40.4 Information Security and Privacy

Question 1

Employees shall obtain _____ _____ prior to using personally-owned computers or electronic devices (i.e., USB/flash drives, portable hard drives, smart phones, tablets) for work-related activities.

Answer 1

departmental approval

Question 2

What form shall be used when requesting use of technology outside of state issued equipment or specific internet access?

Answer 2

CHP 109

Question 3

It is the responsibility of _____ ____ to protect these assets and take a proactive role in preserving CHP data and associated computer resources/equipment.

Answer 3

every user

Question 4

Only the _____ __ _____ _____, with the approval of the Department ISO, has the authority to approve the ongoing monitoring of a specific account

Answer 4

Office of Internal Affairs

Question 5

Employees who receive inappropriate e-mail through the departmental e-mail system shall immediately forward the e-mail to their respective ________ for investigation and resolution. After forwarding an inappropriate e-mail, employees shall delete the e-mail from their respective account.

Answer 5

commander

Question 6

Employees should consider all postings on such sites as ______, whether or not they have marked the site as private, locked, etc., due to the possibility of third parties importing parts of the site into the public domain

Answer 6

Public

Question 7

Short term access to wireless network for visitors could be granted. Temp accounts could be made. This access lasts for ___ ________ day(s) and ending at ____ hours.

Answer 7

one business, 1700

Question 8

With the exception of employees who have been trained and designated as ‘Information Officers’ by Office of Community Outreach and Media Relations, maintenance of a social network site and/or social media while on duty is prohibited, as well as off-duty
postings that may cause discredit to the Department, and unauthorized posting of Department badges, uniforms, emblems, etc. (refer to Chapter 16 of this manual). Also, due to the possibility that, once posted, pictures, video recordings, and other images of CHP peace officers may exist in cyberspace forever, CHP peace officer employees should be aware that such postings could make them ineligible for specialized positions where anonymity is required. In addition, due to potential personal and professional ramifications of such postings, CHP employees are advised that they should obtain permission from the CHP peace officers who are in the image prior to posting photographs, videos, or any image of CHP peace officers on the Internet, whether or not identified as a peace officer.

Answer 8

That one was a fun fact

Question 9

Be advised that the Department ____ hold employees responsible for all postings on their Web sites or social network/media, and ____ take disciplinary action, up to and including dismissal, if any employee misuses CHP materials and/or images of uniformed CHP peace officers

Answer 9

will, may

Question 10

A ____ is an unwanted computer program that copies itself into other programs. After running an infected program, the code in the virus executes and replicates itself. Computer viruses often delete information or cause systems to malfunction. Viruses may activate when a program executes, or may wait to execute until a specific date or activity occurs.

Answer 10

virus

Question 11

_______ have the ability to self-replicate with no user action necessary, and do not need to attach to other applications.

Answer 11

worms

Question 12

______ horses are concealed in programs which appear useful to a user but in fact
contain hostile code which facilitates unauthorized access to resources on the
computer by hackers.

Answer 12

trojan

Question 13

A _______ is an infection designed to conceal the fact that it has been installed, which can hide from common protection methods, may appear as a Trojan horse to entice a user to run it, and may contain backdoors to grant remote code execution ability by hackers.

Answer 13

rootkit

Question 14

________ secretly collects personal information about a user for use by hostile parties and can include key loggers, popup advertisements, or Web redirectors.
Adware typically downloads and displays advertisements which can appear legitimate but can have malicious intent, such as installing ______ (same answer as first blank.

Answer 14

spyware

Question 15

All files received ________ be scanned for viruses prior to storage on the network or
transfer to another employee.

Answer 15

shall

Question 16

Scanning Files. Files to be scanned shall first be saved to either portable storage media or a desktop computer’s_______. The virus scan will be executed from the desktop computer. If and when the files are verified to be virus-free, the files may be stored on the network or transferred to other employees.

Answer 16

hard disk

Question 17

Reports of computer virus threats, hoaxes, or Trojan horse programs shall be
____________ reported to the Department ISO.

Answer 17

immediately

Question 18

What Government code states in essence CLETS is for official business?

Answer 18

15153

Question 19

A preliminary record check ____ be performed on any person prior to their approval as a “ride-along” with a law enforcement officer or “sit-along” with a CLETS operator, provided that person is not an employee of the law enforcement agency

Answer 19

may

Question 20

All employees will read and sign the______ , Appropriate Use of Automated Information & Systems Statement.

Answer 20

CHP 101

Question 21

How often is CLETS training required?

Answer 21

beinnually

Question 22

What are the four recognized user access recognized DOJ in regards to CLETS?

Answer 22

Full Access Operator, Less than full access operator, Practitioner, and Administrator

Question 23

Administrator access to CLETS applies to?

Answer 23

LT and above and Managers II and above

Question 24

Laptop computer users must attach their laptop to the network and login at regular intervals (at least every ____ ____) in order to update the virus software definitions

Answer 24

60 days

Question 25

The Emergency Notification Tactical Alert Center (ENTACT) is designed to be a statewide notification center for emergency incidents, including natural disaster, civil disturbance, terror-ism, the protection of the state infrastructure, and other incidents. The ENTAC is available ____ hours a day, _____ days a week, to receive reports

Answer 25

24, 7

Question 26

Commanders shall ensure that all computer security-related incidents including lost, stolen, damaged, and destroyed state-owned or state-leased equipment or data are reported ________ and documented appropriately

Answer 26

immediately

Question 27

Who is the OPI for all IT incidents?

Answer 27

IMD

Question 28

The use of social media falls within two fundamental categories:

Answer 28

Obtaining information and performing research.

(2) Sharing or posting official agency information; a two-way flow of information.

Question 29

ENFORCEMENT. Any employee found to have violated this policy may be subject to disciplinary action, up to and including _________ ___ ________

Answer 29

termination of employment

Question 30

For purposes of MDC. A user is defined as an

Answer 30

officer or sergeant

Question 31

It is recommended that the CFS is used to share files greater than _____ megabytes in size.

Answer 31

10

Question 32

In regards to OneDrive cloud, the current file storage limit is _____ gigabytes per user

Answer 32

50

Question 33

All files shared via file share automatically expire after ____ days.

Answer 33

30