General
Security Awareness
Security Awareness
The group responsible for information security.
Who is everyone?
Something you say when someone you don't know shows up unannounced and requests access to your IT closet.
What is No? (Other acceptable responses: "I need to see your ID" or "I need to confirm with my manager or corporate contact.")
A string of words that must be used to gain access to a computer system or service.
What is a passphrase?
An attack in which the threat actor poses as a trusted person or organization to trick potential victims into sharing sensitive information or sending them money.
What is phishing?
The policy that covers IT acceptable guidance for assets and information including, but not limited to, the following areas: PHI/ePHI use, password use, remote work and travel, clear screen and desk requirements, personal device use, email and social media use, and inappropriate use.
What is the Information Technology Acceptable Use policy?
The name of the monthly security awareness newsletter.
What is the Second Week Security Spotlight?
Visitors to our company locations are required to sign-in at the reception desk upon entering the facility. Sign-in tracking will be accomplished through the use of this type of documentation.
What is a visitor control log?
Writing down passwords on this makes it easier to remember, but increases the risk of someone finding it.
What is a post-it note?
The action you should take when your receive a suspicious email.
What is report as suspicious? (Phish Alert Button)
This policy ensures that the organization’s email systems are used only for authorized purposes and that certain rules are followed, particularly those that refer to general email usage and email usage for transmission of Covered Information.
What is the Email Security policy?
This type of information consists of 18 identifiers such as: Name, Address, Birthday, Phone Number, Fax Number, Email Address, Social Security Number, Medical Record Number, Health plan beneficiary number, etc.
What is PHI? (or Personal Health Information)
A good practice that consists of locking up confidential documents, locking your screen, and ensuring your area is secure before walking away.
What is a clean desk?
A technology tool that helps internet users create, save, manage and use passwords across different online services.
What is a password manager?
The use of personality, knowledge of human nature and social skills to steal passwords, key tokens or other credentials to gain access to systems.
What is Social Engineering?
This policy defines the physical and technical safeguards over workstations and mobile devices that access electronic Protected Health Information (ePHI).
What is the Workstation and Mobile Device Security policy?
The action one should take in the event a work device is lost or stolen.
What is report? (or notify IT)
A place to dispose of confidential documents.
What is a secure shred bin?
An identification method that enables users to log in to multiple applications and websites with one set of credentials.
What is SSO? (or Single Sign On)
An umbrella term for different kinds of malicious software and is defined as any executable code that uses a computer in a way not authorized by it's owner.
What is malware?
This policy consists of the governance of the receipt and removal of hardware and electronic media that contain electronic Protected Health Information (ePHI) in and out of our facilities and the movement of these items within our facilities. Information systems and electronic media to which this policy applies include, but are not limited to: desktop computers, laptops, netbooks, tablet devices, backup tapes, CD-ROMs, portable hard drives, and flash memory.
What is the Disposable Media policy?
Passwords, Clean Desk, Handling Confidential Information, Confidential Documents, Malware, Phishing, Social Engineering, Working Remote, Work vs. Personal Use, and Company Policies.
What is the Information Security Top 10?
A security protection that automatically occurs when a device has been inactive for a certain amount of time.
What is screen lockout?
123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, 1234567890
What are the 2022 top 10 most common passwords?
If you must send sensitive information outside our organization via email, you should enable this security setting.
What is encryption?
This policy serves as the basis of the VMD Business Continuity Plan (BCP) for handling responses to system emergencies involving electronic Protected Health Information (ePHI), ensuring continuity of operations during an emergency and recovering from a disaster.
What is the Contingency Planning policy?