Data Protection and Insider Threat Awareness
22 Questions
101 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following may help prevent spillage? (Select all that apply)

  • Follow procedures for transferring data (correct)
  • Ignore the classification level
  • Use secure networks (correct)
  • None of the above
  • Which of the following is a good practice to prevent spillage?

  • Use the correct network for the level of data (correct)
  • Share your login credentials
  • Connect to public Wi-Fi
  • Ignore data sensitivity
  • You find information that you know to be classified on the internet. What should you do?

    Note the website's URL and report the situation to your security point of contact.

    Which of the following is a good practice to protect classified information?

    <p>Store classified data appropriately in a GSA-approved vault/container</p> Signup and view all the answers

    What is the basis for the handling and storage of classified data?

    <p>Classification markings and handling caveats.</p> Signup and view all the answers

    What level of damage can the unauthorized disclosure of information classified as TOP SECURITY reasonably be expected to cause?

    <p>Exceptionally grave</p> Signup and view all the answers

    How many potential insider threat indicators are displayed: VIDEO GAMES, SOCIAL MEDIA and forget to secure smartphone?

    <p>1 indicator</p> Signup and view all the answers

    Which of the following is a reportable insider threat activity?

    <p>Attempting to access sensitive info without a need-to-know.</p> Signup and view all the answers

    Which of the following is a potential insider threat indicator?

    <p>Difficult circumstances; death of a spouse.</p> Signup and view all the answers

    Which of the following is a security best practice when using social networking sites?

    <p>Avoid posting your mother's maiden name.</p> Signup and view all the answers

    How can you protect your organization on social networking sites?

    <p>Ensure there are no identifiable landmarks visible in any photos.</p> Signup and view all the answers

    A trusted friend in your social network posts a link to vaccine info on a website unknown to you. What action should you take?

    <p>Research the source to evaluate its credibility and reliability.</p> Signup and view all the answers

    Which designation includes PII and PHI?

    <p>CUI</p> Signup and view all the answers

    Which of the following is true of Protected Health Information (PHI)?

    <p>It is created or received by a healthcare provider, health plan or employer.</p> Signup and view all the answers

    CUI must be handled using safeguarding or dissemination controls.

    <p>True</p> Signup and view all the answers

    Which of the following best describes good physical security?

    <p>Lionel stops an individual in his secure area.</p> Signup and view all the answers

    What is true about a Common Access Card (CAC)?

    <p>You should remove and take your CAC/PIV card whenever you leave your workstation.</p> Signup and view all the answers

    Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?

    <p>It should only be in a system while actively using it for a PKI-required task.</p> Signup and view all the answers

    What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?

    <p>Confirm the individual's need-to-know and access.</p> Signup and view all the answers

    Access to Sensitive Compartmented Information (SCI) requires Top Secret clearance and indoctrination into the SCI program.

    <p>True</p> Signup and view all the answers

    Only connect government-owned PEDs to the same level classification information system when authorized.

    <p>True</p> Signup and view all the answers

    Which of the following statements is true of cookies?

    <p>By accepting cookies, you may expose personal information</p> Signup and view all the answers

    Study Notes

    Spillage and Classified Data

    • Spillage prevention: Always follow data transfer procedures and ensure the correct network is used based on data classification.
    • Classified information handling: Store classified data in GSA-approved vaults/containers to protect against unauthorized access.
    • Response to classified information found online: Record the URL and report it to a security point of contact.
    • Classification markings: The handling and storage of classified data are governed by specific classification markings and handling caveats.
    • Impact of unauthorized disclosure: Disclosing information classified as TOP SECRET can cause exceptionally grave damage.

    Insider Threat Awareness

    • Indicators of insider threats: Social media usage, video games, and failure to secure smartphones can signal potential insider threats.
    • Reportable activities: Attempting to access sensitive information without a legitimate need-to-know should be reported as a potential insider threat.
    • Personal circumstances: Hardships such as the death of a spouse may serve as indicators of potential insider threats.

    Social Media Security

    • Best practices on social media: Avoid sharing personal information such as mother's maiden name on social networking sites.
    • Organizational protection: Ensure identifiable landmarks are not visible in photos shared online to maintain security.
    • Source evaluation: Verify the credibility of links shared by trusted contacts to prevent misinformation.

    Uncontrolled Unclassified Information (UUI)

    • Designation of Personal Information: Confidential Uncontrolled Information (CUI) includes Personally Identifiable Information (PII) and Protected Health Information (PHI).
    • Characteristics of PHI: PHI is generated or received by healthcare providers, health plans, or employers.
    • CUI handling requirements: CUI must be managed using appropriate safeguarding or dissemination controls.

    Physical Security and Identity Management

    • Good physical security practice: Ensure that unauthorized individuals are stopped from entering secure areas, emphasizing vigilance.
    • Common Access Card (CAC) protocol: Always take your CAC/PIV card with you when leaving your workstation.
    • Using PKI tokens: DoD PKI tokens should only be present in systems during active use for tasks requiring PKI.

    Sensitive Compartmented Information (SCI)

    • SCIF access: Authorized personnel must confirm an individual’s need-to-know status before entry into a Sensitive Compartmented Information Facility.
    • Access requirements for SCI: Only individuals with Top Secret clearance and proper indoctrination may access SCI-related information.

    Removable Media in SCIF

    • Use of portable electronic devices (PEDs): Only government-owned PEDs can be connected in SCIFs when authorized, to prevent security breaches.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers essential topics related to data spillage prevention and the handling of classified information. It also addresses insider threat indicators and the importance of reporting suspicious activities. Stay informed about best practices for ensuring data security and protecting sensitive information.

    More Like This

    Use Quizgecko on...
    Browser
    Browser