<div style='text-align: center;'>Typical Awareness Quiz</div>

You receive a call from a reporter who works at a newspaper or television station. The reporter asks about the medical status of a famous patient. What should you do?

Advise the reporter to contact your facility's media relations department.

Provide the reporter with information on the patient's status.

Call the police.

An employee should place diskettes that contain customers’ financial information in company trash cans when he/she no longer uses the information contained on the diskette.

True

False

If customers’ financial information is stolen, then an employee should keep this occurrence to him/herself so as not to cause disruption to their company.

True

False

Need-to-Know refers to:

The principle that patient information should be accessed or disclosed only as necessary in order to provide services to the patient or as otherwise authorized by the patient or the law.

Your right to look at any information that you want to because you really want to know.

You are on a crowded elevator and a staff member with whom you need to discuss sensitive company information enters the elevator. What should you do?

Begin to discuss the information.

Whisper the information.

Write all of the information on a piece of paper and give it to the staff member.

Wait until you can get to a private area before discussing the patient information.

Customer information may be appropriately stored in an area which has flooded several times in the past, but which has been properly cleaned each time.

True

False

If an employee believes that customers’ financial information has been or may be inappropriately released, then the employee should contact the company’s Security Office or Privacy Officer.

True

False

You are in the cafeteria and hear a staff member discussing patient information. What should you do?

Report the incident to a supervisor or privacy officer.

Inform the staff member that he or she should not be discussing patient information in public areas.

Join in on the discussion.

Both A and B

I am permitted to look up medical records for the following (Check all that apply):

Subject to certain limitations, myself

My children

Sick co-worker or neighbor

A patient for whom I am caring, but only as necessary to perform my job duties

Both A and D

If I suspect that my computer password has been stolen, I should:

Wait for a while to see if any information appears to have been stolen.

Immediately change my password and then call the Help Desk to report it stolen.

Do nothing unless the Security Office contacts me to tell me that my password has been stolen.

When printing sensitive or confidential information:

Retrieve information immediately from the printer.

Confirm which printer you are using.

Retrieve confidential information that was sent to the wrong printer.

All of the above

You receive a subpoena requesting personal health information. What should you do?

Nothing

Follow the Release of Protected Health Information policy and guidelines.

Release what they are asking for.

Fill in the blank. All of the following are important aspects of Information Systems Security, except ________.

Protecting information on government computer networks

Blocking unauthorized access to government computer networks

Preventing unauthorized digital modification to government computer networks

All of the above

Select the correct answer. Sally got a phone call from a man who says he is investigating a possible security incident on her company’s time and attendance information system and needs her to verify her password. What can Sally do to prevent or discourage this from being a case of a hacker using social engineering?

Verify the caller’s identity by getting his name and position.

Not give out her password.

Take detailed notes and report the call to her supervisor.

All of the above. All of the answers are methods for preventing computer hackers from using social engineering.

Fill in the blank. Linda received an email from her bank asking her to verify her account and PIN numbers to prevent identity theft. This could be a form of information security risk known as __________.

A hoax

Phishing

Email engineering

Select the correct answer. Peggy is the office computer guru and often solves her coworkers’ computer issues before IT can help. Peggy frequently finds that she can get her own work done faster by downloading free shareware tools than with the software provided with her office computer. Which of the following policies is Peggy violating?

Basic Ethical Guidelines

Accountability Rules of Behavior

Integrity Rules of Behavior

All of the above

Fill in the blank. John is trying to do a better job with password security. All of the following are guidelines for creating a secure password, except __________.

John replaces some of the letters in his passwords with special characters like @ and $.

John uses the name the street he lives on as his password so he can remember it easily.

John uses alphanumeric combinations and phrase associations, like $m311y C@t, to make his passwords more complex.

Now that he’s gotten into the habit, John changes his passwords every couple of weeks.

Select the correct answer. David wants to use some newly published administrative guidelines for his agency as an example for a paper he is writing for a business class. There are no markings on the guidelines indicating their security classification. David should:

Assume the guidelines are not classified and go ahead and use them for his assignment.

Review the guidelines for any personal information about other employees, and use a black marker to hide that information before using the guidelines for his assignment.

Contact his agency’s security point of contact to seek permission to use the guidelines for his assignment.

Remove all references to his agency from the guidelines document before using it for his assignment.

Employee Kyle is working at his desk when he realizes his wallet containing his identification card is missing. Company guidance for protection of Personally Identifiable Information requires Kyle to report the missing wallet to the Security Office.

As soon as possible

Within one hour

By the close of the business day

Within 24 hours

You are about to leave on vacation, and your supervisor asks for your password because he or she will need to log on to the system to perform your responsibilities while you are away. What should you do?

Give your password to your supervisor.

Do not give your password to your supervisor.

If you think your workstation has been infected with a virus, you would contact:

Your computer manufacturer

Your Information Security Officer

Norton Virus Protection, Inc

None of the above

If you saw someone using a computer to commit fraud, you would call:

Your friend down the hall.

Nobody, because it is not your business.

Your Information Security Officer.

All of the above.

Which of the following Rules of Thumb for passwords do not apply:

Do not use words found in any dictionary.

Do not use personal references (for example: names, birthdays, addresses).

Have your friend keep a copy of your password in case you forget.

Keep passwords secret.

What should you do if you receive a chain letter in an email?

Follow the instructions in the email if it doesn't take too much of your time.

Delete the email.

Forward the email to your security office.

Reply to the email with a "please stop" message.

What should you do if you receive an email attachment from someone you don't know?

Do not open the attachment.

Open the attachment if the subject line seems appropriate.

Reply to the email and request more information.

Open the attachment if your virus software doesn't alert you not to.

Software specifically designed to damage, corrupt, and disrupt a computer or network system is collectively known as:

Computer destroyer

Malicious software, or "malware"

Junk mail

Spam

When you are aware that a computer security incident has occurred, you should:

Contact your friend down the hall and ask what to do.

Gather details of the incident so you can communicate specific information to your security office.

Contact your local media (TV, Radio, etc).

Which is not an example of how a social engineer may gain your trust to get unauthorized information:

You receive an e-mail message from your new computer service technician asking for your username and password.

You receive a phone call from the telephone company technician who needs your username and password in order to complete their testing of the phone lines in your facility.

You receive a letter from the friend of a veteran asking for important medical information.

You receive a call telling you that they want to break into your computer system.

Social Engineering is an unauthorized person's manipulation of your trust to get you to give up information or resources that you should not give out.

True

False

�Ethics is about understanding how your actions affect other people, knowing what is right and wrong, and taking personal responsibility for your actions...”

True

False

Unlock and Upgrade

Remove all limits from your Quizzes

Typical Awareness Quiz

More Quizzes