Information Security Awareness

1. Prior to leaving for the day, employees must secure all non-public information in a manner to which it cannot be retrieved by any unauthorized party, such as in a locked drawer or locked file cabinet.

True

False

2. Physical and administrative security standards also apply to handheld devices that utilize the cellular network for communication.

True

False

3. Password login criteria for the Signature Bank Network should:

Contain at least 8 characters and use a complex format including upper and lower case, numbers and symbols.

Be changed every 3-6 months with no repetitions.

Use common words or phrases so they can be easily remembered.

None of the Above

4. Financial Institutions are generally not targets for security threats or attacks.

True

False

5. If you recognize there has been a breach of non-public information, you should:

Take notes and wait to see if there are any additional attempts to get information.

Report the incident immediately to the Information Security Officer and/or Executive Management.

Contact the local police department.

6. Which of the following may be viewed as potential threats to technology.

Branch capture transaction misuse.

Lost or stolen digital devices, laptops and mobile devices containing stored non-public information.

Viruses, spyware, phishing and pharming via email, hyperlinks and websites.

Access to passwords.

All the Above

7. Which of the following is true for all email use at Signature Bank?

Email is considered company property

An employee has the right to keep email private

Email may be retrieved and reviewed for any number of reasons including legal supoenas

Both A and C

8. Employee should write down their passwords and store them:

In your planner

In your desk drawer

Taped to the bottom of your computer

Nowhere; passwords should not be written down.

9. Text messaging and instant messaging are a secure way to communicate non-public information.

True

False

10. Encryption must be used when electronically storing or transmitting information that is non-public.

True

False

11. Identify the appropriate response to an email request for specific account information.

Ignore the email

Email the exact information requested in accordance with our Sundown Rule

12. The _____ is/are responsible for the security of non-public information in financial institutions.

Board of Directors

Bank Employees

Information Security Officer

Network Administrator

All the Above

13. Per the Fair Credit Reporting Act,the bank must allow its' customers the right to opt-out of their information being shared with unaffiliated parties.

True

False

14. Non-public information is defined as:

Information used in personnel records, shareholder information and critical corporate information.

Any recorded information or combination of information, that identifies an individual and is maintained for business purposes.

Information that could allow access to a customers account.

Proprietary and/or critical data of affiliates or partners.

All the Above

15. It is acceptable to click on hyperlinks within the body of emails as long as you know who it came from.

True

False

16. Credit information may be given over the phone if the customer gives written consent.

True

False

17. "Pretext Calling" is a type of social engineering defined as:

An account holder calling the bank prior to sending faxed information.

When someone calls Signature Bank reading from a predefined script.

An account holder sending a request via text messaging for account information.

18. It is the employees responsibility to investigate any breach of non-public information.

True

False

19. Employees responsibility for information security include:
(IMPORTANT-You may select more than one option)

Complete all required training

Adhere to established policies and procedures

Not allowing unauthorized persons access to bank owned computers for any reason

Contact ISO and/or Manager concerning suspicious activity or disclosure of non-public information

Discard and/or destroy non-public information per company guidelines

Submit

20. Signature Bank's standard procedures for discarding documents with confidential information include the following:

Documents may be placed in any type of trash container as long as it is emptied nightly.

All documents containing confidential information will be given to the Information Security Officer to be shred on-site.

Place documents in a workspace shred container, which is emptied daily into a designated locked shred receptacle.

21. Which of the following may be used to identify a caller as the account holder when disclosing account information?

No account information should be released over the phone.

Date and amount of last deposit.

Last four digits of the account holders social security number or TIN

Both B and C

PIN or password information.

22. Removable electronic media, such as thumb drives, are an essential part of business and therefore acceptable to use at Signature Bank as long as the information is encrypted.

True

False

23. The _____ states, there must be a policy in place to protect non-public information from foreseeable threats in security and data integrity.

Gramm-Leach-Bliley Act

Fair Credit Reporting Act

Bank Secrecy Act

Federal Trade Commission

24. A privacy notice is only given at the time the consumer relationship is established and must explain how their information is collected, shared and used.

True

False

Privacy notices are also given to consumers annually. The notice must also explain how their information is protected.

Explanation

Privacy notices are also given to consumers annually. The notice must also explain how their information is protected.

25. Access to dormant accounts is strictly limited to _________.

Information Security Officer

Senior Management

Deposit Operations

All employees have access

Information Security Awareness

1. Prior to leaving for the day, employees must secure all non-public information in a manner to which it cannot be retrieved by any unauthorized party, such as in a locked drawer or locked file cabinet.

2.

What first name or nickname would you like us to use?

2. Physical and administrative security standards also apply to handheld devices that utilize the cellular network for communication.

3. Password login criteria for the Signature Bank Network should:

4. Financial Institutions are generally not targets for security threats or attacks.

5. If you recognize there has been a breach of non-public information, you should:

6. Which of the following may be viewed as potential threats to technology.

7. Which of the following is true for all email use at Signature Bank?

8. Employee should write down their passwords and store them:

9. Text messaging and instant messaging are a secure way to communicate non-public information.

10. Encryption must be used when electronically storing or transmitting information that is non-public.

11. Identify the appropriate response to an email request for specific account information.

12. The _____ is/are responsible for the security of non-public information in financial institutions.

13. Per the Fair Credit Reporting Act,the bank must allow its' customers the right to opt-out of their information being shared with unaffiliated parties.

14. Non-public information is defined as:

15. It is acceptable to click on hyperlinks within the body of emails as long as you know who it came from.

16. Credit information may be given over the phone if the customer gives written consent.

17. "Pretext Calling" is a type of social engineering defined as:

18. It is the employees responsibility to investigate any breach of non-public information.

19. Employees responsibility for information security include: (IMPORTANT-You may select more than one option)

20. Signature Bank's standard procedures for discarding documents with confidential information include the following:

21. Which of the following may be used to identify a caller as the account holder when disclosing account information?

22. Removable electronic media, such as thumb drives, are an essential part of business and therefore acceptable to use at Signature Bank as long as the information is encrypted.

23. The _____ states, there must be a policy in place to protect non-public information from foreseeable threats in security and data integrity.

24. A privacy notice is only given at the time the consumer relationship is established and must explain how their information is collected, shared and used.

25. Access to dormant accounts is strictly limited to _________.

19. Employees responsibility for information security include:
(IMPORTANT-You may select more than one option)