Unit 5: Cybersecurity and IT Ethics

Answer: C — The correct answer, C, is to isolate the employee's computer from the network and conduct a thorough investigation. This is because the company needs to prevent any further breach of confidential information and gather evidence to determine the extent of the breach. Option A is incorrect because firing the employee without an investigation may be premature and could lead to legal issues. Option B is incorrect because allowing the employee to continue working could lead to further breaches. Option D is incorrect because while reminding employees of confidentiality policies is important, it does not address the immediate need to contain the breach.

Answer: C — The correct answer is C) Social engineering threats. Security awareness training is primarily focused on educating employees to identify and prevent social engineering threats, such as phishing, pretexting, and baiting, which exploit human psychology rather than technical vulnerabilities. Option A) Network threats is incorrect because while network threats are a concern, they are not the primary focus of security awareness training. Option B) Physical threats is incorrect because physical threats, such as theft or damage to equipment, are not typically addressed in security awareness training. Option D) Environmental threats is incorrect because environmental threats, such as natural disasters, are not directly related to the purpose of security awareness training.

Answer: A — The correct answer is A) Conduct an investigation to determine the employee's true intentions and gather evidence. This is because the IT department needs to gather all the facts before taking any disciplinary action. Jumping to conclusions or making assumptions without evidence could lead to unfair treatment of the employee or failure to address a potential security threat. Option B is incorrect because terminating the employee without an investigation could be premature and potentially unfair. Option C is incorrect because simply giving a warning may not be sufficient if the employee has indeed violated security policies. Option D is incorrect because allowing the employee to continue accessing sensitive data without verifying their story could put the company's data at risk.

Answer: D — The correct answer is D) Physical Security, because the policy of locking computers is aimed at preventing unauthorized physical access to the devices. Option A) Encryption is incorrect because it refers to the protection of data through algorithms. Option B) Firewalls is incorrect because it refers to network security. Option C) Access Control Lists is incorrect because it refers to controlling access to resources based on user identity.

Answer: C — The correct answer, C, is the most appropriate response because it balances the need for security with the need for employee productivity. By providing training and support, the security officer can help employees adapt to the new protocol and find ways to work more efficiently. Option A is incorrect because eliminating the two-factor authentication requirement would compromise the security of the company's data. Option B is incorrect because reducing the frequency of two-factor authentication would also compromise security. Option D is incorrect because ignoring employee complaints and enforcing the requirement without adjustments would be unfair and could lead to employee dissatisfaction and decreased productivity.