Type
Crossword
Description

Gain entry ACCESS
Form one from many AGGREGATE
Data of value to the AAMC ASSET
Data on a break ATREST
Inspect gadgets? AUDIT
Body identifier BIOMETRIC
Script runner BOT
Reportable loss BREACH
Cause of something unexpected BUG
Western limit on purchaser data (Abbr.) CCPA
Needing a “need to know” CONFIDENTIAL
Give permission CONSENT
Computer related CYBER
Datums corrected DATA
Remove data when no longer needed DELETE
Make known DISCLOSE
AAMC team responsible for responding to data breaches DSIRT
Safe harbor for lost data ENCRYPTION
___ Information Privacy Principles FAIR
School data law (Abbr.) FERPA
Network traffic control FIREWALL
DOB: 25 May 2018 GDPR
AAMC’s most protective data classification HIGHLYSENSITIVE
A health beast, not a water beast (Abbr.) HIPAA
Top cause of data breaches HUMANERROR
Drawer containing sensitive data, ideally LOCKED
Result of failed entries LOCKOUT
Record of activity LOG
Reduce or eliminate MINIMIZE
Deploy contrary to specified purpose MISUSE
Not “12345678” PASSWORD
Hot fix PATCH
Individual with privacy rights PERSON
Request from Nigerian prince? PHISH
Maple flavored privacy law PIPEDA
Conveyer of lost passwords POSTIT
Appropriate use of personal information under the circumstances PRIVACY
Name under another name PSEUDONYM
In open view PUBLIC
AAMC data classification for “Internal Use Only” RESTRICTED
Continued possession of data RETENTION
One basis for access rights ROLE
Protected SECURE
How incidents are classified SEVERITY
Data tender STEWARD
Form by instruction TRAIN
Move data from place to another TRANSFER
What AAMC must keep along with the data it collects TRUST
Data giver USER
Infectious malware VIRUS
Fraud by phone VISH
Big social engineering target WHALE
Free does not mean free from harm WIFI

Information Security and Privacy Crossword Puzzle

Type
Crossword
Description

These need to be strong enough that others won't guess them Passwords
Keep it _________ and Secure Safe
When clicking on a suspicious link in an email you could be caught ____________ phishing
If you suspect a privacy or security breach, you must report it ______________ Immediately
This type of agreement is needed when a vendor needs to access PHI to do work on our behalf Business Associate
This is used to access Partners information remotely VPN
Privacy and Security Regulations HIPAA
Before stepping away from your computer, always click on the yellow ___________ so no one else can access your information Lock
Report a lost device immediately by contacting the Service Desk
When this is installed on your computer, it can lead to spreading a virus across the network Malware
When travelling with a laptop in your vehicle, always keep it in the ___________ Trunk
Where not to keep your laptop or other work information when travelling in a car seat
Name of the repository for Partners Policies Archer
What is the name of the Partners Chief Information Security and Privacy Officer? Jigar Kadakia
Even accessing patient _________ in Epic, without a business need to know is a violation of policy demographic information

Security Awareness Word Scramble

Type
Word Scramble
Description

secret
responsibility
protect
confidential
top secret
email
encryption
firewall
malware
backup
virus
surf
theft
piracy
internet
policies
violations
phishing
need to know
attacks
facility security officer
homeland security
department of defense
police department
FBI
copyright
background checks
privacy
phone fraud
safety
log out
login
fraud
hoax
chain letters
network
security
spam
hackers
report
cybersecurity
threat
monitor
access
badges
serve
secure
tailgate
insider threat
accounts
scams
crime
passwords
breach
keylogger
spoofing
ransomware
intrusion detection
multifactor authentication
personal protective equipment
certified
trained
speak up
look out

HIPAA COMPLIANCE TRAINING Crossword

Type
Crossword
Description

I can not take _______________ inside the Hospital. Selfies
What do the initials ePHI stand for electronically Protected Health _________ ? Information
Abbreviation for the Health Insurance Portability and Accountability Act of 1996? HIPAA
Every patient has the right to ___________ with their medical treatment and conditions. Privacy
By law hospitals must train annually on HIPAA ____________. Compliance
Hospitals have ___________ and procedures to meet Federal HIPAA rules and regulations. policies
If you suspect someone is violating the facility's privacy policy , you should? report
HIPAA security and privacy applies to everyone ______ in the facility. working
HIPAA is governed by _____ and Human Services? Health
HIPAA was created with _____ standards for all patients. Security
Accessible __________ Health Information (PHI) is limited to only that information needed for performance of services. Protected
Personally identifiable health information is protected by HIPAA includes photographic, electronic, spoken word and ______? Paper
I may not post any identifiable information on______? Social media
All information regarding patients must stay confidential. I can not even tell my friends or ____. Family
I may not share my computer log-in _____ with anyone. Password

Cyber Security Crossword

Type
Crossword
Description

any software program in which advertising banners are displayed while the program is running. Adware
designed to detect and destroy computer viruses. Antivirus
an attempt by hackers to damage or destroy a computer network or system. Attack
a method, often secret, of bypassing normal authentication in a product back door
refers to the process of making copies of data or data files to use in the event the original data or data files are lost or destroyed. backup
refers to the process of making copies of data or data files to use in the event the original data or data files are lost or destroyed. Blended threat
are similar to worms and Trojans, but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the cybercriminals) who are often safely located somewhere far across the Internet. bots
are small files that Web sites put on your computer hard disk drive when you first visit cookie
body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access cyber security
made possible by using algorithms to create complex codes out of simple data, effectively making it more difficult for cyberthieves to gain access to the information encryption
a network security system, either hardware- or software-based, that controls incoming and outgoing network traffic based on a set of rules. firewall
someone who seeks and exploits weaknesses in a computer system or computer network. hacker
global system of interconnected computer networks that use the Internet protocol suite internet
a local or restricted communications network, especially a private network created using World Wide Web software. intranet
used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. malicious code
the activity of defrauding an online account holder of financial information by posing as a legitimate company. phishing
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. spyware
any malicious computer program which is used to hack into a computer by misleading users of its true intent trojan horse
a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data virus
a standalone malware computer program that replicates itself in order to spread to other computers. worm

Quartz Security: Crossword puzzle for National Cyber Security Awareness Month 2017

Type
Crossword
Description

a list of entities that are blocked or denied access/privilege BLACKLIST
the unauthorized access and disclosure of sensitive information released outside of an unauthorized organization DATA BREACH
specialized techniques for gathering, retaining and analyzing data as evidence for investigations FORENSICS
an act of pretending to be from a reputable organization to deceive individuals into providing sensitive information PHISHING
a list of organizations that are considered trustworthy or allowed access/privilege WHITELIST
ensuring information with sensitive data remain hidden, inaccessible to unauthorized users. DATA PRIVACY
a type of malware that requires some type of payment to either remove the malware by the hacker, or retrieve files that have been encrypted by the hacker. RANSOMWARE
a type of digital currency Bitcoin
The practice and process designed to help protect one or an organizations networks, computers, programs and data from unauthorized access. cybersecurity
Medical history information, laboratory results, insurance information and other healthcare data an entity collects to identify an individual Personal health Information
The name of the leader who you would report security incidents to Charlie Pierce
The name of the leader who you would report privacy incidents to Kelly Skifton
The name of our Chief Information Officer who oversees the IT Infrastructures at Quartz Marybeth Bay
Duo-Security is considered what type of authentication when logging in remotely? Multifactor
Name of the form used to submit requests for: Hardware/Software, Security, Telecom or Facilities (Badging only) IT Request Form
To report a compliance incident, who do you contact? compliancehotline
Quartz policy and procedure S014 outlines what type of policy? ACCEPTABLE USE
The process of taking an unencrypted message or data and applying a mathematical function to it, to produce an encrypted message ENCRYPTION
What process do you need to go through for approval before files can be exchanged externally? externaldatareview
You are required to wear this item at all times while on Company premises badge
When a person tags along with another person who is authorized to gain entry pass a certain checkpoint piggyback

Information Security Word Search

Type
Word Search
Description

awareness
data
strategy
regulation
breach
threat
control
access
HIPAA
ARRA
integrity
confidentiality
availability
security
privacy

HIPAA Awareness Crossword

Type
Crossword
Description

One of the core values Integrity
Amount of information needed to accomplish a task (2 wrds) Minimum Necessary
Person with access to the system User
Privacy Officer Emily Calvillo
Person or organization that maintains, creates, transfers, or receives PHI to perform a function on behalf of HRHS (2 wrds) Business Associate
When PHI is exposed we have committed a ___ of the patient's privacy Violation
Reportable event Breach
Document describes a patients rights to their health information NPP
One of the core values Compassion
The release, transfer, access to or divulging of patient information Disclosure
Immediate areas consisting of a desktop, laptop and other items to complete work Workstation
Method used to protect electronic data Encryption
One of the core values Accountability
Employees, volunteers, students/observers who represent the facility are members of the __ Workforce
A state of NOT protecting PHI Unsecured
HRHS strives to protect the ____ of its patients Privacy
Confidential measure used to protect systems made up of a string of characters Password
A state of protected PHI from unauthorized users Secured
Protected Health Information PHI
Person who is the subject of PHI Individual
One of the core values Respect
Management of healthcare services to an individual Treatment
Committee responsible for reviewing internal HIPAA concerns, policies and procedures HOC
One of the core values Excellence

Crossword - Exercise 1

Type
Crossword
Description

A basic security mechanism that consists of a secret word or phrase that must be used to gain access to an account Password
An attempt by hackers to damage or destroy a computer network or system. Attack
Someone who seeks and exploits weaknesses in a computer system or computer network. Hacker
The process of confirming the correctness of the claimed identity Authentication
e-mails that appear to originate from a trusted source to trick a user into entering valid credentials on a fake website Phishing
The body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access Cyber Security
A standalone malware computer program that replicates itself in order to spread to other computers. Worm
Are small files that Web sites put on your computer hard disk drive when you first visit Cookies
A technology that allows us to access our files through the internet from anywhere in the world. Cloud
Appears at the beginning of the web-link of a secured website HTTPS
Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc. Spam
A data classification mode that describes certain data or document as a secret Reporting
A government agency in Qatar that handles all reported incidents related to cyber attacks QCERT
The art of manipulating people to get access to sensitive information Social Engineering
A software that is a type of utility used for scanning and removing harmful software from your computer Antivirus
Any software program in which advertising banners are displayed while the program is running Adware
The use of electronic communication to bully a person Cyberbullying
A phone call tactic in which individuals are tricked into revealing critical financial or personal information Vishing
A software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive Spyware
Similar to worms and Trojans but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the cyber criminals) who are often safely located somewhere far across the Internet. Bots

IT&S Cyber Security Crossword Puzzle

Type
Crossword
Description

A software that is designed and destroy computer viruses Antivirus
Do not leave your laptop or computer ___________________ Unattended
A ___________ is a hardware of a software that helps keep hackers from using your computer and it watches for outside attempts to access your system and blocks communication that you don't permit Firewall
Email scam or attempt to trick you into giving your password or personal information Phishing
The state of being free from danger and threat Security
A ___________ is often an email that gets mailed in chain letter fashion describing some devasting. highly unlikely type of virus. HOAX
Choose a password that is easy for you _______________ but hard for you someone to guess. Remember
Also known as malicious software any; any program or file that is harmful to a computer user Malware
Passwords should should always be at least this many characters long. Eight
A _______ assessment is the process by which risks are identified and the impact of those risks determined Risk
Applied to data to protect it from unauthorized use in case of theft or loss. Encryption
Always _______your computer when you leave your desk Lock
To protect personal information, avoid sending it via Email
_________________ is a software that gathers computer user information and transmits it to the creator of the software without the explicit knowledge or informed consent of the user SPYWARE
A collection of information that is organized so that it can easily be accessed, managed and updated Database
Never share your _________ with another person Password

Data Privacy Word Search

Type
Word Search
Description

customer data
Data
health information
HIPAA
password
patient data
Privacy
protection
Security
shredder
unencrypted
unsecured