SKILL BENCHMARK

Security Literacy

  • 37m 30s
  • 25 questions
The Security Literacy benchmark will measure your ability to recognize key terms and concepts related to security in most organizations. You will be evaluated on your ability to identify terms associated with security risks, identify different types of attacks, and how employees can contribute to reducing security risk. A learner who scores high on this benchmark demonstrates that they have the skills to identify risks they may encounter from both inside and outside threats.

Topics covered

  • classify the expectations of users and organizations in relation to security, IT systems, permissions, and usage
  • compare cloud-based vs. on-premise vulnerabilities
  • compare threat vectors as in direct access, wireless, e-mail, supply chain, social media, removable media, and cloud-based
  • define different phishing attacks including spear phishing and whaling
  • define the attributes of actors such as internal, external, sophistication, capability, resources, funding, intent, and motivation
  • define the role of humans in protecting the security of information
  • define types of scams, fraud, and hoaxes
  • describe data protection including topics like data loss prevention, masking, and encryption
  • describe dumpster diving, shoulder surfing, pharming, and other exploits
  • describe examples of risks that can occur to anyone in any situation as well as those that expose organization's to security risks
  • describe how an insider threat in an organization would manifest
  • describe spam and its variants such as spim
  • describe threats and threat actors like privileged insiders, state actors, hacktivists, script kiddies, and criminal syndicates
  • describe what malware is and list standard types of malware
  • identify why and how security is everyone's responsibility
  • illustrate using examples common actions from daily work-life that expose people to security risks
  • list and describe the critical information security issues -confidentiality, integrity, availability, authentication, non-repudiation, privacy, and trust
  • list the standard security governance activities that relate to information security
  • list the types of attack targets
  • list the types of threat actors and their motives
  • list types of cybersecurity threats
  • outline the core foundational concepts of information security and recognize why it is important to an organization
  • recall what is meant by information security, what it protects, and how it protects it
  • recognize geographic factors such as jurisdictions, privacy laws, import-export restrictions, and cryptographic regulations
  • recognize the standard security threats to an organization