[Portions US Pat./Pat. Pend./ TRADE SECRET / Copyright (c) 1987-2024] {GET@} (CCBot/2.0 (https://commoncrawl.org/faq/) on exec.all.net) [MA]
State Machine

The AeroSpace Security Game

This non-interactive version of the aerospace security game is designed to test your knowledge of aerospace information security requirements. It is based on a version of The Network Game demonstrated during a recent meeting of Aerospace security administrators. Answer all questions and your score along with the answers according to one interpretation of the unclassified version of the industry official manuals will be provided upon completion.

Your Answer The Challenge
Question 0: The ISSO is:
  • A) The Information System Security Office located at 275 M street in Washington, DC.
  • B) The Information System Security Officer on duty 24 hours a day at the entrance area of every SKIF.
  • C) The Information System Security Office located at your facility.
  • D) The International Standards Organization Office responsible for information security standards and procedures.
  • E) The Information System Security Organization that sets the standards for information security in the U.S.
  • F) None of the above
Question 1: You have a critical bid deadline to meet by tomorrow morning and have just detected a computer virus on your system. What do you do?
  • A) Call the computer support center and explain the situation.
  • B) Continue working on the project using your infected computer.
  • C) Make a backup of critical project files and continue working on them.
  • D) Copy the critical files to another computer and continue the work there.
  • E) Install anti-virus software right away and see if that fixes the problem.
  • F) Turn off the computer right away and restart your part of the project from scratch on a clean computer.
Question 2: To make acceptable use of system or network resources you must first:
  • A) Sign a legal agreement.
  • B) Be trained on system security.
  • C) Do paperwork requesting access.
  • D) Have need-to-know for all information within the system or network you are using.
  • E) Never download software into the system or network without first checking it for computer viruses.
  • F) All of the above
Question 3: It's 2AM and you are all alone in the facility. You want to print a 500 page UNCLASSIFIED extract of a classified document that you have just completed from your classified workstation. You start printing it, and you know from experience that it will take at least 30 minutes to finish. As you wait for the document, you find you need to use the bathroom, but the bathroom is located in another area of the building. What do you do?
  • A) Since it was UNCLASSIFIED it automatically gets printed on an UNCLASSIFIED printer. You can leave it.
  • B) You cannot leave regardless of any physical needs. You must make certain that nobody without need-to- know sees it.
  • C) Treat it as if it were classified until you visually verify that it is indeed unclassified by reviewing the entire contents. Do not go to the bathroom.
  • D) No special requirements apply for unclassified documents.
  • E) Lock the room, put up a sign indicating that classified processing is underway and that you will return soon, and go to the bathroom.
  • F) Look at the first few pages and verify that it has unclassified contents, and if so, go to the bathroom.
Question 4: Itís Sunday night and you have a deadline at 8AM Monday morning on a multi-billion dollar proposal. You find that the last critical piece of information you need is on a system that you donít have a user ID for, but that you believe you have the required need-to-know and clearances to access. No authorized user can be contacted:
  • A) Try guessing an authorized user's user ID and password to get the information you need and then report the security violation in the morning.
  • B) Use a system boot disk to gain access to the hardware, reset an administratorís password to allow access, access the system, get the document, and report it to the systems administrator first thing in the morning.
  • C) Remove the classified hard disk from the system, connect it to another system, mount it as a secondary disk, get your file, return the original disk to its original system, and tell the systems administrator first thing in the morning.
  • D) Do A, B, or C above, but donít report the violation.
  • E) Do your best without the critical piece of information Ė even though you will almost certainly lose the huge contract.
Question 5: Itís 10AM on a regular working Tuesday, and you notice a wire of some sort that appears to go between a classified system and an unclassified system:
  • A) Immediately disconnect the wire, then contact the ISSO or someone else responsible for security and identify the situation.
  • B) Immediately contact the ISSO or someone else responsible for security and identify the situation but donít disconnect anything without their instructions.
  • C) Find someone who knows about computer networking and ask them to check it out. If they say it could not be used to communicate between the systems, just ignore it and go about your work.
  • D) Bring it up with your supervisor at your earliest convenience.
  • E) Call the computer support group and identify the issue to them. Follow their instructions from then on.
  • F) Write a memo describing the situation and forward it to your supervisor, the ISSO, and others you think are appropriate decision- makers.
Question 6: You want to use a Palm III personal organizer to keep track of your busy daily schedule Ė both at home and at work:
  • A) You simply cannot do it. If you have an organizer from work and it was purchased from monies resulting from government work, it is illegal to use it for any personal purposes. If you own your own organizer, you cannot bring it into work because the Palm III has a serial port and could be used to connect to classified systems.
  • B) You can do it by buying your own organizer and getting permission to use it at work. But you may not bring it into classified areas.
  • C) You are allowed to use an organizer provided to you by your company, even if the government paid for it, for personal purposes as long as those purposes do not use large amounts of resources.
  • D) You can buy your own organizer, use it at work, and bring it anywhere you like, but it is susceptible to search at any time to verify that it has no classified information in it.
  • E) None of the above.
Question 7:You get a floppy disk from a vendor with a mission critical application on it. Before you may use it, you must:
  • A) Scan it for viruses using any available virus checking program before using the disk.
  • B) Scan it for known viruses using an authorized virus checking program before placing the disk in a system.
  • C) Place the disk in your system and scan it with the virus checker you use on a day-to-day basis.
  • D) Scan it for viruses ONLY if it is a boot disk Ė otherwise, no virus check is required.
  • E) None of the above.
  • F) A, B, or C above are all acceptable.
Question 8:The newspapers keep talking about hackers as a serious national security threat:
  • A) Hackers are a serious threat to classified systems and that is why we have security training.
  • B) Hackers are only one of many threats to classified system security, and many of the other threats are far more serious.
  • C) The threats to national security are overstated in the media and in our organization to make sure that we get funds to support the people who like to work in this area.
  • D) Hackers can get into every system there is, and itís all we can do to track down a few of them here and there.
  • E) Hackers are not really a threat to classified system security, but other more serious actors such as spies, terrorist groups, and malicious insiders are a serious threat and that is why we need to keep our security very tight.
Question 9:You have just been assigned to a new project that requires a special clearance and need-to-know that you donít have right now. You are anxious to get started on the work. You should:
  • A) Contact the ISSO to arrange for immediate clearance.
  • B) Contact the project leader or data owners to get need-to- know access.
  • C) Contact the badge office and submit paperwork for the new clearance.
  • D) If you donít know how to get access, you are not really authorized to work on the project.
  • E) You would not have been assigned to a project unless you already had all the clearances and need-to-know before hand.
  • F) B and C above.
  • G) Information on how to get clearances is classified and could not be described in an unclassified training session such as this one.
Question 10: All of the PCs we have come with modems and Internet services built in for our use. In using these features, we must
  • A) Encrypt all data with a company authorized encryption program
  • B) Check all incoming files with a virus checker before using them
  • C) We are not supposed to use these features because they will allow the bad guys to break into our networks Ė itís wasteful but a necessary inconvenience.
  • D) Only connect to authorized Internet and internal network sites.
  • E) You may only use modems for connecting to other computers if you do so through a STU phone connection using an authorized key at the proper classification level.
Question 11: A critical unclassified system required to maintain real-time control of a remote motorized vehicle is down. In order to get it back up, we need to make a floppy boot disk from a CD-ROM. Unfortunately, the only floppy disks available were used 6 months ago in a classified system. The nearest floppy disk is several hours away and the remote vehicle may fail before we can get an unclassified disk.
  • A) Use a classified floppy and report the violation later.
  • B) Declare the critical system classified and use the classified disks. Then scrub the system of classified data later.
  • C) Format the classified floppies with a classified system using the most thorough reformatting available. This should make the disks clean for use in an unclassified system.
  • D) Read the contents of the floppies to determine if there is any real classified information on them, and once you find one that has no classified data, downgrade if for unclassified use.
  • E) Do D then C and then format the floppies again on an unclassified system just to make certain, then use them.
  • F) Let the remote vehicle crash.
Question 12:As an April Fools joke, and employee forges an email from the CEO to all corporate employees indicating that a special 10% of annual base pay bonus has been awarded because of superior quality and performance and that this one-time bonus will appear in the next paycheck:
  • A) There is no policy against any of the things the employee did Ė no punishment will be given, but the policy will be changed.
  • B) The CEO decides that it would be very disruptive to not give the bonus, and redirects the funds to that purpose, giving the employee who forged the email a corporate award for initiative.
  • C) There is no way to trace such a forgery to its source, so even though it violates the policy against using another usersí identity, the user will get away with it.
  • D) While it is widely believed that this activity would be untraceable, it is traceable and the employee will likely be sanctioned in a timely fashion for violating the law against misuse of government owned or sponsored computers.
  • E) A joke is a joke Ė no big deal. The employee will be warned, the rest of the corporation will be told it was a Ďspamí, and new safeguards will be put in [place to prevent such things in the future.
Question 13:After a long day at the office, you are called into an emergency meeting with the boss just at the time when you have a large collection of classified information open in scores of windows on your screen.
  • A) You can use your screen saver to secure the system while you are away.
  • B) The screen saver is not secure enough Ė you are required to lock your office door as well as use the screen saver.
  • C) When you are not using a classified system it must be disconnected from networks. Disconnect it even though this will terminate your remote sessions and may cause a system crash.
  • D) When you are not using a classified system it must be turned off and classified disks locked away. Turn the system off, put the disks away, and start again when you get back.
  • E) Tell the boss this is an inconvenient time and indicate that you will be there when you have finished this critical task.
  • F) Since classified systems are only allowed in classified areas, leave the system as it is and go to the meeting.
Question 14: Attackers from over the Internet can and have:
  • A) sent email that makes computers crash and lose vital data
  • B) set up a Web page that causes a computer to send company confidential information out over the Internet
  • C) corrupt a program downloaded from the Internet to gain access to company computers
  • D) silently use a computerís modem to dial a phone number that charges by the minute for its use
  • E) broken into company computers using browsers on PCs to bypass firewalls and other security measures
  • F) all of the above.
Question 15: If you think your computer has been broken into, the first thing you should do is:
  • A) Turn off the computer
  • B) Call the corporate help desk
  • C) Call the ISSO
  • D) Backup your files
  • E) Disconnect your computer from the network
  • F) Report it to your supervisor
Question 16: Which of the following services are safe to use from your computer:
  • A) The Web
  • B) Telnet
  • C) File transfer protocol (Ftp)
  • D) Internet telephone software
  • E) Gopher
  • F) Email
  • G) None of these
  • H) All of these
Question 17: The punishment for bypassing security controls can include:
  • A) Disciplinary action up to and including dismissal
  • B) Personal financial liability for any losses resulting from the bypass
  • C) Jail time if the action results in an act of corporate espionage or financial theft
  • D) All of the above
Brought to you by Management Analytics from