Security Quiz
The following quiz contains questions designed to give an indication of potential risk. The quiz asks questions about Credit Union infrastructure, current security deployment and user threat awareness. This quiz is not meant to serve as an absolute predictor of risk and should not be used to replace professional consultation.
|
|
1. My firewall has the capability of blocking ALL unwanted traffic from entering or exiting my network.
True
False
|
|
2. Once a firewall is installed, it should be left unchanged to maintain the highest level of security.
True
False
|
|
3. According to the NCUA’s e-commerce guide for Credit Unions:
a. As risk exposure is not static, it is prudent to perform risk assessments on a periodic basis.
b. Effective security over member information systems is not one specific security control but rather a program of many layers of control.
c. Even a Credit Union without a website can face threats from hackers and viruses.
d. All of the above
|
|
4. A “Phishing” scam is:
a. When a Credit Union Employee calls in sick to work, and then goes fishing.
b. When a hacker uses a wireless network detection device in an attempt to find vulnerabilities.
c. A fraudulent e-mail asking for a Credit Union member’s personal information so that it can be used for identity theft.
d. When a website installs a spyware program that monitors your Internet activity.
|
|
5. What size Credit Union should have no fear of a phishing attack?
a. Less than $25M in assets
b. Between $25M and $100M in assets
c. More than $100M in assets
d. Any sized Credit Union can fall prey to a phishing attack
|
|
6. According to the NCUA’s e-commerce guide for Credit Unions, IS&T security needs to be:
a. Monitored
b. Evaluated (tested)
c. Adjusted and Reported on
d. All of the above
|
|
7. My Credit Union is currently hosting one or more online services (defined as email, website, online banking, etc. hosted on the CU network and accessed through the CU broadband Internet connection).
True
False
|
|
8. What type of broadband Internet access do you have?
a. DSL
b. T1
c. Cable Modem
d. Other
e. Don’t’ have broadband (dial-up/ISDN)
|
|
9. How many PCs do you have on the inside of the CU network including any and all branch offices?
a. Less than 10
b. 10 to 50
c. More than 50
|
|
10. Our Credit Union has a dedicated IT person who is responsible for keeping our network secure.
True
False
|
|
11. I have arranged for periodic Vulnerability Assessment and/or Penetration Testing to be preformed at least quarterly to ensure that Credit Union’s Internet security is sound.
True
False
|
|
12. I currently have deployed an Intrusion Detection System to tell me if an attacker has broken into the Credit Union’s network, and to analyze unusual network and user activity.
True
False
|
|
13. Which of the following best describes the security measures you have put into place at your Credit Union?
a. Using what I received from my Internet Service Provider
b. Firewall and Anti-virus only
c. Layered and professionally managed
d. Don’t Know
|
|
14. The individual(s) that manage my firewall proactively update it with the latest firmware/software patches as they become available.
True
False
|
|
15. We have the ability to monitor our network for attacks 24x7x365
True
False
|
|
16. We have the ability to detect when a Trojan horse program or other malware (including spyware) gets installed on the Credit Union’s network.
True
False
|
|
17. I have ensured that the rules and definitions for the Credit Union’s Firewalls are constantly evolving and being managed to protect against inside and outside threats.
True
False
|
|
18. When it comes to network security at the Credit Union, I feel:
a. Completely comfortable
b. I could use a little help
c. I can’t sleep at night
|
|
19. Our CU uses a layered security approach to anti-virus in which we have a system that blocks viruses before they enter my network.
True
False
|
|
20. In order to increase productivity and security, we restrict and monitor Credit Union employees when they access the Internet.
True
False
|
|
21. The difference between a Firewall and IDS (Intrusion Detection System) is:
a. None, they are essentially the same thing.
b. Firewalls cannot be used on wireless networks.
c. The Firewall is used to restrict and permit traffic, and IDS used to analysis traffic for attacks.
d. IDS is primarily for home users and Firewalls for business.
|
|
22. According to the NCUA’s e-commerce guide for Credit Unions:
a. A Firewall may be a part of a system of controls, but it is only one part.
b. Credit Unions must monitor industry standards and effective practices in order to ensure their risk mitigation measures continue to be efficient.
c. Credit Unions must be able to effectively demonstrate that they have an effective IS&T security program in place.
d. All of the above
|
|
23. What keeps you from implementing higher, more proactive security solutions?
a. Budget
b. We already use all of the highest security solutions available
c. Expertise
d. Don’t feel they are necessary in your environment
|
|
