29 Trend Micro Interview Questions & Answers
Below is a list of our Trend Micro Inc. interview questions. Click on any interview question to view our answer advice and answer examples. You may view 5 answer examples before our paywall loads. Afterwards, you'll be asked to upgrade to view the rest of our answers.
1. As I understand it, the network is the most vulnerable part of a company's IT infrastructure. What is your opinion of this and how would you define the threat and risk to a company in terms of network security?
How to Answer
This is a 'set the table' question which provides the interviewer with an overview of your knowledge of and perspective on network security.
Written by William Swansen on March 7th, 2019
1st Answer Example
"The network infrastructure is the most vulnerable part of the IT system because it is the easiest part to access. Since all the company's data is transmitted via the network, hackers focus on this to get the data for malevolent uses. This is the threat to the system. The risk is the company's responsibility to secure their users' and customers' information or be subject to fines, injunctions or even shut down. Measures need to be taken to minimize both the threats and the risks related to network security. I am well versed in these and can expound on them if you would like me to."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"I agree with you that the greatest threat to a company's IT infrastructure is the network. Hackers target the network because it is the easiest part of the system to access and because all the data is transmitted over the network. It's the data that hackers want and can cause the most disruption with. The risk to the company if the data is compromised is the loss of business, fines and injunctions and the possibility of being shut down. While the threat associated with network security will always remain, the risk can be minimized through prudent network security practices and procedures."
2. How will you detect an incident or data breach, and what steps do you take to prevent it from happening?
How to Answer
There are many software and hardware detection systems in the market that help prevent incidents and data breaches. Hiring managers will ask situational questions about detection and how they start. Explaining to the manager that organizations need to change their mindset about how detection is addressed will definitely give you points in the interview. Furthermore, Cyber experts should be able to articulate the procedures involved in tracking an intruder and where most companies fail with their detection systems. Don't be shy; tell the manager how much you enjoy your work, and how proud you are for setting up and maintaining an environment that that has 0% intrusion as a direct result of your security strategy and vision.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"An incident can happen at any time without warning, so being ready is critically important. I strongly believe that every company should have a plan B for attacks that take place without warning. Once a hacker gains access to a system, there are two main directives that they pursue. Doing reconnaissance, and exploring to understand the system. Their next steps are to find assets (Data), how to access them, all while acting in a stealth mode in the system. This is where I would be able to detect their movements, and track activity."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"The trick is having a strong detection system that finds an attacker early in the process to thwart or minimize data theft or other significant damage. In order to find an active attacker, there are two challenges must be addressed and solved:
1) You need to change your approach on what you look for and how you identify them
2) Look at full network activity, rather than limited packet routing
I find that the whole mindset has to change, because identifying an active attacker through the typical process of pre-defined signatures, entry behaviors, and other signs isn't the most efficient way of protecting your systems. These hackers are meticulous, and follow a step-by-step campaign to gain entry."
3. Describe to me what encoding, encryption, and hashing are, how they work, and what the differences are between the three?
How to Answer
Let's walk through each of these, so there's a good understanding of the best way to respond to this question. You don't have to go into great detail on each and every one, but you do have to give a basic definition, and example of how they work in a security environment, and their distinct differences.
At the high level, encoding is designed to protect the integrity of data as it flows through networks and systems, while maintaining its primary security functions. It can be easily reversed by employing the same algorithm that encoded the content in the first place. Encryption is designed primarily for confidentiality and is also reversible only if you have the appropriate key/keys. The operation with hashing is one-way (non-reversible), and the output is a fixed length with a much smaller input.
It's easy to see why the hiring manager is asking this three-part question. They want to evaluate your mental processing capabilities, and how you compile and respond to information. Always respond with answers in the exact order the questions were asked. Example: Encoding, Encryption, then Hashing. This shows the interviewer that you listen carefully, and are detail oriented in your response.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Being an accomplished IT Security professional, I understand that you can't take anything for granted, especially when it comes to applying security measures like encoding, encryption, and hashing. Having a deep understanding of encoding is extremely important since it transforms data into another format using a scheme so it can be easily reversed, and doesn't require a key. Some of the examples for encoding acronyms are Unicode, Base64, and ASCII. Encryption is equally important because the purpose of encryption is to transform data and keep it a secret from other entities within the network. It's like sending a secret letter to a friend who is the only one that should be reading that letter. When the recipient opens the letter, they can validate the signature of the sender."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I find that out of the three listed; encryption is probably one of the most important to a company's security and network infrastructure. Since encryption transforms data into another format using a private key, it's easy to maintain its integrity by keeping the key in a safe place outside of accessible means. To reverse the encryption operation, the ciphertext, algorithm and private key are required to return the status to plaintext. To go a bit deeper, there are three algorithms that are used for encryption. They are.....Blowfish, RSA, and AES. Hashing is also important because its purpose is to ensure integrity. Technically speaking, hashing takes inputs to produce a fixed-length string that has the following attributes:
1. Organized multiple disparate inputs that should not product the same outputs.
2. The same input should always produce the same output.
3. Any modification made to an output should reflect a change to the hash.
4. You cannot go from an output to an input."
4. As a System Administrator, how would you go about changing your DNS settings in a Linux/Windows operating system?
How to Answer
As a System Administrator, you're relied upon to make sure inter-company systems and networks are running at optimum efficiency. This is no easy task, since you're always being asked to make changes to domain settings in both a Linux and Windows operating systems. With this question, the interviewer wants to see if you're a junior level administrator, or someone who's been around the block a few times.
Being able to answer this question with a detailed explanation of what they are, and the methods you use to go about changing them is what the interviewer is after. There might be a similar follow up question as to which operating system you prefer based on the length of time you spent on both. I'll give you an example for how to handle that question.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"In my current role, this is something that I am scheduled to do on a regular basis. Constant technology advances and innovations are typically the drivers for such a change. There are a couple of methods that could be used for changing the DNS settings in a Linux environment, but the one I prefer is a more modern method that is more scalable and robust.
The method that I use is:
1. Open a terminal in a .conf file. 2. Use nano to edit .conf, 3. Add a nameserver line like x.x.x.x.x.x.x with x.x.x.x.xx.x being the IP address of the DNS server, and 4. Save the file to a preferred directory, and that's it."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"There are a few methods that I can use for changing DNS settings in a Windows environment. All work equally well, but in my opinion it comes down to preference, knowledge of the types of methods, and which works better in the environment that you work in. Here are two examples of how I change DNS settings in a Windows environment.
(Method 1 - GUI) A traditional way would be to use a Graphical User Interface (GUI) to navigate to the IPv4 settings using the steps below.
1. Log into Control Panel, Network Sharing, Change Adapter settings
2. Right Click on the adapter from the configure properties list
3. Double Click on TCP/IPv4
4. Change the DNS Settings to the selected server you want, save changes, and you're done.
(Method 2 - Powershell) This is a more popular method for changing DNS settings. Here is a breakdown and step-by-step.
1. Run Powershell as an Administrator
2. Use the Set-DNS Client Server Address cmdlet, and be sure to specify which interface index and server address you are using to be clear."
5. Most of our clients believe they have taken the necessary steps to protect themselves against malware. However since they tend to focus on a small subset of threats, this isn't usually true. Can you list the types of malware clients should be aware of?
How to Answer
This question will test your knowledge of malware and the different types. You should answer this succinctly by listing the main types of malware. You can expect follow-up questions which will probe more into your knowledge of specific types of malware and what measures you recommend your clients take to protect themselves against them.
Written by William Swansen on March 7th, 2019
1st Answer Example
"There are nine major types of malware which most people are aware of. These are Viruses, Trojan Horses, Worms, Spyware, Zombie, Phishing, Spam, Adware, and Ransomware. All of these can cause damage to clients by either shutting down their systems, allowing hackers to take over the function of the computers, gain access to the data on the systems or cause the users to be subject to messages and advertising they didn't request. Each of these types of malware requires a specific type of defense strategy, but many of the strategies have common elements which can be repurposed for multiple types of malware."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Most people will agree that there are nine major types of malware. These are Viruses, Trojan Horses, Worms, Spyware, Zombie, Phishing, Spam, Adware, and Ransomware. Preventing each type of malware requires a specific type of defense. These can include but are not limited to firewalls, network monitoring, user authentication, and user education. The last strategy, user education is the most effective way to limit the impact of malware. Teaching users not to open emails from unknown sources, frequently update their passwords, don't open files they didn't request or weren't expecting and regularly scanning their systems for viruses will prevent the majority of malware attacks."
6. What is the difference between Asymmetric and Symmetric encryption and which one is better?
How to Answer
When comparing Asymmetric and Symmetric encryption, there are many things you need to be aware of. Not only will you need to know the difference between the two, but how they are used, and which one is better in a particular situation. It's important that you can articulate to the hiring manager examples of how you used both in specific situations and what you did to put an air-tight security solution in place that is impenetrable. Cyber Security has become one of the most important topics in technology today. Anytime you're processing credit card transactions through a payment gateway online, or at a brick and mortar retail store, you're dealing with vital consumer information, and hiring managers are going to want to hear how you keep these things protected.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"When I work with Asymmetric encryption, I always take into account that there has to be a private key and a public key for anyone sending a message. I have to adhere to a decryption policy for where and how the public and private is stored and shared. The way I view the differences between the two are the execution of asymmetric encryption algorithms is slower than symmetric encryption algorithms. Although the asymmetric encryption is mostly used for exchanging keys in a secure manner, it is used for establishing a secure channel over a non-secure medium such as the internet. The most common form of an encryption algorithm is Diffie-Hellman."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"In my current role I do work with Symmetric encryption. Since Symmetric encryption which uses a single key for encryption and decryption, I am responsible for monitoring the data transmission of those communication messages to prevent a potential intrusion or breach alert. As with many symmetric encryption algorithms, they execute faster, and are less complex than Asymmetric encryption, and are a preferred method of encryption communication. The most commonly used symmetric encryption algorithms are 3 DES, AES, DES, and RC4."
7. In addition to monitoring our customer's online security, we provide them with periodic reports about threats and attempts to penetrate their network. What objects do you feel should be included in a security penetration report?
How to Answer
The purpose of this question is to make sure you have experience with security-related reporting and can have a dialog with your customers about their network security and the company's monitoring services. You should answer this question by providing an overview of a good security penetration report.
Written by William Swansen on March 7th, 2019
1st Answer Example
"A quality Vulnerability and Penetration Testing (VAPT) report should begin with an executive summary which explains the scope, testing process and period the report covers and a general assessment of the client's security status. Next, there should be details of the results of the tests, categorized by the level of the threat (low to high.) There should be a section about the type of tests performed and what they measured. Finally, there should be a set of recommendations for remediation of any threats which were discovered. Some reports also contain screenshots of the test results. "
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Clients expect network security providers to perform periodic Vulnerability and Penetration Tests (VAPT) and provide reports of the results. The report should describe the type of tests performed, the results and recommendations for remediation of any threats which were discovered. The structure of the report is an executive overview summarizing the tests, results, and recommendations, followed by details of the tests and results. The details section should list the scope of the tests, what processes were used, the period the report covers and specific steps needed to address any threats or actual penetrations which were discovered during the testing. Some service providers include screenshots of the testing process in their reports. There are several software products which can be used for testing and which will generate the appropriate reports for the clients."
8. In a situation where a user needs admin rights on his system, what is the protocol that you follow to grant or restrict admin access?
How to Answer
I have seen on numerous occasions where someone needed an important document for a proposal, and the only place the data that was needed was on a server or drive that required administrative access. If you've ever needed to access folders or files that are locked or inaccessible, then you know what I mean. This is a common question asked by hiring managers to limit the number of users accessing sensitive data. They want to know if you follow security protocols and best practices for roles and privileges. In an interview, you might hear the term (Greenplum). Greenplum is a database system that manages access to those databases using roles. Giving an example of some challenges you had with restricting access for a good reason, and then granting access after approval was given shows the manager how well you followed protocol.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Managing roles and privileges has its challenges because the user could be a database administrator seeking access to specific tables or objects. As part of our security best practices, I assign rules by role membership by group. I find this to be the best way of managing privileges, this way privileges can be revoked or granted from a group as a whole. I'm intimately familiar with a Greenplum database and how it works. For example, Greenplum requires a UNIX user ID to initialize and access the Greenplum database. This protocol is pretty standard in the industry, and widely used for creating new rules, and protecting passwords in the Greenplum database."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"If you look at various network infrastructures and architectures within companies, you will find a variety of user/role attributes. One of the user roles that I keep a close watch on is giving access to SUPERUSERS. I like to limit access to SU's for a number of reasons, one of the biggest is SU's bypass all access privilege checks in Greenplum dataset. In my humble opinion, I think only administrators should have that access, since we are intimately involved in the protection and security of the organization."
9. If you were given the task of having to both encrypt and compress data during transmission, which would you do first, and why?
How to Answer
This is a typical situational and task-oriented interview question that asks you to explain how you perform a task, the step-by-step process you follow, and what your reasoning is behind the process that you followed. Please note that the interviewer will be observing how you respond to this question. They will be looking at whether or not you appear to be confident in your response, or get nervous and panic while answering this question. Always keep calm, and take a deep breath before answering each question. Even if you have to wait a few seconds to respond, that's fine. It also shows the interviewer that you think through the questions before answering.
In short, both data compression and data encryption are methods that transform data into a different format. When you're talking about the tasks, and what you do in the process, let the interviewer know that even though data compression and encryption are methods that transform data, it's the execution of the process and the minor details that are important and not overlooked.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Yes, there is a process that I follow that ensures safe transmission of data. When I design a data compression scheme, there are some important factors such as the level of compression required, the amount of distortion introduced by the compression, and the computational hardware/appliance resources required to compress and decompress the data.
This is especially true in the case of video compression because when you decompress, you will need to ensure that you get a stream fast enough so the viewing isn't interrupted by spooling or other latency issues. People often think that by decompressing video data, it will stream faster, but one of the issues is it requires a large amount of storage space, which could be a problem for many companies."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I've heard people say compress then encrypt. The problem here is that if you encrypt first, then you'll have nothing but random data to work with, which will destroy any potential benefit you will get from the compression process. With data encryption, I focus on developing encryption algorithms (ciphers) that are hard to break by an attacker due to the computational complexities, which makes it even more difficult to be broken. Since both the sender and receiver share a secret key, it needs to be protected so that data communication is kept private between those two parties."
10. What is a false positive and false negative alert in the case of Intrusion Detection Systems?
How to Answer
Every company that has a intrusion detection system will likely come across a false positive and/or false negative. If you've ever did test cases for your company, and the results gave you a false positive or false negative, could be because of a bug in the software, a failure in the hardware, or perhaps the functionality is not working properly. In any case, the hiring manager will ask this question to gauge if this problem is caused by manual intervention, or a failure of the systems. It's important to highlight your knowledge and understanding of this topic by talking about the steps you take to monitor the reliability of the hardware and software and use corrective actions to prevent future alerts of this kind. For example, did you have to do further testing or change the code or functionality in the software to correct this problem?
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"While we try to protect any sort of intrusion or hacking of our systems, we do get the occasional attempted intrusion alerts that tell us where the intrusion is coming from and how they are able to get through a first level of security. This is where we implement a false positive and false negative to give them the impression that they are penetrating our system, but in reality we are watching them to monitor which areas of our network they are attempting to attack, so that we can strengthen that area, and other areas of attempted attacks."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I've worked with intrusion detection software, anti-virus, and malware software for many years, and have found that even when you test your system, you might get a false positive or false negative. It's not uncommon for this to happen, and I've always proactively planned for it since it's very likely to happen. My approach is to explore why it happens, or what might have caused it to happen, and work towards a preemptive strike to prevent it from happening again. Since both are damaging, and they create a false sense of security, it makes it even more important to me to address it very early in the process. One of the areas I look closely at is test cases. I tend to break them down to the granular level and analyze every detail to get to the core of the problem. I do this by using different test data, metrics and analysis to review test cases, and I do this process manually and also use automation scanning tools as well."
11. How would you educate our clients to recognize the symptoms of malware so they can notify us of an intrusion so we can begin to take measures to remediate it?
How to Answer
The interviewer is digging deeper and probing your knowledge of how to recognize and prevent malware intrusions. This is important since you will be the main person the customer interfaces with. Again, answer the question directly by listing the symptoms of a malware attack and providing some detail when appropriate.
Written by William Swansen on March 7th, 2019
1st Answer Example
"Malware is difficult to recognize since hackers intentionally mask it's presence and the damage it is creating. Additionally, the symptoms may be attributed to other causes.
Symptoms of malware include increased CPU usage, slow performance, network connectivity issues, computers freezing, crashing or rebooting, lost files, unfamiliar programs running in the background and file names being changed. All of these could have legitimate causes but should be investigated as possible symptoms of a malware attack."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Symptoms of malware come in many forms and can include increased memory usage, slow CPU performance, unusually high network activity, computers freezing, crashing or rebooting, modified or deleted files, unfamiliar programs running in the background and the appearance of strange files or icons on the computer. System administrators should educate their users about these symptoms and provide them with a process to report them. Not every symptom will be related to a malware attack, but should be investigated just in case"
12. There have been several virus attacks recently, what have you done to protect your organization from these cyber attacks?
How to Answer
This a great question from a manager and there are some very useful responses to this question. The very first thing is having an in-depth knowledge of how cyber security attacks occur. There are several situational examples that a hiring manager might ask you to walk through to see what you did to thwart those attacks. Some of the core questions will relate to what you did to identify those threats, what authentication you used to combat the threats, and how frequently you do risk assessments. A couple of other questions that may come up will cover how often you communicated your security and sign-off policy to employees if there was compliance corporate-wide, and what you did to maintain that compliance.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"I realize that attacks can happen at any time, and we need to be ready. One of the most important tasks that I'm involved in when I come into work every day is to look at our security dashboard which shows a real-time report of events, threats, intrusions, and possible breaches. This tells us what actions we need to take, or improvements that need to be addressed to strengthen our network further. The real-time report gives me a view of events that have occurred and are occurring in real-time. As a directive by our CIO, we are required to do research on public and private corporations that were hacked so we could analyze how those organizations handled data loss and what they did to remedy those issues."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"There are several steps that I take to safeguard our environment. Let me outline those steps and tasks to get you familiar with our process, planning and execution:
1.) The first step is to identify the threats - this involves the unauthorized access of our company networks. Since our company has sensitive information, we go to great lengths to protect it.
2.) I keep employees honest - Employees have access to a lot of valuable company information, and if leaked to the wrong people, could be disastrous for the company. It's part of my responsibility to have employees reset passwords, and have them use two-factor authentication for additional security.
3.) I keep up to date on Cybercrimes that have happened in the past - I always look at what types of data hackers are attracted to so I know what kind of strategy to put in place for those types of potential attacks.
4.) I carry out risk assessments and audits on a regular basis - This is done to mitigate risk, and data loss. I work closely with external Cyber Security consultants to implement a security that is successfully executed."
13. Can you explain what a public and private key is in the world of public-key cryptography, and which key is used for which function?
How to Answer
In an age where companies face breaches and intrusions on a daily basis, they need to make sure that their intellectual property and various confidential data is protected at every security level of the company. This is why private and public encryption and cryptography is implemented to safeguard that information.
Here's a great opportunity to craft a response that showcases your knowledge about public and private keys, and taking it a step further to give an example of how each key is used and for which function. Without going too deep, the hiring manager wants to hear you articulate the definitions of each, and how well you understand them. While you describe both keys, and what they represent, it would also be helpful to the hiring manager to explain the manner in which you use them in your current role. This helps the hiring manger gauge your level of expertise, and how involved you are with cryptography in your current role.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"My experience with private and public cryptographic keys goes very deep. I use private key cryptography where a single private key can encrypt and decrypt information. I'm very mindful that this key is only to be used with management's authority and approval since the data is very sensitive to the organization. If this key were leaked to the outside, this could potentially cause irreparable damage to the company. One of the responsibilities I had was to encrypt data so that the mobile devices used by our field consultants were secure. In addition to data encryption, I was also tasked with managing the security of our internal intranet websites that were used by everyone in the company to communicate and share data."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Understanding that encryption uses an algorithm to transform information (data) into an unreadable format is one of the most important cryptographic elements of public and private keys. I believe that it's important to designate where private and public keys are used. Every company has safeguards in place to monitor and manage these keys so that they don't fall into the wrong hands. Anyone given this responsibility should have extensive knowledge of encryption and cryptography, with the core elements being Secure Socket Layer (SSL) and Public Key Infrastructure ((PKI) for secure online purchase transactions as well."
14. Explain the difference between symmetric and public-key cryptography, and what their importance is to encryption technology?
How to Answer
This is a pretty basic question that most IT managers ask candidates when it comes to cryptology. If you have any level of expertise with encryption, you should be able to answer this question without too much difficulty.
The reason a hiring manager will ask this question is to get one or two easy questions out of the way, then proceed to more difficult questions. Keep in mind that some managers tend to drill down into this question pretty deep so if you get asked, be prepared to answer with a detailed response.
The basics here are going to be that symmetric uses a single key, and a public key uses two keys. Let's suppose that you took a document and placed it in a drawer, then locked it with a key. If anyone else wanted to access that document, they would need a key for that drawer. This is how Symmetric key encryption works. A public key, on the other hand, would require two keys to open up a drawer.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"As a cryptology professional, it's important to know the differences between symmetric and public-key encryption. I have used both, and know that each has its own unique values. Symmetric key encryption generally speaking is fast and secure. If you're sending encrypted packets to be decrypted, they must use a key which means you must send along a key to enable them to have access. A risky problem that might come up is if you're sending a physical medium, then the packet becomes insecure. Another risk might be is if someone is monitoring the network, they could steal the encrypted packets and key and decrypt them."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"In my honest and humble opinion, public key encryption has equal importance to symmetric key. Actually, it's more secure because it has two keys, and work together to encrypt and decrypt packets. I like this one because of the extra security measure built into it. Because the private key is never sent across the network, it remains secure which gives it an extra measure of encryption. The only down side that I see is it tends to be quite slow, which makes it difficult to send larger amounts of data using a public key encryption."
15. What's the difference between Diffie-Hellman and RSA, and how do they apply to cryptography and encryption?
How to Answer
Any cryptographic currency transaction will have a level of encryption to protect the sender and receiver of currency or data. This is called the Diffie-Hellman. The other currency encryption method is RSA, which stands for Rivest, Shamir, and Adelman.
A hiring manger is looking for candidates that have a deep understanding of Diffie-Hellman and RSA. For example, someone that can articulate and define both methods, and explain what they mean and how they apply to cryptography and encryption. It's best to share your knowledge of best practices using both methods, and how you gained that knowledge. It would also help to add how you have developed and fine-tuned those skills which have made you an expert in the field.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"In my experience, I have found that Diffie-Hellman is a key-exchange protocol, while RSA is an encryption/signing protocol. Both work in different ways. Diffie-Hellman does not require you to have key material, while RSA does require you to have key material. A project I was working on required me to set up an RSA cryptography key which involved using the Rabin-Miller test algorithm to provide a link between the P and Q numbers. The way I was able to explain this to my team was that if Dan wanted to send Mary an encrypted message, he would have to obtain a public key which is encrypted into a Ciphertext, then Mary receives Dan's message, then decrypts it by using her RSA private key."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Cryptographically speaking, Diffie-Hellman is the main method of building a shared secret over a public domain. I know that when I am faced with a Diffie-Hellman attack, the method I use is called Man-in-the-middle because neither side is authenticated. Our corporate IT security operation is finicky about what data or messaging is shared with people within the company who are not in a role to share or manage data, which is why we apply Diffie-Hellman in cases like these. One example was when I had to give permissions to one of my colleges to encrypt their data before sending it to another party. I had to make sure they both had encryption and decryption keys so they could read each other's message."
16. Many of our clients have been subject to repeated attempts to access their network from unauthorized sources. One type of attack we often see is brute force logins. How do you recommend they defend against this type of attack?
How to Answer
This is a direct question to determine your knowledge in this area. This type of attack is one of the more common ones related to network security, and you should be aware of and able to recommend measures to defend against it.
Written by William Swansen on March 7th, 2019
1st Answer Example
"Brute force login attacks are common, and there are three measures you can use to defend against them. The first is account lockout. Any account attempting this type of access can be locked until the administrator decides if it has been compromised or not. The second defense is called progressive delay. This involves locking the account for a set period of time after several unsuccessful login attempts. Finally, there is the challenge-response test, where users are asked to verify a predetermined security question they set up when registering for their account. I would recommend either one or a combination of these which best meet the client's business model."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"There are three common methods used to defend a company's network from unauthorized access via a brute force login attack. These are account lockout, progressive delay, and challenge response. Account lockout involves intervention by a system administrator to lock out a user until the admin is satisfied that they are actually who they say they are and simply forgot their password. A progress delay defense employs a timed lockout, ranging from minutes to days to give the user time to legitimately retrieve or reset their password. The final defense, known as the challenge-response requires the user to provide a security reminder that they set up when they registered their account. All three are effective and can be used either alone or together."
17. Give me your opinion on Blockchain technology, and how do you think it will revolutionize cyber security?
How to Answer
Ever since Blockchain was introduced to the market, security technologists have been busy trying to keep Blockchain transactions secure through distributed networks so people can use bitcoin or crypto-currency as a payment gateway. Hiring managers, especially in the finance/banking industries, are well aware of this technology, so when they ask this question, they are looking for your opinion on how it applies to cyber security. If you have experience working in an environment that uses Blockchain, showcase that experience in a way that makes you stand out from the crowd. For example, use a scenario (without giving away sensitive company information) where you used it, and how you were able to protect web servers and ID systems so the transactions were safe and secure. If you have limited knowledge in Blockchain, show your eagerness to learn the technology, and how your skills would apply in those situations.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Anytime I see the introduction of a new technology or payment gateway, I take it upon myself to research that technology to see where it is relevant in the world of Cyber Security. When Blockchain came out, I did extensive research on where it might have vulnerabilities, and susceptible to attacks. According to my research, Blockchain has around for about a decade and was initially introduced to store and/or send crypto-currency like Bitcoin. Blockchains are distributed networks with millions of users all over the world. Since Blockchain uses cryptology, it's easier for businesses to authenticate devices and users without the need for a password. This definitely eliminates manual intervention in the process of authentication, thereby avoiding potential attacks."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"The way I view Blockchain revolutionizing Cyber Security is through decentralized storage, record keeping, and peer-to-peer sharing. Furthermore, Blockchain users will be able to store all their data on their network or computer if they choose to do so. Basically, a blockchain is a decentralized, digitized, public ledger of all cryptocurrency transactions known as Distributed Ledger Technology. One of the big reasons why I think blockchain is going to be an integral part of Cyber Security is (Distributed Denial of Service. In a nutshell, Blockchain transactions can be denied easily if the send-receive participants are impeded from sending transactions. Blockchains provide a non 'hackable' entrance point, thereby, provide more security when compared with database-driven transactional structures."
18. What's the difference between a threat, vulnerability, and a risk, and how do you assess the severity of a threat for example?
How to Answer
If you're a (CISSP) Certified Information Systems Security Professional, then you should know the difference between a threat, a vulnerability, and a risk. When you're starting a new job, you don't know the new environment, so you need to gather some basic information about where everything is, and how things were operating before you came along.
One of the first things you'll need to do is assess the landscape. You'll probably need to locate where the data resides, who is or was managing the data, and what the network diagram looks like. The hiring manager wants to see if you are experienced enough to ask these questions so that they know they're not dealing with a junior level candidate with limited experience in these areas.
After you have outlined what you would do when you start, they will dig a little deeper and ask you to explain the differences between threat, vulnerability and risk, and how you assess threats. As a general rule, you should talk about the differentiators among the three first, and then the process you follow to assess a threat. The interviewer's attention will be focused on how you assess a threat.
Here are a few items you may want to research further regarding assessments. Visibility touch points, Ingress and Egress filtering, and Vulnerability Assessments.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"My answer is that vulnerabilities should usually be the main focus of an organization since there is little control over the volume and consistency of threats that come in daily. In past roles when I started with a new company, the first thing that was on my task list was to perform a vulnerability assessment. This revealed a lot about the current state of risks and vulnerabilities to the network, and what needed to be done to close those gaps and secure all entry ports into the network. After doing a full assessment, I recorded visibility touch points to monitor where threats came from, and the strength and weakness of our vulnerabilities which helped me map out a long-term IT Security strategy plan."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I've always been a strong believer that the best defense is a good offense. Companies are always under network security attacks, and if you leave yourself vulnerable, it's almost like playing whack-a-mole. You're constantly on the defensive when you should be pro-actively offensive. One of the methods I implemented in my last company was a Defense Threat Modeling method. This method takes monitoring to a new level by pro-actively seeking out methods that hackers use to infiltrate systems while being undetected. At the same time, I keep up to date with online periodicals from IT Security sources to learn about new threats and the risks they represent. Another way that I combat threats is by using Ingress and Egress Filtering. The Ingress method is used to prevent suspicious traffic from entering a network, and the Egress method is used to monitor or restrict data by means of a firewall that blocks packets that fail to meet the established security requirements."
19. Malicious Software, or Malware, has many meaning and connotations. What is your definition of Malware and how would you explain it to a client?
How to Answer
This is a 'set the table' question which the interviewer is using to qualify you as a valid candidate and also to determine if you and the interviewer agree on the terminology used in their business. Your answer should be a straightforward definition of the term and some additional explanation of how people in your industry use it.
Written by William Swansen on March 7th, 2019
1st Answer Example
"Malware is any type of software which is disruptive to normal computer operations. Not only can it damage your systems, but it can cause a security risk by gaining access to your systems and gather private information. Malware comes in several different forms including code, scripts, content which is malicious or other types of software. Malware is often unintentionally downloaded by authorized users on the network when they visit a website or click on a link."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Malware is any malicious or intrusive software which is intended to disrupt a computer's operations by gaining control of the device or obtaining access to other software or private data. Malware comes in several different forms including a software program, malicious code, scripts which execute hidden commands or software which monitors the activity on a system. Malware can gain access to a system through unintentional actions by users who believe they are accessing legitimate websites or programs, or by bots and other automated programs which scan networks looking for areas of vulnerability."
20. One of the most prevalent types of attempts at intrusions we see when monitoring our clients' networks is a Distributed Denial of Service (DDoS) attack. Can you explain what a DDoS is and what you would recommend to clients to prevent it?
How to Answer
The interviewer is testing your knowledge of cybersecurity and attempting to ensure that you will be able to interface with clients on both a business and technical level when presenting them with the services their company offers. This type of question is best answered with a direct answer describing the topic and how you would discuss it with a client.
Written by William Swansen on March 7th, 2019
1st Answer Example
"DDoS is an attack by someone attempting to compromise your network by flooding it with a large number of requests. Many networks are unable to handle this and respond by denying service to all users, even legitimate ones. It is called a 'Distributed' attack since the flood of requests can come from many different sources. The best way to defend against a DDoS attack is to analyze and filter network traffic using 'scrubbing centers.' These are servers on the network dedicated to analyzing network traffic and removing malicious requests. Our company offers this service as part of your network security package."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"A Distributed Denial of Service or DDoS attack is when a threat emanates from multiple sources and attempts to overwhelm a network by creating more requests than the servers can respond to. The response is for the servers to deny all requests, both real and malicious, thereby shutting down the network. The purpose of this type of intrusion is not to hijack data, but rather to take the company offline for a period of time, which can be just as costly. The best way to defend against this type of attack is to set up scrubbing centers, which are servers that are dedicated to analyzing network traffic and blocking malicious requests while allowing legitimate traffic to cross the network. Reputable service providers like ours offer this service as part of their security package."
21. What do you think is the most important information security concern with most organizations right now?
How to Answer
One of the biggest concerns a company might have is securing their networks and systems to prevent a cyber attack. Given the increased level of security threats over the past five years, companies have made the protection of their data a very high priority. As this continues to become an area of importance for most companies, hiring managers will spend more time qualifying and interviewing candidates that share the same common goals and responsibility of protecting their IT security organization.
This question helps the hiring manager identify the level of importance this question has to you, and if you share the same values and sentiment that the company possesses. More than likely the hiring manger will want to know what you think those concerns are, and where you place them on a list of priorities. You may want to start with some of the most important concerns that matter to you, then talk about what IT security concerns they may have, or their clients, and what's important in their eyes. Once you have an idea of where their thinking is, you can discuss the areas that you are responsible for overseeing in your current role.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"My role with past companies has been two-fold. One is to be an effective leader, to lead by example, to conduct myself in a professional manner, and to be an innovative technologist that solves problems. Being in an IT security environment, you learn two things very quickly, technology changes and evolves in a very short time, and threats are always on the rise. In my past role, I had the opportunity to try new methods and technologies to see which worked best. I found that not every technology works for every company. While assessing a number of technologies, I was able to select a few that fit our business model. This was based on a consensus from my team and management approval. As a result, this has decreased the number of attacks on our network over the past 2 years."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I can say for certain that there are a number of concerns that most companies have when it comes to their IT security organization. As I led a team of IT security professionals, it became apparent to me that as a leader, I needed to show that I was able to take on difficult challenges, make difficult choices, and most importantly to implement a fail-safe IT security strategy that everyone could easily follow in order to secure all aspects of our IT security systems. A valuable lesson that I learned was to be prepared for surprises before they came up. As part of my fail-safe strategy, I put together a checklist of items that is followed in case of a power failure or cyber attack. I also built a backup system to combat the following occurrences:
1. Power outage from weather
2. Utility interruption from gas or electrical outage
3. System crashes from network, systems or telecom provider
4. Data breach or cyber attack, and how to apply contingency plan
5. Unplanned disruptions."
22. As a site administrator, if you were looking for incoming Cross-site Request Forgery (CSRF) attacks, what would you be looking for?
How to Answer
Since Cross-site request forgery (CSRF) attacks are becoming a preferred method for hackers to use, many companies have been researching advanced methods on how to avoid delivering scripts that trigger attacks. This is especially true on social media sites. As these attacks continue to grow, so will new methods to combat this growing problem. Being a site administrator, you will be asked questions about the levels of CSRF attacks, and what you look for well before they even come up on your radar.
One example of a question you might encounter is if a customer logs into their banking website, and while their session is still active, they might get an email notification with a request to click on that email link. If this customer clicks on that link, a script would immediately be executed against the banking site to transfer funds from the victims account to the hackers designated account. What happens here is the hacker impersonates the victim by using their login credentials for the attack. Be ready for these type of scenario questions.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"The way I approach CSRF attacks is pro-active prevention. Since many attackers rely on victims to open up and click on a link so they can run a script and access a victims login credentials to steal funds, my approach is to take pro-active measures. Let me demonstrate what I do to prevent attacks, and how I train others to prevent getting victimized by these attackers.
1.) Do not open any emails or browse other sites while you are logged into your bank account. This prevents any scripts from being executed.
2.) Make sure your anti-virus software is up to date.
3.) When you are finished with your banking business online, immediately log off.
4.) Disable any scripting features in your browser.
5.) Use one browser for your banking transactions, and other browsers for other browsing.
6.) Never save your login credentials (password included) within your browser."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"The way that I prevent CFRS attacks is I transition from session tracking cookies to session tokens. Another precaution I take is to check and make sure a website is authenticated. It's also incumbent upon me to share my methods with our employees, so they don't become victims of these attacks. During my tenure at the last bank I worked for, I implemented a knowledge transfer session with bank employees to instruct them how to spot an email that is potentially harmful and what they can do if they encounter such an attack."
23. In your opinion, what's the ultimate goal of information security to an organization, and why is it important?
How to Answer
This is a simple one to answer, and you should have several good examples of why this is important to an organization. Before we go into the purpose and goal of an IT Security organization, let's examine what you might encounter in a typical IT environment, and why a hiring manager is asking this question.
Depending on the size of the IT organization, the hierarchy might look something like this: CIO/CTO, VP(s), Director(s), Manager(s), Analysts, Developers, Testers, Project Managers, Architects, etc. Keep in mind that there will likely be non-technical team members in the IT department whose roles are to be a conduit or liaison between the business and the technology/security departments. You might be in a panel interview with three or more people from the company you are interviewing at, and one or two of those people might be a Business Analyst or Project Manager who may or may not have a technical background. The reason for this is to get a mix of technology/security and business personnel to participate and ask questions that might be relevant to their role. At the core of your response, your answer should be something like; helping the organization succeed, prosper or grow, and that security is needed to ensure the company runs smoothly and efficiently.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Being mindful that a company's goal is to be successful and run a business is something that I always keep in the back of my mind. Information security performs three critically important functions for an organization. They are:
1. Enable the safe operation of applications implemented on the organization's IT Networks and Systems.
2. Protect the data the organization collects and uses.
3. Safeguard the technology assets of an organization.
As a top priority in my role, I ensure that all company information is stored and kept secure. My number one priority is to protect our company data from threats and provide a virus-free work environment."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"The goals of an Information security organization should align with the goals of the business organization. Knowing this, I can identify with what each is trying to achieve. The Information security organization wants to make sure that they have all the tools necessary to protect the interests of their company and ensure that they can conduct business as usual without interruption to their systems, networks, employees, products, services, and customers. At my last company, it was our policy to inform and train our employees to understand the importance of information security, and to keep confidential information private within the organization."
24. Tell me what your favorite security assessment tools are, and why you prefer them over others?
How to Answer
There are several good software security assessment tools in the market that can get the job done very efficiently. Here are just a few that are among the more popular in the market: Metasploit, Wireshark, Nikto, Retina CS, and Aircraft.
The goal of the hiring manager is to get you to talk about your favorites so they can accurately assess your knowledge and competency with these tools. When you talk about your favorites, start from the one you like most, and try to limit it to no more than three. Ideally, you should have used all three extensively and can talk at a detailed level about what these tools can do better than others in the market. If you enjoyed working with these tools, and are passionate, let the manager know how excited you are about these tools, and why they are your favorites.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Since there are so many good software security assessment tools in the market, it's hard to pick from the bunch. I do however have some favorites that I will talk about and why I like them so much. Let's start with Metasploit; in my eyes, it's considered one of the best tools for penetration testing. It helps identify vulnerabilities, it manages security assessments and improves security awareness. The next one is Wireshark; this is one I've been using for a while, and one of the reasons I like it so much is that it also serves as a network analyzer, and troubleshooter. It's flexible and operates across multiple platforms like MasOS, Windows, Linux, etc. Lastly, we have Nikto; this one I use quite a bit to scan websites for potential vulnerabilities. It has a really nice feature that allows you to find loopholes like cross-scripting, improper cookie handling, etc."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Even though I have used several software security assessment tools, I'm certainly not discounting others that are not on my favorites list. Here are a couple I have used and I have a high comfort level with. Retina CS; is an open source product that handles vulnerability management very well. Aircrack is another worth mentioning. It can be used to recover lost keys by capturing data packets, and it also supports multiple platforms like Windows, Linux, Solaris, etc. It's important to keep in mind that when selecting a software security assessment tool, you need to first look at whether it's a fit for how a business model is set up. If an IT security department uses a lot of open source software and its part of how they work, you might tend to navigate towards open source software. The advantage here is that's it's free. The downside might be limited support and limited features. Something to ponder."
25. Can you tell me what the difference is between stored and reflected XSS, and the common defenses against XSS?
How to Answer
To better understand why an interviewer would ask a question about an XXS script, let's examine what it is, and how you might be positioned to best answer this question. XSS, also known as Cross Site Scripting is a script that is used to attack a network or system with a malicious virus. There are two versions of this script, the first one is a stored XSS, and the other is a reflected XSS. The stored XSS is an attack that permanently injects a script on a server or database that allows the attacker to access confidential information. The reflected XSS is similar in that it also injects a malicious script into a web server or email in the form of an error. The attacker can then access confidential information after an unsuspecting victim clicks or opens up that link.
The reason the interviewer is asking this question is to see how familiar you are with XSS scripts. Many organizations make it a policy to train their employees on how to spot malicious or harmful viruses that come in the form of an email or web browser errors. Your answer to this question should address your level of expertise in this area, and what you have done to combat these attacks in the past. Mentioning that you were a part of a training program that educated employees on how to spot malicious emails and fake links will help give the interviewer a higher level of confidence in your technical abilities in this area. It also doesn't hurt if you mention some before and after improvements of how the company is doing as a result of your training initiative. This will also show that you are pro-active as well.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"When I address Cross-Site Scripting (XSS), or more specifically Stored XSS attacks, my first thought is how can I prevent future attacks from happening. Since Stored XSS attacks happen without the victim knowing they've been compromised, it's important for me to look at ways that we can inform our personnel about the various methods that attackers use to make you think that an email or browser plug-in, for example, is safe. I set up periodic informational training sessions to educate our personnel on how to spot these malicious attacks, and what to do if they come across any suspicious messages or errors. Another important part of my role is to cleanse Input validation and output sanitation."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Reflected XSS attacks can occur at any time, so it's important for me to educate our employees, so they don't become a victim of these unsuspecting attacks. I always take a pro-active approach to these things, and have designed a series of educational classes to educate all employees on new attacks that have been discovered, and how to respond in case they may be targeted as an unsuspecting victim. One of the many things I cover in our training sessions is to show examples of what these emails and errors look like, and how to report them as soon as you notice them. In my role, I also have to make sure that I sanitize requests from the server side scripts to further reduce or eliminate vulnerabilities."
26. Our company provides customers with details of our policies, processes, and guidelines for setting up and managing their hosted resources. However, often the clients are confused by this information. How would you help them better understand it?
How to Answer
By asking this question, the interviewer is seeking to understand how you define these three categories of information. They also want to determine if you can communicate each type of information to their clients to avoid issues down the road based on any misunderstandings the client may have had. An excellent way to address this is by defining each type of information, then describing how you would communicate this clearly to the clients.
Written by William Swansen on March 7th, 2019
1st Answer Example
"There are distinct differences between policies, processes, and guidelines and each one has a different impact on how service providers and their clients work together. Policies define both the security objectives and framework a company employs to protect its data. Processes, on the other hand, are step-by-step descriptions of the actions taken to secure the data. Finally, guidelines are recommendations and can be tailored to each company's specific situation. Policies are concrete and must be adhered to. Processes can be modified, but only to the extent that they don't violate the policies. Guidelines are suggestions and subject to changed based on the client's requirements, resources, and budget."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"When onboarding a new client, it is important to make sure they clearly understand the service provider's policies, processes and guidelines, and their requirement to comply with each one of these. Policies are rules which define how the client's data is secured and must be adhered to if SLAs are to be met. Processes, on the other hand, are descriptions of the steps taken to enforce the policies. These can be modified to fit individual client requirements, but only to the extent that they don't violate the security policies. Guidelines are suggestions for best practices, based on the service provider's expertise and experience. Clients can either follow these or modify them to suit their specific needs and the resources they have."
27. What are the various ways to inform employees about information security policies and procedures?
How to Answer
Anyone in IT leadership that is responsible for establishing and maintaining company policy and procedures for security needs to ensure that there's a system in place for monitoring corporate computers and mobile devices to protect against email viruses, malware, and data breaches. You'll find that hiring managers tend to spend a bit more time on this question because they want to gauge your level of confidence on how you implement these practices across the company and the way you communicate the procedures to all employees. The experience you share with the manager will be a reflection of your capabilities and will show that you can think outside the box. It's not uncommon for a manager to ask you to talk at length about communicating effective ways to identify phishing emails, transferring confidential files securely, password management tips, and applying privacy and security updates for all employees. This helps the manager see the level of detail that you go through to protect your company's employees.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"If you look at statistics on how attacks were established. You will find that over 50% of attacks came from employees within a company that inadvertently allowed access to a hacker, or simply disregarded company security policy. At my last company, I was directly involved in writing the security policies and procedures, as well as setting guidelines and conducting training sessions with employees to teach them to detect phishing emails and similar scams. I demonstrated in detail what a phishing email looks like, and what to look for when they receive one, and the procedure to follow once this type of scam is identified. I created an email account so that anyone who received these phishing emails,l could send them straight to that account."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"During my security training sessions with employees, I explained the importance of cyber security, and pointed out the risks of an attack and the negative impact it could have on our organization if personal employee or company information is compromised. As part of the training sessions, I discussed in detail the use of and management of strong passwords, and how to use unique characters when selecting new passwords. As a way of making sure all employees were adhering to our security policies, I set quarterly reminders for everyone to change their passwords. I also had everyone apply updates to their systems and privacy settings."
28. Since you are interviewing for a position in which you will make recommendations to customers about protecting their company's network, I'm curious about what you do to protect your own network at home.
How to Answer
This is a 'trick' question which many applicants won't expect. You need to be prepared for this and should answer it honestly.
If you do not protect your own home as you would a client's network, then suggest to the interviewer the main reason being is that you don't work from home.
Written by William Swansen on March 7th, 2019
1st Answer Example
"That's a great question and one I've never been asked before. I take my family's security as serious as I do that of the companies I work with. My home network has all the same security measures I recommend to my customers at work. These include a strong firewall, user authentication, access control, and frequent audits. I also upgrade my network hardware, such as routers and NICs periodically as new security features are released."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Funny you should say that. Many of the practices I recommend to secure a company's network I learned while setting up my personal network. These include using the latest versions of the network hardware and software with the most current virus protection, maintaining a strong firewall, and implementing strong user authentication, or passwords, which are updated frequently. I also monitor the network traffic on my home system to determine if any threats exist. To date, I have discovered many attacks on my system from sources around the world, but so far none of them have been successful at breaching my network."
29. There are different levels of data classification, how are they structured, and why are they required?
How to Answer
With a heightened level of data security taking place throughout the world, protecting customer data has never been more important. In this day and age, data has become a valuable commodity, and companies go to great lengths to protect it at all costs. When asked by the hiring manager, don't be afraid to offer examples of how you set data classification policies or reclassified data to a classified status with access limited to administrators for example. Also, highlight your knowledge about the different levels of data classification too (IE. Restricted, Private and Public).
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Setting data classification policy if very important, because if you don't have a policy in place, you won't know what your level of sensitivity is, which means you have no baseline or security controls to protect your data. This is an important topic to me, and I take it very seriously. My involvement goes deeper into data classification than any other team member, so I typically take the lead for data classification in three main levels. Restricted Data, Private Data, and Public Data classification. Here's how I classify these three into workable tasks.
1. Restricted Data - I apply the highest level of security to a restricted classification, because it has the highest level of risk.
2. Private Data - This one is a moderate risk level, but should still be treated as private data and protected nonetheless.
3. Public Data - Normally this level is low or no risk. While there are still controls in place, some level of control is still required."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"There are a number of different ways that classification of data can be performed. I've always had an interest in data collection and classification, which has led me into a Cyber Security occupation. Interestingly enough, many organizations collect and classify data in different ways. As a Data Steward, it is my obligation to reclassify data - this is conducted periodically - determine what frequency is most appropriate based on available - if after doing a data reclassification, it is determined that the data has changed or was modified, then I look at whether existing controls are consistent with the new data classification. If gaps are found within existing controls, they are immediately corrected."