Information security, or Infosec, protects sensitive information from unauthorized activities. This includes recording, inspection, destruction, or modification. Infosec’s goal is to ensure the privacy and safety of vital data such as customer financial data, intellectual property, or account details. Learn about best practices for information security with this starter Qstream microlearning course.
Category: Compliance Safety and Risk Management
Industry: Technology
Questions: 15
FREE
Navigate through the Qstream questions below to preview. Each challenge is designed following Qstream’s best practices for maximum knowledge reinforcement and engagement. This Qstream is free for clients to use as a starting point.
Click on each title to preview the question in the mobile/desktop widget.
Follow the interactions on each screen to answer Qstream questions as a Participant.
Answer explanation:
Malicious insiders are often motivated to attack an organization for many reasons.
• Political insiders decide to abuse company resources to make a political statement or embarrass someone.
• Revenge insiders feel an individual or company has wronged them in some way. They want to do something that will hurt that company or individual.
• Greed insiders decide to abuse their access to company resources for their own gain. They steal money, intellectual property or assets from the organization.
Desperation insiders commit fraud, theft or sabotage by targeting their vulnerability while experiencing certain life events such as:
• Personal bankruptcy
• Expensive health problem
• Personal tragedy
• Vulnerability to blackmail
• Addiction
Answer explanation:
Anyone is considered a potential insider threat that has access to your company’s network, systems, or data. This includes anyone that has approved current or expired access. This is also anyone who purposely abuses their authorized access for their own gain or to cause harm to others.
Answer explanation:
Often attackers conduct research through social media, organizations’ websites, news items, and more to find a trusted person within an organization to compromise their credentials. Be aware of information that you may be posting to social media or on instant messaging as you may be providing sensitive information unintentionally.
Answer explanation:
Attackers can guess weak passwords and take advantage of reused passwords. Imagine your reused password was exposed in an unreported data breach on a site. Attackers can use the password to access your other accounts or make requests through some of your instant messaging applications.
Remember to change passwords often. Do not recycle them. Use a strong and unique password for all your accounts.
As a result of gaining your log-on credentials, an attacker may phish everyone in your records database.
Answer explanation:
Attackers target and compromise a person’s account who is usually a trusted individual such as a manager, familiar vendor, attorney, or CEO. The attackers commonly compromise accounts to steal money and sensitive data.
Answer explanation:
It is a best practice not to accept a request without verifying it first. Any account such as a business email can be compromised. When an account has been compromised, someone is accessing the account without authorization.
Ask yourself the following questions:
• Who typically asks for payments or sensitive data?
• Are the requests usually urgent?
• Who usually handles relationships with vendors?
• Who is permitted to access sensitive data?
Be aware of common scams that often include a request from someone in a higher-level position that would usually ask for sensitive information without causing alarm or suspicion.
Answer explanation:
Attackers send emails that are designed to trick you into revealing sensitive personal information, download dangerous attachments, or click malicious links so they can access your log-on credentials. This is called Phishing. Attackers commonly compromise an email account as a way to steal money or sensitive data. Be aware of common scams which usually include a request for a wire transfer or sensitive information.
Answer explanation:
This email was a well-researched scam that came from Jake’s manager and their account was compromised. The decision to wire transfer money can cost a company a lot of money.
Wire transfer fraud is one of the most common reasons attackers compromise management email accounts.
If your email account is compromised, you likely will not know right away. It is often hard to detect if others have been compromised. When email requests for data or money wires come from a legitimate account, it’s easy to assume they’re safe. Be aware of some of the early warning signs of a potential scam.
Answer explanation:
Attackers are savvy, they take advantage of public information published on social media, news publications, and company websites to locate trusted employees’ names and contact information within an organization. Validate requests by contacting the sender through an alternate communication method. Do not click on unknown links within the body of an email. Attackers use these links to phish for additional sensitive information and log-on credentials. Remember to change your passwords often, and avoid giving hackers potential keys to your accounts.
Answer explanation:
Malicious insiders may commit the following types of crimes against an organization:
• IT Sabotage uses Information Technology (IT) to harm an organization or individual
• Theft of intellectual property from the organization that includes confidential information, trade secret and other valuable data
• Unauthorized modification, addition, or deletion of data that includes theft of information to commit identity theft
Answer explanation:
Remember to safeguard your identity. Never share credentials, ID badges, or other items that could give a malicious insider access to restricted information or areas.
If something does happen, an audit trail will trace back to you, not the perpetrator.
Answer explanation:
Do not share passwords, ID badges, or any other credentials with anyone inside or outside the company. If someone commits a crime while using your secure information you may also be held responsible resulting in possible termination, fines, and possible jail time.
People steal information in many ways. Keep valuable information secure, whether that information is found in physical documents or computer files.
Don’t be afraid to ask questions if someone asks for data that they don’t usually need. Always follow your company’s data protection policies.
Answer explanation:
Look out for insiders demonstrating behavior that seem off or outside of usual routines or policies such as:
• Requests for data or access to files that they do not apply to their job or role
• Working outside of their usual schedule or standard office hours
• Sudden mood swings for example someone who is usually grumpy and is now happy, smiling, and joyful
• Downloading, printing, or copying large amounts of data
Answer explanation:
Remember to safeguard your identity by never sharing passwords or log-on information. If something seems abnormal stop and think about the consequences or what could potentially happen.
If you notice something unusual report the suspicious behavior.
Answer explanation:
Theft of intellectual property from the organization that includes confidential information, trade secret, and other valuable data is considered to be a malicious insider crime.
Answer explanation:
Malicious insiders are often motivated to attack an organization for many reasons.
• Political insiders decide to abuse company resources to make a political statement or embarrass someone.
• Revenge insiders feel an individual or company has wronged them in some way. They want to do something that will hurt that company or individual.
• Greed insiders decide to abuse their access to company resources for their own gain. They steal money, intellectual property or assets from the organization.
Desperation insiders commit fraud, theft or sabotage by targeting their vulnerability while experiencing certain life events such as:
• Personal bankruptcy
• Expensive health problem
• Personal tragedy
• Vulnerability to blackmail
• Addiction
Answer explanation:
Anyone is considered a potential insider threat that has access to your company’s network, systems, or data. This includes anyone that has approved current or expired access. This is also anyone who purposely abuses their authorized access for their own gain or to cause harm to others.
Answer explanation:
Often attackers conduct research through social media, organizations’ websites, news items, and more to find a trusted person within an organization to compromise their credentials. Be aware of information that you may be posting to social media or on instant messaging as you may be providing sensitive information unintentionally.
Answer explanation:
Attackers can guess weak passwords and take advantage of reused passwords. Imagine your reused password was exposed in an unreported data breach on a site. Attackers can use the password to access your other accounts or make requests through some of your instant messaging applications.
Remember to change passwords often. Do not recycle them. Use a strong and unique password for all your accounts.
As a result of gaining your log-on credentials, an attacker may phish everyone in your records database.
Answer explanation:
Attackers target and compromise a person’s account who is usually a trusted individual such as a manager, familiar vendor, attorney, or CEO. The attackers commonly compromise accounts to steal money and sensitive data.
Answer explanation:
It is a best practice not to accept a request without verifying it first. Any account such as a business email can be compromised. When an account has been compromised, someone is accessing the account without authorization.
Ask yourself the following questions:
• Who typically asks for payments or sensitive data?
• Are the requests usually urgent?
• Who usually handles relationships with vendors?
• Who is permitted to access sensitive data?
Be aware of common scams that often include a request from someone in a higher-level position that would usually ask for sensitive information without causing alarm or suspicion.
Answer explanation:
Attackers send emails that are designed to trick you into revealing sensitive personal information, download dangerous attachments, or click malicious links so they can access your log-on credentials. This is called Phishing. Attackers commonly compromise an email account as a way to steal money or sensitive data. Be aware of common scams which usually include a request for a wire transfer or sensitive information.
Answer explanation:
This email was a well-researched scam that came from Jake’s manager and their account was compromised. The decision to wire transfer money can cost a company a lot of money.
Wire transfer fraud is one of the most common reasons attackers compromise management email accounts.
If your email account is compromised, you likely will not know right away. It is often hard to detect if others have been compromised. When email requests for data or money wires come from a legitimate account, it’s easy to assume they’re safe. Be aware of some of the early warning signs of a potential scam.
Answer explanation:
Attackers are savvy, they take advantage of public information published on social media, news publications, and company websites to locate trusted employees’ names and contact information within an organization. Validate requests by contacting the sender through an alternate communication method. Do not click on unknown links within the body of an email. Attackers use these links to phish for additional sensitive information and log-on credentials. Remember to change your passwords often, and avoid giving hackers potential keys to your accounts.
Answer explanation:
Malicious insiders may commit the following types of crimes against an organization:
• IT Sabotage uses Information Technology (IT) to harm an organization or individual
• Theft of intellectual property from the organization that includes confidential information, trade secret and other valuable data
• Unauthorized modification, addition, or deletion of data that includes theft of information to commit identity theft
Answer explanation:
Remember to safeguard your identity. Never share credentials, ID badges, or other items that could give a malicious insider access to restricted information or areas.
If something does happen, an audit trail will trace back to you, not the perpetrator.
Answer explanation:
Do not share passwords, ID badges, or any other credentials with anyone inside or outside the company. If someone commits a crime while using your secure information you may also be held responsible resulting in possible termination, fines, and possible jail time.
People steal information in many ways. Keep valuable information secure, whether that information is found in physical documents or computer files.
Don’t be afraid to ask questions if someone asks for data that they don’t usually need. Always follow your company’s data protection policies.
Answer explanation:
Look out for insiders demonstrating behavior that seem off or outside of usual routines or policies such as:
• Requests for data or access to files that they do not apply to their job or role
• Working outside of their usual schedule or standard office hours
• Sudden mood swings for example someone who is usually grumpy and is now happy, smiling, and joyful
• Downloading, printing, or copying large amounts of data
Answer explanation:
Remember to safeguard your identity by never sharing passwords or log-on information. If something seems abnormal stop and think about the consequences or what could potentially happen.
If you notice something unusual report the suspicious behavior.
Answer explanation:
Theft of intellectual property from the organization that includes confidential information, trade secret, and other valuable data is considered to be a malicious insider crime.
© Qstream, Inc. 2024
All Rights reserved.
Privacy Policy | Terms of Use | Qstream AI Terms & Conditions | Accessibility
