Revision Questions
- Ethics training is primarily meant for:
- Employees engaged in monitoring activities
- Employees engaged in designing training modules
- Employees engaged in assessing user access
- Employees engaged in managing the risk of the organization
- Which of the following is influenced by an effective information security awareness program?
- Inherent risk
- Residual risk
- Acceptable risk
- Business objectives
- The most effective way to promote a security culture is:
- To promote the advantages of a good security culture through influential people
- To increase the security budget
- To mandate online security training for each employee
- To upload the security policy on the organization's intranet
- The area of most concern for a security manager when an organization is storing sensitive data with a third-party cloud service provider is:
- High cost of maintenance
- Unavailability of proper training to end users
- Unavailability of services due to network failure
- The possibility of disclosure...