Ann a technician received a spear-phishing email asking her to update her personal information by
clicking the link within the body of the email. Which of the following type of training would prevent
Ann and other employees from becoming victims to such attacks?
A.
User Awareness
B.
Acceptable Use Policy
C.
Personal Identifiable Information
D.
Information Sharing
Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely
identify an individual. This data can be anything from the person’s name to a fingerprint (think
biometrics), credit card number, or patient record. Employees should be made aware of this type
of attack by means of training.
this answer should be re worded it should be PII training not just PII
0
0
Shouldn’t the answer be User Awareness? PII training is really about handling of other peoples’ PII, not about one’s own. This is a basic phish, even though it is targeted within the company. An employee who might be very cautious with customer PII might not think anything of it if the company asks her to update her information. After all, she might think, they already have it all.
User Awareness training is all that is needed to help her be aware of the threat, and to be mistrustful of such emails even if they appear to come from within the company.
0
0