40.4, Information Security Flashcards
Who is the person responsible for overseeing agency compliance with policies and procedures regarding the security of information and information processing assets?
The Information Security Officer (ISO)
HPM 40.4, Chapter 1
According to the State Administrative Manual, what are the two classes of information that require extra precautions?
1) Confidential Information
2) Sensitive Information
(HPM 40.4, Chapter 1)
According to Civil Code Section 1798.29, ___________ is defined as first name or first initial and last name in combination with social security and/or driver license number, and/or an account number, credit or debit card number in combination with any required security code, access code, or password.
Privacy Information
HPM 40.4, Chapter 1
True or False: employees shall obtain departmental approval prior to using personally-owned computers or electronic devices for work-related activities.
True
HPM 40.4, Chapter 1
Personnel documents, personnel rosters including personal information, or investigative materials are examples of _______ information.
Confidential information
HPM 40.4, Chapter 1
Records of departmental financial transactions are an example of ________ information.
Sensitive information
HPM 40.4, Chapter 1
True or False: confidential information is exempt from disclosure under the provisions of the California Public Records Act.
True
HPM 40.4, Chapter 1
True or False: fax machines may be used to transmit confidential or sensitive information.
True (but only when no alternative is available and only when the information is transmitted from one secure location to another secure location)
(HPM 40.4, Chapter 1)
How often is the CHP 101, Appropriate Use of Automated Information and Systems Statement required to be read and signed by employees in the presence of a supervisor?
Annually
HPM 40.4, Chapter 2
What is the retention period of the CHP 101, Appropriate Use of Automated Information and Systems Statement form?
Three years
HPM 40.4, Chapter 2
How many grace logins are permitted after an employee’s password has expired?
Six
HPM 40.4, Chapter 2
The contents of all departmental file servers, excluding email messages, are backed up how often?
Every four weeks
HPM 40.4, Chapter 2
True or False: departmental email users shall not send email messages to anyone they would not normally call directly on the phone.
True
HPM 40.4, Chapter 3
Are departmental employees permitted to access third-party internet email providers (e.g., Gmail, Hotmail, Yahoo, AOL) from CHP network computers?
No
HPM 40.4, Chapter 3
Are departmental employees permitted to create mail rules that automatically forward their email messages to personal email accounts?
No
HPM 40.4, Chapter 3
True or False: the Department has the right to monitor and log all network activity, including email, with or without notice.
True
HPM 40.4, Chapter 3
Email messages that have been deleted from the “Deleted Items” folder can be recovered for up to ______ days from the date of deletion, and may be used in any subsequent investigative processes.
30 days
HPM 40.4, Chapter 3
Computer users who receive or download files from remote computers ________ (should/shall) scan the files for computer viruses before they store the files on the network or transfer files to others.
Shall
HPM 40.4, Chapter 4
CHP employees may use the internet for approved ____________ only.
Business purposes.
HPM 40.4, Chapter 4
Employees requesting internet access privileges shall use the ______ form.
CHP 109, Information Technology Request
HPM 40.4, Chapter 4
How often are employees required to renew a request for privileges submitted via a CHP 109, Information Technology Request?
Upon transfer to a new command.
HPM 40.4, Chapter 4
Are CHP personnel permitted to enter into contracts on behalf of the Department with Internet Service Provers for internet access?
No
HPM 40.4, Chapter 4
What does the acronym CLETS stand for?
California Law Enforcement Telecommunications System
HPM 40.4, Chapter 6
How long are agencies required to keep a record of each release of criminal offender record information (from the date of release)?
A minimum of three years
HPM 40.4, Chapter 6
A record of all releases of criminal histories is maintained on the ______ form.
CHP 263B, Criminal Offender Record Information Release Log
HPM 40.4, Chapter 6
Is it permissible to run a preliminary record check on a person prior to a “sit-along” or “ride-along” with departmental personnel?
Yes
HPM 40.4, Chapter 6
Is it permissible to have someone else inquire into your own CLETS records?
No
HPM 40.4, Chapter 6
What is the penalty for misuse of CLETS?
Adverse action
HPM 40.4, Chapter 6