Sustainable Risk Reduction Through Information Security Process Testing Template:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 17:31, 3 August 2006 by Mdpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sustainable Risk Reduction Through Information Security Process Awareness Test Template.

This test has been developed by <Your Company Name> to gauge and promote end-user awareness of managing risk with the use of security processes.

True or False: Only public commercial web sites are viable targets for hackers.
True
False

Threats come from everywhere, including:
Script kiddies.
Enemies of the United States.
Insiders.
All of the above.

True or False: Credit card numbers and account numbers cannot be stolen from e-commerce sites.
True
False

True or False: Critical infrastructure and related industries are at particular risk in the current international environment.
True
False

According to CERT statistics, the number of incidents and vulnerabilities reported each year are:
Decreasing.
Increasing.
Remaining about the same.
None of the above.

Organizations will only be able to achieve sustainable risk reduction:
By allowing only employees in the building.
By not allowing access to the Internet from company resources.
Through the development and management of key information security processes.
None of the above.

Key vulnerabilities include:
Social engineering.
Malicious code.
Holes in network infrastructure hardware/software.
All of the above.

True or False: One of the most prolific sources of vulnerabilities is the default installation of operating systems and applications.
True
False

True or False: Risk reduction benefits include brand protection and reduced network downtime.
True
False

True or False: Organizations need process-management tools and resources to help develop and manage these critical information security processes.
True
False