Module 6: Creating a Company Culture for Security

Question 1

Multi-Factor Authentication (MFA)

Answer 1

Explanation:
MFA adds extra layers of security by requiring more than just a password—like a code sent to your phone or a fingerprint.

Simplified Breakdown:
Instead of just typing a password, you also do something else to prove it’s really you.

Real-World Example:
When you log into your email and it asks for a 6-digit code from your phone—this is MFA.

Key Points:
Adds extra protection beyond passwords
Common types: SMS codes, authenticator apps, biometrics
Reduces risk if a password is stolen

Question 2

Principle of Least Privilege

Answer 2

Explanation:
Users and systems should only have the minimum access necessary to perform their tasks.

Simplified Breakdown:
Give people only the tools they need, nothing extra.

Real-World Example:
A cashier at a store doesn’t need access to the company’s payroll system.

Key Points:
Limits potential damage from accidents or attacks
Helps contain breaches
Encourages better security habits

Question 3

Defense in Depth

Answer 3

Explanation:
A layered approach to security where multiple safeguards protect data and systems.

Simplified Breakdown:
Like a castle with walls, guards, and a moat—if one layer fails, others still protect you.

Real-World Example:
Firewall + Antivirus + MFA + Encryption = defense in depth.

Key Points:
Redundancy improves protection
Slows down attackers
Each layer backs up the others

Question 4

Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS)

Answer 4

Explanation:
IDS monitors for suspicious activity. IPS not only detects it but also stops it.

Simplified Breakdown:
IDS watches. IPS watches and blocks bad stuff.

Real-World Example:
A network IDS might alert you if a user is trying to access restricted servers.

Key Points:
IDS = alerts only
IPS = alerts + blocks
Often work together in networks

Question 5

Encryption

Answer 5

Explanation:
Encryption turns data into unreadable code so only authorized people can read it.

Simplified Breakdown:
It’s like locking a message in a box only the right key can open.

Real-World Example:
HTTPS websites encrypt data sent between your browser and the site.

Key Points:
Protects data in transit and at rest
Uses algorithms and keys
Critical for privacy and security

Question 6

Data Loss Prevention (DLP)

Answer 6

Explanation:
DLP tools monitor and control data to prevent leaks or unauthorized sharing.

Simplified Breakdown:
Stops people from sending private stuff where it doesn’t belong.

Real-World Example:
A DLP system blocks an employee from emailing credit card data outside the company.

Key Points:
Prevents accidental and intentional leaks
Useful in finance, healthcare, and legal sectors
Can monitor email, USB use, and file transfers

Question 7

Security Patching

Answer 7

Explanation:
Patching is updating software to fix bugs and security holes.

Simplified Breakdown:
It’s like fixing cracks in your wall so bad guys can’t get in.

Real-World Example:
Applying Windows updates to fix security vulnerabilities.

Key Points:
Prevents known attacks
Should be done regularly
Automate when possible

Question 8

Endpoint Protection

Answer 8

Explanation:
Securing end-user devices like laptops and phones from threats.

Simplified Breakdown:
It’s like putting a lock on each person’s device.

Real-World Example:
Installing antivirus software on employees’ laptops.

Key Points:
Covers devices outside the network
Antivirus, firewalls, encryption
Essential for remote work security