11. Knowledge Check & Quick Reference

Modified on Mon, 13 Apr at 8:48 PM

Sample Questions

Q1: Your CFO calls requesting an $85K wire to a new vendor. Caller ID matches. First action? — (C) Pause, recognize the trigger, initiate a SureCircle challenge.

Q2: An IT caller refuses your SureCircle challenge, citing urgency. Action? — (B) End the call, escalate to manager and SOC. Refusal = presumptive impersonation per policy.

Q3: A vendor passes SureCircle and requests a payment-routing change. Action? — (C) Process through the standard approval workflow requiring secondary email confirmation. Verification confirms identity but does not bypass procedural controls.

Quick-Reference Card

SURECIRCLE QUICK REFERENCE
PAUSE → CHALLENGE → CONFIRM or ESCALATE
STANDARD PHRASE	“Our policy requires me to verify your identity through SureCircle before I can take any action—can you confirm?”
CHALLENGE WHEN	Wire transfers • Payment changes • Credential resets • MFA requests • Remote-access installs • Sensitive data • Urgency or secrecy pressure • Inbound “bank” or “vendor” contact
IF VERIFIED	Proceed through normal approval workflow. Verification confirms identity—it does not bypass dual-authorization or other controls.
IF FAILED/REFUSED	STOP. Do not comply. Document. Notify manager (phone/in-person). Report to SOC. If financial, alert CFO’s office.
NOT IN CIRCLE	Do not treat as trusted. Contact independently through a known channel. If unresolvable, escalate.
DEFAULT RULE	When in doubt, challenge. 30 seconds has never caused a loss. Skipping has cost tens of millions.
EMERGENCY	[CISO hotline] \| [SOC email/Slack] \| [CFO direct line]