1.
What should you do if you exceed your 300MB storage limit? (Select all that are applicable)
Correct Answer(s)
A. Create a personal folder (also known as a PST or archive file)
B. Perform some 'housekeeping' on your email account
C. Contact IT for assistance
Explanation
You should create a personal folder on your Y drive. This moves storage away from the inbox folder which is subject to size limits. This folder should be maintained and checked regularly. All email folders should be reviewed periodically and emails deleted when not required. If an email is important to a department, they can be saved on the shared S drive under the relevant departmental folder. Regular housekeeping should also take place so that storage limits aren't breached. Contact the IT department for assistance.
2.
If you receive a warning about a virus threat from a friend what should you do? (Select all that apply)
Correct Answer(s)
A. Delete and ignore it as these type of emails can contain viruses or are a hoax
C. Send a new email to my friend and ask that they do not send me personal emails to my work email address
Explanation
Never forward chain e-mail messages or virus warnings. The vast majority are a hoax or they can propagate viruses. The organisation has antivirus and antispyware protection that filters most suspect emails and attachments. If you receicve a chain email or a virus warning from a friend create a brand new email and contact them to ask that they do not send personal emaisl to your work email address. Do not reply to their original email as this could propagate any viruses contained within the email.
3.
Which of the following actions is classed as unauthorised use of systems / electronic equipment? (Select all that apply)
Correct Answer(s)
A. Using profanity while chatting by email to a colleague
B. Logging in to my bank account at lunch time
C. Using my work telepHone or mobile to make a personal call without authorisation
D. Sending an email to the Sports Leaders UK mailing list telling them that there are cakes in the kitchen at Head Office
Explanation
The organisation will not tolerate the use of the Internet or mobile technologies for personal use unless authorised by your line manager.
Please consider the impact of using large distribution groups. For example, an email to inform the Milton Keynes office of cakes in the kitchen is relevant to many, but the same email to the entire Sports Leaders UK organisation may not be.
4.
If you are provided with Sports Leaders UK portable equipment and you need to leave this in a vehicle overnight, how should this be stored? (Select all that apply)
Correct Answer(s)
A. The vehicle is protected by an intruder alarm system which is in full working order, which will operate in the event of interference with the vehicle
C. The doors of the vehicle are locked and all windows of the vehicle closed
D. The portable equipment is concealed from view in a locked boot or covered luggage department
Explanation
Our insurance does not pay out on theft from vehicles unless it is protected with an intruder alarm, the doors are locked and the windows closed, and the equipment is concealed in the boot or in a covered luggage compartment. Equipment must not be left under or on any of the car seats.
5.
If a visitor requires internet access at Sports Leaders UK head office they may use which of the following facilities? (Select all that apply)
Correct Answer(s)
B. The Sports Leaders UK secondary wireless network (SLUK Guest)
C. The Microsmiths / Linford Forum wireless network
D. The Sports Leaders UK ‘Secured Port’
Explanation
A visitor has three options of accessing the internet at Sports Leaders UK head office. The first option is to connect to Microsmiths' wireless facility, a free service provided by the company Microsmiths for the whole of Linford Forum - It is a network unrelated to the Sports Leaders UK network and therefore poses no security risk for Sports Leaders UK. The second options is to connect to the Sports Leaders UK guest wireless network, a network sectioned off from the main Sports Leaders UK IT systems. The third option is for a visitor to connect to one of the designated 'Secure Ports' within Head Office. These are located around the office marked with green stickers and a sign. These 'Secure Ports' provide an active internet connection but sit outside of the main Sports Leaders UK network, adding an added level of security to Sports Leaders UK systems.
6.
What should you do if you receive a suspicious email? (Select all that apply)
Correct Answer(s)
A. Move it to your junk folder or delete it
B. Contact IT for assistance
Explanation
Staff should be cautious about opening any e-mails and attachments from e-mails that have dubious or missing subject lines. Don't open attachments unless sure of the source. Report any suspected virus activity to the IT Service Desk.
7.
What is the AC1 form used for?
Correct Answer
E. To advise the IT Service Desk a staff member is about to leave the organisation
Explanation
An AC1 form is used to inform the IT Service Desk that a member of staff is leaving the organisation. It allows the IT department to close down the user account at the appropriate time and setup any relevant forwarding of files and emails. A minimum of one weeks notification is required when using an AC1 form.
8.
What should you do if you believe your password has been compromised?
Correct Answer
B. Contact the IT Service Desk immediately
Explanation
A password is often all that stands between an intruder and the Sports Leaders UK IT systems. If your password has been compromised you must contact the IT department immediately.
9.
Which of the following actions break data protection legislation? (Select all that apply)
Correct Answer(s)
A. When logged in to terminal services I will save an organisational document on to my personal laptop/computer/tablet so I can work on it off line. I then upload it again after I have finished.
C. The responsible tutor assessor has requested I send them the list of learner names and dates of birth on their current course so they can check they are all correct. I have confirmed that I am speaking with the right person following the correct procedure. I then email them the list using my Sports Leaders UK account.
Explanation
Terminal services is a secure environment but if information is transferred and saved on to your personal computer then this organisational data is then stored outside of the corporate network. Any personal information stored outside the corporate network breaks data protection law. It is acceptable to save learner and tutor information to an encrypted flash drive. Data protection states that any personal information about an individual must be stored in a safe and secure environment and encrypted in transit. Sports Leaders UK is the data collector and is therefore responsible for the personal information collected. We provide computers for those based in the office and laptops that are encrypted for those on the move. Encryption means that the information is stored in a secure format, so if the laptop was ever stolen the data would not be retrievable. Our email accounts are not encrypted, therefore if any data is sent to the wrong individual, they would be able to open up this data and see information they are not entitled to view. When sending any information that includes personal data about our customers, employees or corporate partners we should ensure that this is not sent without added protection. This could be by sending the data as an attachment and locking it with a password or by allowing the user to retrieve their data through another medium such as an external storage area (IT Support can advise). If a tutor assessor requests information about their learners it is best to advise them how they can retrieve this by logging on to LEAP. Alternatively a password protected document can be emailed (PDF, Excel or Word). The password should be sent in a separate email after the document has been confirmed as being received by the recipient.
10.
Which of the following actions break Sports Leaders UK policy? (Select all that apply)
Correct Answer(s)
B. I forward work emails to my personal email so I can work on this information from home
C. When logged in to terminal services I will save a document on to my personal laptop/computer/tablet so I can work on it offline. I then upload it again after I have finished
Explanation
The S and Y drive are part of the corporate computer network and are therefore acceptable areas to store data.
Any emails that we send from our Sports Leaders UK email account represent the organisation. Emails can contain personal information about our staff, our customers, other corporate partners and supporters and corporate information that should not be shared. We ensure that any data contained and distributed through Outlook is stored safely, follows corporate identity rules by ensuring it has the right signature, uses the right font, contact details and disclaimers; is stored and backed up and therefore available if required again in the future for reference or to support regulatory requirements. If an email is forwarded to a home email account the corporate data is then taken out of the corporate environment, does not protect the data, does not archive and store the message within context and does not provide a clear tracking route to support regulatory and legislative requirements. For this reason we do not allow anyone to forward emails containing corporate information to their personal email address.
Terminal services is a secure environment through which staff can access their Sports Leaders UK account and data without being in the office and by using any computer, but it does require an internet connection to be able to access the information which means that some staff will save data on to the personal computer they are working with so they can work offline. The problem with this is that the data is then stored outside the corporate network and is subject to all the above concerns in the previous paragraph.
It is acceptable to store personal information on an encrypted flash drive as the data is protected by the encryption process.
11.
You are unexpectedly called by an external company. You have heard of the company before but are not sure if they have a contract with us or not. They ask that you allow them access to your computer so that they can fix a problem. What should you do? (Select all that apply)
Correct Answer
C. Explain that you have not been notified and need to check that their request is valid. Call the IT Service Desk to verify and do not grant access until this has been confirmed
Explanation
If unsure you should never allow an external company access to your computer without verifying with the IT department that their request is valid. Anybody who is granted access to connect to your computer must be supervised at all times.
12.
Where appropriate, which category of report can be distributed to members of the public?
Correct Answer
D. Category 4
Explanation
Only Category 4 can be distributed to members of the public. Most reports will be restricted to internal staff either due to the data they hold. Category 1 is restricted to internal departments or groups listed in the report and Category 2 to internal organisational distribution only (contracted staff). Alternatively Category 3 allows external distribution, but restricted to the listed people or organisations.
13.
When a customer contacts us to confirm/edit data we hold on them, how should we verify their identity? (Select all that apply)
Correct Answer(s)
A. Information from their database record (e.g. email address)
C. Date of Birth
Explanation
Dates of birth are requested for all individuals registering on to our database. Therefore the date of birth is a form of verification. In addition we request an additional set of information contained on their record. We do not currently ask for mother’s maiden name or name of first pet.
14.
If you are going to be using personal equipment in the organisation what should you do? (Select all that apply)
Correct Answer(s)
A. Inform the IT Service Desk
B. Get consent from your line manager
C. Ensure the equipment meets standards as defined in the Information Security Policy
Explanation
All personal equipment must be reported to the IT Service Desk after receiving consent from your line manager to ensure that it meets all hardware and software requirements as stated in the Information Security Policy. All personal equipment must have anti-virus software installed that is regularly updated.
15.
What are staff responsibilities to physical security in their work surroundings? (Select all that apply)
Correct Answer(s)
A. If they use any organisational mobile equipment they are responsible for ensuring it is kept safe and secure
B. They are responsible for ensuring that no equipment is taken from their surroundings without authorisation
C. They are responsible for ensuring that filing cabinets and doors that are their responsibility are locked and that any electronic equipment is locked or switched off before leaving the premises
Explanation
Staff are reponsible for all equipment given to them during their employment with Sports Leaders UK. An equipment signout sheet must be signed for all mobile equipment to show that the equipment you have been provided with is in operable condition. Staff are also repsonsible for ensuring that no equipment is taken from their surroundings and that all secure areas are kept locked where appropriate.
16.
A member of Sports Leaders UK has been recruited to my department and will be starting to work in my team in two weeks time. What should I do before they start their new position?
Correct Answer
C. Submit an NA1 form to the IT Service Desk
Explanation
A new user account or a change in job role will only be actioned on receipt of an NA1 form. This must be filled out by the line manager and forwarded to the IT department a minimum of two weeks before the start date. An NA1 form provides the IT department with the level of detail required to setup the account such as file access, mailing groups, equipment details, terminal services access, etc.
17.
If a third party of contractor wishes to work in an area that contains Sports Leaders UK information or needs computer access to a system what should you do to ensure confidentiality and to secure the area? (Select all that apply)
Correct Answer(s)
A. Ensure that the third party or contractor has a formal agreement with us for the work and that it has been agreed
B. Consider the risk of the third party or contractor having access and the necessity of the work then decide if access should be granted, denied or if their access should be monitored
C. Ensure that keys are not left in filing cabinets and papers are filed away
D. Ensure that computer equipment is locked, turned off or removed from the area
E. Ensure that private rooms containing critical equipment of confidential information cannot be accessed
F. Make other staff aware of their presence and where they are expected to need access to
Explanation
A third party or contractor includes any external organisation or individual that is not classed as a member of staff. These may or may not be contracted to the organisation. When third partiesor contractors are involved in providing support and maintenance of the organisation’s facilities it may be necessary for them to access systems using the highest levels of privilege. It is essential that privileged access to computer areas by third parties or contractors is approved by the IT Service Desk and that a member of staff is responsible for managing the access and that the access is monitored and / or logged.
A risk assessment must be made before third parties or contractors are given access to normally secure areas where confidential information is stored or processed. The outcome may be to deny access, grant access or provide access with provisos to manage the risk such as allowing access while being observed.
Precautions in the form of formal agreements should be taken to protect the information security interests of the organisation where external organisations or individuals are allowed access to the organisation’s equipment, network or systems.
Third parties or contractors should have appropriate assurances within the contract to safeguard the organisation in relation to privacy, access to data and accidental damage. Any third party or contractor who is under agreement with the organisation may have unsupervised access if appropriate.
18.
What is a bulk email? (Select all that apply)
Correct Answer(s)
B. Any email sent to 15 or more external users
C. Any email with an attachment larger than 10MB sent to an external user
Explanation
An email sent to 15 or more external users, or a single email sent with an attachment larger than 10Mb is considered a bulk email. Contact the IT department for advice if you have a vaild reason for needing to send emails to more than 15 people external to the organisation.
19.
What should you do if you require software downloading that is not already supplied by the Sports Leaders UK IT Service Desk?
Correct Answer
C. Request through the IT Service Desk and obtain managerial authorisation
Explanation
If there is a requirement for additional software to be downloaded contact the IT Service Desk and request authorisation from your manager.