ISMS Awareness Quiz

1. You have a hard copy of a custom design document that you want to dispose of. What would you do?

Throw it in any dustbin

Shred using a shredder

Give it to the office boy to reuse it for other purposes.

Be environment friendly and reuse it for writing

Proper disposal of sensitive documents, such as custom design documents, is crucial to prevent unauthorized access to confidential information. Shredding the document using a shredder ensures that it's irreversibly destroyed, making it unreadable and safeguarding against potential data breaches. This practice adheres to security protocols and helps maintain confidentiality. Simply discarding or reusing the document without proper destruction could pose security risks.

Explanation

Proper disposal of sensitive documents, such as custom design documents, is crucial to prevent unauthorized access to confidential information. Shredding the document using a shredder ensures that it's irreversibly destroyed, making it unreadable and safeguarding against potential data breaches. This practice adheres to security protocols and helps maintain confidentiality. Simply discarding or reusing the document without proper destruction could pose security risks.

2. How can you report a security incident?

HOTS

Phone

E-mail

Any of the above

None of the above

Reporting a security incident can be done through various methods, including HOTS (an internal ticketing system some organizations use), phone, or email. The key is to use the most effective and immediate form of communication available within your organization to ensure a quick response. Different organizations have different protocols, so it's important to follow the specific guidelines provided for reporting security incidents effectively and efficiently.

Explanation

Reporting a security incident can be done through various methods, including HOTS (an internal ticketing system some organizations use), phone, or email. The key is to use the most effective and immediate form of communication available within your organization to ensure a quick response. Different organizations have different protocols, so it's important to follow the specific guidelines provided for reporting security incidents effectively and efficiently.

3. What are the different categories of assets in an organization (Choose the Best Answer)

Information and Paper assets

Physical and Application assets

Service Assets

Options A, B, C

Options A and B Only

The correct answer is Options A, B, C. This answer is correct because it includes all the different categories of assets in an organization. Option A includes information and paper assets, option B includes physical and application assets, and option C includes service assets. Therefore, options A, B, and C cover all the different categories of assets in an organization.

Explanation

The correct answer is Options A, B, C. This answer is correct because it includes all the different categories of assets in an organization. Option A includes information and paper assets, option B includes physical and application assets, and option C includes service assets. Therefore, options A, B, and C cover all the different categories of assets in an organization.

4. Availability means

Service should be accessible at the required time and usable by all.

Service should be accessible at the required time and usable only by the authorized entity.

Service should not be accessible when required.

Availability, in the context of information security, refers to the assurance that systems, applications, and data are accessible to authorized users when needed. This definition emphasizes not only the readiness and operational status of services but also restricts access to those services and information to solely authorized entities. Ensuring availability means having reliable access and functional systems, as well as implementing proper controls to prevent unauthorized access, thus maintaining the integrity and confidentiality of the data.

Explanation

Availability, in the context of information security, refers to the assurance that systems, applications, and data are accessible to authorized users when needed. This definition emphasizes not only the readiness and operational status of services but also restricts access to those services and information to solely authorized entities. Ensuring availability means having reliable access and functional systems, as well as implementing proper controls to prevent unauthorized access, thus maintaining the integrity and confidentiality of the data.

5. What do you ensure when you check the code/documents in your configuration management system like CVS, Sublime, or KT?

The integrity of the code

Availability of the code

Confidentiality of the code

All of the above

When checking the code/documents in a configuration management system like CVS, Sublime, or KT, you ensure the integrity of the code by verifying that it is complete, accurate, and free from errors. You also ensure the availability of the code by making sure it is easily accessible and can be retrieved when needed. Additionally, you ensure the confidentiality of the code by implementing proper security measures to protect it from unauthorized access or disclosure. Therefore, the correct answer is "All of the above."

Explanation

When checking the code/documents in a configuration management system like CVS, Sublime, or KT, you ensure the integrity of the code by verifying that it is complete, accurate, and free from errors. You also ensure the availability of the code by making sure it is easily accessible and can be retrieved when needed. Additionally, you ensure the confidentiality of the code by implementing proper security measures to protect it from unauthorized access or disclosure. Therefore, the correct answer is "All of the above."

6. You see a nonfamiliar face in the access-controlled areas of our office, and the person does not have an MGL ID/Visitor/Staff/Vendor tag with him. What would you do?

None of my business, let somebody else take care of it.

Ask the person to leave the facility.

Escort the person to the security and raise a security incident.

Raise a security incident and go back doing your work.

Scream and yell till the person leaves.

If you see a nonfamiliar face in the access-controlled areas of the office without the proper identification, the correct course of action would be to escort the person to security and raise a security incident. This ensures that the person is properly handled and investigated by the security team, as their presence in restricted areas without proper identification could pose a security risk. It is important to take responsibility and follow the necessary protocols to maintain the safety and security of the office environment.

Explanation

If you see a nonfamiliar face in the access-controlled areas of the office without the proper identification, the correct course of action would be to escort the person to security and raise a security incident. This ensures that the person is properly handled and investigated by the security team, as their presence in restricted areas without proper identification could pose a security risk. It is important to take responsibility and follow the necessary protocols to maintain the safety and security of the office environment.

7. What is social engineering?

A group planning for social activity in the organization

Creating a situation wherein a third party gains confidential information from you

The organization planning an activity for the welfare of the neighborhood

Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. Attackers exploit human psychology through tactics like phishing emails or impersonation to deceive targets into revealing sensitive data. Recognizing and mitigating social engineering threats is essential for safeguarding against unauthorized access and data breaches in organizations.

Explanation

Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. Attackers exploit human psychology through tactics like phishing emails or impersonation to deceive targets into revealing sensitive data. Recognizing and mitigating social engineering threats is essential for safeguarding against unauthorized access and data breaches in organizations.

8. The integrity of data means

Accuracy and completeness of the data

Data should be viewable at all times

Only the right people should access the data

The integrity of the data implies that the data should be accurate and complete. For Example: when we back up a database, we don't expect only the structure and half the entries to be backed up. We expect the whole database to be backed up.

Explanation

The integrity of the data implies that the data should be accurate and complete. For Example: when we back up a database, we don't expect only the structure and half the entries to be backed up. We expect the whole database to be backed up.

9. The financial result of your company is published on the website. The document is to be classified as

Confidential Document

Public Document

Internal Document

External Document

The financial result of the company being published on the website indicates that it is meant to be accessible to the general public. It is not classified as confidential since it is being shared publicly. It is also not an internal document since it is being shared outside the company. Similarly, it is not an external document since it is being published by the company itself. Therefore, the correct classification for this document is a public document.

Explanation

The financial result of the company being published on the website indicates that it is meant to be accessible to the general public. It is not classified as confidential since it is being shared publicly. It is also not an internal document since it is being shared outside the company. Similarly, it is not an external document since it is being published by the company itself. Therefore, the correct classification for this document is a public document.

10. CIA of assets stands for

Confidentiality, Integration, and Availability

Continuity, Integration, and Availability

Confidentiality, Integrity, and Accessibility

Continuity, Integrity, and Accessibility

Confidentiality, Integrity, and Availability

The correct answer is "Confidentiality, Integrity, and Availability." CIA is a widely used acronym in the field of information security. Confidentiality refers to protecting sensitive information from unauthorized access. Integrity ensures that data remains accurate and unaltered. Availability ensures that information and resources are accessible to authorized users when needed. These three principles are fundamental in designing and implementing secure systems and protecting against threats and vulnerabilities.

Explanation

The correct answer is "Confidentiality, Integrity, and Availability." CIA is a widely used acronym in the field of information security. Confidentiality refers to protecting sensitive information from unauthorized access. Integrity ensures that data remains accurate and unaltered. Availability ensures that information and resources are accessible to authorized users when needed. These three principles are fundamental in designing and implementing secure systems and protecting against threats and vulnerabilities.