After a number of highly publicized and embarrassing customer data leaks as a result of social
engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce
the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in
this situation?
A.
Information Security Awareness
B.
Social Media and BYOD
C.
Data Handling and Disposal
D.
Acceptable Use of IT Systems
Explanation:
Education and training with regard to Information Security Awareness will reduce the risk of data leaks
and as such forms an integral part of Security Awareness. By employing social engineering data can be
leaked by employees and only when company users are made aware of the methods of social engineering
via Information Security Awareness Training, you can reduce the risk of data leaks.
Incorrect Answers:
B: Attackers can solicit information/data from the company over instant messaging (IM) which is social
media as easily as they can over email, and this can occur in Facebook, MySpace, or anywhere else that
IM is possible. As far as employees bringing their own devices is concerned: it can connect to the
company’s Wi Fi network.
C: Data handling and disposal refers to the access of data to those users that need to access it and not
more and how YOU as the CIO handle the disposal of that data, it does not involve training users.
D: Acceptable use of IT systems refers to the usage of computers within the organization, not the leaking
of data prevention.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 364-369, 399-404, 408, 420, 422
http://en.wikipedia.org/wiki/Security_awareness