Security awareness Sample survey by mguenther


More Info
									                                        Company Name
                                   Security Awareness Survey


Company Department Sponsor cordially invites you to participate in a simple, confidential survey aimed at gathering invaluable
feedback. Your answers will be used to enhance our awareness program. Our vision is to see our department engaged as key
business partner and advisor focused on Company’s name people and assets to advance all our businesses.

If you have any questions, please contact Name and phone number or email address.
Please complete the survey no later than Wednesday, (insert date here). We thank you in advance for your participation.

    Important Note: All respondent survey information will be held in strict confidence and is anonymous.
       Please answer each question as you actually perceive things, not as you think they should be.

1. How do you learn about and keep abreast of security topics to protect yourself and Company Name information?
Choose all that apply:
            Security Awareness Monthly Open Forum
            Newsletter
            Book
            Web Site
            In-person Training Class
            Online Training Class
            Peer
            Other (please specify)

2. Do you feel comfortable in your role protecting COMPANY NAME information?
              Yes
              No
If No, please select all reasons that apply:
     I do not know how to utilize the tools available to me in protecting COMPANY NAME information
     I do not know what is expected of me in the realm of security and/or in my job at COMPANY NAME
     I do not have the resources to protect COMPANY NAME information
     I am not supported in my efforts to protect COMPANY NAME information. It appears that, my management encourages
         production at the expense of protection.

3. What do you think is the greatest information security challenge facing Company Name?
       Travel by COMPANY NAME employees, especially those that visit countries outside the United States.
       Disclosure of confidential business information.
       Loss of laptops and other portable devices that contain COMPANY NAME information
       Delay in completing IT related security system development

4. You receive a phone call from an individual claiming to be from a Company Name Security Operations Center. The

Company Name Security Awareness Survey
                                       Company Name
                                  Security Awareness Survey

individual requests your password in order to resolve a virus or malware issue; in this case it is ok to provide them with
my password.
        a) Yes
        b) No

5. Signs that your office computer may have a virus:
              a) Computer is displaying strange messages or unusual video effects
              b) Computer slows down noticeably
              c) Computer keeps crashing or freezing
              d) All of the above
              e) None of the above because the COMPANY NAME firewall and antivirus software installed on COMPANY NAME
              PC’s prevent this from happening.

6. You are working on a critical document for your supervisor, and believe you just detected a virus on your computer.
What do you do?
       a) Continue to work on the document. You’ll deal with the virus later
       b) Make a backup of the critical file and continue working
       c) Stop working on the document and contact your local service desk, the local Information Security Leader or the
       Company Name Computer Incident Response Team

7. Most IT security incidents cannot be avoided. You have limited ability in preventing security incidents.

   a)        True
   b)        False

8. You know of a software product that will substantially increase your department’s productivity in calculating project
data. You should:

             a) Install the software and encourage others in your department to do the same
             b) Install the software yourself and test it for a week before you encourage others to do the same
             c) Ensure that the software is first reviewed and approved by the appropriate IT area before you install it
             d) Continue working with the tools you have – it is not your job to make to suggest IT related work process

9. You and a co-worker are working on a long-term project/program and need to share confidential documents. The best
way is to:
              a) Arrange for a secure directory to be set up on a shared network drive
              b) Share your password so you can both access the documents
              c) Call the Help Desk because I don’t know what the best way is

10. I am very familiar with both the location and the content of Company Name Security Policies and Standards?
             Yes
             No

11. Of the following, which is the most secure password?
               a) Your favorite team’s name
               b) A pass-phrase such as W2Hin2009!

Company Name Security Awareness Survey
                                         Company Name
                                    Security Awareness Survey

              c) Your pet’s name
              d) A dictionary word spelled backwards

12. You can share your password with your supervisor and others in your department only in an emergency.
              a) True
              b) False
              c) Don’t Know

13. It is appropriate to send Company Name documents containing sensitive identification data to your home computer
as long as you have a personal firewall and / or use strong encryption.


14. Which of the following information is not included in the list of COMPANY NAME Sensitive identification data:
             a) Social Security Number (United States), Permanent Account Number (India), Social Insurance Card (Canada)
              b) Drivers License Number
              c) Bank Account Number
              d) Credit or Debit Card number
              e) Phone Number
              e) All of the above is considered to be COMPANY NAME Sensitive identification data.

15 What action is necessary when you leave your PC unattended even for a short period of time?

              a) Minimize the window on your screen
              b) No action is necessary
              c) C
To top