40.4, Information Security Flashcards

1
Q

Who is the person responsible for overseeing agency compliance with policies and procedures regarding the security of information and information processing assets?

A

The Information Security Officer (ISO)

HPM 40.4, Chapter 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

According to the State Administrative Manual, what are the two classes of information that require extra precautions?

A

1) Confidential Information
2) Sensitive Information

(HPM 40.4, Chapter 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to Civil Code Section 1798.29, ___________ is defined as first name or first initial and last name in combination with social security and/or driver license number, and/or an account number, credit or debit card number in combination with any required security code, access code, or password.

A

Privacy Information

HPM 40.4, Chapter 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False: employees shall obtain departmental approval prior to using personally-owned computers or electronic devices for work-related activities.

A

True

HPM 40.4, Chapter 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Personnel documents, personnel rosters including personal information, or investigative materials are examples of _______ information.

A

Confidential information

HPM 40.4, Chapter 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Records of departmental financial transactions are an example of ________ information.

A

Sensitive information

HPM 40.4, Chapter 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False: confidential information is exempt from disclosure under the provisions of the California Public Records Act.

A

True

HPM 40.4, Chapter 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or False: fax machines may be used to transmit confidential or sensitive information.

A

True (but only when no alternative is available and only when the information is transmitted from one secure location to another secure location)

(HPM 40.4, Chapter 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How often is the CHP 101, Appropriate Use of Automated Information and Systems Statement required to be read and signed by employees in the presence of a supervisor?

A

Annually

HPM 40.4, Chapter 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the retention period of the CHP 101, Appropriate Use of Automated Information and Systems Statement form?

A

Three years

HPM 40.4, Chapter 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many grace logins are permitted after an employee’s password has expired?

A

Six

HPM 40.4, Chapter 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The contents of all departmental file servers, excluding email messages, are backed up how often?

A

Every four weeks

HPM 40.4, Chapter 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or False: departmental email users shall not send email messages to anyone they would not normally call directly on the phone.

A

True

HPM 40.4, Chapter 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Are departmental employees permitted to access third-party internet email providers (e.g., Gmail, Hotmail, Yahoo, AOL) from CHP network computers?

A

No

HPM 40.4, Chapter 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Are departmental employees permitted to create mail rules that automatically forward their email messages to personal email accounts?

A

No

HPM 40.4, Chapter 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or False: the Department has the right to monitor and log all network activity, including email, with or without notice.

A

True

HPM 40.4, Chapter 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Email messages that have been deleted from the “Deleted Items” folder can be recovered for up to ______ days from the date of deletion, and may be used in any subsequent investigative processes.

A

30 days

HPM 40.4, Chapter 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Computer users who receive or download files from remote computers ________ (should/shall) scan the files for computer viruses before they store the files on the network or transfer files to others.

A

Shall

HPM 40.4, Chapter 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

CHP employees may use the internet for approved ____________ only.

A

Business purposes.

HPM 40.4, Chapter 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Employees requesting internet access privileges shall use the ______ form.

A

CHP 109, Information Technology Request

HPM 40.4, Chapter 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How often are employees required to renew a request for privileges submitted via a CHP 109, Information Technology Request?

A

Upon transfer to a new command.

HPM 40.4, Chapter 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Are CHP personnel permitted to enter into contracts on behalf of the Department with Internet Service Provers for internet access?

A

No

HPM 40.4, Chapter 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does the acronym CLETS stand for?

A

California Law Enforcement Telecommunications System

HPM 40.4, Chapter 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How long are agencies required to keep a record of each release of criminal offender record information (from the date of release)?

A

A minimum of three years

HPM 40.4, Chapter 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A record of all releases of criminal histories is maintained on the ______ form.

A

CHP 263B, Criminal Offender Record Information Release Log

HPM 40.4, Chapter 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Is it permissible to run a preliminary record check on a person prior to a “sit-along” or “ride-along” with departmental personnel?

A

Yes

HPM 40.4, Chapter 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Is it permissible to have someone else inquire into your own CLETS records?

A

No

HPM 40.4, Chapter 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the penalty for misuse of CLETS?

A

Adverse action

HPM 40.4, Chapter 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

The ______ is required to be notified in an instance of unauthorized disclosure, access, loss, or misuse of CLETS data.

A

Information Security Officer (ISO)

HPM 40.4, Chapter 6

30
Q

True or False: an employee may request assistance directly from the California Department of Justice when an investigation is necessary due to a breach involving CLETS.

A

False (must contact the ISO first)

HPM 40.4, Chapter 6

31
Q

How many levels of CLETS user access are there?

A

Four

HPM 40.4, Chapter 6

32
Q

An evidence officer is an example of a _______ Access Operator for CLETS at an Area office.

A

Full Access Operator

HPM 40.4, Chapter 6

33
Q

Are janitors and maintenance workers required to have CLETS training?

A

Yes (Practitioner Level Training)

HPM 40.4, Chapter 6

34
Q

How often are CLETS users required to complete recertification training?

A

Biennially (every two years)

HPM 40.4, Chapter 6

35
Q

How many Area CLETS Coordinators may each Area have?

A

Up to two

HPM 40.4, Chapter 6

36
Q

When an inquiry is made in the CLETS Stolen Vehicle System, Wanted Persons System, etc. and a “hit” is made, what must be done?

A

Immediately confirm the hit

HPM 40.4, Chapter 6

37
Q

When establishing CHP network accounts, standard security principles of _________ to perform a function shall be used.

A

“Least required access”

HPM 40.4, Chapter 7

38
Q

How often are CHP account audits, reviews, and change notifications performed to ensure that access and account privileges are commensurate with job function, need-to-know, and employment status.

A

Quarterly

HPM 40.4, Chapter 7

39
Q

How long are CHP 109, Information Technology Request forms retained in an employee’s personnel field folder.

A

The duration of their employment

HPM 40.4, Chapter 7

40
Q

Laptop computer users must connect their laptop to the network and log in at least every _____ days to ensure virus software is updated.

A

60 days

HPM 40.4, Chapter 10

41
Q

_________ software includes software not licensed for use by the Department.

A

“Illegal” software

HPM 40.4, Chapter 10

42
Q

Employees shall not copy or share ________ software.

A

Copyrighted

HPM 40.4, Chapter 10

43
Q

_________ software includes software purchased for a specific computer for use by the Department.

A

Copyrighted

HPM 40.4, Chapter 10

44
Q

If sued for copyright infringement, individuals can be charged with penalties up to _________ per infringement.

A

$150,000

HPM 40.4, Chapter 10

45
Q

If charged with a criminal violation of copyright infringement, individuals can be fined up to __________ per title infringed and up to five years imprisonment.

A

$250,000

HPM 40.4, Chapter 10

46
Q

True or False: under certain circumstances, use of personally-owned software on departmental computer systems is permitted.

A

False (it is prohibited)

HPM 40.4, Chapter 10

47
Q

True or False: installation of personally-owned or third party screensavers and/or wallpaper is permitted.

A

False (it is prohibited)

HPM 40.4, Chapter 10

48
Q

True or False: installation of departmental software on personally-owned computers is prohibited.

A

True

HPM 40.4, Chapter 10

49
Q

If an electronic storage device requires repair by a non-CHP employee but remains in a CHP facility, the repair person must sign a ________ form.

A

CHP 110, Confidentiality Agreement

HPM 40.4, Chapter 15

50
Q

When donating, selling, transferring, or disposing of computers or removable media, all sensitive and confidential data must be rendered ________.

A

Unreadable

HPM 40.4, Chapter 15

51
Q

Disposal, wiping, destroying, disintegration, incineration, pulverization, melting, and shredding are all forms of _____________.

A

Media sanitation and disposal methods.

HPM 40.4, Chapter 15

52
Q

What are two practices that do not effectively remove or protect sensitive or confidential data on data media storage and should not be used?

A

Reformatting and Ghosting

HPM 40.4, Chapter 15

53
Q

When destroying microforms by burning, what must the residue be turned into.

A

White ash

HPM 40.4, Chapter 15

54
Q

What office must be contacted in order to request approval to use social media on behalf of the Department?

A

Office of Community Outreach and Media Relations (COMR)

HPM 40.4, Chapter 16

55
Q

If the request to use social media is approved by COMR, who reviews the request for final approval?

A

The Information Security Officer (ISO)

HPM 40.4, Chapter 16

56
Q

True or False: someone who is perceived to be speaking on behalf of an agency or the state through social media Web sites is subject to all agency and state requirements addressing prohibited or inappropriate behavior in the workplace.

A

True

HPM 40.4, Chapter 16

57
Q

True or False: users shall not use their work password on social media Web sites.

A

True

HPM 40.4, Chapter 16

58
Q

True or False: personal and family matters (such as a phone call or email to a child’s daycare or school) are permitted over CHP resources while on duty.

A

True (when the matters are incidental and necessary)

HPM 40.4, Chapter 18

59
Q

True or False: CHP employees may independently elect to conduct CHP network scanning or security scanning.

A

False

HPM 40.4, Chapter 18

60
Q

True or False: peer-to-peer (file sharing) software is prohibited at CHP

A

True

HPM 40.4, Chapter 18

61
Q

Emails and instant messages (IM) distributed via CHP email and IM systems are the property of _________.

A

The Department

HPM 40.4, Chapter 18

62
Q

True or False: automatic forwarding of email messages to external recipients is permitted within the CHP network.

A

True

HPM 40.4, Chapter 18

63
Q

Under what circumstances is it permissible to transmit confidential information to external recipients over the CHP network?

A

When encrypted with a method approved by the ISO and it is appropriate to the employee’s job duties and responsibilities.

(HPM 40.4, Chapter 18)

64
Q

Prior to storing files received by either Internet or departmental email on the network, computer users shall _____________.

A

Scan the files for computer viruses

HPM 40.4, Chapter 5

65
Q

State and departmental policy require all users to _______ and ________ their computer systems at the end of the work day.

A

Shut down and power off

HPM 40.4, Chapter 5

66
Q

Employees shall utilize the ____________ as their primary file storage location.

A

Network file server

HPM 40.4, Chapter 5

67
Q

True or False: a user on CHP premises may connect CHP equipment to non-departmental wireless networks or Internet services.

A

False

HPM 40.4, Chapter 21

68
Q

The departmental File Share (CFS) system should be used to share files greater than ______ megabytes in size.

A

10

HPM 40.4, Chapter 22

69
Q

All File Share links will automatically expire _______ days from the date the link was sent.

A

30 days

HPM 40.4, Chapter 22

70
Q

Shared File Share links containing confidential information shall have an expiration set for no longer than _______ days.

A

7 days

HPM 40.4, Chapter 22

71
Q

_________ investigates the misuse of the CHP File Share system.

A

Computer Crimes Investigations Unit (CCIU)

HPM 40.4, Chapter 22

72
Q

What forms must be completed by an employee before he or she is permitted to access departmental email via a personal smartphone and/or tablet?

A

1) CHP 109, Information Technology Request
2) SIMM 5360-B, Remote Access Agreement

(HPM 40.4, Chapter 17)