Workstation & Device Security
According to policy, you must do this to your workstation before leaving it unattended.
What is lock your screen/workstation
This action is required for any suspicious emails you receive, such as those from unknown sources or with unexpected attachments.
What is report them to Security/GSRM/PAB?
This is the classification level for data that can be distributed to anyone, both internal and external to SHEIN.
What is Level 4 (PUBLIC)?
The minimum number of characters required for a complex password when multi-factor authentication is NOT in place.
What is 12 characters?
Any employee who suspects a security incident, weakness, or policy violation should immediately report it to this team.
What is the Security Operations Center (SOC)?
After this many minutes of inactivity, your workstation will automatically lock its screen.
What is 10 minutes?
Auto-forwarding SHEIN emails to this type of account is strictly prohibited by company policy.
What is a non-SHEIN or personal email account?
This data classification level is for information generally restricted to authorized SHEIN personnel with a business need.
What is Level 3 (INTERNAL USE)?
This practice involving user accounts is strictly prohibited, except for very specific, pre-approved business cases.
What is account sharing?
The first phase of the formal Incident Response process, which involves detecting and assessing a potential event.
What is the Identification phase?
This type of software is prohibited from being installed on SHEIN-issued devices without prior authorization.
What is unauthorized software?
Before sending a file containing SECRET or CONFIDENTIAL data via email, it must be protected in this way.
What is encrypted or password-protected?
This is the highest and most sensitive data classification level, whose unauthorized disclosure could cause severe business impact.
What is Level 1 (SECRET)?
Upon first login to a SHEIN workstation, you must immediately do this to the default password provided.
What is change it?
An incident is classified as this severity level if a threat actor successfully moves from an initially compromised system to other internal systems.
What is High Level Severity?
You must immediately report a lost company workstation, particularly one with sensitive information, to this department.
What is GSRM (Global Security Risk Management)?
When sending a mass email, you should use this function to protect the privacy of recipients' email addresses.
What is the Blind Sending function (BCC)?
The principle stating that if a dataset contains data of different sensitivity levels, the entire set is classified at the highest level present.
What is the high water mark principle?
While working remotely, this type of secure network connection must be enabled.
What is a VPN connection?
This team serves as the first responders for high-severity cybersecurity incidents within SHEIN.
What is the Cyber Incident Response Team (CIRT)?
The guideline that requires you to remove sensitive paperwork from your desk and store it in a locked drawer.
What is the "clear desk" guideline?
The specific email address you should use to report a security event or incident.
What is gsrm@sheingroup.com?
This classification level applies to data like unique identifiers, where unauthorized access could significantly impact SHEIN or its customers.
What is Level 2 (CONFIDENTIAL)?
The minimum password length permitted if you are using an approved multi-factor authentication (MFA) solution.
What is 8 characters?
This incident category describes techniques adversaries may use to steal data from the network.
What is Data Exfiltration?