Credly Data Security And Privacy Quiz!

The correct answer is "Somebody calls you impersonating a technical support representative to gain sensitive information from you." This is an example of phishing because the person is pretending to be a legitimate representative in order to deceive and trick the individual into providing sensitive information. Phishing often involves impersonation and social engineering tactics to manipulate victims into revealing personal or financial information.

All Credly employees are required to read the Credly policies and undergo security training. This means that every employee, regardless of their department or role, must familiarize themselves with the company's policies and undergo training to ensure the security and privacy of Credly's users and their personal information.

When leaving your workspace, it is important to take certain precautions. Locking your door ensures that unauthorized individuals cannot access your workspace, protecting the privacy and security of any sensitive information. Locking your computer prevents unauthorized access to your files and data. Making sure your desk is clean and free of any paper with confidential information helps to maintain confidentiality and prevent any potential data breaches. Therefore, all of the above actions should be taken when leaving your workspace to ensure the security and privacy of your work area.

The password "F@3ta$t!c&" is an acceptable password because it includes a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more secure and harder to guess or crack.

To prove that you changed your antivirus software, you can email the Security Council or Legal Operations Manager a screenshot. This screenshot will serve as evidence of the change made to your antivirus software. By sending the screenshot via email, you can provide a visual confirmation of the update to the relevant authorities.

The correct answer is "On the company intranet." Credly policies and procedures are located on the company intranet, which is a private network accessible only to employees within the organization. This is a common practice for companies to store and share internal documents, guidelines, and protocols. The intranet provides a secure and controlled environment for employees to access important information related to the company's policies and procedures.

The correct answer is to ensure that data is not altered or destroyed in an unauthorized manner. This means that measures are put in place to protect the data from being tampered with or deleted without proper authorization. This can include implementing security protocols, access controls, and backup systems to safeguard the integrity of the data.

The given question asks for an information classification that is NOT at Credly. The options provided are "Confidential," "Top Secret," "Sensitive," and "Public." The correct answer is "Top Secret" because it is not listed among the information classifications at Credly.

The General Data Protection Regulation (GDPR) regulates the use and disclosure of personally identifiable information of EU residents. This means that organizations that collect, process, or store personal data of EU residents must comply with the GDPR's requirements regarding data protection, consent, transparency, and individual rights. The GDPR aims to ensure that individuals have control over their personal data and that organizations handle it responsibly and securely. It applies to both EU-based organizations and organizations outside the EU that offer goods or services to EU residents or monitor their behavior.

Credly's employees are the most important layer of security at Credly because they are responsible for implementing and maintaining security protocols and practices within the organization. They are trained to identify and respond to security threats, follow best practices for data protection, and ensure the overall security of Credly's systems and infrastructure. Their knowledge and expertise play a crucial role in safeguarding sensitive information and preventing unauthorized access or breaches.

It is recommended to change passwords regularly to maintain security. Changing passwords every 90 days helps to protect against potential unauthorized access and reduces the risk of password-related security breaches. This timeframe strikes a balance between ensuring security and minimizing inconvenience for the user.

The Security Council should be the first point of contact to report security incidents. They are responsible for overseeing and coordinating security measures within an organization. By reporting incidents to the Security Council, they can take appropriate actions to address the issue and prevent similar incidents from occurring in the future.

A mobile device refers to a portable electronic device that can be easily carried around. It includes both laptops and mobile phones, as they are designed to be used on the go and provide wireless connectivity. Therefore, the correct answer is A & B, as both options are considered mobile devices.

An example of confidential information is the source code to the Acclaim platform. This refers to the underlying code that powers the platform and is not meant to be accessible or known to the general public. The source code contains sensitive information and intellectual property that needs to be protected from unauthorized access or use.

Storing Credly Confidential Information on a work laptop is not an appropriate place because it is susceptible to security breaches and unauthorized access. Work laptops are often used outside of secure environments and can be easily lost or stolen. Additionally, work laptops may not have the necessary security measures in place to protect sensitive information. It is always recommended to store confidential information in secure and approved platforms or servers, such as the Google share drive or the Amazon Web Services production server, which are designed to protect data and prevent unauthorized access. An encrypted email sent from a @credly.com account can also be a secure option for transmitting sensitive information.

The Credly Business Continuity Plan is tested annually. This means that the plan is reviewed, evaluated, and practiced once every year to ensure its effectiveness and readiness in the event of a disruption or disaster. Regular testing allows the organization to identify any weaknesses or gaps in the plan and make necessary improvements. By conducting annual tests, Credly can maintain a robust and up-to-date plan that can effectively mitigate risks and ensure the continuity of their business operations.

Credly is required to comply with the Family Educational Rights and Privacy Act (FERPA). This law protects the privacy of student education records and regulates how educational institutions handle and disclose these records. Since Credly deals with educational information and credentials, it is necessary for them to adhere to FERPA guidelines to ensure the privacy and security of student data.

Credly considers "Earner personal information" to be "Sensitive Information" per the Information Classification Guidelines. This means that Credly considers personal information of earners, such as their name, contact details, and any other personally identifiable information, to be sensitive and in need of protection.

An honest mistake by an employee is the most common cause of security incidents because employees may unintentionally click on malicious links, share sensitive information with unauthorized individuals, or mishandle data, leading to security breaches. These mistakes can occur due to lack of awareness, inadequate training, or negligence, making them a significant threat to an organization's security.