Data Protection and Insider Threat Awareness

Questions and Answers

Which of the following may help prevent spillage? (Select all that apply)

Follow procedures for transferring data (correct)

Ignore the classification level

Use secure networks (correct)

None of the above

Which of the following is a good practice to prevent spillage?

Use the correct network for the level of data (correct)

Share your login credentials

Connect to public Wi-Fi

Ignore data sensitivity

You find information that you know to be classified on the internet. What should you do?

Note the website's URL and report the situation to your security point of contact.

Which of the following is a good practice to protect classified information?

Store classified data appropriately in a GSA-approved vault/container

What is the basis for the handling and storage of classified data?

Classification markings and handling caveats.

What level of damage can the unauthorized disclosure of information classified as TOP SECURITY reasonably be expected to cause?

Exceptionally grave

How many potential insider threat indicators are displayed: VIDEO GAMES, SOCIAL MEDIA and forget to secure smartphone?

1 indicator

Which of the following is a reportable insider threat activity?

Attempting to access sensitive info without a need-to-know.

Which of the following is a potential insider threat indicator?

Difficult circumstances; death of a spouse.

Which of the following is a security best practice when using social networking sites?

Avoid posting your mother's maiden name.

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks visible in any photos.

A trusted friend in your social network posts a link to vaccine info on a website unknown to you. What action should you take?

Research the source to evaluate its credibility and reliability.

Which designation includes PII and PHI?

CUI

Which of the following is true of Protected Health Information (PHI)?

It is created or received by a healthcare provider, health plan or employer.

CUI must be handled using safeguarding or dissemination controls.

True

Which of the following best describes good physical security?

Lionel stops an individual in his secure area.

What is true about a Common Access Card (CAC)?

You should remove and take your CAC/PIV card whenever you leave your workstation.

Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?

It should only be in a system while actively using it for a PKI-required task.

What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?

Confirm the individual's need-to-know and access.

Access to Sensitive Compartmented Information (SCI) requires Top Secret clearance and indoctrination into the SCI program.

True

Only connect government-owned PEDs to the same level classification information system when authorized.

True

Which of the following statements is true of cookies?

By accepting cookies, you may expose personal information

Study Notes

Spillage and Classified Data

• Spillage prevention: Always follow data transfer procedures and ensure the correct network is used based on data classification.
• Classified information handling: Store classified data in GSA-approved vaults/containers to protect against unauthorized access.
• Response to classified information found online: Record the URL and report it to a security point of contact.
• Classification markings: The handling and storage of classified data are governed by specific classification markings and handling caveats.
• Impact of unauthorized disclosure: Disclosing information classified as TOP SECRET can cause exceptionally grave damage.

Insider Threat Awareness

• Indicators of insider threats: Social media usage, video games, and failure to secure smartphones can signal potential insider threats.
• Reportable activities: Attempting to access sensitive information without a legitimate need-to-know should be reported as a potential insider threat.
• Personal circumstances: Hardships such as the death of a spouse may serve as indicators of potential insider threats.

Social Media Security

• Best practices on social media: Avoid sharing personal information such as mother's maiden name on social networking sites.
• Organizational protection: Ensure identifiable landmarks are not visible in photos shared online to maintain security.
• Source evaluation: Verify the credibility of links shared by trusted contacts to prevent misinformation.

Uncontrolled Unclassified Information (UUI)

• Designation of Personal Information: Confidential Uncontrolled Information (CUI) includes Personally Identifiable Information (PII) and Protected Health Information (PHI).
• Characteristics of PHI: PHI is generated or received by healthcare providers, health plans, or employers.
• CUI handling requirements: CUI must be managed using appropriate safeguarding or dissemination controls.

Physical Security and Identity Management

• Good physical security practice: Ensure that unauthorized individuals are stopped from entering secure areas, emphasizing vigilance.
• Common Access Card (CAC) protocol: Always take your CAC/PIV card with you when leaving your workstation.
• Using PKI tokens: DoD PKI tokens should only be present in systems during active use for tasks requiring PKI.

Sensitive Compartmented Information (SCI)

• SCIF access: Authorized personnel must confirm an individual’s need-to-know status before entry into a Sensitive Compartmented Information Facility.
• Access requirements for SCI: Only individuals with Top Secret clearance and proper indoctrination may access SCI-related information.

Removable Media in SCIF

• Use of portable electronic devices (PEDs): Only government-owned PEDs can be connected in SCIFs when authorized, to prevent security breaches.

Description

This quiz covers essential topics related to data spillage prevention and the handling of classified information. It also addresses insider threat indicators and the importance of reporting suspicious activities. Stay informed about best practices for ensuring data security and protecting sensitive information.