Security and Trade Compliance Jeopardy

Cybersecurity 101

Physical Security

Global Trade Compliance

Security Scenarios

Policies, Protocols, Procedures

100

Emails that trick users into clicking malicious links.

Phishing

100

Propping this open can be a serious security violation.

Access-controlled door

100

A list used to screen international partners and customers.

Denied/Restricted Party List

100

You notice sensitive documents left on a shared printer. What should you do?

Secure/Shred them and inform the owner

100

You must do this before sharing controlled technical data with a foreign national.

Obtain export authorization.

200

This type of software is used to protect against unauthorized access.

Firewall

200

These devices record who enters and exits secure areas.

Access control systems or badge readers

200

Wassenaar Arrangement, Chemical Weapons Convention, Nuclear Suppliers Group, Missile Technology Control Regime and Australia group are all a type of this...

Voluntary Export Control Regime

200

Term describing someone withing the organization that poses a risk.

Insider Threat

200

This process evaluates whether a transaction involves high risk entities.

Restricted Party Screening

300

Something you should never share with coworkers, even if they ask nicely.

Password

300

Visitors must always do this when entering a business unit.

300

These export controls apply to unlisted goods such as coffee cups and baseball bats.

catch all controls

300

You see someone in the office without a badge. What's your next step?

Report them to security

300

How often must employees complete mandatory security training?

Annually

400

Method of logging in that requires more than just a password.

Multi-Factor Authentication

400

You should always wear this while on site to identify yourself.

company issued ID Badge

400

Transferring controlled goods or technologies to a foreign national within your home country by any means.

Deemed Export

400

You receive a USB drive from an unknown source. What do you do?

Report it, DO NOT plug it in

400

Company security and Compliance policies are found where?

Inside CW

500

Practice that involves identifying and patching system weaknesses.

Vulnerability Management

500

The correct response when you see someone tailgating through a secure door.

Report the Incident

500

The US uniquely controls the export of "defense services" using this kind of license.

Technical Assistance Agreement (TAA)

500

The first thing you should do in a suspected data breach.

Report to IT security or your supervisor.

500

This policy defines what internet usage is allowed on company devices.

Acceptable Use Policy