Data Classification
What are Red, Yellow, Green, and White?
The four official DTCC data classification levels, ranked from most to least sensitive.
Before sending an email with confidential data, you should do this to ensure the message reaches only the intended recipient.
What is verifying the email recipient?
This phrase encourages employees to report suspicious behavior that could indicate insider threats.
See Something Say Something
This acronym refers to any data that can be used to uniquely identify an individual, such as names, addresses, or Social Security numbers.
What is PII (Personally Identifiable Information)?
These are the four official DTCC data classification levels, ranked from most to least sensitive.
What is Red Data
Under this rule, employees should only access the minimum amount of data necessary to perform their job.
What is least privilege or RBAC
If you accidentally send restricted data to the wrong person, this is the first action you should take.
What is report the incident to your supervisor and the Insider Risk team?
You accidently send PII to an unintended recipient. What teams should you contact immediately.
Privacy Office and Insider Risk Team
Managing and documenting operational procedures and technology processes
What is Yellow Data
This policy defines what users should and should not be doing on their corporate devices
What is the technology usage policy
This US President is responsible for the creation of Insider Risk program with in government regulated agencies
Who is Barack Obama
The name of your first pet, the street you grew up on and your mother's maiden name
What is white data
Your payslip
What is Green Data
This recipirical is located on all office floors to discard confidential information that was made available on a hard copy
What is a locked trash can.
A sudden change in behavior, increased secrecy, or visible stress may be signs of this.
What is a potential insider threat?
This data can be provided for other internal users to leverage on your behalf but should never be shared via digital communications
What is credit card information
What team is responsible for categorizing data into data classifications?
Who is "nobody knows"
This group is responsible for providing access to blocked web portals or granting users with upload capabilities
Who is the SARG
Executive order 13691 was created after this person stole information from the CIA.
Who is Edward Snowden
DTCC uses this type of training to help employees recognize and properly handle PII to reduce insider risk.
What is security and awareness training