Frequently asked questions

How can I protect myself from identity theft?
Protecting yourself from identity theft is largely a matter of following best practices (and requirements) for information security. If you learn to identify and avoid phishing scams and install and run anti-virus software, you'll protect yourself from the most common means by which hackers and scammers steal your personal information. Exercise caution when providing personal information, including your name and date of birth, Social Security number, and bank account or credit card numbers, to anybody. If you're providing this information online, make sure that you're using a secure form and connection and that you're on the legitimate website of the company or group you mean to contact.

You can also request credit monitoring to watch for suspicious activity on your credit files.
Am I allowed to use my Company-owned device to play games, listen to music, or browse the internet?
Employees are given access to Company-owned devices for work purposes. If you have a question about a non-work or otherwise unusual use for your company-owned device, consult your unit head or local support provider to discuss the potential risks to both company and personal information and whether the proposed use is acceptable. For example, you may not use a tablet in a healthcare clinic to play games or listen to music between appointments. As a general rule, you shouldn't install apps or enable functions on a company-owned or -operated device unless they're essential to the work-related tasks you're performing.
What do you understand about Risk, Vulnerability & Threat in a network?
Threat: Someone with the potential to harm a system or an organisation Vulnerability: Weakness in a system that can be exploited by a potential hacker
Risk: Potential for loss or damage when threat exploits a vulnerability
What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?
Vulnerability Assessment is the process of finding flaws on the target. Here, the organisation knows that their system/network has flaws or weaknesses and want to find these flaws and prioritize the flaws for fixing.
Penetration Testing is the process of finding vulnerabilities on the target. In this case, the organisation would have set up all the security measures they could think of and would want to test if there is any other way that their system/network can be hacked.
A friend of yours sends an attachment to your mail. You have to click on the attachment to get the file. What do you do?
There are four risks here:
  • Some attachments contain viruses or other malicious programs, so just in general, it’s risky to open unknown or unsolicited attachments.
  • Also, in some cases just clicking on a malicious link can infect a computer, so unless you are sure a link is safe, don’t click on it.
  • Email addresses can be faked, so just because the email says it is from someone you know, you can’t be certain of this without checking with the person.
  • Finally, some websites and links look legitimate, but they’re really hoaxes designed to steal your information.
What Purpose does a Compliance Assessment serve?
Strictly speaking, a compliance assessment gauges whether there are any gaps between your established security controls, and what is required by law. It should not be compared to a risk assessment which is intended to identify any risks to which your assets may be exposed.However, it should be kept in mind that if gaps are revealed in your security systems then there is bound to be morerisk directed towards your infrastructure
Where can I get guidance on Compliance Assessment ?
There’s no guide like experience, and if you’ve had the chance to be involved in compliance assessments previously then you can act as the guiding light. Otherwise it is prudent to hire external help to give you the right direction in this matter.Experts can guide you regarding which compliance rules you need to fulfil to ensure the smooth operation of your business.
Can Non-Compliance Attract Fines?
Absolutely! Non-compliance issues are viewed seriously by the authorities and businesses are severely penalized if any laxity or wrongdoing is discovered on the part of the organization in implementing the requirements. In fact, non-compliance can, and does, attract monetary fines together with legal problems and a harrowing experience.