1 lets play written information security plan (not quite) jeopardy!!! rev. 25 may 2010
TRANSCRIPT
1
LET’S PLAY
Written InformationSecurity Plan
(not quite) Jeopardy!!!
Rev. 25 May 2010
2
Instructions1. Open another browser tab or window and locate the
Wiki references for “Written Information Security Plan.” Refer to it as you play the game.
2. Keep track of your scores on a scrap of paper or an open copy of Notepad on your computer. This will not be tracked, but it may earn you bragging rights with your coworkers! A. For correct answers you earn the designated
amount for that question.B. For incorrect answers you lose the amount for that
question. So yes, you could have a negative score! 3. Answer as many questions correctly as you can!4. After seeing your results for each question, click the
green home icon to return to the game board. 5. When you are ready, click the green home icon to
begin.
3
Written Information Security Written Information Security PlanPlan
(not quite) Jeopardy(not quite) JeopardyClick on any amount below to begin . . .Click on any amount below to begin . . . True/False WISP Requirements Etcetera
$100$100
$200$200
$300$300
$400$400
$500$500
$100$100 $100$100$100$100
$200$200 $200$200 $200$200
$300$300 $300$300 $300$300
$400$400 $400$400 $400$400
$500$500 $500$500 $500$500
Final QuestionFinal Question
4
$100 Question: True / False
True False
If you have re-usable electronic media that has been erased, you don’t need to worry about risk of recovering data from the media. After all, it’s been erased!
Click your answer below.
5
$100 Answer: True / FalseIf you have re-usable electronic media that has been erased, you don’t need to worry about risk of recovering data from the media. After all, it’s been erased!
FALSEThere are some powerful tools that can recover data from erased media. You should overwrite or re-format the media, or check with an IT professional to dispose of it properly.
TRUE is incorrect. Deduct $100 from your score.
6
$100 Answer: True / FalseIf you have re-usable electronic media that has been erased, you don’t need to worry about risk of recovering data from the media. After all, it’s been erased!
FALSEThere are some powerful tools that can recover data from erased media. You should overwrite or re-format the media, or check with an IT professional to dispose of it properly.
FALSE is correct. Add $100 to your score.
7
$200 Question: True / False
True False
Employees may transmit personal information via unencrypted email.
Click your answer below.
8
$200 Answer: True / FalseEmployees may transmit personal information via unencrypted email.
FALSEPersonal information must always be encrypted, no matter where or how it is transmitted or stored.
TRUE is incorrect. Deduct $200 from your score.
9
$200 Answer: True / False
Employees may transmit personal information via unencrypted email.
FALSEPersonal information must always be encrypted, no matter where or how it is transmitted or stored.
FALSE is correct. Add $200 to your score.
10
$300 Question: True / False
True False
Transmitted electronic files containing personal information do not need to be encrypted as long as access is password-protected.
Click your answer below.
11
$300 Answer: True / FalseTransmitted electronic files containing personal information do not need to be encrypted as long as access is password-protected.
FALSEAll transmitted files containing personal information that will travel across public networks (i.e. the internet) must be encrypted.
TRUE is incorrect. Deduct $300 from your score.
12
$300 Answer: True / FalseTransmitted electronic files containing personal information do not need to be encrypted as long as access is password-protected.
FALSEAll transmitted files containing personal information that will travel across public networks (i.e. the internet) must be encrypted.
FALSE is correct. Add $300 to your score.
13
$400 Question: True / False Daily Double!
False
If email with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative.
Click your answer below.
True
Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1.
You may also play for the set amount of $400 for this question.
After you have decided on an amount. Click this box for your question.
14
$400 Answer: True / FalseIf email with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative.
TRUEA secure website that requires safeguards including username and password when conducting transactions are an acceptable alternative to using encrypted email.
TRUE is correct. Add $400 or double the amount of your wager
to your score.
15
$400 Answer: True / FalseIf email with personal information cannot be encrypted, a secure web site with password protection is an acceptable alternative.
TRUEA secure website that requires safeguards including username and password when conducting transactions are an acceptable alternative to using encrypted email.
FALSE is incorrect. Deduct $400 or the amount of your wager from
your score.
16
$500 Question: True / False
True False
There is a specific, maximum period of time for which we are required to keep records containing personal information.
Click your answer below.
17
$500 Answer: True / FalseThere is a specific, maximum period of time for which we are required to keep records containing personal information.
FALSEThere is no specific time limit. As a good business practice, we should limit the time we retain personal information to no longer than what is necessary to meet ongoing business requirements.
TRUE is incorrect. Deduct $500 from your score.
18
$500 Answer: True / FalseThere is a specific, maximum period of time for which we are required to keep records containing personal information.
FALSEThere is no specific time limit. As a good business practice, we should limit the time we retain personal information to no longer than what is necessary to meet ongoing business requirements.
FALSE is correct. Add $500 to your score.
19
$100 Question: WISP
WISP is an acronym for:Click your choice
1) Witness Information Security Platform
2) Written Implementation Security Process
3) Written Improvement Security Program
4) Witness Information Security Process
5) Written Information Security Program
20
$100 Answer: WISP
WISP is an acronym for:
5) Written Information Security Program
Your answer is incorrect.
Deduct $100 from your score.
21
$100 Answer: WISP
WISP is an acronym for:
5) Written Information Security Program
Your answer is correct.
Add $100 to your score.
22
$200 Question: WISPSecurity and confidentiality of personal information in the WISP applies to:
Click your choice
1) Corporate and business information
2) Employee and corporate information
3) Consumer and corporate information
4) Consumer and employee information
5) Industry and corporate information
23
$200 Answer: WISP
Security and confidentiality of personal information in the WISP applies to:
4) Consumer and employee information
Your answer is incorrect.
Deduct $200 from your score.
24
$200 Answer: WISP
Security and confidentiality of personal information in the WISP applies to:
4) Consumer and employee information
Your answer is correct. Add $200 to your score.
25
$300 Question: WISPAccording to WISP, if a security breach is discovered, we must:
Click your choice1) flicker our servers and send a public alert to all customers
2) conduct and document a post-incident review of the events and actions taken
3) run a complete virus-scan and diagnostic of every computer in our contact centers
4) remove all laptop/notebook computers from service and run offline virus-scans on them
5) create and execute a corrective action plan that includes all EIG servers and computers
26
$300 Answer: WISP
According to WISP, if a security breach is discovered, we must:
2) conduct and document a post-incident review of the events and actions taken
Your answer is incorrect.
Deduct $300 from your score.
27
$300 Answer: WISP
According to WISP, if a security breach is discovered, we must:
2) conduct and document a post-incident review of the events and actions taken
Your answer is correct.
Add $300 to your score.
28
$400 Question: WISPWhich of the following does NOT apply? According to WISP, when we’ve identified paper records that contain personal information we must:
Click your choice
1) restrict access only to those employees who need the information to perform their employment responsibilities
2) require that terminated employees return copies of any documents containing personal information
3) store it in locked facilities, storage areas or containers
4) develop a security policy for storage, access, and transportation of such records outside of business premises
5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them
29
$400 Answer: WISPWhich of the following does NOT apply? According to WISP, when we’ve identified paper records that contain personal information we must:
5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them
Your answer is incorrect. Deduct $400 from your score.
30
$400 Answer: WISPWhich of the following does NOT apply? According to WISP, when we’ve identified paper records that contain personal information we must:
5) contract with a licensed, external firm to dispose of them properly by both shredding then burning them
Your answer is correct. Add $400 to your score.
31
$500 Question: WISP
1) Firewall protection
2) Security system agent software
3) Ban use of portable disk drives
4) Operating system patches
5) Virus and malware protection
WISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply?
Click your choice
32
$500 Answer: WISPWISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply?
3) Ban use of portable disk drives
Your answer is incorrect. Deduct $500 from your score.
33
$500 Answer: WISPWISP guidelines state that we ensure security of our computer systems by implementing all but one of the following. Which one does NOT apply?
3) Ban use of portable disk drives
Your answer is correct. Add $500 to your score.
34
$100 Question: Requirements Daily Double!
In this context, “personal information” is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT:
Click your choice
1) Social Security number
2) Vehicle license number
3) Driver’s license or state-issued identification number
4) Financial account number
5) Credit card number
Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1.
You may also play for the set amount of $100 for this question.
After you have decided on an amount. Click this box for your question.
35
$100 Answer: RequirementsIn this context, “personal information” is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT:
2) Vehicle license number
Your answer is incorrect. Deduct $100 or the amount of your wager from
your score.
36
$100 Answer: RequirementsIn this context, “personal information” is defined as the first and last name, or first initial and last name of an individual, together with any one of the following EXCEPT:
2) Vehicle license number
Your answer is correct. Add $100 or double the amount of your wager
to your score.
37
$200 Question: Requirements
1) Laptop computers
2) A Personal Digital Assistant (PDA)
3) Mobile telephones
4) Endurance computer systems
5) Portable media: flash drives, CDs, etc.
It is acceptable to store personal information on:
Click your choice
38
$200 Answer: Requirements
It is acceptable to store personal information on:
4) Endurance computer systems
Your answer is incorrect.
Deduct $200 from your score.
39
$200 Answer: Requirements
It is acceptable to store personal information on:
4) Endurance computer systems
Your answer is correct.
Add $200 to your score.
40
$300 Question: Requirements
1) Such that it is reasonably likely to reveal unauthorized access or use
2) Every access to personal information must be monitored every day
3) Access to personal information is routinely and randomly monitored
4) Select days are scheduled when access to personal information will be monitored
5) Monitors are only performed during times of high contact volume
To what extent is Endurance International Group obligated to monitor access to personal information?
Click your choice
41
$300 Answer: RequirementsTo what extent is Endurance International Group obligated to monitor access to personal information?
1) Such that it is reasonably likely to reveal
unauthorized access or use
Your answer is incorrect.
Deduct $300 from your score.
42
$300 Answer: Requirements
To what extent is Endurance International Group obligated to monitor access to personal information?
1) Such that it is reasonably likely to reveal
unauthorized access or use
Your answer is correct.
Add $300 to your score.
43
$400 Question: Requirements
1) prevention of access to either personal information or public data
2) transformation of data into a form in which meaning cannot be assigned
3) transition of information such that using a specific password is the only way to unlock it
4) barrier to the transmission of personal data across a network
5) conversion of personal information into a format that can only be read with a PIN
If data needs to be encrypted, it must bring about a . . .
Click your choice
44
$400 Answer: Requirements
If data needs to be encrypted, it must bring about a . . .
2) transformation of data into a form in which meaning cannot be assigned
Your answer is incorrect.
Deduct $400 from your score.
45
$400 Answer: Requirements
If data needs to be encrypted, it must bring about a . . .
2) transformation of data into a form in which meaning cannot be assigned
Your answer is correct.
Add $400 to your score.
46
$500 Question: Requirements
1) A “nick-name”
2) Billing or residential address
3) An affiliate tax identification number
4) The name of this person’s mother, father, or spouse
5) Vehicle license plate number
For purposes of this information security plan, which of the following is considered “personal information” if combined with a person’s first and last name (surname)?
Click your choice
47
$500 Answer: RequirementsFor purposes of this information security plan, which of the following is considered “personal information” if combined with a person’s first and last name (surname)?
3) An affiliate tax identification number
Your answer is incorrect.
Deduct $500 from your score.
48
$500 Answer: RequirementsFor purposes of this information security plan, which of the following is considered “personal information” if combined with a person’s first and last name (surname)?
3) An affiliate tax identification number
Your answer is correct.
Add $500 to your score.
49
$100 Question: Etcetera
1) Daily
2) Weekly
3) Monthly
4) Quarterly
5) Annually
The scope of our security measures must be reviewed:
Click your choice
50
$100 Answer: Etcetera
The scope of our security measures must be reviewed:
5) Annually
Your answer is incorrect.
Deduct $100 from your score.
51
$100 Answer: Etcetera
The scope of our security measures must be reviewed:
5) Annually
Your answer is correct.
Add $100 to your score.
52
$200 Question: EtceteraDaily Double!
The scope of our security measures must be reviewed more often than the minimum if:
Click your choice
1) business practices change which place access to personal information at risk
2) we hire then terminate anyone who lied during the recruiting process
3) one of our servers goes down for longer than one week
4) a virus or worm infiltrates one customer’s web site
5) the computers used in the training room are replaced or upgraded
Daily Double means that you may wager as much or as little as you have already earned. For example, if you have earned $1000 already, you may wager up to $1000, or as little as $1.
You may also play for the set amount of $200 for this question.
After you have decided on an amount. Click this box for your question.
53
$200 Answer: EtceteraThe scope of our security measures must be reviewed more often than the minimum if:
1) business practices change which place access to personal information at risk
Your answer is incorrect.
Deduct $200 or the amount of your wager from your score.
54
$200 Answer: EtceteraThe scope of our security measures must be reviewed more often than the minimum if:
1) business practices change which place access to personal information at risk
Your answer is correct.
Add $200 or double the amount of your wager to your score.
55
$300 Question: Etcetera
1) immediately terminated
2) removed from the position and retrained for a different job
3) subject to disciplinary measures
4) fined for the equivalent cost of a server virus-scan
5) sent home for the remainder of the scheduled work-shift
If an employee is found violating information security policies and procedures, he or she will be:
Click your choice
56
$300 Answer: EtceteraIf an employee is found violating information security policies and procedures, he or she will be:
3) Subject to disciplinary measures
Your answer is incorrect.
Deduct $300 from your score.
57
$300 Answer: Etcetera
If an employee is found violating information security policies and procedures, he or she will be:
3) Subject to disciplinary measures
Your answer is correct.
Add $300 to your score.
58
Which of the following does NOT apply? When destroying paper documents containing personal information, they must be:
Click your choice
$400 Question: Etcetera
1) Redacted
2) Irradiated
3) Burned
4) Pulverized
5) Shredded
59
$400 Answer: EtceteraWhich of the following does not apply? When destroying paper documents containing personal information, they must be:
2) Irradiated
Your answer is incorrect.
Deduct $400 from your score.
60
$400 Answer: EtceteraWhich of the following does not apply? When destroying paper documents containing personal information, they must be:
2) Irradiated
Your answer is correct.
Add $400 to your score.
61
$500 Question: Etcetera
Access to personal information will be:
Click your choice
1) on a need to know basis only
2) available to every employee of Endurance International Group and its affiliates
3) only available to Human Resources personnel
4) only available to Billing specialists
5) accessible by management staff and select personnel
62
$500 Answer: Etcetera
Access to personal information will be:
1) on a need to know basis only
Your answer is incorrect.
Deduct $500 from your score.
63
$500 Answer: EtceteraAccess to personal information will be:
1) on a need to know basis only
Your answer is correct.
Add $500 to your score.
64
Final Question
For $1000, what is your favorite color?
Click your choice
1) Red
2) Yellow
3) Blue
4) A combination of 2 of the above colors
5) Whatever I happen to be wearing at the moment
65
Final Answer
Any of the above!
• You might have hesitated, but if you answered honestly, your answer is correct! Add $1,000 to your score!
• Alright, that last one was a silly question, but the subject matter of this game is anything but silly.
• Now that you’ve completed this activity you should be familiar with the resource documentation in the Wiki and ready for the post-test.
66
Next Steps
• Take some time to review the Wiki again if you wish
• Complete the post-test listed in the Endurance University menu for this module
Thank you!