Question

The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues.

Which of the following is the MOST important information to reference in the letter?

A. After-action reports from prior incidents.
B. Social engineering techniques
C. Company policies and employee NDAs
D. Data classification processes

Answer 1

The letter should primarily focus on company policies and NDAs to ensure that participants are aware of what is permissible to share and to prevent unintentional sensitive information disclosure. It should also educate on social engineering and emphasize online privacy and security best practices.

Step-by-step explanation:

The most important information to reference in the informative letter regarding security risks and how to avoid privacy and operational security issues is C. Company policies and employee NDAs. This is crucial because it clearly outlines what is permissible for employees and customers to share and helps prevent accidental disclosure of sensitive information. Additionally, raising awareness about social engineering techniques is vital, as these are common tactics used by adversaries to obtain unauthorized information. Furthermore, participants should be informed about the importance of online privacy and security measures, such as using strong passwords, being cautious of the information they share, and being aware of the potential long-term impact of posting certain content on social media.