Professional Documents
Culture Documents
If a user wants to share critical information outside of the organization for business purpose, how should he send t
Allowing ______ entry into restricted area is in violation of policy
Individuals who need and use ICICI data as part of their assigned duties or in fulfilment of assigned roles or funct
You see the message " Your computer is infected with a virus. Please click on the below link to remove it". What
Which of the following are examples of secret information?
Which of the following is true with regards to Shrink-wrapped/Freeware/Shareware Software?
Select all correct options. Human Firewalls are:
Which of the following is NOT a social engineering attack?
In phishing, attackers target using ________ to do social engineering
Which of the following are part of visitor management guidelines?
You login to your system using your password, read about strategic information related to a merger, and financial
What should you do if your official mobile computing device is stolen?
What are the important components of Triad of information security?
Which of the following is a strong password?
What should you do if you suspect you have received a phishing email?
Information Security is the process of
Which of the following is incorrect?
An unknown person is spotted following closely behind an employee and entering the restricted section of the bui
Access control systems provide ________ environment.
You are sitting in a café with your friend after work when your boss calls up, asking you to share some confidenti
Which of the following is true with regards to IT assets as per the policy?
Your security settings are not allowing you to download an important e-mail attachment sent by your customer. W
You receive a suspicious email requesting urgent action. What should you do?
You receive a phone call from an unknown person asking for PII of a customer. What kind of attack could this be
All of the above
Protect the file by Seclore and then send it.
Unauthorized
Data Users
Both i. and ii.
2,3,4
Forward the email to antiphishing@icicibank.com
People who fall under the 'need to know' principle
Tailgating
Both i
and ii
1,3,4
1,2,3
Information explicitly approved by management for release to public
Strategic information like mergers and acquisitions, materially significant investment decision.
All of the above
1,2
Denial of Service attack
Email
All of the above
Secret
File an FIR with the police and submit a copy of the report to the concerned department
1,2,3
2,3
Forward the email to anitiphishing@icicibank.com
Protecting Information
The internet has made it hard to collect PII
Tailgating attack
All of the above
Ensure that you are in a private place and that you are not connected to a public network before sending the inform
All of the above
End users do not send critical information outside
the corporate network.
1,3
All of the above
t, by any employee or outsourced agents of ICICI Group that comes to your notice
ld not be accepted.
An official of the Financial Intelligence Unit has sought for the transaction details of some listed customers, a
A relative of the customer approaches the branch for the account information of the customer. What is the rig
Which of the following is breach of Data Privacy?
Which of the following actions would ensure that privacy of customer data would be maintained?
A customer has closed his relationship with the bank. In this case
The organization has taken the customer details for the purpose of account opening and the customer has not op
Would sharing of customer personal information, after termination of the relationship amount to breach in pri
A person approaches the branch and request for a bank statement of his friend. The branch official should provi
What can be treated as personal information?
Data Privacy is the responsibility of the ______________of the organisation.
Which of the following is personal data for corporates
Does sharing an existing customer’s name and account balance with a prospective client amount to breach of d
Think Privacy is a rigid customer/employee data protection standards which gives no option of sharing the dat
A well known film actor opens an account with the bank. The personnel processing the account opening form
In an organisation, Data Privacy is the responsibility of
Privacy breach is an unauthorised access to, __________, __________ or ___________ of personal informati
A bank records information about some individuals who are shareholders of its corporate account holders. It c
An individual approaches the branch, praises the branch manager and staff for the manner in which the custome
Customer information should not be disclosed to anyone (including other employees or family and friends) who
Mr. X was carrying a laptop containing large amount of customer data for some official purpose. On the way,
Tax authorities demand for the personal details of the employees viz, the employee’s pay. In such a scenario what sho
Identify the purpose of collecting the information
At the day end, if you find your colleague has left the document containing customer/employee personal data
Once data is received by the bank, staff members as representatives of the bank can decide with whom it can be
Which of the following would lead to a Privacy Breach?
Which of the following is a privacy breach
Mr. Raj, a customer of the bank had defaulted in payment of his credit card dues. He was not available on any
If you have to send personal data of customer through mail for official requirement, what needs to be ensured:
Personal information is any identifiable information about ___________.
Bank makes a service call to the customer. But, the customer was not available on the call. It was answered by
Which of the following is not a Personal Data
In case of corporate, any information that is not available in the public domain but is shared with the ICICI Gr
Limit the access to your work areas and computers to authorized persons only.
A fellow employee calls up the phone banking or visits the branch mentioning that his colleague has met up wi
What out of the following is not a privacy breach
An employee of the Group Company seeks details of the bank customers, to cross sell their products. What shou
Which of the following is not a form of Privacy
Which of these is a Privacy Principle
While accepting customer's application and other service requests, one should make sure that:
Is it right to discuss customer related personal information in public areas like cafeteria, lifts, etc.
As per Data Privacy principles, it is always advisable to:
After the use of print outs containing customer/employee personal data what should one do
When can the disclosure be made without the consent of the customer
Which of the following statements are correct
Bank is unable to locate its customer who has stopped making loan repayments. The customer has shifted his re
Improper handling of data can cause serious consequences to which of the following:
A person approaches a branch seeking information pertaining to a certain account with a formal request letter. Th
An employer is investigating allegations of harassment against one of its employees. The employee in question
Can the performance related data of any employee be shared with other employees/outside parties.
What should one do, if the customer data is left unattended on printers for a long period of time?
An employee in his individual capacity keeps a database of his friend and relatives including their name, addres
An employer receives several applications for a job vacancy. The employer is successful in recruiting the desire
Following are the most common causes for Privacy Breach:
Think Privacy campaign has been launched to increase employee awareness on
1,4
Check the authorization letter, satisfy that it meets the bank’s policy requirement and share the personal information
1,2,3,4
1,3
The bank can keep the basic details as required by the regulator and maintain confidentiality
1,3
Yes
1,2
2,3
Employees
2,3,4
Yes
No it is incorrect. Think privacy, is a principle based data protection standards which allow sharing of data to third pa
None of the above
Each employee
1,3,4
No
Should share the details only if he provides a proper authorisation letter from the customer
Yes
Encryption of laptop
scenario what should the employer do:
1,2
Lock it in your drawer and sensitise him/her the next day
Staff members as representatives can act only on the customers/employees consent, bank’s policies and on the prevai
Both a & b above
1,2
Destroy the excessive information
Send password protected files
Both a & b above
Inform the person who attended the call that since she is not the joint account holder details could not be shared with
None of the above
1
Yes
Deny the request
None of the above
Share the details of only those members who have opted for cross sell.
None of the above
1,2,3,4
1,2,3
No
2,4
Shred the document
1,3,4
2,3
can share the personal details of the customer without obtaining the consent of the customer
all of the above
1,2
Retain the record of investigation and add a note to the file recording the employee’s insistence that allegations are un
No
Try to identify the owner of the data and if ownership can't be ascertained then destroy the data
Employee himself
Wrong
1,2,3,4
Data Privacy
share the personal information
allow sharing of data to third parties as per customer/employee autorisation and to the extent that law permits.