Cyber Security – Progress Industries

Welcome to the Cyber Security. This quiz contains 18 questions. In order for you to pass, you must answer 15 of 18 correctly. At the end of the quiz you will be notified of the number of questions you answered correctly. If you did not get at least 15 correct, you must take the quiz again

First & Last Name (required)

Please review the Cyber Security Policy before completing this quiz. It can be found by clicking the following link: Cyber Security Policy

1. What is the purpose of P.I.'s Cyber Security Policy?

A. It forms the foundation of the corporate Information Security Program.

B. The policy assists with facilitating secure business operations.

C. Defines the appropriate and authorized behavior for personnel approved to use Progress Industries' Information assets.

D. All of the above

2. The Cyber Security Policy includes four distinct components:
     - General Email/Internet Security and Use
     - Bring Your Own Device (BYOD) and Acceptable Use
     - Online Social Networking
     - Internet/Intranet Publishing

True

False

3. Cyber Security Policy applies to all employees, interns, contractors, vendors and anyone using P.I. assets. This policy is the organizational mechanism used to manage the confidentiality, integrity and availability issues associated with information assets.

True

False

4. Clicking on save, submit, approve, etc. is considered an electronic process indicating acceptance of an agreement or record and is considered a legally binding signature.

True

False

5. Any suspected breach of electronic security must be reported immediately to the IT Department and a member of Leadership. The HIPAA Privacy Officer will investigate and is responsible for making final determination and any necessary reports of the breach to persons served, guardians and the Department of Health and Human Services.

True

False

6. Which statement is incorrect according to the System Security Policy statements?

A. Progress Industries’ System Security Policy addresses control, use of hardware, operating systems, software, servers and backup requirements for all systems maintained and operated by Progress Industries.

B. Exceptions to this policy must be approved by the CEO or their designated representative.

C. Human Resources will notify a Therap Provider Administrator and the IT department when employees are on a leave of absence, hired, transfer or change positions, or end employment.

D. Employees on leave of absence may continue to access the Progress Industries network or Therap.

7. Progress Industries authorized users must comply with creation, usage and storage policies to minimize risk to corporate information assets. Network Passwords will conform to the following criteria. Which statement below does not meet the Network Password criteria?

A. Passwords will be a minimum of twelve characters.

B. Passwords must consist of at least one uppercase letter, one lowercase letter, one special character, and one number.

C. Passwords can be stored on personal devices as long as the device itself is password protected.

D. Network passwords are NEVER required to be changed once the employee has developed their personal network password.

E. Accounts will be locked out after five failed password attempts in a 30-minute time period.

8. According to the Desktop Services Security Policy-Remote Sites, as a P.I. employee, you do not need approval to install software or hardware on any P.I. laptop, computer, device, etc.

True

False

9. Progress Industries will monitor internet activity at any time to comply with P.I.'s Internet Acceptable Use Policy.

True

False

10. All emails on the Progress Industries information systems, including personal email, are the property of Progress Industries.

True

False

11. Do all employees of P.I. have the ability through progressindustries.org to send secure emails with PHI?

Yes

No

12. As a P.I. employee, you must be assigned permission to send secure emails. You are not automatically assigned secure email and all Outlook emails are not secure.

True

False

13. The intent of this policy is to better protect Progress Industries' assets against attack from destructive or malicious programs. All information systems media, including disks, CDs and USB drives, introduced to the Progress Industries environment will be scanned for viruses, hostile and malicious code.

True

False

14. All personally owned devices containing Progress Industries sensitive data, such as email, must be registered with the Progress Industries IT Department.

True

False

15. Progress Industries hereby acknowledges that the use of personally owned devices in connection with Progress Industries business carries specific risks for which you, as the end user, assume full liability.

True

False

16. Which statement below is the purpose of P.I.'s Online Social Networking Policy?

A. To guarantee a constructive relationship between the company and its employees.

B. To reduce the possibility of risk to Progress Industries or its reputation.

C. To discourage the use of company time for personal networking.

D. To ensure employees are aware of their actions while engaging in social networking, the number of individuals who can access information presented on social networking sites and the consequences associated with these actions.

E. All of the above

17. Which one of these activities is allowed during working hours?

A. Using social networking to conduct personal or non-company business.

B. Browsing social networking sites for non-company business on company time.

C. Reading email alerts regarding personal social networking account activity or using Progress Industries email to correspond with personal social networking contacts.

D. Updating information, uploading photos or otherwise engaging with one’s own, personal social network profile for non-business purposes.

E. Micro-blogging for a non-business purpose on a social networking site throughout the day, whether it is on a company-provided computer or a smartphone device.

F. None of the above

18. Users that wish to access the P.I. network from agency-issued equipment or personally owned devices must adhere to the same rules to protect P.I. assets against attack from destructive or malicious programs. Which statement below is false?

Email attachments should only be opened if you know the sender and nature of the attachment.

Users are forbidden from having computers automatically remember passwords. This includes agency, personal and public devices that access the P.I. network or third-party vendors used by P.I.

Network passwords are required to change every 90 days.

Passwords can be shared with other employees as long as you work in the same department.

Users should lock the workstation when leaving their computers or mobile devices unattended for more than 15 minutes. Computers in public areas should be logged off before the user leaves.

I acknowledge that these requirements have been explained to me, that I understand them and that I will uphold them to protect the security, integrity and confidentiality of electronic records, including E-PHI. Annually, I refresh my understanding and my requirements of the entire Cyber Security Policy. I am aware that failure to maintain security protocol could result in disciplinary action up to and including termination of employment, fines and imprisonment.

Employee ResourcesWebmail

Employee Resources
Webmail