Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2522
  • Last Modified:

sample multiple choice Security Awareness Test

I'm looking for more questions for users which should cover areas like:
a) Spam emails
b) Phishing
c) Malwares & AV
d) Physical security
e) Data Confidentiality
f)  Password & password complexity

Ideally provide me with the answers as well.

Attached is a sample that I have so far, but I'll need about 40 more questions

Some basic reading materials for the users to do prior reading before
taking the awareness test is needed too
Sample-Security-Awareness-Assessmen.docx
0
sunhux
Asked:
sunhux
  • 3
  • 2
  • 2
  • +2
6 Solutions
 
bbaoIT ConsultantCommented:
most sample questions are practical questions and recommended for a real questionario. however, a few recommendations:

1. more areas to cover, such as vishing, social pressure and policy adoption.

2. avoid questions too conceptual that only suitable for security professionals such as Q1, Q11 and Q17. better more questions for average end users at operational level.

3. avoid ambiguously nonsense questions. e.g. Q18, if a user could know a website is malicious, the user would generally be alerted already. hence it is just a question on paper.
0
 
sunhuxAuthor Commented:
Thanks Bing.

I'll still need actual sample questions & answers   plus reading notes (for them to read prior to the test)
0
 
David AndersTechnician Commented:
These seem useful as general reading notes.
http://www.gcflearnfree.org/internetsafety/
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
Rich RumbleSecurity SamuraiCommented:
This is a good question, and I will write an article on it. I'll link to it once it's approved by EE. Your off to a good start, but users lose interest very quickly. Most Computer Base Training is abysmal, and everyone hates it. You have to be engaging and make the learning fun. We have great success with our program and I'm no authorized to share it publicly, so I'll document in an EE article first.
But to get you started, these are the leaders in Phishing and Security Awareness Training:
Wombat Security (https://www.wombatsecurity.com/try-our-interactive-training-modules-fcta)
PhishMe (http://phishme.com/resources/cbfree-computer-based-training/)
Social-engineering.com (https://www.social-engineer.com/social-engineering-training/)
-rich

-rich
0
 
btanExec ConsultantCommented:
KnowBe4 is another good candidate. If only our last line of defence can stay vigilant and the program to regular exercise them can levitate them into a human FW.

https://www.knowbe4.com/knowbe4-training-modules-overview/
0
 
bbaoIT ConsultantCommented:
> Most Computer Base Training is abysmal, and everyone hates it.

per my experiences, case study is always (much) better than theories and concepts especially for IT Security Awareness trainings. an interesting fact is that most trainers just love explaining a concept using more other abysmal concepts. :)

therefore, for a best result, the cases are better from personal experiences and something familiar for the audience. that could be a challenge for the trainer as the trainer needs to prepare training materials case by case according the audience's background.
0
 
Rich RumbleSecurity SamuraiCommented:
Here is the first part of Security Awareness Training advice:
https://www.experts-exchange.com/articles/27919/Phishing-Security-Awareness-Training.html

Specific training and materials to follow soon!
-rich
0
 
btanExec ConsultantCommented:
Nice, Richrumble. The campaign is worth to validate the user and the positive reinforcement helps build the culture of the company - doing good do benefit one and all as a whole :)

Just to share past EE article on security awareness

- for user as gatekeeper and look out for red flags
https://www.experts-exchange.com/articles/17548/Stop-Think-Decide-THEN-Click.html

- for user to stay vigilant and safeguard own online identity & privacy protection
https://www.experts-exchange.com/articles/18668/Protect-My-Identity-and-Privacy.html
https://www.experts-exchange.com/articles/18652/Privacy-protection-practices-and-tools.html
0
 
sunhuxAuthor Commented:
Wombatsecurity's trial is excellent
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now