Using two-factor authentication

Regularly updating software

Clicking on phishing links

Using strong passwords

A ransomware attack

A phishing link

A DDoS attack

An insider threat

Keeping security practices secret

Blaming individuals for mistakes

Encouraging open communication

Focusing solely on technology

A state where everyone is afraid to speak up

A condition where only experts can discuss security

A culture where everyone feels comfortable discussing security issues

A situation where security is ignored

By keeping security policies secret

By punishing all employees

By ignoring security incidents

By rewarding positive security actions

Organizing a competition for finding security bugs

Keeping security breaches confidential

Focusing only on external threats

Ignoring employee suggestions

Both focus on financial gains

Both are only relevant to IT departments

Both require secrecy

Both emphasize collective responsibility