Secure Usage of Internet and Email
Computer Security
Secure Usage of Intermet and Eman
1. Under which circumstances you are permitted to
InfosysPoliciesand Procedures
Security within Premises and
outside
Business Continuity Management
Intellectual PropertyRights
Privacy and Data Protection
Anti bribery and anti-corruption
module
PEOPLE SECURITY AND ASHI
AWARENESS
Privacyand Data Protection for
Delivery
Conflict of Interest and Code
Certification
download and use a trial version of a software for
developing Client code
Oa. The deadline of the projectis nearing and there Correct Answer
would be an impact on business if the software is not You should not downlo0ad
downloaded and installed and use the trial version of
Ob. If there is a written approval from the Client and anysoftware even if it is
reporting manager at Infosys suggested by your manager
and even if you have
Oc. If the trial version has been used for past deliverables reached the deadline. You
but on a different computer
can politely decline doing
Od. Not under any circumstances. Options such as, the same andreferthem to
the Information Security
alternative licensed software's or requestfor the policy which states that
purchase of the required software must be explored
only authorized and
Oe. Options a &c licensed software shall be
installed and used in our
work environment. You can
try an alternative software
inSoftware house or
Software Security
Validation Portal (SSVP).
You will be held
responsible for the usage
even if it was suggested by
your manager since the
offence was committed by
you.
 ex-Infoscion over a WebEx Correct Ansrer
Oa. You seek help from an

session Sharing Client confidential

data including source code
Ob. You upload the code in GitHub to seek help from
the
with unauthorized users
developer community
via email, internet forums,
Oc. You seek help of your manager who in turn connects Instant messaging and
to assist WebEx etc. is against the
you to a senior developer in the team
Infosysand Client
Od. You seek help from a fellow Infoscion who was
Information Security
previously in the same project however now works
for a
Policies and could result in
different Client an Information Security
Breach. When in doubt,
seek assistance from your
manager

3. You want to ocomplete a job over the weekend and you

don't have an Infosys /Client laptop. What is the best way
for you to share the project documents marked as
Confidential ?

a . in the client network, save the documents in drafts Correct Answer

folder in your personal email ID, download and work on
them from home
Clientconfidential
information muSt not be
b.Send the document from Client email ID to personal Ssent outside the Client
email IDD network to eitherlnfosys
D, personal email 1D or
. Confidential Client files must not be sent outside upioaded to publically
Client network thus you will plan to come to office on
availabie sitesand
the weekend to complete the task or plan your technicalforumS etc
deliverablesaccordingly. Aritess explicitly authorized
d .Files can be sent from Client to Infosys network bythe lient
hence you will send them to Infosys email iD and then
forward the same to your personal email 1D

4. You receive an email that appears to be from the Infosys

Finance teanm, with 1** External Email I tag, reqtaestin
 You receive an email that appears to be from the Infosys
Finance team, with ** External Email *] tag, requesting
you to click on a link and share your email 1D, password
and login aredentials etc. What action would you take?

Oa. Since this is from the Finance department, you will Correct Answel
access the site by clicking on the link given in the email
Phishingemailsappearto
and update the requested details
besentfrom legitimate
Ob. 1gnore the email SOurces/businesses, but
are actually created and
Oc. Notify Information Security Group (ISG) on distributed by hackerswho
[email protected] by attaching the suspicious email for are afteryour personal
investigation official information. Also
no department/company
Od. Log an AHD (Advanced Help Desk) request with IS
willask you to shareyour
(Information Systems)team seeking furtherclarity on
the email
credentials directly.
Further, be vigilant about
mails tagged as [**External
Mail] as they always
originate from an external
sender, If you a receive
such an email, the correct
action would be to report
the same to ISG via
email/helpdesk number or
by forwarding the mail to
[email protected]. Quick
action on such suspicious
email would help avoid
other unsuspecting victims
from falling prey to
phishing emails.
5. Which of the following is the correct medium to report an
Information Security Incident?

Oa. Sending an email to [email protected]

Correct Answer
Ob. Raising an AHD (Advanced Help Desk) with ISG Information Security
(Information Security Group) team or choose option 2 in incident (even if
the global help desk number suspected)should be
Oc. Call global helpdesk number and choosing the option reportedvia raising AHD
1 (Advanced Help Desk)
sending an email to
Od. a &c [email protected] or
calling the global helpdesk
number and choosing the
option 2.

6. You have been working on piece of code for a Client

project. Now that it is complete, you want to forward it to
your Infosys ID so that you can refer to it for future
projects. Is this permitted?

a. Yes, this will benefitInfosysfor other projects

Correct Answer
b . No, Client code shali not be sent to infosys email iD or Client data including
personal email ID as this can result in an Information confidential source code
Security Breach must not be sent toinfosys
ID or reused unless
C.Yes, you will ensure to remove any mention of client
authorized explicitly by the
name, IP addresses and credentials etc.before you
reuse it
Client team Further
uploadingCiient
contidentiaiintormation
overpublicaliy available
Sites and technical forums
et is strictiyprohibited as
t cart ead to data leakage.
7. You are planning to take up an online personal
certification which will help you in better time
management at work. You need to register on the website
by providing an email ID for further oommunication. What
would you do?

Oa. It is preferable to use personal email ID and the Correct Answer

password of your Infosys ID so that you don't lose track Do not use your infosys
of any important notifications
email addresspassword
Ob. It is preferable to use personal email ID and unique inInternet programs,
password so that you don't lose track of any important online
notifications feedback/suggestion
forms,newsgroups or
Oc. For the ease of use, give Infosys email ID and other discussion forums
credentials for your registration,so that you don't lose etc. as such actions can
track of the notifications inviteunsolicited spam
emails or even targeted
phishingcampaigns for the
org anization and you.

8. While browsing the Internet via Infosys network, you

accidentally come across a site which seems malicious but
is not blocked as per Infosys Internet Access Policy. What
action would you take?

a .Explore the site further because it is not blocked as Corre Ansr

per policy nfosys empioyeesare
b. Exit from the site immediately and notify CCD requrd to use ntenet
Computers and .ommunication Division) and isG appropriately and beiow
information Security Group) team through AHD are few examples of
unacceptable usage as per
Advanced Help Desk)
nfosys Internet access
c.
Ask your team member to explore it instead of
oity: 1 Visit sites that
yourself CContain obscene, hatetu or
d. Exit from the site immediately and notify 1s ther objectionable
(Information Systems) team about it waterlals. 2. Make or post
indecentreniarks,