CITI - HIPS for Investigators (Elective Modules)
Files attached to an email can contain:
All the above
Freeware and shareware sites are:
Higher risk. So, use caution and be aware of organizational policies that may prohibit them at work
Which of the following is not correct with respect to using BCC for recipients of a message?
It should be the default for all correspondence
Physical security for fixed location (desktop) computers is:
Necessary to consider, because physical security is always something that must be evaluated. Very few locations are guaranteed to be secure.
Browser security settings are:
Need to be reviewed for appropriateness when a new browser is installed
What is the most common method used to authenticate a user's identity for today's computer systems and shared data resources?
Passwords
Which of these is correct about identity theft?
Protection of workplace identity requires protecting the things that establish identity -- what one knows, what one possesses, and what one "is" (biometrically).
Access passwords (or PINs) and device encryption for devices are:
Recommended for all devices, but particularly for portable ones because they may be more easily lost or stolen
How should the things that establish personal identity (passwords, access tokens, etc.) be protected?
All the above
What "administrative" measures do you usually need to take?
All the above
What "physical" security measures do you usually need to take for an off-site computer?
All the above
What "technical measures" do you usually need to take with an off-site computer?
All the above
Which of these is a greater risk "off site" than when a computer is used in a protected office environment?
All the above
Browser software can be set to update automatically, or require manual intervention. Which is preferred?
Automatic patching and upgrades are generally preferred, because software changes frequently
Which of these is part of a good password management strategy?
Change any password that may have been compromised, and report it to appropriate security authorities.
Regular use of email greetings, like "Dear So-andSo", and farewells like "Thanks" are generally:
Considered polite, and help identify a message as coming from a real person rather than being spam or malicious correspondence
In the context of a computer system, what do "access controls" do?
Control what a particular person is authorized to do, after gaining access to a computer system
Which of the following is not a correct statement about the security risks of email attachments and links embedded within emails?
Email attachments and web links within emails are no longer a security risk, because security software always checks them for safety
Which of the following is not a correct statement about email?
Employees and students have strong privacy protections with respect to their emails, so they cannot be inspected by employers or educational authorities without a search warrant
Enabling encryption of all data on a desktop or laptop computer is generally considered:
Essential for any computer. Only data on computers that are guaranteed to contain no sensitive information, or where the physical and technical security of the device is assured, can safely be left unencrypted.
Enabling encryption of all data on a portable device is generally considered:
Essential for any portable device.
Secure disposal of a desktop or laptop computer at the end of its service life is:
Generally considered essential for all computing and storage devices. One should not assume there is no sensitive personal or organizational data on a device or accessible by it.
Supplemental security software (such as anti-virus) is:
Generally considered essential for all desktops and laptops.
Secure disposal of a portable device at the end of its service life is:
Generally considered essential for all devices. One should not assume there is no sensitive personal or organizational data on a device or accessible by it.
Secure communications, like that provided by "encrypted" web connections using https or a Virtual Private Network (VPN), are:
Generally considered essential for smartphones and tablets, because time sensitive information is being accessed, received, or transmitted.
Compared to fixed location (desktop) computers, physical security for portable devices is:
Generally more necessary, because portable devices tend to be used in physical environments that are inherently less secure.
Software on a portable device should be:
Installed or updated only from trusted sources to be certain that is is a legitimate version.
Software on a desktop or laptop computer should be:
Installed or updated only from trusted sources to be certain that it is a legitimate version.
Devices used purely for storage, like USB flash drives and external hard drives:
May expose large amounts of data if compromised, so should also use protections like access passwords or PINs, and the whole-device data encryption.
Ensuring data backups for data stored on a desktop or laptop computer is generally considered:
Necessary when the device would otherwise be the only source of hard-to-replace data, but the backup mechanism must also be secure.
What is the most common way for human beings to authenticate a person's "identity" in daily human life?
Something a person "is", like the way he/she looks or speaks
What is the most common way for computing systems and devices to authenticate a person's identity?
Something a person knows, like a password of PIN
When choosing the security measures needed for a desktop or laptop computer:
The more security measures applied, the more secure a computer will be. However, it is impossible to have a uniform set of rules for all circumstances.
Which of the following is a correct statement about safe password management?
The nature of the resource a particular password protects will affect, to some degree, how strong it needs to be.
"Cookies" (files with tracking information) that websites install are:
Their safety and appropriateness depends on the particular site and the context. Sometimes cookies are needed to allow a website to work appropriately
Which of these is a characteristic of a strong password?
Uses mixes of uppercase, lowercase, and special characters, ideally in a sequence that is only meaningful to its creator.
Which of the following is a correct statement about writing down passwords on a "cheat sheet"?
Writing down passwords can be an acceptable practice, provided it is not prohibited by the organization; but it is critical to have that written information stored in a secure location.
