Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

sample multiple choice  Security Awareness Test

Posted on 2016-09-04
10
Medium Priority
?
1,574 Views
Last Modified: 2016-09-21
I'm looking for more questions for users which should cover areas like:
a) Spam emails
b) Phishing
c) Malwares & AV
d) Physical security
e) Data Confidentiality
f)  Password & password complexity

Ideally provide me with the answers as well.

Attached is a sample that I have so far, but I'll need about 40 more questions

Some basic reading materials for the users to do prior reading before
taking the awareness test is needed too
Sample-Security-Awareness-Assessmen.docx
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 37

Assisted Solution

by:bbao
bbao earned 360 total points
ID: 41783897
most sample questions are practical questions and recommended for a real questionario. however, a few recommendations:

1. more areas to cover, such as vishing, social pressure and policy adoption.

2. avoid questions too conceptual that only suitable for security professionals such as Q1, Q11 and Q17. better more questions for average end users at operational level.

3. avoid ambiguously nonsense questions. e.g. Q18, if a user could know a website is malicious, the user would generally be alerted already. hence it is just a question on paper.
0
 

Author Comment

by:sunhux
ID: 41784628
Thanks Bing.

I'll still need actual sample questions & answers   plus reading notes (for them to read prior to the test)
0
 
LVL 10

Assisted Solution

by:davidanders
davidanders earned 320 total points
ID: 41785293
These seem useful as general reading notes.
http://www.gcflearnfree.org/internetsafety/
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 64

Expert Comment

by:btan
ID: 41785410
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 840 total points
ID: 41792645
This is a good question, and I will write an article on it. I'll link to it once it's approved by EE. Your off to a good start, but users lose interest very quickly. Most Computer Base Training is abysmal, and everyone hates it. You have to be engaging and make the learning fun. We have great success with our program and I'm no authorized to share it publicly, so I'll document in an EE article first.
But to get you started, these are the leaders in Phishing and Security Awareness Training:
Wombat Security (https://www.wombatsecurity.com/try-our-interactive-training-modules-fcta)
PhishMe (http://phishme.com/resources/cbfree-computer-based-training/)
Social-engineering.com (https://www.social-engineer.com/social-engineering-training/)
-rich

-rich
0
 
LVL 64

Assisted Solution

by:btan
btan earned 480 total points
ID: 41792694
KnowBe4 is another good candidate. If only our last line of defence can stay vigilant and the program to regular exercise them can levitate them into a human FW.

https://www.knowbe4.com/knowbe4-training-modules-overview/
0
 
LVL 37

Expert Comment

by:bbao
ID: 41792761
> Most Computer Base Training is abysmal, and everyone hates it.

per my experiences, case study is always (much) better than theories and concepts especially for IT Security Awareness trainings. an interesting fact is that most trainers just love explaining a concept using more other abysmal concepts. :)

therefore, for a best result, the cases are better from personal experiences and something familiar for the audience. that could be a challenge for the trainer as the trainer needs to prepare training materials case by case according the audience's background.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 840 total points
ID: 41797589
Here is the first part of Security Awareness Training advice:
https://www.experts-exchange.com/articles/27919/Phishing-Security-Awareness-Training.html

Specific training and materials to follow soon!
-rich
0
 
LVL 64

Assisted Solution

by:btan
btan earned 480 total points
ID: 41797738
Nice, Richrumble. The campaign is worth to validate the user and the positive reinforcement helps build the culture of the company - doing good do benefit one and all as a whole :)

Just to share past EE article on security awareness

- for user as gatekeeper and look out for red flags
https://www.experts-exchange.com/articles/17548/Stop-Think-Decide-THEN-Click.html

- for user to stay vigilant and safeguard own online identity & privacy protection
https://www.experts-exchange.com/articles/18668/Protect-My-Identity-and-Privacy.html
https://www.experts-exchange.com/articles/18652/Privacy-protection-practices-and-tools.html
0
 

Author Comment

by:sunhux
ID: 41809953
Wombatsecurity's trial is excellent
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question