This document summarizes the findings of a survey on IT security awareness and knowledge among teachers at SMK Taun Gusi vocational school. It includes demographic information about the 50 participants, followed by an analysis of their responses to 18 multiple choice questions regarding their institution's security policies, password practices, antivirus protection, firewall usage, access controls, backups, and perceptions of security risks.
8. 1.Are you aware whether your institution
has a formal, documented security
policy?
*Note
A-Yes
B-No
C-I don’t know
9. 2.Have you read and
understood the security
policy?
*Note
A-Yes
B-No
10. 3. Has your institution documented in any way
that you have read and understood the security
policy? (e.g; a signed document)
*Note
A-Yes
B-No
C-I don’t know
11. 4. Does your institution’s policy make it clear that
you may be held accountable for your actions, in
case your actions (or inactions) violate your
institution’s IT security policies?
*Note
A-Yes
B-No
C-I don’t know
12. 5. Do the systems you use in your institution have automatic logoff
and/or automatic lock capabilities to terminate a session or lock
the application or device after a predetermined time of inactivity
(e.g. screensaver lock)?
*Note
A-Yes, always
B-I don’t know
C-No, never
13. 6. Does your institution require you to use a
password(s) to access all your user/system
accounts?
A-Yes
B-Hard to say, maybe
C-No
14. 7.How is a password change
requested?
*Note
A- Often, 1-2 times per month
B- The system automatically request users to
change their passwords once every
predetermined period of time
C- The system enforce users to use strong
password
15. 8. Regarding Antivirus / Antispyware protection, are the systems that
you use (either personal, of your institutions) protected by an antivirus
/ anti-spyware software package(s) protecting each desktop and laptop
*Note
A-Yes
B-No
C-I do not know
16. 9. Are the systems you use protected from virus infections
that arrive via Instant Messaging clients? (ex.:
MSN/Windows Live Messenger, Yahoo! Messenger,
Google Talk etc)?
*Note
A-Yes
B-No
C-I do not know
17. 10. Are the systems you use in your institution
protected by a firewall? Do you use a personal
firewall for your personal system(s) as well?
*Note
A-Yes, the system I use is protected by a firewall and I
am using a personal firewall for my personal system(s) as
well.
B-Yes, the system I use is protected by a firewall, but I am
not using a personal firewall for my persona system(s)
C-No, The system I use is protected by a firewall and I
am not using a personal firewall for my personal
system(s)
D-I do not know.
18. 11. If the systems you use in your institution provide you
this option, do you understand when to block and when
not to block alerts of applications trying to access sensitive
resources (e.g.: alerts from Microsoft Windows or similar
software firewall)?
*Note
A-Yes, I understand when to block and when not to
block alerts, also I understand how to do this in your
personal system.
B-Yes, I understand when to block and when not to
block.
C-I do not care.
19. 12. When a member of your personnel leaves the
company (or when work/task contract of an
outside entity ends), does your school ensure that;
*Note
A. Yes
B. No
C. My school did not formalize a policy for such
cases
D. I do not know
20. 13. Has your institution implemented procedures to control
and validate a person’s access to facilities based on their
role or function, including visitor control and control of
access to software programs for testing and revision?
*Note
A-Yes
B-No
C-I do not know
21. 14. Are you aware whether unnecessary
services are running on your school’s
systems?
*Note
A-Yes
B-No
C-I do not know
22. 15. What services does your school you
expose to the internet?
*Note
A-Web
B-Database
C-FTP
D-SSH
E-Other
23. 16. Does your institution perform
backups of computer systems and
data?
*Note
A-Yes, often (everyday)
B-Yes, but not so often (once per
month)
C-I do not care
D-I do not know
E-Other
24. 17. On what medium do you think the
backup should be stored for maximum
security?
*Note
A-Tape backups
B-CDs
C-External hard drives
D-Networked backed up system
25. 18. What do you think is the biggest risk for
IT security?
*Note
A-Users
B-Computers
C-Network
D-Unknown