Cyber Security Flashcards

Questions and Answers

Which of the following is NOT an appropriate way to protect against inadvertent spillage? (Select all that apply)

Use the classified network for all work, including unclassified work (correct)

Be aware of classified markings and all handling caveats

Label all files, removable media, and subject headers

Which of the following should you NOT do if you find classified information on the internet? (Select all that apply)

Note the website's URL

Download the information (correct)

Report it to security

How can you prevent inadvertent spillage?

Always check to use the correct network, avoid classified networks for unclassified work, be aware of classification markings, follow procedures for transferring data, and label files with appropriate markings.

What should you do if spillage occurs?

Immediately notify your security POC, do not delete the suspected files, do not forward or manipulate the files, and secure the area. Signup and view all the answers

What should you do if you find classified government data/information not cleared for public release on the internet?

Remember that leaked classified information is still classified, do not download it, note identifying info and URL, report to security POC. Signup and view all the answers

Which of the following is true about telework? (Select all that apply)

You must have your organization's permission to telework Signup and view all the answers

What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?

Exceptionally grave damage Signup and view all the answers

Which of the following is true about protecting classified data? (Select all that apply)

Classified material must be appropriately marked Signup and view all the answers

What are the requirements to telework?

Have permission from your organization, follow the organization's guidance, use authorized equipment, and employ cybersecurity best practices. Signup and view all the answers

Match the level of damage to national security with its classification:

Confidential = Damage to national security Secret = Serious damage to national security Top Secret = Exceptionally grave damage to national security Signup and view all the answers

What are the key handling requirements for classified data?

Must be handled and stored properly based on classifications and caveats and can only be accessed by individuals with appropriate clearance. Signup and view all the answers

What is an insider threat?

Uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or modification. Signup and view all the answers

What percentage of the time is an insider threat linked to demonstrated behaviors of security concerns?

80% Signup and view all the answers

What percentage of insider threats experience a life crisis?

25% Signup and view all the answers

What percentage of insider threats volunteered?

70% Signup and view all the answers

What should you do to protect against insider threats?

Be alert to and report any suspicious activity or behavior in accordance with the agency's insider threat policy. Signup and view all the answers

What steps can you take to protect yourself online?

Understand and use privacy settings, create strong passwords, validate friend requests, and avoid posting PII. Signup and view all the answers

What actions should you take to protect your organization online?

Don't speak for your organization, validate friend requests, avoid identifiable pictures in uniform, and use personal contact info for social networking. Signup and view all the answers

What is online identity?

Information collected about you by apps and data aggregators, and it's crucial to use these services with caution. Signup and view all the answers

What precautions should you take when transmitting sensitive information?

Ensure information receivers have clearance, confirm fax receipt, and use encryption when necessary. Signup and view all the answers

Study Notes

Cyber Security Basics

Classified networks are not for unclassified work; using them improperly can lead to bandwidth issues and potential spillage.
Classified information found online should not be downloaded, as it remains classified and could cause additional spillage incidents.

Preventing Inadvertent Spillage

Verify the network is correct for the data classification level before use.
Follow strict labeling protocols for files and media to indicate their classification.
Transfer data only following established procedures to prevent undue exposure.

Actions in Case of Spillage

Immediate notification of the security Point of Contact (POC) is essential.
Do not delete or manipulate suspected files; secure the area instead.

Handling Internet Classified Information

Classified data remains classified regardless of its presence online; downloading it is prohibited.
Always report discovered classified information on the internet to your security POC.

Teleworking Protocols

Organizational permission is mandatory for teleworking.
Use only authorized devices and software in a secure home environment.
Implement best cybersecurity practices, including VPN usage.

Understanding Security Classifications

Damage Levels:
- Confidential: Damage to national security.
- Secret: Serious damage.
- Top Secret: Exceptionally grave damage.
Classified materials must be properly marked and cannot be used unsecured, even when held by cleared individuals.

Insider Threat Awareness

Insider threats arise from authorized access misused intentionally or unintentionally.
Certain behaviors indicate security concerns 80% of the time, and 25% of insiders may experience life crises prompting security risks.

Reporting Suspicious Activity

Stay vigilant to potential insider threats and report suspicious behaviors or incidents according to agency policies.

Personal Data Protection

Utilize privacy settings effectively and create strong, unguessable passwords.
Avoid sharing location updates or any personally identifiable information (PII) online.
Confirm friend requests to reduce risks associated with social media.

Organizational Representation Online

Refrain from speaking on behalf of your organization and ensure no compromising content is posted.
If using social media, only provide personal contact details, never government information.

Online Identity Management

Online data aggregators collect personal information; users should be cautious and opt-out when possible.

Secure Transmission of Sensitive Information

Verify clearance and need-to-know before sending sensitive information.
Use encryption for email communications that involve PII, Protected Health Information (PHI), or other Controlled Unclassified Information (CUI).

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Test your knowledge of cyber security practices through these flashcards. Each card challenges you with scenarios to reinforce your understanding of appropriate protective measures. This is an essential resource for anyone looking to improve their cyber security awareness.