nerdexam
EC-Council

312-50V10 · Question #810

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, em

The correct answer is A. Warning to those who write password on a post it note and put it on his/her desk. When employees are actively committing visible security violations like posting passwords at their desks, the immediate first action is direct behavioral correction through a warning.

Social Engineering

Question

Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

Options

  • AWarning to those who write password on a post it note and put it on his/her desk
  • BDeveloping a strict information security policy
  • CInformation security awareness training
  • DConducting a one to one discussion with the other employees about the importance of information

How the community answered

(22 responses)
  • A
    91% (20)
  • C
    5% (1)
  • D
    5% (1)

Why each option

When employees are actively committing visible security violations like posting passwords at their desks, the immediate first action is direct behavioral correction through a warning.

AWarning to those who write password on a post it note and put it on his/her deskCorrect

Issuing a direct warning to employees visibly displaying passwords on post-it notes is the most immediate corrective action because it stops an active, observable security violation in real time without any delay. This creates immediate accountability and signals that security behavior will be enforced before formal programs are developed or rolled out. Addressing the most critical and currently active risk first is the standard security triage principle.

BDeveloping a strict information security policy

Developing a security policy is necessary long-term but requires drafting, review, and approval time, meaning the active violations continue unaddressed in the interim.

CInformation security awareness training

Security awareness training is a valuable long-term investment but cannot be designed and delivered instantly, and it does not immediately stop the employees currently exposing credentials.

DConducting a one to one discussion with the other employees about the importance of information

One-on-one discussions are too time-consuming to scale across all affected employees quickly enough to stop the widespread, ongoing violations happening right now.

Concept tested: Security policy enforcement and immediate violation remediation

Source: https://csrc.nist.gov/publications/detail/sp/800-50/final

Topics

#security awareness training#password hygiene#insider threats#human-factor security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice