Information Security Best Practices

Questions and Answers

Which of the following is true of unclassified data?

• It never requires classification markings.
• Its classification level may rise when aggregated. (correct)
• It does not affect the safety of Government missions.
• It must be released to the public immediately.

What type of information includes personal, payroll, medical, and operational information?

Sensitive

Sensitive information may be stored on any password-protected system.

False (B)

Which of the following is NOT a typical result from running malicious code?

Disabling cookies (D)

What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred?

Exceptionally grave damage

You must have your organization's permission to telework.

True (A)

What is true of protecting classified data?

Classified material must be appropriately marked.

Which of the following is NOT considered a potential insider threat indicator?

New interest in learning another language (B)

How many indicators does an employee display if they have visited several foreign countries recently, have adequate work quality, speak openly of unhappiness with U.S. foreign policy, and recently had their car repossessed?

3 or more

Which of the following is NOT considered a potential insider threat indicator?

Treated mental health issues (A)

What would you do if you receive a game application request on your government computer that includes permission to access your friends, profile information, cookies, and sites visited?

Decline the request

What information most likely presents a security risk on your personal social networking profile?

Birthplace

What should you do before exiting a controlled area?

Remove your security badge, common access card (CAC), or personal identity verification (PIV) card.

How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve to avoid chip cloning.

Always use DoD PKI tokens within their designated classification level.

True (A)

What is a best practice for handling cookies?

If possible, set your browser preferences to prompt you each time a website wants to store a cookie.

What action should you take if you receive an unexpected email from a friend with a URL?

Use TinyURL's preview feature to investigate where the link leads.

What action should you take first if you receive an email from the Office of Personnel Management (OPM) with a link to a personnel portal?

Look for a digital signature on the email.

Phishing can be an email with a hyperlink as bait.

True (A)

What should you immediately do upon connecting your Government-issued laptop to a public wireless connection?

Connect to the Government Virtual Private Network (VPN).

What should be your response if a coworker asks if you want to download a programmer's game to play at work?

I'll pass.

What should you do if a coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet?

Never allow sensitive data on non-Government-issued mobile devices.

What demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government-issued mobile devices.

How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

Flashcards are hidden until you start studying

Study Notes

Unclassified and Sensitive Information

• Unclassified data may require reassessment when aggregated, potentially raising its classification level.
• Sensitive information includes personal, payroll, medical, and operational details.

Protecting Sensitive Information

• Storing sensitive information on any password-protected system is an incorrect practice.
• Classified materials must be correctly marked to ensure protection.

Telework and Security Measures

• Telework requires prior permission from the organization.
• Security best practices include removing security badges and ID cards when exiting controlled areas.

Insider Threat Indicators

• Not all behavioral changes are insider threat indicators; new interests like learning a language are typically not indicators.
• Potential insider threats may present several indicators, with increasing concern as more signs are observed.

Handling Requests and Emails

• Decline any unsolicited game application requests on government computers that seek excessive permissions.
• Always check for digital signatures on unexpected emails requesting personal data before taking action.

Phishing and Security Risks

• Phishing attacks often take the form of emails containing hyperlinks as bait.
• Investigate unexpected emails with unfamiliar URLs using preview features before clicking.

Use of Technology and Privacy

• Ensure the protection of Common Access Cards (CAC) and Personal Identity Verification (PIV) cards by storing them in shielded sleeves.
• Always connect to the Government Virtual Private Network (VPN) when using government-issued devices on public networks.

Mobile Device and Wireless Security

• Encrypt sensitive data on government-issued mobile devices to safeguard information.
• Avoid using non-Bluetooth-paired or unencrypted wireless peripherals to enhance security while using wireless technology.