1 / 66

LET’S PLAY Written Information Security Plan (not quite) Jeopardy!!!

LET’S PLAY Written Information Security Plan (not quite) Jeopardy!!!. Rev. 25 May 2010. Instructions. Open another browser tab or window and locate the Wiki references for “Written Information Security Plan.” Refer to it as you play the game.

anila
Download Presentation

LET’S PLAY Written Information Security Plan (not quite) Jeopardy!!!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LET’S PLAY Written InformationSecurity Plan(not quite) Jeopardy!!! Rev. 25 May 2010

  2. Instructions Open another browser tab or window and locate the Wiki references for “Written Information Security Plan.” Refer to it as you play the game. Keep track of your scores on a scrap of paper or an open copy of Notepad on your computer. This will not be tracked, but it may earn you bragging rights with your coworkers! For correct answers you earn the designated amount for that question. For incorrect answers you lose the amount for that question. So yes, you could have a negative score! Answer as many questions correctly as you can! After seeing your results for each question, click the green home icon to return to the game board. When you are ready, click the green home icon to begin.

  3. Written Information Security Plan (not quite) Jeopardy Click on any amount below to begin . . . True/False WISP Requirements Etcetera $100 $100 $100 $100 $200 $200 $200 $200 $300 $300 $300 $300 $400 $400 $400 $400 $500 $500 $500 $500 Final Question

  4. $100 Question: True / False If you have re-usable electronic media that has been erased, you don’t need to worry about risk of recovering data from the media. After all, it’s been erased! Click your answer below. True False

  5. $100 Answer: True / False If you have re-usable electronic media that has been erased, you don’t need to worry about risk of recovering data from the media. After all, it’s been erased! FALSE There are some powerful tools that can recover data from erased media. You should overwrite or re-format the media, or check with an IT professional to dispose of it properly. TRUE is incorrect. Deduct $100 from your score.

  6. $100 Answer: True / False If you have re-usable electronic media that has been erased, you don’t need to worry about risk of recovering data from the media. After all, it’s been erased! FALSE There are some powerful tools that can recover data from erased media. You should overwrite or re-format the media, or check with an IT professional to dispose of it properly. FALSE is correct. Add $100 to your score.

  7. $200 Question: True / False Employees may transmit personal information via unencrypted email. Click your answer below. True False

  8. $200 Answer: True / False Employees may transmit personal information via unencrypted email. FALSE Personal information must always be encrypted, no matter where or how it is transmitted or stored. TRUE is incorrect. Deduct $200 from your score.

  9. $200 Answer: True / False Employees may transmit personal information via unencrypted email. FALSE Personal information must always be encrypted, no matter where or how it is transmitted or stored. FALSE is correct. Add $200 to your score.

  10. $300 Question: True / False Transmitted electronic files containing personal information do not need to be encrypted as long as access is password-protected. Click your answer below. True False

  11. $300 Answer: True / False Transmitted electronic files containing personal information do not need to be encrypted as long as access is password-protected. FALSE All transmitted files containing personal information that will travel across public networks (i.e. the internet) must be encrypted. TRUE is incorrect. Deduct $300 from your score.

  12. $300 Answer: True / False Transmitted electronic files containing personal information do not need to be encrypted as long as access is password-protected. FALSE All transmitted files containing personal information that will travel across public networks (i.e. the internet) must be encrypted. FALSE is correct. Add $300 to your score.

  13. $400 Question: True / False Daily Double! Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1. You may also play for the set amount of $400 for this question. After you have decided on an amount. Click this box for your question. If email with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative. Click your answer below. True False

  14. If email with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative. TRUE A secure website that requires safeguards including username and password when conducting transactions are an acceptable alternative to using encrypted email. TRUE is correct. Add $400 or double the amount of your wager to your score. $400 Answer: True / False

  15. $400 Answer: True / False If email with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative. TRUE A secure website that requires safeguards including username and password when conducting transactions are an acceptable alternative to using encrypted email. FALSE is incorrect. Deduct $400 or the amount of your wager from your score.

  16. There is a specific, maximum period of time for which we are required to keep records containing personal information. Click your answer below. $500 Question: True / False True False

  17. There is a specific, maximum period of time for which we are required to keep records containing personal information. FALSE There is no specific time limit. As a good business practice, we should limit the time we retain personal information to no longer than what is necessary to meet ongoing business requirements. TRUE is incorrect. Deduct $500 from your score. $500 Answer: True / False

  18. $500 Answer: True / False There is a specific, maximum period of time for which we are required to keep records containing personal information. FALSE There is no specific time limit. As a good business practice, we should limit the time we retain personal information to no longer than what is necessary to meet ongoing business requirements. FALSE is correct. Add $500 to your score.

  19. WISP is an acronym for: Click your choice $100 Question: WISP 1) Witness Information Security Platform 2) Written Implementation Security Process 3) Written Improvement Security Program 4) Witness Information Security Process 5) Written Information Security Program

  20. WISP is an acronym for: 5) Written Information Security Program Your answer is incorrect. Deduct $100 from your score. $100 Answer: WISP

  21. $100 Answer: WISP WISP is an acronym for: 5) Written Information Security Program Your answer is correct. Add $100 to your score.

  22. Security and confidentiality of personal information in the WISP applies to: Click your choice $200 Question: WISP 1) Corporate and business information 2) Employee and corporate information 3) Consumer and corporate information 4) Consumer and employee information 5) Industry and corporate information

  23. Security and confidentiality of personal information in the WISP applies to: 4) Consumer and employee information Your answer is incorrect. Deduct $200 from your score. $200 Answer: WISP

  24. $200 Answer: WISP Security and confidentiality of personal information in the WISP applies to: 4) Consumer and employee information Your answer is correct. Add $200 to your score.

  25. According to WISP, if a security breach is discovered, we must: Click your choice $300 Question: WISP • flicker our servers and send a public alert to all • customers 2) conduct and document a post-incident review of the events and actions taken 3) run a complete virus-scan and diagnostic of every computer in our contact centers 4) remove all laptop/notebook computers from service and run offline virus-scans on them 5) create and execute a corrective action plan that includes all EIG servers and computers

  26. According to WISP, if a security breach is discovered, we must: 2) conduct and document a post-incident review of the events and actions taken Your answer is incorrect. Deduct $300 from your score. $300 Answer: WISP

  27. $300 Answer: WISP According to WISP, if a security breach is discovered, we must: 2) conduct and document a post-incident review of the events and actions taken Your answer is correct. Add $300 to your score.

  28. Which of the following does NOT apply? According to WISP, when we’ve identified paper records that contain personal information we must: Click your choice $400 Question: WISP • restrict access only to those employees who need the • information to perform their employment responsibilities 2) require that terminated employees return copies of any documents containing personal information 3) store it in locked facilities, storage areas or containers 4) develop a security policy for storage, access, and transportation of such records outside of business premises 5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them

  29. Which of the following does NOT apply? According to WISP, when we’ve identified paper records that contain personal information we must: 5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them Your answer is incorrect. Deduct $400 from your score. $400 Answer: WISP

  30. $400 Answer: WISP Which of the following does NOT apply? According to WISP, when we’ve identified paper records that contain personal information we must: 5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them Your answer is correct. Add $400 to your score.

  31. WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply? Click your choice $500 Question: WISP • Firewall protection 2) Security system agent software 3) Ban use of portable disk drives 4) Operating system patches 5) Virus and malware protection

  32. WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply? 3) Ban use of portable disk drives Your answer is incorrect. Deduct $500 from your score. $500 Answer: WISP

  33. $500 Answer: WISP WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply? 3) Ban use of portable disk drives Your answer is correct. Add $500 to your score.

  34. In this context, “personal information” is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT: Click your choice $100 Question: Requirements Daily Double! Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1. You may also play for the set amount of $100 for this question. After you have decided on an amount. Click this box for your question. • Social Security number 2) Vehicle license number 3) Driver’s license or state-issued identification number 4) Financial account number 5) Credit card number

  35. In this context, “personal information” is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT: 2) Vehicle license number Your answer is incorrect. Deduct $100 or the amount of your wager from your score. $100 Answer: Requirements

  36. $100 Answer: Requirements In this context, “personal information” is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT: 2) Vehicle license number Your answer is correct. Add $100 or double the amount of your wager to your score.

  37. $200 Question: Requirements It is acceptable to store personal information on: Click your choice • Laptop computers 2) A Personal Digital Assistant (PDA) 3) Mobile telephones 4) Endurance computer systems 5) Portable media: flash drives, CDs, etc.

  38. It is acceptable to store personal information on: 4) Endurance computer systems Your answer is incorrect. Deduct $200 from your score. $200 Answer: Requirements

  39. $200 Answer: Requirements It is acceptable to store personal information on: 4) Endurance computer systems Your answer is correct. Add $200 to your score.

  40. $300 Question: Requirements To what extent is Endurance International Group obligated to monitor access to personal information? Click your choice • Such that it is reasonably likely to reveal • unauthorized access or use 2) Every access to personal information must be monitored every day 3) Access to personal information is routinely and randomly monitored 4) Select days are scheduled when access to personal information will be monitored 5) Monitors are only performed during times of high contact volume

  41. To what extent is Endurance International Group obligated to monitor access to personal information? 1) Such that it is reasonably likely to reveal unauthorized access or use Your answer is incorrect. Deduct $300 from your score. $300 Answer: Requirements

  42. $300 Answer: Requirements To what extent is Endurance International Group obligated to monitor access to personal information? 1) Such that it is reasonably likely to reveal unauthorized access or use Your answer is correct. Add $300 to your score.

  43. $400 Question: Requirements If data needs to be encrypted, it must bring about a . . . Click your choice • prevention of access to either personal information • or public data 2) transformation of data into a form in which meaning cannot be assigned 3) transition of information such that using a specific password is the only way to unlock it 4) barrier to the transmission of personal data across a network 5) conversion of personal information into a format that can only be read with a PIN

  44. If data needs to be encrypted, it must bring about a . . . 2) transformation of data into a form in which meaning cannot be assigned Your answer is incorrect. Deduct $400 from your score. $400 Answer: Requirements

  45. $400 Answer: Requirements If data needs to be encrypted, it must bring about a . . . 2) transformation of data into a form in which meaning cannot be assigned Your answer is correct. Add $400 to your score.

  46. $500 Question: Requirements For purposes of this information security plan, which of the following is considered “personal information” if combined with a person’s first and last name (surname)? Click your choice • A “nick-name” 2) Billing or residential address 3) An affiliate tax identification number 4) The name of this person’s mother, father, or spouse 5) Vehicle license plate number

  47. For purposes of this information security plan, which of the following is considered “personal information” if combined with a person’s first and last name (surname)? 3) An affiliate tax identification number Your answer is incorrect. Deduct $500 from your score. $500 Answer: Requirements

  48. $500 Answer: Requirements For purposes of this information security plan, which of the following is considered “personal information” if combined with a person’s first and last name (surname)? 3) An affiliate tax identification number Your answer is correct. Add $500 to your score.

  49. $100 Question: Etcetera The scope of our security measures must be reviewed: Click your choice • Daily 2) Weekly 3) Monthly 4) Quarterly 5) Annually

  50. The scope of our security measures must be reviewed: 5) Annually Your answer is incorrect. Deduct $100 from your score. $100 Answer: Etcetera

More Related