Top 8 Information Security Analyst Interview Questions You Must Prepare 19.Mar.2024

Its best classified according to the nature of risks:

  1. ASSETS SECURITY RISK
  2. PEOPLE SECURITY RISK
  3. OPERATIONAL RISK
  4. COMMUNICATIONS SECURITY RISK 

PEOPLE are often referred to as ‘insider’ risks. Either employees or subcontractors/vendors, become a security risk when they, either knowingly or unknowingly through their own behavior, work in a way that creates a risk to information security.

Examples include; sharing passwords, talking about clients on face book and chat rooms, losing assets such as laptops etc. 

ASSETS are mostly the hardware and software used by the organisation but are also buildings and other data storage areas

  • COMPUTERS/OTHER DEVICES AND COMPUTER NETWORKS including cloud networks that store digital data. This includes access to computers and computer network.
  • DATA stored on computers, other devices and computer network.
  • BUILDINGS where computers and networks are held
  • MOBILE ASSETS such as laptops, phones etc. are also assets

Vendors/Subcontractors often have as much or more access to company systems without the training or monitoring of their use. Often there is no exit strategy on contract completion. Vendors/Subcontractors can also be people working from home such as recruiters, data analysts etc. Vendors can also be providers of cloud services, software developers and other like services. Data is often communicated via email and rarely do companies check to ensure virus protection etc. is in place nor have a process to ensure data is securely removed from vendor assets post project. 

  • Password protection– stringent not ad hoc or ‘sloppy’
  • Virus and malware protection software – test regimes for software including cloud technology usage
  • Do not allow staff to upload software anto mobile devices.
  • Strict policies and protocols around the use of CDs, DVD or USB Drives, smart phones, laptops, iPads etc. – anything that could hold confidential data 

Here you’re looking for a quick comeback for any position that will involve system administration (see system security). If they don’t know how to change their DNS server in the two most popular operating systems in the world, then you’re likely working with someone very junior or otherwise highly abstracted from the real world.

  • Mark information sensitive documents accordingly to warn the user.
  • Restrict printing of documents to only certain hierarchies of documents.
  • Have a clear desk policy for all information that is business sensitive.
  • Ensure a procedure for hardcopy record keeping, archiving and secure destruction is in place. 

• COMPUTERS – data loss through network and hardware failure , breach of systems and hardware infection

• HACKERS/MALWARE/VIRUS – infect computer software and hardware incl. mobile hardware