off from the main Sports Leaders UK IT systems. The third option is for a visitor to connect to one of the designated 'Secure Ports' within Head Office. These are located around the office marked with green stickers and a sign. These 'Secure Ports' provide an active internet connection but sit outside of the main Sports Leaders UK network, adding an added level of security to Sports Leaders UK systems.

Submit
18. Which of the following actions break Sports Leaders UK policy? (Select all that apply)

Explanation

The S and Y drive are part of the corporate computer network and are therefore acceptable areas to store data.

Any emails that we send from our Sports Leaders UK email account represent the organisation. Emails can contain personal information about our staff, our customers, other corporate partners and supporters and corporate information that should not be shared. We ensure that any data contained and distributed through Outlook is stored safely, follows corporate identity rules by ensuring it has the right signature, uses the right font, contact details and disclaimers; is stored and backed up and therefore available if required again in the future for reference or to support regulatory requirements. If an email is forwarded to a home email account the corporate data is then taken out of the corporate environment, does not protect the data, does not archive and store the message within context and does not provide a clear tracking route to support regulatory and legislative requirements. For this reason we do not allow anyone to forward emails containing corporate information to their personal email address.

Terminal services is a secure environment through which staff can access their Sports Leaders UK account and data without being in the office and by using any computer, but it does require an internet connection to be able to access the information which means that some staff will save data on to the personal computer they are working with so they can work offline. The problem with this is that the data is then stored outside the corporate network and is subject to all the above concerns in the previous paragraph.

It is acceptable to store personal information on an encrypted flash drive as the data is protected by the encryption process.

Submit
19. Which of the following actions is classed as unauthorised use of systems / electronic equipment? (Select all that apply)

Explanation

The organisation will not tolerate the use of the Internet or mobile technologies for personal use unless authorised by your line manager.

Please consider the impact of using large distribution groups. For example, an email to inform the Milton Keynes office of cakes in the kitchen is relevant to many, but the same email to the entire Sports Leaders UK organisation may not be.

Submit
View My Results

Quiz Review Timeline (Updated): Dec 12, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Dec 12, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 05, 2015
    Quiz Created by
    MichaelHoward
Cancel
  • All
    All (19)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
What should you do if you believe your password has been compromised?
You are unexpectedly called by an external company. You have heard of...
What should you do if you require software downloading that is not...
What should you do if you receive a suspicious email? (Select all that...
A member of Sports Leaders UK has been recruited to my department and...
Where appropriate, which category of report can be distributed to...
What are staff responsibilities to physical security in their work...
What is the AC1 form used for?
If you receive a warning about a virus threat from a friend what...
If you are going to be using personal equipment in the organisation...
When a customer contacts us to confirm/edit data we hold on them, how...
If a third party of contractor wishes to work in an area that contains...
If you are provided with Sports Leaders UK portable equipment and you...
What is a bulk email? (Select all that apply)
What should you do if you exceed your 300MB storage limit? (Select all...
Which of the following actions break data protection legislation?...
If a visitor requires internet access at Sports Leaders UK head office...
Which of the following actions break Sports Leaders UK policy? (Select...
Which of the following actions is classed as unauthorised use of...
Alert!

Advertisement