5.2 Security Program Elements Flashcards
Summarize security program elements (user awareness, training, and physical access control). (25 cards)
Define:
security policy
A set of rules for safeguarding sensitive information.
Security policies include guidelines on password strength, data handling, and acceptable use of technology to ensure network security.
Define:
security awareness training
Training to educate users on security threats and protective measures.
It aims to reduce human error by ensuring users understand risks like phishing, malware, and password management.
List three types of user awareness activities in a security program.
- Security awareness campaigns
- Security newsletters
- Security posters or reminders
Security Awareness Campaigns: Initiatives to educate users about security risks and best practices.
Security Newsletters: Regular updates on security tips, threats, and precautions.
Security Posters or Reminders: Visual reminders about security policies and safe practices.
What is the purpose of user awareness in a security program?
To help users understand security risks and policies.
Awareness helps prevent user errors that could lead to breaches and encourages compliance with security protocols.
What is the primary goal of security training for users?
To reduce human error that could lead to breaches.
Training ensures users are aware of security threats and best practices to protect systems and data.
What are two examples of user awareness activities?
- Interactive security quizzes
- Security newsletters
Interactive Security Quizzes: Engaging tests to reinforce security knowledge.
Security Newsletters: Regular updates on security tips and threats.
Why is user training important in a security program?
It equips users with the knowledge to handle security threats.
Well-trained users are less likely to make mistakes that could compromise the organization’s security.
Why should security training be regularly updated?
To address new and evolving threats.
Cyber threats constantly change, and users must stay informed about the latest security practices to remain protected.
What is the role of physical access control in a security program?
It restricts unauthorized access to sensitive areas.
Physical security measures like keycards, locks, and biometric scanners prevent unauthorized entry and protect critical assets.
Define:
Define two-factor authentication (2FA).
A security process requiring two verification methods.
2FA combines something the user knows (password) and something the user has (mobile device or token) to enhance security.
True or False:
User awareness is only necessary for employees working in IT departments.
False
Security awareness is crucial for all employees, as any user could inadvertently introduce security risks.
Fill in the blank:
______ ______ is an example of a physical access control method used to secure sensitive areas.
Biometric scanning
Biometric methods, like fingerprint or iris scans, provide high security and are difficult to bypass.
List two methods of educating users on security threats.
- Phishing simulation exercises
- Security workshops
Phishing Simulation Exercises: Simulated attacks to teach users how to recognize phishing attempts.
Security Workshops: Interactive sessions to educate users about security threats and preventive measures.
What is the role of security policies in a security training program?
To provide rules for users to follow for organizational security.
Policies ensure that all users follow standardized security practices, minimizing risks from inconsistent behavior.
True or False:
Physical security measures are less important than user awareness in a security program.
False
Both physical security and user awareness are critical to a comprehensive security program. One without the other creates gaps in protection.
Define:
user authentication
Process of verifying the identity of individuals before granting access.
Authentication methods include PINs, passwords, security tokens, and biometric data, ensuring only authorized users can access secure areas.
What is physical security?
The protection of hardware and network devices from physical threats.
Physical security involves measures like locks, surveillance, and access control to prevent tampering or theft of network equipment.
List two types of physical access control methods.
- Keycards
- Biometric scanners
Keycards: Electronic access cards that grant entry to authorized users.
Biometric Scanners: Devices that use fingerprints, facial recognition, or other biological traits for secure access.
Why is it important to secure both physical and digital assets?
Because both are vulnerable to theft or unauthorized access.
Securing physical and digital assets ensures that sensitive information is protected, whether it’s stored on a device or within physical infrastructure.
True or False:
Security training is only necessary for new employees.
False
Ongoing training is essential to keep all employees updated on new threats and security practices.
Fill in the blank:
The process of restricting access is known as ______ ______.
access control
Access control systems, such as keycards or ID badges, are crucial for preventing unauthorized physical access to secure areas.
List three types of access control models used in physical security.
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
Discretionary Access Control (DAC): Owners decide who can access specific areas or resources.
Mandatory Access Control (MAC): Access is strictly regulated based on security policies and classifications.
Role-Based Access Control (RBAC): Permissions are assigned based on a person’s role within an organization.
How does security awareness prevent ransomware attacks?
It teaches users to identify phishing emails and malicious attachments.
Users who are aware of ransomware tactics are less likely to click on malicious links or download harmful files.
Define
security breach
Unauthorized access to sensitive data or systems.
Breaches may occur through hacking, insider threats, or physical theft and can result in data loss or system compromise.
