Cyber Awareness Flashcards

Questions and Answers

What should be your response when asked to comment on a classified project?

Deny any knowledge of the project

Change the subject to non-work related talk (correct)

Provide details about the project

Confirm the article's authenticity

Which of the following may help prevent inadvertent spillage?

Discuss classified information in public areas

Label all files with appropriate markings (correct)

Store classified data in unsecured locations

Keep sensitive information in electronic format only

What is the best choice to describe when classified data is moved to a lower classification level system without authorization?

Information leak

Spillage (correct)

Data breach

Unauthorized access

What should you do when you receive an email with a classified attachment while working on an unclassified system?

Call your security point of contact immediately.

What should you do if a reporter asks about potentially classified information on the web?

Ask for information about the website, including the URL.

What is a proper response if spillage occurs?

Immediately notify your security POC.

Which of the following is a good practice to aid in preventing spillage?

Be aware of classification markings

How can you protect classified data when it is not in use?

Store classified data appropriately in a GSA-approved vault/container.

What is required for an individual to access classified data?

Appropriate clearance and need-to-know

Which classification level is given to information that could reasonably be expected to cause serious damage to national security?

Secret

What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material.

Which of the following is true regarding protecting classified data?

Classified material must be appropriately marked.

Which can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause?

Damage to national security

Which of the following is NOT considered a potential insider threat indicator?

New interest in learning a foreign language

How many potential insider threat indicators does a colleague who shows several concerning behaviors display?

3 or more indicators.

What advantages do insider threats have that allow them to cause damage to their organizations?

Insiders are given a level of trust and have authorized access to Government information systems.

What should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States.

What is the safest time to post details of your vacation activities on social networking sites?

When vacation is over

What should you do if you receive a game application request that includes permission to access your friends and profile information?

Decline the request

What is the best example of Personally Identifiable Information (PII)?

Date and place of birth.

What is an example of Protected Health Information (PHI)?

Medical test results

What must users ensure when using removable media such as compact disks?

They display a label showing maximum classification

What are some examples of malicious code?

Viruses, Trojan horses, or worms.

What is a risk associated with removable media?

Spillage of classified information.

What is a valid response when identity theft occurs?

Report the crime to local law enforcement.

What is a best practice to protect data on your mobile computing device?

Lock your device screen when not in use.

Study Notes

Spillage

• Spillage refers to the unauthorized movement of classified information to a lower classification level system.
• To prevent inadvertent spillage, label all files and removable media with appropriate classification markings.
• If you receive a classified email attachment while on an unclassified system, notify your security point of contact immediately.
• Report any spillage occurrences to your security point of contact without delay.
• Avoid confirming or denying the authenticity of classified information when asked by unauthorized individuals, such as reporters.

Classified Data

• Classified data must be stored in a GSA-approved vault/container when not in use.
• Required for access to classified data: appropriate clearance, signed non-disclosure agreement, and a need-to-know.
• Information classified as "Secret" can cause serious damage to national security if disclosed.
• Proper labeling of classified materials is crucial to protect classified information.
• Unauthorized disclosure of information classified as "Confidential" can lead to national security damage.

Insider Threat

• Insider threats are dangerous because insiders have trusted access to government systems.
• Potential indicators of insider threats include hostility toward U.S. policies or unusual behavior around classified information.
• A vacationing colleague with poor work quality may show signs of an insider threat but may have fewer indicators compared to more concerning behaviors.
• Report coworkers making hostile statements about the U.S. as potential insider threats.
• Actions like unauthorized removal of sensitive information or bringing personal devices into secure areas should also be reported.

Social Networking

• Delay posting vacation details on social networks until after returning home to protect privacy and security.
• Decline game application requests that ask for excessive personal information.
• Publicly shared personal information, such as place of birth, can pose a security risk.

Sensitive Information

• Personally Identifiable Information (PII) includes data like Social Security numbers, birth dates, and mother's maiden names.
• Protected Health Information (PHI) encompasses health-related data, including medical test results and insurance information.
• Unclassified documents should be marked with a special handling caveat if they contain sensitive information.

Physical Security

• Practice physical security by challenging individuals without proper identification and maintaining vigilance.
• Understand Cyberspace Protection Condition (CPCON) levels, with CPCON 1 focusing only on critical functions.

Identity Management

• Two-factor authentication involves something you possess (e.g., a CAC) and something you know (e.g., a PIN).
• Safeguarding your Common Access Card (CAC) by keeping it in your possession at all times enhances security.

Malicious Code and Cybersecurity

• Examples of malicious code include viruses, Trojan horses, and worms.
• Protect against social engineering by verifying instructions come from trusted personnel.
• Lock mobile devices and set strong passwords to secure sensitive data.

Removable Media and Devices

• Removable media must be properly labeled to indicate classification and point of contact.
• Avoid using personal media on government systems to prevent security breaches.

General Cybersecurity Practices

• Report any instances of identity theft to local law enforcement immediately.
• Indications of malicious code may include unexpected file corruption or warning pop-ups.
• Whaling refers to phishing attacks aimed at high-ranking officials or sensitive positions within organizations.

Description

Test your knowledge on cyber awareness concepts with this set of flashcards. Each card presents a key term associated with security protocols and the proper responses to classified information. Enhance your understanding and application of security measures in sensitive environments.