40.4, Information Security Flashcards
Who is the person responsible for overseeing agency compliance with policies and procedures regarding the security of information and information processing assets?
The Information Security Officer (ISO)
HPM 40.4, Chapter 1
According to the State Administrative Manual, what are the two classes of information that require extra precautions?
1) Confidential Information
2) Sensitive Information
(HPM 40.4, Chapter 1)
According to Civil Code Section 1798.29, ___________ is defined as first name or first initial and last name in combination with social security and/or driver license number, and/or an account number, credit or debit card number in combination with any required security code, access code, or password.
Privacy Information
HPM 40.4, Chapter 1
True or False: employees shall obtain departmental approval prior to using personally-owned computers or electronic devices for work-related activities.
True
HPM 40.4, Chapter 1
Personnel documents, personnel rosters including personal information, or investigative materials are examples of _______ information.
Confidential information
HPM 40.4, Chapter 1
Records of departmental financial transactions are an example of ________ information.
Sensitive information
HPM 40.4, Chapter 1
True or False: confidential information is exempt from disclosure under the provisions of the California Public Records Act.
True
HPM 40.4, Chapter 1
True or False: fax machines may be used to transmit confidential or sensitive information.
True (but only when no alternative is available and only when the information is transmitted from one secure location to another secure location)
(HPM 40.4, Chapter 1)
How often is the CHP 101, Appropriate Use of Automated Information and Systems Statement required to be read and signed by employees in the presence of a supervisor?
Annually
HPM 40.4, Chapter 2
What is the retention period of the CHP 101, Appropriate Use of Automated Information and Systems Statement form?
Three years
HPM 40.4, Chapter 2
How many grace logins are permitted after an employee’s password has expired?
Six
HPM 40.4, Chapter 2
The contents of all departmental file servers, excluding email messages, are backed up how often?
Every four weeks
HPM 40.4, Chapter 2
True or False: departmental email users shall not send email messages to anyone they would not normally call directly on the phone.
True
HPM 40.4, Chapter 3
Are departmental employees permitted to access third-party internet email providers (e.g., Gmail, Hotmail, Yahoo, AOL) from CHP network computers?
No
HPM 40.4, Chapter 3
Are departmental employees permitted to create mail rules that automatically forward their email messages to personal email accounts?
No
HPM 40.4, Chapter 3
True or False: the Department has the right to monitor and log all network activity, including email, with or without notice.
True
HPM 40.4, Chapter 3
Email messages that have been deleted from the “Deleted Items” folder can be recovered for up to ______ days from the date of deletion, and may be used in any subsequent investigative processes.
30 days
HPM 40.4, Chapter 3
Computer users who receive or download files from remote computers ________ (should/shall) scan the files for computer viruses before they store the files on the network or transfer files to others.
Shall
HPM 40.4, Chapter 4
CHP employees may use the internet for approved ____________ only.
Business purposes.
HPM 40.4, Chapter 4
Employees requesting internet access privileges shall use the ______ form.
CHP 109, Information Technology Request
HPM 40.4, Chapter 4
How often are employees required to renew a request for privileges submitted via a CHP 109, Information Technology Request?
Upon transfer to a new command.
HPM 40.4, Chapter 4
Are CHP personnel permitted to enter into contracts on behalf of the Department with Internet Service Provers for internet access?
No
HPM 40.4, Chapter 4
What does the acronym CLETS stand for?
California Law Enforcement Telecommunications System
HPM 40.4, Chapter 6
How long are agencies required to keep a record of each release of criminal offender record information (from the date of release)?
A minimum of three years
HPM 40.4, Chapter 6
A record of all releases of criminal histories is maintained on the ______ form.
CHP 263B, Criminal Offender Record Information Release Log
HPM 40.4, Chapter 6
Is it permissible to run a preliminary record check on a person prior to a “sit-along” or “ride-along” with departmental personnel?
Yes
HPM 40.4, Chapter 6
Is it permissible to have someone else inquire into your own CLETS records?
No
HPM 40.4, Chapter 6
What is the penalty for misuse of CLETS?
Adverse action
HPM 40.4, Chapter 6
The ______ is required to be notified in an instance of unauthorized disclosure, access, loss, or misuse of CLETS data.
Information Security Officer (ISO)
HPM 40.4, Chapter 6
True or False: an employee may request assistance directly from the California Department of Justice when an investigation is necessary due to a breach involving CLETS.
False (must contact the ISO first)
HPM 40.4, Chapter 6
How many levels of CLETS user access are there?
Four
HPM 40.4, Chapter 6
An evidence officer is an example of a _______ Access Operator for CLETS at an Area office.
Full Access Operator
HPM 40.4, Chapter 6
Are janitors and maintenance workers required to have CLETS training?
Yes (Practitioner Level Training)
HPM 40.4, Chapter 6
How often are CLETS users required to complete recertification training?
Biennially (every two years)
HPM 40.4, Chapter 6
How many Area CLETS Coordinators may each Area have?
Up to two
HPM 40.4, Chapter 6
When an inquiry is made in the CLETS Stolen Vehicle System, Wanted Persons System, etc. and a “hit” is made, what must be done?
Immediately confirm the hit
HPM 40.4, Chapter 6
When establishing CHP network accounts, standard security principles of _________ to perform a function shall be used.
“Least required access”
HPM 40.4, Chapter 7
How often are CHP account audits, reviews, and change notifications performed to ensure that access and account privileges are commensurate with job function, need-to-know, and employment status.
Quarterly
HPM 40.4, Chapter 7
How long are CHP 109, Information Technology Request forms retained in an employee’s personnel field folder.
The duration of their employment
HPM 40.4, Chapter 7
Laptop computer users must connect their laptop to the network and log in at least every _____ days to ensure virus software is updated.
60 days
HPM 40.4, Chapter 10
_________ software includes software not licensed for use by the Department.
“Illegal” software
HPM 40.4, Chapter 10
Employees shall not copy or share ________ software.
Copyrighted
HPM 40.4, Chapter 10
_________ software includes software purchased for a specific computer for use by the Department.
Copyrighted
HPM 40.4, Chapter 10
If sued for copyright infringement, individuals can be charged with penalties up to _________ per infringement.
$150,000
HPM 40.4, Chapter 10
If charged with a criminal violation of copyright infringement, individuals can be fined up to __________ per title infringed and up to five years imprisonment.
$250,000
HPM 40.4, Chapter 10
True or False: under certain circumstances, use of personally-owned software on departmental computer systems is permitted.
False (it is prohibited)
HPM 40.4, Chapter 10
True or False: installation of personally-owned or third party screensavers and/or wallpaper is permitted.
False (it is prohibited)
HPM 40.4, Chapter 10
True or False: installation of departmental software on personally-owned computers is prohibited.
True
HPM 40.4, Chapter 10
If an electronic storage device requires repair by a non-CHP employee but remains in a CHP facility, the repair person must sign a ________ form.
CHP 110, Confidentiality Agreement
HPM 40.4, Chapter 15
When donating, selling, transferring, or disposing of computers or removable media, all sensitive and confidential data must be rendered ________.
Unreadable
HPM 40.4, Chapter 15
Disposal, wiping, destroying, disintegration, incineration, pulverization, melting, and shredding are all forms of _____________.
Media sanitation and disposal methods.
HPM 40.4, Chapter 15
What are two practices that do not effectively remove or protect sensitive or confidential data on data media storage and should not be used?
Reformatting and Ghosting
HPM 40.4, Chapter 15
When destroying microforms by burning, what must the residue be turned into.
White ash
HPM 40.4, Chapter 15
What office must be contacted in order to request approval to use social media on behalf of the Department?
Office of Community Outreach and Media Relations (COMR)
HPM 40.4, Chapter 16
If the request to use social media is approved by COMR, who reviews the request for final approval?
The Information Security Officer (ISO)
HPM 40.4, Chapter 16
True or False: someone who is perceived to be speaking on behalf of an agency or the state through social media Web sites is subject to all agency and state requirements addressing prohibited or inappropriate behavior in the workplace.
True
HPM 40.4, Chapter 16
True or False: users shall not use their work password on social media Web sites.
True
HPM 40.4, Chapter 16
True or False: personal and family matters (such as a phone call or email to a child’s daycare or school) are permitted over CHP resources while on duty.
True (when the matters are incidental and necessary)
HPM 40.4, Chapter 18
True or False: CHP employees may independently elect to conduct CHP network scanning or security scanning.
False
HPM 40.4, Chapter 18
True or False: peer-to-peer (file sharing) software is prohibited at CHP
True
HPM 40.4, Chapter 18
Emails and instant messages (IM) distributed via CHP email and IM systems are the property of _________.
The Department
HPM 40.4, Chapter 18
True or False: automatic forwarding of email messages to external recipients is permitted within the CHP network.
True
HPM 40.4, Chapter 18
Under what circumstances is it permissible to transmit confidential information to external recipients over the CHP network?
When encrypted with a method approved by the ISO and it is appropriate to the employee’s job duties and responsibilities.
(HPM 40.4, Chapter 18)
Prior to storing files received by either Internet or departmental email on the network, computer users shall _____________.
Scan the files for computer viruses
HPM 40.4, Chapter 5
State and departmental policy require all users to _______ and ________ their computer systems at the end of the work day.
Shut down and power off
HPM 40.4, Chapter 5
Employees shall utilize the ____________ as their primary file storage location.
Network file server
HPM 40.4, Chapter 5
True or False: a user on CHP premises may connect CHP equipment to non-departmental wireless networks or Internet services.
False
HPM 40.4, Chapter 21
The departmental File Share (CFS) system should be used to share files greater than ______ megabytes in size.
10
HPM 40.4, Chapter 22
All File Share links will automatically expire _______ days from the date the link was sent.
30 days
HPM 40.4, Chapter 22
Shared File Share links containing confidential information shall have an expiration set for no longer than _______ days.
7 days
HPM 40.4, Chapter 22
_________ investigates the misuse of the CHP File Share system.
Computer Crimes Investigations Unit (CCIU)
HPM 40.4, Chapter 22
What forms must be completed by an employee before he or she is permitted to access departmental email via a personal smartphone and/or tablet?
1) CHP 109, Information Technology Request
2) SIMM 5360-B, Remote Access Agreement
(HPM 40.4, Chapter 17)
