Information Security Awareness

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

Assessment of knowledge in dealing with security of non-public information. Covers bank policies and procedures.

Questions and Answers

1.

Non-public information is defined as:
- A.
  
  Information used in personnel records, shareholder information and critical corporate information.
- B.
  
  Any recorded information or combination of information, that identifies an individual and is maintained for business purposes.
- C.
  
  Information that could allow access to a customers account.
- D.
  
  Proprietary and/or critical data of affiliates or partners.
- E.
  
  All the Above
Correct Answer
E. All the Above
2.

If you recognize there has been a breach of non-public information, you should:
- A.
  
  Take notes and wait to see if there are any additional attempts to get information.
- B.
  
  Report the incident immediately to the Information Security Officer and/or Executive Management.
- C.
  
  Contact the local police department.
Correct Answer
B. Report the incident immediately to the Information Security Officer and/or Executive Management.
3.

The _____ states, there must be a policy in place to protect non-public information from foreseeable threats in security and data integrity.
- A.
  
  Gramm-Leach-Bliley Act
- B.
  
  Fair Credit Reporting Act
- C.
  
  Bank Secrecy Act
- D.
  
  Federal Trade Commission
Correct Answer
A. Gramm-Leach-Bliley Act
4.

Signature Bank's standard procedures for discarding documents with confidential information include the following:
- A.
  
  Place documents daily in a shred container at your desk and then should be emptied weekly into the locked shred bins.
- B.
  
  Documents may be placed in any type of trash container as long as it is emptied nightly.
- C.
  
  All documents containing confidential information will be given to the Information Security Officer to be shred on-site.
- D.
  
  Place documents in a workspace shred container, which is emptied daily into a designated locked shred receptacle.
Correct Answer
D. Place documents in a workspace shred container, which is emptied daily into a designated locked shred receptacle.
5.

A privacy notice is only given at the time the consumer relationship is established and must explain how their information is collected, shared and used.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False

Explanation
Privacy notices are also given to consumers annually. The notice must also explain how their information is protected.

Rate this question:
6.

Which of the following may be viewed as potential threats to technology.
- A.
  
  Branch capture transaction misuse.
- B.
  
  Lost or stolen digital devices, laptops and mobile devices containing stored non-public information.
- C.
  
  Viruses, spyware, phishing and pharming via email, hyperlinks and websites.
- D.
  
  Access to passwords.
- E.
  
  All the Above
Correct Answer
E. All the Above
7.

Prior to leaving for the day, employees must secure all non-public information in a manner to which it cannot be retrieved by any unauthorized party, such as in a locked drawer or locked file cabinet.
- A.
  
  True
- B.
  
  False
Correct Answer
A. True
8.

Access to dormant accounts is strictly limited to _________.
- A.
  
  Information Security Officer
- B.
  
  Senior Management
- C.
  
  Deposit Operations
- D.
  
  All employees have access
Correct Answer
C. Deposit Operations
9.

Credit information may be given over the phone if the customer gives written consent.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False
10.

Which of the following may be used to identify a caller as the account holder when disclosing account information?
- A.
  
  No account information should be released over the phone.
- B.
  
  Date and amount of last deposit.
- C.
  
  Last four digits of the account holders social security number or TIN
- D.
  
  Both B and C
- E.
  
  PIN or password information.
Correct Answer
D. Both B and C
11.

Text messaging and instant messaging are a secure way to communicate non-public information.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False
12.

Password login criteria for the Signature Bank Network should:
- A.
  
  Contain at least 8 characters and use a complex format including upper and lower case, numbers and symbols.
- B.
  
  Be changed every 3-6 months with no repetitions.
- C.
  
  Use common words or phrases so they can be easily remembered.
- D.
  
  None of the Above
Correct Answer
A. Contain at least 8 characters and use a complex format including upper and lower case, numbers and symbols.
13.

Physical and administrative security standards also apply to handheld devices that utilize the cellular network for communication.
- A.
  
  True
- B.
  
  False
Correct Answer
A. True
14.

"Pretext Calling" is a type of social engineering defined as:
- A.
  
  An account holder calling the bank prior to sending faxed information.
- B.
  
  When someone calls Signature Bank reading from a predefined script.
- C.
  
  An individual that attempts to gain access to account information by impersonating the account holder, vendor, law enforcement or government agency.
- D.
  
  An account holder sending a request via text messaging for account information.
Correct Answer
C. An individual that attempts to gain access to account information by impersonating the account holder, vendor, law enforcement or government agency.
15.

It is the employees responsibility to investigate any breach of non-public information.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False
16.

The _____ is/are responsible for the security of non-public information in financial institutions.
- A.
  
  Board of Directors
- B.
  
  Bank Employees
- C.
  
  Information Security Officer
- D.
  
  Network Administrator
- E.
  
  All the Above
Correct Answer
E. All the Above
17.

It is acceptable to click on hyperlinks within the body of emails as long as you know who it came from.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False
18.

Employee should write down their passwords and store them:
- A.
  
  In your planner
- B.
  
  In your desk drawer
- C.
  
  Taped to the bottom of your computer
- D.
  
  Nowhere; passwords should not be written down.
Correct Answer
D. Nowhere; passwords should not be written down.
19.

Encryption must be used when electronically storing or transmitting information that is non-public.
- A.
  
  True
- B.
  
  False
Correct Answer
A. True
20.

Employees responsibility for information security include: (IMPORTANT-You may select more than one option)
- A.
  
  Complete all required training
- B.
  
  Adhere to established policies and procedures
- C.
  
  Not allowing unauthorized persons access to bank owned computers for any reason
- D.
  
  Contact ISO and/or Manager concerning suspicious activity or disclosure of non-public information
- E.
  
  Discard and/or destroy non-public information per company guidelines
Correct Answer(s)
A. Complete all required training
B. Adhere to established policies and procedures
C. Not allowing unauthorized persons access to bank owned computers for any reason
D. Contact ISO and/or Manager concerning suspicious activity or disclosure of non-public information
E. Discard and/or destroy non-public information per company guidelines
21.

Removable electronic media, such as thumb drives, are an essential part of business and therefore acceptable to use at Signature Bank as long as the information is encrypted.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False
22.

Identify the appropriate response to an email request for specific account information.
- A.
  
  Ignore the email
- B.
  
  Email the exact information requested in accordance with our Sundown Rule
- C.
  
  Contact the client by phone to confirm the authenticity of the email. The client's phone voice must be known to the banker. Client identification through verbal follow-up / confirmation and standard identification procedures, followed by an encrypted reply will then constitute policy compliance.
Correct Answer
C. Contact the client by phone to confirm the authenticity of the email. The client's phone voice must be known to the banker. Client identification through verbal follow-up / confirmation and standard identification procedures, followed by an encrypted reply will then constitute policy compliance.
23.

Which of the following is true for all email use at Signature Bank?
- A.
  
  Email is considered company property
- B.
  
  An employee has the right to keep email private
- C.
  
  Email may be retrieved and reviewed for any number of reasons including legal supoenas
- D.
  
  Both A and C
Correct Answer
D. Both A and C
24.

Per the Fair Credit Reporting Act,the bank must allow its' customers the right to opt-out of their information being shared with unaffiliated parties.
- A.
  
  True
- B.
  
  False
Correct Answer
A. True
25.

Financial Institutions are generally not targets for security threats or attacks.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Jan 07, 2013

Quiz Edited by
ProProfs Editorial Team
Oct 19, 2009

Quiz Created by
Tvivian

Information Security Awareness

Non-public information is defined as:

If you recognize there has been a breach of non-public information, you should:

The _____ states, there must be a policy in place to protect non-public information from foreseeable threats in security and data integrity.

Signature Bank's standard procedures for discarding documents with confidential information include the following:

A privacy notice is only given at the time the consumer relationship is established and must explain how their information is collected, shared and used.

Which of the following may be viewed as potential threats to technology.

Prior to leaving for the day, employees must secure all non-public information in a manner to which it cannot be retrieved by any unauthorized party, such as in a locked drawer or locked file cabinet.

Access to dormant accounts is strictly limited to _________.

Credit information may be given over the phone if the customer gives written consent.

Which of the following may be used to identify a caller as the account holder when disclosing account information?

Text messaging and instant messaging are a secure way to communicate non-public information.

Password login criteria for the Signature Bank Network should:

Physical and administrative security standards also apply to handheld devices that utilize the cellular network for communication.

"Pretext Calling" is a type of social engineering defined as:

It is the employees responsibility to investigate any breach of non-public information.

The _____ is/are responsible for the security of non-public information in financial institutions.

It is acceptable to click on hyperlinks within the body of emails as long as you know who it came from.

Employee should write down their passwords and store them:

Encryption must be used when electronically storing or transmitting information that is non-public.

Employees responsibility for information security include: (IMPORTANT-You may select more than one option)

Removable electronic media, such as thumb drives, are an essential part of business and therefore acceptable to use at Signature Bank as long as the information is encrypted.

Identify the appropriate response to an email request for specific account information.

Which of the following is true for all email use at Signature Bank?

Per the Fair Credit Reporting Act,the bank must allow its' customers the right to opt-out of their information being shared with unaffiliated parties.

Financial Institutions are generally not targets for security threats or attacks.