Data Classification
This process ensures sensitive data is labeled correctly and shared only with authorized parties, forming the backbone of DTCC’s data protection strategy.
What is Data Classification?
Before sending an email with confidential data, you should do this to ensure the message reaches only the intended recipient.
What is verifying the email recipient?
This phrase encourages employees to report suspicious behavior that could indicate insider threats.
What is "See Something Say Something"
This acronym refers to any data that can be used to uniquely identify an individual, such as names, addresses, or Social Security numbers.
What is PII (Personally Identifiable Information)?
The four official DTCC data classification levels, ranked from most to least sensitive.
What are Red, Yellow, Green, and White?
Under this rule, employees should only access the minimum amount of data necessary to perform their job.
What is least privilege or RBAC
Name one of the countries designated as a nation-state actor where DTCC workers are not permitted to work from?
What is China, Russia, Iran, North Korea.
If you accidently send PII to an unintended recipient you should immediately notify these teams.
Who are the Privacy Office and Insider Risk Team
Documents such as YOUR payslips, onboarding guides, and benefits plan information fall under this classification
What is Green Data
This policy defines what users should and should not be doing on their corporate devices
What is the technology usage policy
This US President is responsible for the creation of Insider Risk program with in government regulated agencies
Who is Barack Obama
The name of your first pet, the street you grew up on and your mother's maiden name
What is white data
What are operational and technology procedures
What is Yellow Data
This recipirical is located on all office floors to discard confidential information that was made available on a hard copy
What is a locked trash can.
A sudden change in behavior, increased secrecy, or visible stress may be signs of this.
What is a potential insider threat?
What is the best way to send documents containing PII to authorized external parties when required for business?
Password protect
This color label represents DTCC’s most sensitive data like MNPI and encryption keys, and must be handled with extreme caution.
What is Red Data
This group is responsible for providing access to blocked web portals
Who is the SARG
The 3 types of insiders threats?
What are malicious, negligent, and accidental.
DTCC uses this type of training to help employees recognize and properly handle PII to reduce insider risk.
What is security and awareness training