Which of the following information is a security risk when posted publicly on your social networking profile

Looking for Expert Opinion?

Let us have a look at your work and suggest how to improve it!

Get a Consultant

What do you do if spillage occurs?

?

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and is downgraded

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work

Which of the following should you NOT do if you find classified information on the internet?

Download the information

Which of the following is NOT true concerning a computer labeled SECRET?

May be used on an unclassified network

What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?

Secret

What advantages do "insider threats" have over others that allows them to be able to do extraordinary damage to their organizations?

They are trusted and have authorized access to Government information systems.

Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without authorization.

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?

?

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know

How many insider threat indicators does Alex demonstrate?

Three or more

What should Alex’s colleagues do?

Report the suspicious behavior in accordance with their organization’s insider threat policy

What information most likely presents a security risk on your personal social networking profile?

Personal email address

What information most likely presents a security risk on your personal social networking profile?

?

Select all sections of the profile that contain an issue. Then select Submit. [Alex Smith]

All three sections

Select the appropriate setting for each item. Then select Save. [Alex Smith/Social Media]

Name and profile picture – Any (depends on personal preference) Biographical data – Friends Only; Status, photos, and posts – Friends Only; Family and relationships – Friends Only; Birthday – Friends Only; Photos and videos you are in – Friends Only; Check in location via GPS – Off

Which of the following is NOT a correct way to protect sensitive information?

Sensitive information may be stored on any password-protected system.

Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?

As long as the document is cleared for public release, you may share it outside of DoD.

Which type of information includes personal, payroll, medical, and operational information?

Sensitive

After clicking on a link on a website, a box pops up and asks if you want to run an application. Is it okay to run it?

No. Only allow mobile code to run from your organization or your organization’s trusted sites.

Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.

Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?

Always use DoD PKI tokens within their designated classification level.

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Maintain possession of it at all times.

Which of the following is a best practice for handling cookies?

?

Select all security issues. Then select Submit. [Isabel/Website Use]

Top and bottom sections only

You receive an email at your official Government email address from an individual at the Office of Personnel Management (OPM). The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. What action should you take first?

Look for a digital signature on the email.

You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?

Contact the IRS using their publicly available, official contact information.

Which email attachments are generally SAFE to open?

Attachments contained in a digitally signed email from someone known

Which of the following is NOT true of traveling overseas with a mobile phone?

?

What should Sara do when using publicly available Internet, such as hotel Wi-Fi?

Only connect with the Government VPN

What is the danger of using public Wi-Fi connections?

Both of these

A coworker has asked if you want to download a programmer’s game to play at work. What should be your response?

I’ll pass.

While you are waiting for your lunch bill, a stranger picks up your Government-issued phone from your table and proceeds to exit the facility with it. What should you do?

Try to observe the direction taken and any other useful information and immediately make a report to your security point of contact.

Mobile devices include fitness bands, tablets, smartphones, electronic readers, and Bluetooth- enabled devices.

True

Which of the following is a best practice for securing your home computer?

Use antivirus software and keep it up to date.

Unless you've been living under a rock in 2009, you know that social networking Web sites are the latest and greatest way to interact with other users on the Internet. Thirty-five percent of adults on the Internet now have a profile on at least one social networking site, and 51 percent have more than one. Three-quarters of users between the ages of 18 and 24 have an online profile [source: USA Today]. The Pew Research Center found that 89 percent of these people use the sites to keep up with friends, 57 percent to make plans with friends and 49 percent to make new friends.

Facebook, MySpace, LinkedIn, Friendster, Urban Chat and Black Planet are just a few of more than 100 Web sites connecting folks around the world who are eager to share their thoughts and feelings. But just like in real life, there's such a thing as sharing too much information (TMI). It's easy to get caught up in the social aspects of sites like Facebook, but what you choose to share is there for all to see if you don't limit who can view your information. The same study by Pew Research found that 40 percent of users have open access to their profiles, allowing anyone to view their information. The other 60 percent restrict access to friends, family and colleagues. Sharing personal information with strangers can be dangerous business, and there are some things you should definitely put on your "do not share" list. We'll go over 10 of those items in this article.

On Facebook, users can send personal messages or post notes, images or videos to another user's wall. The wall is there for all to see, while messages are between the sender and the receiver, just like an e-mail. Personal and private matters should never be shared on your wall. You wouldn't go around with a bullhorn announcing a private issue to the world, and the same thing goes on the Internet. This falls under the nebulous world of social networking etiquette. There is no official handbook for this sort of thing, but use your best judgment. If it's not something you'd feel comfortable sharing in person with extended family, acquaintances, work colleagues or strangers, then you shouldn't share it on your Facebook wall.

Sharing your social plans for everybody to see isn't a good idea. Unless you're planning a big party and inviting all the users you're connected to, it will only make your other friends feel left out. There are also some security issues at stake here. Imagine a scenario where a jealous ex-boyfriend knows that you're meeting a new date out that night. What's to keep the ex from showing up and causing a scene or even potentially getting upset or violent? Nothing, that's what. If you're planning a party or an outing with a group of friends, send a personal "e-vite" for their eyes only and nobody is the wiser. If you're trying to cast a wide net by throwing out an idea for a social outing, just remember that anyone who has access to your profile sees it.

With 51 percent of social network users taking advantage of more than one site, there's bound to be some crossover from one to the other, especially if you have the sites linked. You may post something you find innocuous on Facebook, but then it's linked to your LinkedIn work profile and you've put your job at risk. If you link your various profiles together, be aware that what you post in one world is available to the others. In 2009, a case of an employee caught lying on Facebook hit the news. The employee asked off for a weekend shift because he was ill and then posted pictures on his Facebook profile of himself at a party that same weekend. The news got back to his employer easily enough and he was fired. So if you choose to link your profiles, it's no longer a "personal life" and "work life" scenario.

You may be dying to tell the world about your new work promotion, but if it's news that could be advantageous to one of your company's competitors, then it's not something you should share. News of a planned expansion or a big project role and anything else about your workplace should be kept private. Sophos, a security software company, found that 63 percent of companies were afraid of what their employees were choosing to share on social networking sites [source: ReadWriteWeb]. If you want to message it out, be selective and send private e-mails. Many companies are so serious about not being included in social networking sites that they forbid employees from using sites like Facebook at work. Some IT departments even filter the URLs and block access to these sites altogether so employees aren't tempted to log on.

Social networking sites are a common place for people to share pictures of their families, but if you're one of the 40 percent of users who don't restrict access to your profile, then those pictures are there for everyone to see. It's a sad fact, but there are a lot of predators who use the Internet to stalk their prey. If you post pictures of your family and couple that with information like, "my husband is out of town this weekend" or "little Johnny is old enough to stay at home by himself now," then your children's safety could be at risk. Nobody ever thinks it will happen to them until it does, so safety first is a good default mode when using social networking sites. Just like with other private matters, send family photos only to a select group of trusted friends and colleagues who you know won't share them.

File this one under security risk. If you share your address and phone number on a social networking site, you open yourself up to threats of identity theft and other personal dangers like burglaries. If you post that you're going on vacation and you have your address posted, then everyone knows you have an empty house. Identity thieves could pay a visit to your mailbox and open up a credit card in your name. Burglars could rid your home of anything of value. Even just posting your phone number gives people with Internet savvy easy access to your address. Reverse lookup services can supply anyone with your home address if you can provide the phone number.

You would think that nobody would share things like where they do their banking or what their stock portfolio looks like, but it happens. Especially with all the headlines of banks going bankrupt and stock prices plummeting during the 2008/2009 recession, it's easy for an innocent Facebook comment to reveal too much about your personal finances. Consider this scenario: You're posting to a long thread on a friend's wall about the bank crisis. You say something along the lines of, "We don't need to worry because we bank with a teacher's credit union," or even, "We put all our money into blue chip stocks and plan to ride it out." Again, if you're one the 40 percent who allow open access to your profile, then suddenly identity thieves know where you bank and where you have the bulk of your investments. It's easy to forget that what may seem like a harmless comment on a Facebook wall could reveal a great deal about your personal finances. It's best to avoid that kind of talk altogether.

This one really seems like a no-brainer, but if it didn't happen, then Facebook probably wouldn't feel the need to list it in the No. 1 slot on its list of things you shouldn't share. Even sharing the password with a friend so he or she can log on and check something for you can be a risk. This is especially true with couples who feel like there's enough trust to share these kinds of things. Here's another scenario for you: You give your boyfriend your Facebook password because he wants to help you upload some vacation photos. A couple of months later, the relationship sours, he turns into a not-so-nice guy and then there's a person out there who doesn't like you and has your login information. Time to cancel your account and get a new one. If you'd have kept that information private to begin with, you could simply move on with your life. Now you have a compromised profile, and if you link to other sites or profiles, all that information is at risk as well. Keep your password to yourself, no matter what, and you never have to worry about it.

Most Web sites that contain secure personal information require a password also have at least one password hint in case you forget. It typically goes like this: You sign up for something like online banking and you get a login and password and then choose a security question for when you forget your password. What's the name of your first pet? What's your mother's maiden name? What was your high school mascot? What's the name of the first street you lived on? Including any of these details on a Facebook wall or status update may not seem like a big deal, but it could provide an identity thief with the last piece of the puzzle needed to hack into your bank account. Think before you post anything that could compromise this information.

You can select all the privacy settings you want on social networking sites, but the fact is, if you post it, it has the potential to be seen by someone you don't want seeing it. You know all those fun Facebook applications, quizzes and polls you can't help but fill out? A study performed by the University of Virginia found that of the top 150 applications on Facebook, 90 percent were given access to information they didn't need in order for the app to function. So when you sign up to find out what sitcom star you most identify with, the makers of that poll now have access to your personal information. It's anybody's guess where it goes from there. Social networking is all about sharing, so something you think is in confidence can easily be shared and then shared again, and before you know it, someone you don't even know has access to something private. "When in doubt, leave it out" is a good motto to follow. And always remember that anything you share has the potential to be leaked in some way.

  • "Facebook Safety." Facebook.com. 2009.http://www.facebook.com/safety/
  • "Facebook Sharing Too Much Personal Data With Application Developers." slashdot.org, Feb. 7, 2008. http://yro.slashdot.org/article.pl?sid=08/02/07/1646250
  • "Safety tips for social networks." BBC. July 4, 2006. http://news.bbc.co.uk/2/hi/technology/5140634.stm
  • Hunt, Samantha Rose. "Social networks a security threat to businesses." TGDaily. March 16, 2009. http://www.tgdaily.com/content/view/41739/108/
  • Jayson, Sharon. "A few wrinkles are etching Facebook, other social sites." USA Today. May 15, 2009. http://www.usatoday.com/printedition/life/20090115/socialnetworking15_st.art.htm
  • Khan, Urmee. "Facebook controversy over right to delete personal information." Telegraph.co.uk. March 18, 2009. http://www.telegraph.co.uk/scienceandtechnology/technology/facebook/4680220/Facebook-controversy-over-right-to-delete-personal-information.html
  • Marin, Alexandra. "How Job Information Enters and Flows through Social Networks:
  • Miller, Ron. "Should your company fear social networks?" Fierce Content Management. April 28, 2009. http://www.fiercecontentmanagement.com/story/should-your-company-fear-social-networks/2009-04-28
  • Riva, Richmond. "On Networking Sites, Learning How Not to Share." The New York Times. Jan. 28, 2009. http://www.nytimes.com/2009/01/29/technology/personaltech/29basics.html?_r=2
  • Smithy, Di. "Strong PR case for social networks." Internal Comms Hub. Sept. 4, 2008.http://www.internalcommshub.com/open/news/prcase.shtml