• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3578
  • Last Modified:

sample multiple choice Security Awareness Test

I'm looking for more questions for users which should cover areas like:
a) Spam emails
b) Phishing
c) Malwares & AV
d) Physical security
e) Data Confidentiality
f)  Password & password complexity

Ideally provide me with the answers as well.

Attached is a sample that I have so far, but I'll need about 40 more questions

Some basic reading materials for the users to do prior reading before
taking the awareness test is needed too
Sample-Security-Awareness-Assessmen.docx
0
sunhux
Asked:
sunhux
  • 3
  • 2
  • 2
  • +2
6 Solutions
 
bbaoIT ConsultantCommented:
most sample questions are practical questions and recommended for a real questionario. however, a few recommendations:

1. more areas to cover, such as vishing, social pressure and policy adoption.

2. avoid questions too conceptual that only suitable for security professionals such as Q1, Q11 and Q17. better more questions for average end users at operational level.

3. avoid ambiguously nonsense questions. e.g. Q18, if a user could know a website is malicious, the user would generally be alerted already. hence it is just a question on paper.
0
 
sunhuxAuthor Commented:
Thanks Bing.

I'll still need actual sample questions & answers   plus reading notes (for them to read prior to the test)
0
 
David AndersTechnician Commented:
These seem useful as general reading notes.
http://www.gcflearnfree.org/internetsafety/
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
Rich RumbleSecurity SamuraiCommented:
This is a good question, and I will write an article on it. I'll link to it once it's approved by EE. Your off to a good start, but users lose interest very quickly. Most Computer Base Training is abysmal, and everyone hates it. You have to be engaging and make the learning fun. We have great success with our program and I'm no authorized to share it publicly, so I'll document in an EE article first.
But to get you started, these are the leaders in Phishing and Security Awareness Training:
Wombat Security (https://www.wombatsecurity.com/try-our-interactive-training-modules-fcta)
PhishMe (http://phishme.com/resources/cbfree-computer-based-training/)
Social-engineering.com (https://www.social-engineer.com/social-engineering-training/)
-rich

-rich
0
 
btanExec ConsultantCommented:
KnowBe4 is another good candidate. If only our last line of defence can stay vigilant and the program to regular exercise them can levitate them into a human FW.

https://www.knowbe4.com/knowbe4-training-modules-overview/
0
 
bbaoIT ConsultantCommented:
> Most Computer Base Training is abysmal, and everyone hates it.

per my experiences, case study is always (much) better than theories and concepts especially for IT Security Awareness trainings. an interesting fact is that most trainers just love explaining a concept using more other abysmal concepts. :)

therefore, for a best result, the cases are better from personal experiences and something familiar for the audience. that could be a challenge for the trainer as the trainer needs to prepare training materials case by case according the audience's background.
0
 
Rich RumbleSecurity SamuraiCommented:
Here is the first part of Security Awareness Training advice:
https://www.experts-exchange.com/articles/27919/Phishing-Security-Awareness-Training.html

Specific training and materials to follow soon!
-rich
0
 
btanExec ConsultantCommented:
Nice, Richrumble. The campaign is worth to validate the user and the positive reinforcement helps build the culture of the company - doing good do benefit one and all as a whole :)

Just to share past EE article on security awareness

- for user as gatekeeper and look out for red flags
https://www.experts-exchange.com/articles/17548/Stop-Think-Decide-THEN-Click.html

- for user to stay vigilant and safeguard own online identity & privacy protection
https://www.experts-exchange.com/articles/18668/Protect-My-Identity-and-Privacy.html
https://www.experts-exchange.com/articles/18652/Privacy-protection-practices-and-tools.html
0
 
sunhuxAuthor Commented:
Wombatsecurity's trial is excellent
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now