Podcast
Questions and Answers
What should you do if a reporter asks you about potentially classified information on the web?
What should you do if a reporter asks you about potentially classified information on the web?
Refer the reporter to your organization's public affairs office.
Which of the following is a good practice to aid in preventing spillage?
Which of the following is a good practice to aid in preventing spillage?
What should be your response if asked to comment on a classified project?
What should be your response if asked to comment on a classified project?
Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity.
What should you do when working on an unclassified system and receive an email with a classified attachment?
What should you do when working on an unclassified system and receive an email with a classified attachment?
Signup and view all the answers
What is required for an individual to access classified data?
What is required for an individual to access classified data?
Signup and view all the answers
How can you protect classified data when it is not in use?
How can you protect classified data when it is not in use?
Signup and view all the answers
How many potential insider threat indicators does a colleague who vacations at the beach every year and has a poor work quality display?
How many potential insider threat indicators does a colleague who vacations at the beach every year and has a poor work quality display?
Signup and view all the answers
Based on the following description, how many insider threat indicators are displayed: a playful and charming colleague who wins awards and is occasionally aggressive in accessing classified info?
Based on the following description, how many insider threat indicators are displayed: a playful and charming colleague who wins awards and is occasionally aggressive in accessing classified info?
Signup and view all the answers
What type of activity should be reported as a potential insider threat?
What type of activity should be reported as a potential insider threat?
Signup and view all the answers
What advantages do 'insider threats' have over others in causing damage to organizations?
What advantages do 'insider threats' have over others in causing damage to organizations?
Signup and view all the answers
Which of the following is a best practice to protect information about you on social networking sites?
Which of the following is a best practice to protect information about you on social networking sites?
Signup and view all the answers
When is the safest time to post details of your vacation activities on social media?
When is the safest time to post details of your vacation activities on social media?
Signup and view all the answers
What level of damage can the unauthorized disclosure of information classified as confidential cause?
What level of damage can the unauthorized disclosure of information classified as confidential cause?
Signup and view all the answers
Which type of information could cause serious damage to national security if disclosed without authorization?
Which type of information could cause serious damage to national security if disclosed without authorization?
Signup and view all the answers
What practice may reduce your appeal as a target for adversaries seeking to exploit your insider status?
What practice may reduce your appeal as a target for adversaries seeking to exploit your insider status?
Signup and view all the answers
What type of unclassified material should be marked with a special handling caveat?
What type of unclassified material should be marked with a special handling caveat?
Signup and view all the answers
Which of the following is NOT an example of sensitive information?
Which of the following is NOT an example of sensitive information?
Signup and view all the answers
Which of the following is true about unclassified data?
Which of the following is true about unclassified data?
Signup and view all the answers
Which of the following represents a good physical security practice?
Which of the following represents a good physical security practice?
Signup and view all the answers
What certificates are contained on the Common Access Card (CAC)?
What certificates are contained on the Common Access Card (CAC)?
Signup and view all the answers
What should you do if a hotel asks to make a photocopy of your Common Access Card (CAC)?
What should you do if a hotel asks to make a photocopy of your Common Access Card (CAC)?
Signup and view all the answers
How is Sensitive Compartmented Information (SCI) marked?
How is Sensitive Compartmented Information (SCI) marked?
Signup and view all the answers
What best describes the compromise of Sensitive Compartmented Information (SCI)?
What best describes the compromise of Sensitive Compartmented Information (SCI)?
Signup and view all the answers
What portable electronic devices (PEDs) are allowed in a Secure Compartmented Information Facility (SCIF)?
What portable electronic devices (PEDs) are allowed in a Secure Compartmented Information Facility (SCIF)?
Signup and view all the answers
What are some examples of malicious code?
What are some examples of malicious code?
Signup and view all the answers
Which of the following is NOT a way that malicious code spreads?
Which of the following is NOT a way that malicious code spreads?
Signup and view all the answers
What should you do if a website requires a credit card for registration and does not start with 'https'?
What should you do if a website requires a credit card for registration and does not start with 'https'?
Signup and view all the answers
Which email attachments are generally safe to open?
Which email attachments are generally safe to open?
Signup and view all the answers
What is a common indicator of a phishing attempt?
What is a common indicator of a phishing attempt?
Signup and view all the answers
Which of the following is true of Internet hoaxes?
Which of the following is true of Internet hoaxes?
Signup and view all the answers
What should you do upon connecting your Government-issued laptop to a public wireless connection?
What should you do upon connecting your Government-issued laptop to a public wireless connection?
Signup and view all the answers
What should be your response if a coworker asks you to download a programmer's game to play at work?
What should be your response if a coworker asks you to download a programmer's game to play at work?
Signup and view all the answers
What are some examples of removable media?
What are some examples of removable media?
Signup and view all the answers
Which are examples of portable electronic devices (PEDs)?
Which are examples of portable electronic devices (PEDs)?
Signup and view all the answers
What is a good practice to protect data on your home wireless systems?
What is a good practice to protect data on your home wireless systems?
Signup and view all the answers
When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct?
When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct?
Signup and view all the answers
Which is a security best practice when using social networking sites?
Which is a security best practice when using social networking sites?
Signup and view all the answers
Which of the following is NOT an example of Controlled Unclassified Information (CUI)?
Which of the following is NOT an example of Controlled Unclassified Information (CUI)?
Signup and view all the answers
Which of the following is NOT a correct way to protect CUI?
Which of the following is NOT a correct way to protect CUI?
Signup and view all the answers
Which Cyberspace Protection Condition (CPCON) establishes a focus on critical and essential functions only?
Which Cyberspace Protection Condition (CPCON) establishes a focus on critical and essential functions only?
Signup and view all the answers
What certificates are contained on the Common Access Card (CAC)?
What certificates are contained on the Common Access Card (CAC)?
Signup and view all the answers
Which of the following is an example of two-factor authentication?
Which of the following is an example of two-factor authentication?
Signup and view all the answers
What guidance is available from marking Sensitive Information (SCI)?
What guidance is available from marking Sensitive Information (SCI)?
Signup and view all the answers
What must the dissemination of information regarding intelligence sources follow?
What must the dissemination of information regarding intelligence sources follow?
Signup and view all the answers
If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take?
If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take?
Signup and view all the answers
Which actions can help to protect your identity?
Which actions can help to protect your identity?
Signup and view all the answers
What is whaling?
What is whaling?
Signup and view all the answers
Which best practice can prevent viruses and other malicious code from being downloaded when checking your email?
Which best practice can prevent viruses and other malicious code from being downloaded when checking your email?
Signup and view all the answers
What type of social engineering targets particular individuals or organizations?
What type of social engineering targets particular individuals or organizations?
Signup and view all the answers
Which of the following is a concern when using your Government-issued laptop in public?
Which of the following is a concern when using your Government-issued laptop in public?
Signup and view all the answers
When can you check personal email on your Government-furnished equipment (GFE)?
When can you check personal email on your Government-furnished equipment (GFE)?
Signup and view all the answers
Which of the following statements is true about mobile devices?
Which of the following statements is true about mobile devices?
Signup and view all the answers
When can you use removable media on a Government system?
When can you use removable media on a Government system?
Signup and view all the answers
Which is the best practice for securing your home computer?
Which is the best practice for securing your home computer?
Signup and view all the answers
Study Notes
Spillage
- If approached by a reporter about classified information, refer them to the public affairs office.
- Awareness of classification markings and handling caveats is critical to prevent information spillage.
- In conversations about classified projects, avoid confirming or denying details; change the subject instead.
- If receiving a classified attachment on an unclassified system, immediately contact your security point of contact.
- Accessing classified data requires appropriate clearance, a signed non-disclosure agreement, and a need-to-know basis.
- To protect classified data when not in use, store it in a GSA-approved vault or container.
Insider Threat
- A colleague's vacation habits and family status may not indicate insider threats; zero indicators present in this scenario.
- Indicators of a potential insider threat can include charm combined with aggression towards accessing classified information.
Online Conduct and Security
- Report comments of hostility towards the U.S. as potential insider threats.
- Insiders have an easier path to damage organizations due to their trust and authorized access to sensitive systems.
- When creating social media accounts, use personal contact details only to safeguard organizational information.
- Post vacation updates only after returning to avoid giving potential adversaries information to exploit.
Data Classification
- Unauthorized disclosure of confidential information could threaten national security.
- Disclosing secret information poses serious risks to national security.
- Enhance security presence by removing security badges outside controlled areas.
Sensitive Information
- Mark unclassified materials with handling caveats like For Official Use Only (FOUO).
- Aggregated unclassified data may require a higher classification.
- Secure personal identification and authorization via Common Access Cards (CAC) to prevent unauthorized access.
Malicious Code
- Malicious code examples include viruses, Trojan horses, and worms.
- Legitimate software updates are not a method of spreading malicious code.
- Ensure URLs are secure (start with "https") before providing sensitive information.
- Open email attachments only if they're from recognized senders and are digitally signed.
Social Networking Risks
- Engage in responsible online behavior to avoid disciplinary actions, which include both direct participation and condoning misconduct.
- Use personal contact information when setting up accounts on social networking sites to enhance security.
Controlled Unclassified Information (CUI)
- Press release data is not considered CUI.
- CUI should be safeguarded, and cannot be stored on just any password-protected system.
Physical Security and Identity Management
- Cyberspace Protection Condition (CPCON 2) prioritizes critical functions amid varying levels of threat.
- Common Access Cards (CAC) contain identification, encryption, and digital signature certificates.
Security Practices
- Two-factor authentication can enhance security; it typically includes a password and a verification code sent to your phone.
- When using removable media in government settings, ensure the media is owned by the organization and approved for use.
- Individuals should order a credit report annually to help protect their identity.
- Whaling is a sophisticated phishing attack aimed at senior officials.
Mobile Device Security
- Mobile devices can track users' locations without their knowledge, raising privacy concerns.
- Users should create separate accounts for each individual on home computers to improve security.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on Cyber Awareness for 2022 with this quiz focused on preventing information spillage. Learn about handling classified information and best practices for communication with the media. Perfect for those who want to ensure they are up-to-date with cyber security protocols.