You get an email or text that seems to be from one of your company’s vendors. It asks you to click on a link to update your business account. Should
you click? Probably not. This could be a phishing attempt. To find out how much you know about phishing, choose the best response for each question or statement. Additional ResourcesCheck out these additional resources like downloadable guides Get the MaterialsRecommended textbook solutions
Fundamentals of Database Systems7th EditionRamez Elmasri, Shamkant B. Navathe 687 solutions
Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions
Introduction to Algorithms3rd EditionCharles E. Leiserson, Clifford Stein, Ronald L. Rivest, Thomas H. Cormen 726 solutions
Service Management: Operations, Strategy, and Information Technology7th EditionJames Fitzsimmons, Mona Fitzsimmons 103 solutions
Home Subjects Expert solutions Create Log in Sign up Upgrade to remove ads Only ₩37,125/year
Terms in this set (30)Which action requires an organization to carry out a Privacy Impact Assessment? A. Storing paper-based records B. Collecting PII to store in a new information system Which of the following is an example of a physical safeguard that individuals can use to protect PII? All of the above What is the purpose of a Privacy Impact Assessment (PIA)? A. Determine whether paper-based records are stored securely C. Determine whether the collection and maintenance of PII is worth the risk to individuals T or F? Information that can be combined with other information to link solely to an individual is considered PII. True What guidance identifies federal information security controls? A. DoD 5400.11-R: DoD Privacy Program C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information An organization that fails to protect PII can face consequences including: A. Remediation costs D. All of the above If someone tampers with or steals and individual's PII, they could be exposed to which of the following? A. Embarrassment D. All of the above Which of the following is NOT a permitted disclosure of PII contained in a system of records? d. The record is disclosed for a new purpose that is not specified in the SORN. Which of the following is not an example of PII? A. Fingerprints D. Pet's nickname Which of the following must privacy impact assessments (PIAs) do? all of the above What law establishes the federal government's legal responsibility for safeguarding PII? A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally Identifiable Information C. The Privacy Act of 1974 ORGANIZATIONS THAT FAIL TO MAINTAIN ACCURATE, RELEVANT, TIMELY, AND COMPLETE INFORMATION MAY BE SUBJECT TO WHICH OF THE FOLLOWING? CIVIL PENALTIES What law establishes the public's right to access federal government information? A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally Identifiable Information D. The Freedom of Information Act (FOIA) An organization with existing system of records decides to start using PII for a new purpose outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted use? A. Yes B. No True or false? A system of records Notice (SORN) is not required if an orgnaization determines that PII will be stroed using a system of records> false Which of the following is responsible for the most recent PII data breaches? A. Physical breaking and entry C. Phishing Which of the following is not an example of an administrative safeguard that organizations use to protect PII? A. Conduct risk assessments C. List all potential future uses of PII in the System of Records Notice (SORN) Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered? A. 1 Hour A. 1 Hour Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following? A. Civil penalties B. Criminal penalties individuals, who maintain a system of records without publishing the required public notice in the federal register may be subject to which of the following? A. Civil penalties C. Both civil and criminal penalties Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as a record identification. Is this compliant with PII safeguarding procedures? A. Yes B. No You are tasked with disposing of physical copies of last years grant application forms> These documents contain pii so you use a cross cut shredder to render them unrecognizable and beyond reconstruction> Is this compliant with PII safeguarding procedures? yes Identify if a PIA is required: A. PII records are only in paper form. F. B and D Which of the following is NOT included in a breach notification? A. Articles and other media reporting the breach. A. Articles and other media reporting the breach. You are reviewing personnel records containing PII when you notice a record with missing information. You contact the individual to update the personnel record. Is this compliant with PII safeguarding procedures? Yes or no ... T or F? Misuse of PII can result in legal liability of the individual. True Which regulation governs the DoD Privacy Program? A. DoD 5400.11-R: DoD Privacy Program A. DoD 5400.11-R: DoD Privacy Program T or F? Using a social security number to track individuals' training requirements is an acceptable use of PII. False T or F? Misuse of PII can result in legal liability of the organization. True Which type of safeguarding measure involves restricting PII access to people with a need-to-know? A. Administrative A. Administrative Students also viewedPersonally Identifiable Information (PII) v4.021 terms User_S03061993 Identifying and Safeguarding PII Online Course14 terms Johnpaulotorre Personally Identifiable Information (PII) v4.030 terms Dbrown127Plus WNSF PII Personally Identifiable Information (PII)…13 terms kpsych4 Other sets by this creatorRBT Practice Exam (75 Questions/Answers) 2023.75 terms Empire5274Plus JFC 200 Module 13: Forming a JTF HQ (1 hr)8 terms Empire5274Plus GED Math Exam Questions and correct answers93 terms Empire5274Plus OB NCLEX77 terms Empire5274Plus Is phishing responsible for PII data breaches?Phishing and related attacks — such as smishing (phishing lures sent over SMS messages) and business email compromise (phishing messages sent by someone pretending to be a colleague or a supervisor) — was the most common primary cause of data breaches in 2021.
What is responsible for most PII data breaches?The 5 most common causes of data breaches. Weak and stolen credentials. Stolen passwords are one of the simplest and most common causes of data breaches. ... . Application vulnerabilities. All software has technical vulnerability that crooks can exploit in countless ways. ... . Malware. ... . Malicious insiders. ... . Insider error.. Who is responsible for PII?DOL internal policy specifies the following security policies for the protection of PII and other sensitive data: It is the responsibility of the individual user to protect data to which they have access. Users must adhere to the rules of behavior defined in applicable Systems Security Plans, DOL and agency guidance.
Which of the following is not likely to be PII?Info such as business phone numbers and race, religion, gender, workplace, and job titles are typically not considered PII.
|