Generic Cyber Security Interview Questions

on

                             Generic Cyber Security Questions




1.      Can you name some of the emerging cyber threats?

2.      Can you walk me through economics of cyber security?

3.      What parts of the information security should the organizations outsource?

4.      What security conferences have you participated over the past 24 months?

5.      Can you explain some ways cyber criminals are using services like LinkedIn?

6.      Can you name a few leading cyber security vendors? What do they do?

7.      What is information security and how is it achieved?

8.      What are the core principles of information security?

9.      What is non-repudiation (as it applies to IT security)?

10.  As a CISO how would you justify a security spent to the board of directors?

11.  How often should the information security be covered in the boardroom, why?

12.  What is the relationship between information security and data availability?

13.  What is a security policy and why do we need one?

14.  What is the difference between logical and physical security? Can you give an example of both?

15.  What’s an acceptable level of risk?

16.  How does Gartner rank the vendors in their Magic Quadrant?

17.  What are the most common types of attacks that threaten enterprise data security?

18.  What is the difference between a threat and a vulnerability?

19.  Can you give me an example of common security vulnerabilities?

20.  Are you familiar with any security management frameworks such as ISO/IEC 27002?

21.  What is a security control?

22.  What are the different types of security control?

23.  Can you describe the information lifecycle? How do you ensure information security at each phase?

24.  What is Information Security Governance?

25.  What are your professional values? Why are professional ethics important in the information security field?

26.  Is geo-blocking a valid security control?

27.  Are open-source projects more or less secure than proprietary ones?

28.  Who do you look up to within the field of Information Security? Why?

29.  Where do you get your security news from?

30.  What’s the difference between symmetric and public-key cryptography?

31.  What kind of network do you have at home?

32.  What are the advantages offered by bug bounty programs over normal testing practices?

33.  What are your first three steps when securing a Linux server?

34.  What are your first three steps when securing a Windows server?

35.  What are your first three steps when securing a web application?

36.  What are the security risks of IoT devices?


Comments

Post a Comment