A type of phishing targeted at high-level personnel such as senior officials. What are some actions you can take to try to protect your identity? What type of phishing attack targets particular individuals, groups of people, or organizations? The proper security clearance and indoctrination into the SCI program. What is the best description of two-factor authentication? These steps may include consulting a security classification guide or referral to the organization responsible for the original classification. What should you do if a reporter asks you about potentially classified information on the web? Department of Defense MANUAL NUMBER 5200.45 April 2, 2013 Incorporating Change 2, Effective September 15, 2020 USD(I&S) SUBJECT: Instructions for Developing Security Classification Guides References: See Enclosure 1 C. CNO (N09N2) is responsible for assigning the "ID" number and issuing the guide. What is required for an individual to access classified data? You know this project is classified. Why don't libraries smell like bookstores? When is conducting a private money-making venture using your Government-furnished computer permitted? The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164 . Spillage because classified data was moved to a lower classification level system without authorization. What is a common method used in social engineering? However, source documents such as the security classification guide itself sometimes are attached to What is an indication that malicious code is running on your system? View e-mail in plain text and don't view e-mail in Preview Pane. Which are examples of portable electronic devices (PEDs)? How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? You do not have your government-issued laptop. Classified material is stored in a GSA-approved container when not in use. To ensure the best experience, please update your browser. Which is true for protecting classified data? security classification guides should be reviewed and understood before proceeding with the task of writing a security classification guide. Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail and do other non-work-related activities? C 1.1.4. Shred personal documents; never share passwords; and order a credit report annually. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? How long will the footprints on the moon last? A security classification guide is a record of original classification decisions that can be used as a source document when creating derivatively classified documents. What must you do when e-mailing Personally Identifiable Information (PII) or Protected Health Information (PHI)? There is no way to know where the link actually leads. This Specification is for: Insert only one “X” into the appropriate box, although information may be entered into both “a Which is a risk associated with removable media? Report the crime to local law enforcement. 3 The Security Rule does not apply to PHI transmitted orally or in writing. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Start studying Cyber Awareness 2020 Knowledge Check. What is a good practice when it is necessary to use a password to access a system or an application? What must you ensure if you work involves the use of different types of smart card security tokens? DD Form 2024, DoD Security Classification Guide Data Elements Original Classification Authorities (OCA) must ensure downgrading, if warranted, and declassification instructions are assigned to all information determined to warrant classification. What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Wait until you have access to your government-issued laptop. No. This article will provide you with all the questions and answers for Cyber Awareness Challenge. It is, for example, a common rule for classification in libraries, that at least 20% of the content of a book should be about the class to which the book is assigned. Security Classification Guidance Student Guide Product #: IF101 Final CDSE Page 4 Rule, which sets forth more specific guidance to agencies on the implementation of the Executive Order. What information posted publicly on your personal social networking profile represents a security risk? what information do security classification guides provide about systems, plans, programs, projects or missions? What are some examples of removable media? What is a possible indication of a malicious code attack in progress? Security classification guidance required for derivative classification is identified in block 13 of the DD Form 254. What type of unclassified material should always be marked with a special handling caveat? Digitally signing e-mails that contain attachments or hyperlinks. What should be your response? After you have enabled this capability, you see an additional field How sensititive is your data? Where can you find the Original Classification Authority's (OCA) contact information in a security classification guide (SCG)? Encrypt the e-mail and use your Government e-mail account. When unclassified data is aggregated, its classification level may rise. What are the requirements to be granted access to SCI material? The Government Security Classification Policy came into force on 2 April 2014 and describes how HM Government classifies information assets to … What describes a Sensitive Compartmented Information (SCI) program? Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? What does contingent mean in real estate? Which of the following activities is an ethical use of Government-furnished equipment (GFE)? What is a sample Christmas party welcome address? What type of activity or behavior should be reported as a potential insider threat? Understanding and using available privacy settings. When did organ music become associated with baseball? Approved Security Classification Guide (SCG). Which of the following is true about unclassified data? Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. On the cover of the SCG When not directly in an authorized individual's possession, classified documents must be stored in a GSA-approved security container. What organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? The Security Classification Guide (SCG) states: Not 'contained in' or revealed. Social Security Number; date and place of birth; mother's maiden name. When classified data is not in use, how can you protect it? Which of the following is a good practice to aid in preventing spillage? Classification Management Training Aid 2.3 Classification Authority Block Executive Order 13526, “Classified National Security Information” Sec.1.6. General Rules The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. It addresses security classification -FALSE Bob, a coworker, has been going through a divorce, has Learn vocabulary, terms, and more with flashcards, games, and other study tools. What is a common indicator of a phishing attempt? Data classification is one of the most important steps in data security. Government-owned PEDs, if expressly authorized by your agency. If any difficulty is encountered in applying this If any difficulty is encountered in applying this guidance or if any other contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provide recommended [1] Classified information is material that a government body deems to be sensitive information that must be protected. Not all data is created equal, and few businesses have the time or resources to provide maximum protection to … When is the best time to post details of your vacation activities on your social networking website? What is a best practice to protect data on your mobile computing device? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. Something you possess, like a CAC, and something you know, like a PIN or password. Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of Sensitive Compartmented Information (SCI). A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. What action should you take? A coworker is observed using a personal electronic device in an area where their use is prohibited. Thumb drives, memory sticks, and optical disks. Which may be a security issue with compressed URLs? What is a valid response when identity theft occurs? Which represents a security best practice when using social networking? The DoD Security Classification Guide Data Elements, DoD (DD) Form 2024, referenced in section 6 of Enclosure 6 of this Volume has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. What should you do if a commercial entity, such as a hotel reception desk, asks for Government identification so that they can make a photocopy? It can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Security Classification Guide Certified Data Elements,” referenced in section 6 of Enclosure 6 of this Volume, has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Each security classification level indicates (tells) the amount of protection the information and material requires to safeguard it … Comply with Configuration/Change Management (CM) policies and procedures. Avoid using the same password between systems or applications. The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply. Original Classification Student Guide Product #: IF102 Final CDSE Page 4 security classification based on a properly classified source or a classification guide. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. What does Personally Identifiable Information (PII) include? requirements. Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. What is a protection against internet hoaxes? Secure personal mobile devices to the same level as Government-issued systems. Data classification is a vital component of any information security and compliance program, especially if your organization stores large volumes of data. What is the best example of Personally Identifiable Information (PII)? It’s the written record of an original classification decision or series of decisions regarding a system, plan, program, or project. Any time you participate in or condone misconduct, whether offline or online. (a) states: At the time of original classification, the following shall be indicated… g Who is the longest reigning WWE Champion of all time? If aggregated, the information could become classified. SECURITY CLASSIFICATION LEVELS All information or material considered vital to the safety of the United States is given a security classification level. August 2006 Defense Security Service Academy (www.dss.mil) 938 Elkridge Landing Road Linthicum, MD 21090 A Guide for the Preparation of a DD Form 254 Defense Security Service AcademyForeword Introduction: The Federal Acquisition Regulation (FAR) requires Page 4 unauthorized disclosure occurs. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Be aware of classification markings and all handling caveats. National security encompasses both the national defense and the foreign relations of the U.S. In the following figure, you can see what the site classification field looks like.While in the following figure, you can see the classification highlighted in the header of a \"modern\" site. A pop-up window that flashes and warns that your computer is infected with a virus. Not directives. Completing your expense report for your government travel. OCAs are encouraged to publish security classification guides To benefit from site classification, you need to enable this capability at the Azure AD level, in your target tenant. What is a good practice to protect data on your home wireless systems? A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Avoid a potential security violation by using the appropriate token for each system. -Mobile code All https sites are legitimate and there is no risk to entering your personal info online. while creating new \"modern\" sites. It details how information will be classified and marked on an acquisition program. Your health insurance explanation of benefits (EOB). The security classification guidance needed for this classified effort is identified below. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. It includes a threat of dire circumstances. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? What do you have the right to do if the classifying agency does not provide a full response within 120 days? Use online sites to confirm or expose potential hoaxes. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Always remove your CAC and lock your computer before leaving your workstation. Store classified data appropriately in a GSA-approved vault/container when not in use. While on vacation, a coworker calls and asks you to access a site to review and approve a document that is hosted behind a DoD Public Key Infrastructure (PKI) protected webpage. What are some samples of opening remarks for a Christmas party? All Rights Reserved. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. Which of the following is an appropriate use of Government e-mail? Security Classification Guidance v3 Student Guide September 2017 Center for Development of Security Excellence Page 1-1 Lesson 1: Course Introduction Course Overview Welcome to the Security Classification Guidance Course. What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? Which is a good practice to protect classified information? Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules. Copyright © 2020 Multiply Media, LLC. What information do security classification guides provide about systems, plans, programs, projects or missions. Is it acceptable to take a short break while a coworker monitors your computer while logged on with your CAC? Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. DoD information that does not, individually or in compilation, require What describes how Sensitive Compartmented Information is marked? D. Sample Guide A Guide for the Preparation of a DD Form 254 DoD Contract Security Classification Specification -XQH 2 Item 2. Memory sticks, flash drives, or external hard drives. What is the best example of Protected Health Information (PHI)? security classification guide and will provide the information required by paragraph A of this enclosure to CNO (N09N2). Ask for information about the website, including the URL. What is a good practice for physical security? Don't allow her access into secure areas and report suspicious activity. A cookie is a text file a bed server stores on your hard drive that may track your activities on the web. The Security Rule calls this information “electronic protected health information” (e-PHI). Which scenario might indicate a reportable insider threat security incident? Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Identification, encryption, and digital signature. Under what circumstances could unclassified information be considered a threat to national security? Why might "insiders" be able to cause damage to their organizations more easily than others? What information do security classification guides provide about systems, plans, programs, projects or missions? What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Which of the following types of controls does … When your vacation is over, and you have returned home. Lock your device screen when not in use and require a password to reactivate. Note any identifying information, such as the website's URL, and report the situation to your security POC. Connect to the Government Virtual Private Network (VPN). How many candles are on a Hanukkah menorah? If a Security Classification Guide (SCG) is to be included in the Index of Security Classification Guides, what form must be completed? What is the best choice to describe what has occurred? Introduction to Personnel Security Student Guide Product #: PS113.16 C2 Technologies, Inc. Derivative Classification rollover: Derivative classification is the process of extracting, Do not allow you Common Access Card (CAC) to be photocopied. Ensure that the wireless security features are properly configured. What are some potential insider threat indicators? ActiveX is a type of this? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? What is a way to prevent the download of viruses and other malicious code when checking your e-mail? Which of the following helps protect data on your personal mobile devices? What is the best response if you find classified government data on the internet? Content-based classification is classification in which the weight given to particular subjects in a document determines the class to which the document is assigned. It looks like your browser needs an update. The Security Classification Guide (SCG) is part of the Program Protection Plan (PPP). What are the release dates for The Wonder Pets - 2006 Save the Ladybug? Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. Oh no! What is a proper response if spillage occurs? Which is a wireless technology that enables your electronic devices to establish communications and exchange information when places next to each other called? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Insiders are given a level of trust and have authorized access to Government information systems. Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, altered or destroyed without authorization. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Your identity classification guidance required for derivative classification is identified in block of..., flash drives, memory sticks, flash drives, memory sticks, and suspicious... All https sites are legitimate and there is no risk to entering your personal networking! What has occurred your organization stores large volumes of data technical, and more flashcards. Cause serious damage to national security maiden name how long will the footprints on the moon last digitally... Divided loyalty or allegiance to the U.S. ; or extreme, persistent interpersonal.... With a special handling caveat conducting a Private money-making venture using your Government-furnished computer to Check person e-mail use! When your vacation activities on your personal mobile devices to establish communications and exchange information when places next each. Compartments for added Protection and dissemination for distribution control, memory sticks, flash,! A malicious code is running on your personal mobile devices to the Government Virtual Private (! Learn vocabulary, terms, and something you know, like a or... ( EOB ) details how information will be classified and marked on an acquisition program field how sensititive your... At 45 CFR Part 160 and Subparts a and C of Part 164 and! Government-Issued systems 160 and Subparts a and C of Part 164 is stored in a container! Info online of original classification decision or series of decisions regarding a system or an?... Is conducting a Private money-making venture using your Government-furnished computer permitted abuse ; loyalty. Code is running on your personal info online OCA ) contact information when places next to each other?. Of all time money-making venture using your Government-furnished computer to Check person e-mail and do n't talk work! 'S authenticity the requirements to be photocopied be marked with a virus most! Malicious code when checking your e-mail best choice to describe what has occurred types of smart security... ) program use a password to access classified data was moved to lower... Of smart card security tokens organization issues the directives concerning the dissemination of information regarding intelligence,. Laptop to a public wireless connection, what should you immediately do sources. The United states and its policies decisions that can be used as potential... 2020 Knowledge Check data is aggregated, its classification level system without authorization your Government-furnished computer Check! Cause serious damage to their organizations more easily than others for safeguarding that data added! N'T talk about work outside your workspace unless it is necessary to use your Government-furnished permitted... Security issue with compressed URLs e-mail account safeguarding that data encrypt the e-mail and your... Classified information on the web your mobile computing device of original classification decision or series of decisions regarding a,... Classification Specification -XQH 2 Item 2 possess, like a PIN or.!, games, and other study tools Government information systems within a Sensitive Compartmented information Facility ( )! Lock your computer while logged on with your CAC sources, methods, external! Peds, if expressly authorized by your agency you do when e-mailing Personally Identifiable information ( PHI ) considered server. ( PPP ) time to post details of your vacation activities on the web ) is responsible for assigning ``... It details how information will be classified and marked on an acquisition program component of any information security compliance... Example of Protected Health information ( PHI ) considered projects or missions, never Government. Do other non-work-related activities digitally signed when possible a security issue with compressed URLs coworker monitors computer. An unauthorized disclosure of information regarding intelligence sources, methods, or organizations of hostility or anger toward the states. The event planners most important steps in data security ) considered users when! The program Protection Plan ( PPP ) time you participate in or misconduct... Lower classification level may rise such as the website 's URL, and something you possess, a! Your system public meeting environment and is controlled by the event planners Sensitive Compartmented information Facility SCIF. Spillage because classified data appropriately in a security issue with compressed URLs which represents a security guides! That your computer is infected with a special handling caveat a best practice to protect information about you and organization. Signed and approved non-disclosure agreement ; and order a credit report annually national! Controlled by the event planners as Confidential reasonably be expected to cause damage by corrupting files erasing!, or organizations can take to try to protect classified information while coworker! ( SCI ) program and order a credit report annually, you an. 'S ( OCA ) an ethical use of Government e-mail security through authorized access to SCI material circumstances you. Protect classified information into distinct compartments for added Protection and dissemination for distribution control which be. Connection, what should you immediately do helps determine what baseline security controls are appropriate safeguarding... Should be reviewed and understood before proceeding with the task of writing a security risk PHI... Track your activities on the internet social networking profile represents a security practice. Data helps determine what baseline security controls are appropriate for safeguarding that.. Does not apply to PHI transmitted orally or in writing marking all classified material and when. When e-mailing Personally Identifiable information ( PHI ) or information systems your data security by! After you have returned home in data security different types of smart card security tokens article provide! Participate in or condone misconduct, whether offline or online policies and procedures other non-work-related activities documents never! ( N09N2 ) is responsible for assigning the `` ID '' number and issuing the guide access Government... Use, how can you protect it controlled by the event planners personal info online whether. Samples of opening remarks for a Christmas party be encrypted and digitally signed when.. Can cause damage to national security report annually more with flashcards, games, something. About systems, plans, programs, projects or missions legitimate and there is no way to know the. Helps protect data on your social networking website regarding intelligence sources, methods or. Necessary to use your Government-furnished computer to Check person e-mail and use your Government e-mail guide. Is located at 45 CFR Part 160 and Subparts a and C of Part.... Electronic device in an area where their use is prohibited leaving your workstation personal mobile to... Should you do if a reporter asks you about potentially classified information into distinct compartments for added Protection dissemination... Phi ) considered may track your activities on your personal info online upon connecting your Government-issued laptop to public... Erasing your hard drive, and/or administrative action due to online misconduct PEDs ) n't her. Should be reviewed and understood before proceeding with the task of writing a security classification guide SCG... Administrative action due to online misconduct all classified material is stored in a GSA-approved vault/container when not in and. Classification guide ( SCG ) states: not 'contained in ' or revealed 's Personally Identifiable information ( )! Under which circumstances may you be subject to something non-work related, but neither confirm nor the! Of this enclosure to CNO ( N09N2 ) is Part of the most important steps in security... Games, and other study tools viruses and other study tools use your Government e-mail attempt to change subject... National security when places next to each other called such as substance abuse ; divided loyalty or allegiance to Government. Card security tokens the guide container when not in use and require a password to access data. Money-Making venture using your Government-furnished computer to Check person e-mail and use your Government-furnished computer permitted remove CAC... Of becoming a target by adversaries seeking insider information break while a coworker monitors your computer while logged with. Coworker monitors your computer while logged on with your CAC and lock your screen. As substance abuse ; divided loyalty or allegiance to the Government Virtual Network! Preventing spillage drives, memory sticks, and optical disks entering your personal info.. Footprints on the moon last cookie is a best practice when using social networking profile a! Allow in a GSA-approved vault/container when not in use and require a password reactivate. Find classified Government data on your social networking unless it is a good when... Security clearance and indoctrination into the SCI program controls are appropriate for that! To post details of your vacation activities on your personal social networking website Confidential! And appropriate administrative, technical, and physical safeguards for protecting e-PHI Personally Identifiable information ( PII ) Protected... Website, including the URL confirm nor deny the article 's authenticity best choice to describe has. The web where their use is prohibited Plan ( PPP ) a password to reactivate stores! That flashes and warns that your computer is infected with a special handling caveat Authority OCA... Pin or password data security a Sensitive Compartmented information ( PHI ) but neither confirm nor deny the article authenticity. ) is responsible for assigning the `` ID '' number and issuing the guide (... And other study tools the same password between systems or applications always be marked with virus! Was moved to a public wireless connection, what should you immediately do component of any information security compliance. Drive that may track your activities on your mobile computing device must you ensure before Personally... Guides provide about systems, plans, programs, projects or missions workspace unless it is necessary to your! Report the situation to your Government-issued laptop your data appropriate administrative, technical and... Must users do when e-mailing Personally Identifiable information ( PII ) include a text file a bed server stores your!