Questions and Answers
Which of the following may help prevent spillage? (Select all that apply)
Which of the following is a good practice to prevent spillage?
You find information that you know to be classified on the internet. What should you do?
Note the website's URL and report the situation to your security point of contact.
Which of the following is a good practice to protect classified information?
Signup and view all the answers
What is the basis for the handling and storage of classified data?
Signup and view all the answers
What level of damage can the unauthorized disclosure of information classified as TOP SECURITY reasonably be expected to cause?
Signup and view all the answers
How many potential insider threat indicators are displayed: VIDEO GAMES, SOCIAL MEDIA and forget to secure smartphone?
Signup and view all the answers
Which of the following is a reportable insider threat activity?
Signup and view all the answers
Which of the following is a potential insider threat indicator?
Signup and view all the answers
Which of the following is a security best practice when using social networking sites?
Signup and view all the answers
How can you protect your organization on social networking sites?
Signup and view all the answers
A trusted friend in your social network posts a link to vaccine info on a website unknown to you. What action should you take?
Signup and view all the answers
Which designation includes PII and PHI?
Signup and view all the answers
Which of the following is true of Protected Health Information (PHI)?
Signup and view all the answers
CUI must be handled using safeguarding or dissemination controls.
Signup and view all the answers
Which of the following best describes good physical security?
Signup and view all the answers
What is true about a Common Access Card (CAC)?
Signup and view all the answers
Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?
Signup and view all the answers
What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?
Signup and view all the answers
Access to Sensitive Compartmented Information (SCI) requires Top Secret clearance and indoctrination into the SCI program.
Signup and view all the answers
Only connect government-owned PEDs to the same level classification information system when authorized.
Signup and view all the answers
Which of the following statements is true of cookies?
Signup and view all the answers
Study Notes
Spillage and Classified Data
- Spillage prevention: Always follow data transfer procedures and ensure the correct network is used based on data classification.
- Classified information handling: Store classified data in GSA-approved vaults/containers to protect against unauthorized access.
- Response to classified information found online: Record the URL and report it to a security point of contact.
- Classification markings: The handling and storage of classified data are governed by specific classification markings and handling caveats.
- Impact of unauthorized disclosure: Disclosing information classified as TOP SECRET can cause exceptionally grave damage.
Insider Threat Awareness
- Indicators of insider threats: Social media usage, video games, and failure to secure smartphones can signal potential insider threats.
- Reportable activities: Attempting to access sensitive information without a legitimate need-to-know should be reported as a potential insider threat.
- Personal circumstances: Hardships such as the death of a spouse may serve as indicators of potential insider threats.
Social Media Security
- Best practices on social media: Avoid sharing personal information such as mother's maiden name on social networking sites.
- Organizational protection: Ensure identifiable landmarks are not visible in photos shared online to maintain security.
- Source evaluation: Verify the credibility of links shared by trusted contacts to prevent misinformation.
Uncontrolled Unclassified Information (UUI)
- Designation of Personal Information: Confidential Uncontrolled Information (CUI) includes Personally Identifiable Information (PII) and Protected Health Information (PHI).
- Characteristics of PHI: PHI is generated or received by healthcare providers, health plans, or employers.
- CUI handling requirements: CUI must be managed using appropriate safeguarding or dissemination controls.
Physical Security and Identity Management
- Good physical security practice: Ensure that unauthorized individuals are stopped from entering secure areas, emphasizing vigilance.
- Common Access Card (CAC) protocol: Always take your CAC/PIV card with you when leaving your workstation.
- Using PKI tokens: DoD PKI tokens should only be present in systems during active use for tasks requiring PKI.
Sensitive Compartmented Information (SCI)
- SCIF access: Authorized personnel must confirm an individual’s need-to-know status before entry into a Sensitive Compartmented Information Facility.
- Access requirements for SCI: Only individuals with Top Secret clearance and proper indoctrination may access SCI-related information.
Removable Media in SCIF
- Use of portable electronic devices (PEDs): Only government-owned PEDs can be connected in SCIFs when authorized, to prevent security breaches.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers essential topics related to data spillage prevention and the handling of classified information. It also addresses insider threat indicators and the importance of reporting suspicious activities. Stay informed about best practices for ensuring data security and protecting sensitive information.
