Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 LETS PLAY Written Information Security Plan (not quite) Jeopardy!!! Rev. 25 May 2010.

Similar presentations


Presentation on theme: "1 LETS PLAY Written Information Security Plan (not quite) Jeopardy!!! Rev. 25 May 2010."— Presentation transcript:

1

2 1 LETS PLAY Written Information Security Plan (not quite) Jeopardy!!! Rev. 25 May 2010

3 2 Instructions 1.Open another browser tab or window and locate the Wiki references for Written Information Security Plan. Refer to it as you play the game. 2.Keep track of your scores on a scrap of paper or an open copy of Notepad on your computer. This will not be tracked, but it may earn you bragging rights with your coworkers! A.For correct answers you earn the designated amount for that question. B.For incorrect answers you lose the amount for that question. So yes, you could have a negative score! 3.Answer as many questions correctly as you can! 4.After seeing your results for each question, click the green home icon to return to the game board. 5.When you are ready, click the green home icon to begin.

4 3 Written Information Security Plan (not quite) Jeopardy Click on any amount below to begin... True/FalseWISPRequirementsEtcetera $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 Final Question

5 4 $100 Question: True / False TrueFalse If you have re-usable electronic media that has been erased, you dont need to worry about risk of recovering data from the media. After all, its been erased! Click your answer below.

6 5 $100 Answer: True / False If you have re-usable electronic media that has been erased, you dont need to worry about risk of recovering data from the media. After all, its been erased! FALSE There are some powerful tools that can recover data from erased media. You should overwrite or re- format the media, or check with an IT professional to dispose of it properly. TRUE is incorrect. Deduct $100 from your score.

7 6 $100 Answer: True / False If you have re-usable electronic media that has been erased, you dont need to worry about risk of recovering data from the media. After all, its been erased! FALSE There are some powerful tools that can recover data from erased media. You should overwrite or re-format the media, or check with an IT professional to dispose of it properly. FALSE is correct. Add $100 to your score.

8 7 $200 Question: True / False TrueFalse Employees may transmit personal information via unencrypted . Click your answer below.

9 8 $200 Answer: True / False Employees may transmit personal information via unencrypted . FALSE Personal information must always be encrypted, no matter where or how it is transmitted or stored. TRUE is incorrect. Deduct $200 from your score.

10 9 $200 Answer: True / False Employees may transmit personal information via unencrypted . FALSE Personal information must always be encrypted, no matter where or how it is transmitted or stored. FALSE is correct. Add $200 to your score.

11 10 $300 Question: True / False TrueFalse Transmitted electronic files containing personal information do not need to be encrypted as long as access is password- protected. Click your answer below.

12 11 $300 Answer: True / False Transmitted electronic files containing personal information do not need to be encrypted as long as access is password- protected. FALSE All transmitted files containing personal information that will travel across public networks (i.e. the internet) must be encrypted. TRUE is incorrect. Deduct $300 from your score.

13 12 $300 Answer: True / False Transmitted electronic files containing personal information do not need to be encrypted as long as access is password- protected. FALSE All transmitted files containing personal information that will travel across public networks (i.e. the internet) must be encrypted. FALSE is correct. Add $300 to your score.

14 13 $400 Question: True / False Daily Double! False If with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative. Click your answer below. True Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1. You may also play for the set amount of $400 for this question. After you have decided on an amount. Click this box for your question.

15 14 $400 Answer: True / False If with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative. TRUE A secure website that requires safeguards including username and password when conducting transactions are an acceptable alternative to using encrypted . TRUE is correct. Add $400 or double the amount of your wager to your score.

16 15 $400 Answer: True / False If with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative. TRUE A secure website that requires safeguards including username and password when conducting transactions are an acceptable alternative to using encrypted . FALSE is incorrect. Deduct $400 or the amount of your wager from your score.

17 16 $500 Question: True / False TrueFalse There is a specific, maximum period of time for which we are required to keep records containing personal information. Click your answer below.

18 17 $500 Answer: True / False There is a specific, maximum period of time for which we are required to keep records containing personal information. FALSE There is no specific time limit. As a good business practice, we should limit the time we retain personal information to no longer than what is necessary to meet ongoing business requirements. TRUE is incorrect. Deduct $500 from your score.

19 18 $500 Answer: True / False There is a specific, maximum period of time for which we are required to keep records containing personal information. FALSE There is no specific time limit. As a good business practice, we should limit the time we retain personal information to no longer than what is necessary to meet ongoing business requirements. FALSE is correct. Add $500 to your score.

20 19 $100 Question: WISP WISP is an acronym for: Click your choice 1) Witness Information Security Platform 2) Written Implementation Security Process 3) Written Improvement Security Program 4) Witness Information Security Process 5) Written Information Security Program

21 20 $100 Answer: WISP WISP is an acronym for: 5) Written Information Security Program Your answer is incorrect. Deduct $100 from your score.

22 21 $100 Answer: WISP WISP is an acronym for: 5) Written Information Security Program Your answer is correct. Add $100 to your score.

23 22 $200 Question: WISP Security and confidentiality of personal information in the WISP applies to: Click your choice 1) Corporate and business information 2) Employee and corporate information 3) Consumer and corporate information 4) Consumer and employee information 5) Industry and corporate information

24 23 $200 Answer: WISP Security and confidentiality of personal information in the WISP applies to: 4) Consumer and employee information Your answer is incorrect. Deduct $200 from your score.

25 24 $200 Answer: WISP Security and confidentiality of personal information in the WISP applies to: 4) Consumer and employee information Your answer is correct. Add $200 to your score.

26 25 $300 Question: WISP According to WISP, if a security breach is discovered, we must: Click your choice 1)flicker our servers and send a public alert to allflicker our servers and send a public alert to all customers 2) conduct and document a post-incident review of the events and actions taken 3) run a complete virus-scan and diagnostic of every computer in our contact centers 4) remove all laptop/notebook computers from service and run offline virus-scans on them 5) create and execute a corrective action plan that includes all EIG servers and computers

27 26 $300 Answer: WISP According to WISP, if a security breach is discovered, we must: 2) conduct and document a post-incident review of the events and actions taken Your answer is incorrect. Deduct $300 from your score.

28 27 $300 Answer: WISP According to WISP, if a security breach is discovered, we must: 2) conduct and document a post-incident review of the events and actions taken Your answer is correct. Add $300 to your score.

29 28 $400 Question: WISP Which of the following does NOT apply? According to WISP, when weve identified paper records that contain personal information we must: Click your choice 1)restrict access only to those employees who need therestrict access only to those employees who need the information to perform their employment responsibilities 2) require that terminated employees return copies of any documents containing personal information 3) store it in locked facilities, storage areas or containers 4) develop a security policy for storage, access, and transportation of such records outside of business premises 5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them

30 29 $400 Answer: WISP Which of the following does NOT apply? According to WISP, when weve identified paper records that contain personal information we must: 5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them Your answer is incorrect. Deduct $400 from your score.

31 30 $400 Answer: WISP Which of the following does NOT apply? According to WISP, when weve identified paper records that contain personal information we must: 5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them Your answer is correct. Add $400 to your score.

32 31 $500 Question: WISP 1)Firewall protectionFirewall protection 2) Security system agent software 3) Ban use of portable disk drives 4) Operating system patches 5) Virus and malware protection WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply? Click your choice

33 32 $500 Answer: WISP WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply? 3) Ban use of portable disk drives Your answer is incorrect. Deduct $500 from your score.

34 33 $500 Answer: WISP WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply? 3) Ban use of portable disk drives Your answer is correct. Add $500 to your score.

35 34 $100 Question: Requirements Daily Double! In this context, personal information is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT: Click your choice 1)Social Security numberSocial Security number 2) Vehicle license number 3) Drivers license or state-issued identification number 4) Financial account number 5) Credit card number Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1. You may also play for the set amount of $100 for this question. After you have decided on an amount. Click this box for your question.

36 35 $100 Answer: Requirements In this context, personal information is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT: 2) Vehicle license number Your answer is incorrect. Deduct $100 or the amount of your wager from your score.

37 36 $100 Answer: Requirements In this context, personal information is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT: 2) Vehicle license number Your answer is correct. Add $100 or double the amount of your wager to your score.

38 37 $200 Question: Requirements 1)Laptop computersLaptop computers 2) A Personal Digital Assistant (PDA) 3) Mobile telephones 4) Endurance computer systems 5) Portable media: flash drives, CDs, etc. It is acceptable to store personal information on: Click your choice

39 38 $200 Answer: Requirements It is acceptable to store personal information on: 4) Endurance computer systems Your answer is incorrect. Deduct $200 from your score.

40 39 $200 Answer: Requirements It is acceptable to store personal information on: 4) Endurance computer systems Your answer is correct. Add $200 to your score.

41 40 $300 Question: Requirements 1)Such that it is reasonably likely to revealSuch that it is reasonably likely to reveal unauthorized access or use 2) Every access to personal information must be monitored every day 3) Access to personal information is routinely and randomly monitored 4) Select days are scheduled when access to personal information will be monitored 5) Monitors are only performed during times of high contact volume To what extent is Endurance International Group obligated to monitor access to personal information? Click your choice

42 41 $300 Answer: Requirements To what extent is Endurance International Group obligated to monitor access to personal information? 1) Such that it is reasonably likely to reveal unauthorized access or use Your answer is incorrect. Deduct $300 from your score.

43 42 $300 Answer: Requirements To what extent is Endurance International Group obligated to monitor access to personal information? 1) Such that it is reasonably likely to reveal unauthorized access or use Your answer is correct. Add $300 to your score.

44 43 $400 Question: Requirements 1)prevention of access to either personal informationprevention of access to either personal information or public data 2) transformation of data into a form in which meaning cannot be assigned 3) transition of information such that using a specific password is the only way to unlock it 4) barrier to the transmission of personal data across a network 5) conversion of personal information into a format that can only be read with a PIN If data needs to be encrypted, it must bring about a... Click your choice

45 44 $400 Answer: Requirements If data needs to be encrypted, it must bring about a... 2) transformation of data into a form in which meaning cannot be assigned Your answer is incorrect. Deduct $400 from your score.

46 45 $400 Answer: Requirements If data needs to be encrypted, it must bring about a... 2) transformation of data into a form in which meaning cannot be assigned Your answer is correct. Add $400 to your score.

47 46 $500 Question: Requirements 1)A nick-nameA nick-name 2) Billing or residential address 3) An affiliate tax identification number 4) The name of this persons mother, father, or spouse 5) Vehicle license plate number For purposes of this information security plan, which of the following is considered personal information if combined with a persons first and last name (surname)? Click your choice

48 47 $500 Answer: Requirements For purposes of this information security plan, which of the following is considered personal information if combined with a persons first and last name (surname)? 3) An affiliate tax identification number Your answer is incorrect. Deduct $500 from your score.

49 48 $500 Answer: Requirements For purposes of this information security plan, which of the following is considered personal information if combined with a persons first and last name (surname)? 3) An affiliate tax identification number Your answer is correct. Add $500 to your score.

50 49 $100 Question: Etcetera 1)DailyDaily 2) Weekly 3) Monthly 4) Quarterly 5) Annually The scope of our security measures must be reviewed: Click your choice

51 50 $100 Answer: Etcetera The scope of our security measures must be reviewed: 5) Annually Your answer is incorrect. Deduct $100 from your score.

52 51 $100 Answer: Etcetera The scope of our security measures must be reviewed: 5) Annually Your answer is correct. Add $100 to your score.

53 52 $200 Question: Etcetera Daily Double! The scope of our security measures must be reviewed more often than the minimum if: Click your choice 1)business practices change which place access tobusiness practices change which place access to personal information at risk 2) we hire then terminate anyone who lied during the recruiting process 3) one of our servers goes down for longer than one week 4) a virus or worm infiltrates one customers web site 5) the computers used in the training room are replaced or upgraded Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1. You may also play for the set amount of $200 for this question. After you have decided on an amount. Click this box for your question.

54 53 $200 Answer: Etcetera The scope of our security measures must be reviewed more often than the minimum if: 1) business practices change which place access to personal information at risk Your answer is incorrect. Deduct $200 or the amount of your wager from your score.

55 54 $200 Answer: Etcetera The scope of our security measures must be reviewed more often than the minimum if: 1) business practices change which place access to personal information at risk Your answer is correct. Add $200 or double the amount of your wager to your score.

56 55 $300 Question: Etcetera 1)immediately terminatedimmediately terminated 2) removed from the position and retrained for a different job 3) subject to disciplinary measures 4) fined for the equivalent cost of a server virus-scan 5) sent home for the remainder of the scheduled work-shift If an employee is found violating information security policies and procedures, he or she will be: Click your choice

57 56 $300 Answer: Etcetera If an employee is found violating information security policies and procedures, he or she will be: 3) Subject to disciplinary measures Your answer is incorrect. Deduct $300 from your score.

58 57 $300 Answer: Etcetera If an employee is found violating information security policies and procedures, he or she will be: 3) Subject to disciplinary measures Your answer is correct. Add $300 to your score.

59 58 Which of the following does NOT apply? When destroying paper documents containing personal information, they must be: Click your choice $400 Question: Etcetera 1)RedactedRedacted 2) Irradiated 3) Burned 4) Pulverized 5) Shredded

60 59 $400 Answer: Etcetera Which of the following does not apply? When destroying paper documents containing personal information, they must be: 2) Irradiated Your answer is incorrect. Deduct $400 from your score.

61 60 $400 Answer: Etcetera Which of the following does not apply? When destroying paper documents containing personal information, they must be: 2) Irradiated Your answer is correct. Add $400 to your score.

62 61 $500 Question: Etcetera Access to personal information will be: Click your choice 1)on a need to know basis onlyon a need to know basis only 2) available to every employee of Endurance International Group and its affiliates 3) only available to Human Resources personnel 4) only available to Billing specialists 5) accessible by management staff and select personnel

63 62 $500 Answer: Etcetera Access to personal information will be: 1) on a need to know basis only Your answer is incorrect. Deduct $500 from your score.

64 63 $500 Answer: Etcetera Access to personal information will be: 1) on a need to know basis only Your answer is correct. Add $500 to your score.

65 64 Final Question For $1000, what is your favorite color? Click your choice 1)RedRed 2) Yellow 3) Blue 4) A combination of 2 of the above colors 5) Whatever I happen to be wearing at the moment

66 65 Final Answer Any of the above! You might have hesitated, but if you answered honestly, your answer is correct! Add $1,000 to your score! Alright, that last one was a silly question, but the subject matter of this game is anything but silly. Now that youve completed this activity you should be familiar with the resource documentation in the Wiki and ready for the post-test.

67 66 Next Steps Take some time to review the Wiki again if you wish Complete the post-test listed in the Endurance University menu for this module Thank you!


Download ppt "1 LETS PLAY Written Information Security Plan (not quite) Jeopardy!!! Rev. 25 May 2010."

Similar presentations


Ads by Google