40.4, Information Security

Question 1

Who is the person responsible for overseeing agency compliance with policies and procedures regarding the security of information and information processing assets?

Answer 1

The Information Security Officer (ISO)

HPM 40.4, Chapter 1

Question 2

According to the State Administrative Manual, what are the two classes of information that require extra precautions?

Answer 2

1) Confidential Information
2) Sensitive Information

(HPM 40.4, Chapter 1)

Question 3

According to Civil Code Section 1798.29, ___________ is defined as first name or first initial and last name in combination with social security and/or driver license number, and/or an account number, credit or debit card number in combination with any required security code, access code, or password.

Answer 3

Privacy Information

HPM 40.4, Chapter 1

Question 4

True or False: employees shall obtain departmental approval prior to using personally-owned computers or electronic devices for work-related activities.

Answer 4

True

HPM 40.4, Chapter 1

Question 5

Personnel documents, personnel rosters including personal information, or investigative materials are examples of _______ information.

Answer 5

Confidential information

HPM 40.4, Chapter 1

Question 6

Records of departmental financial transactions are an example of ________ information.

Answer 6

Sensitive information

HPM 40.4, Chapter 1

Question 7

True or False: confidential information is exempt from disclosure under the provisions of the California Public Records Act.

Answer 7

True

HPM 40.4, Chapter 1

Question 8

True or False: fax machines may be used to transmit confidential or sensitive information.

Answer 8

True (but only when no alternative is available and only when the information is transmitted from one secure location to another secure location)

(HPM 40.4, Chapter 1)

Question 9

How often is the CHP 101, Appropriate Use of Automated Information and Systems Statement required to be read and signed by employees in the presence of a supervisor?

Answer 9

Annually

HPM 40.4, Chapter 2

Question 10

What is the retention period of the CHP 101, Appropriate Use of Automated Information and Systems Statement form?

Answer 10

Three years

HPM 40.4, Chapter 2

Question 11

How many grace logins are permitted after an employee’s password has expired?

Answer 11

Six

HPM 40.4, Chapter 2

Question 12

The contents of all departmental file servers, excluding email messages, are backed up how often?

Answer 12

Every four weeks

HPM 40.4, Chapter 2

Question 13

True or False: departmental email users shall not send email messages to anyone they would not normally call directly on the phone.

Answer 13

True

HPM 40.4, Chapter 3

Question 14

Are departmental employees permitted to access third-party internet email providers (e.g., Gmail, Hotmail, Yahoo, AOL) from CHP network computers?

Answer 14

No

HPM 40.4, Chapter 3

Question 15

Are departmental employees permitted to create mail rules that automatically forward their email messages to personal email accounts?

Answer 15

No

HPM 40.4, Chapter 3

Question 16

True or False: the Department has the right to monitor and log all network activity, including email, with or without notice.

Answer 16

True

HPM 40.4, Chapter 3

Question 17

Email messages that have been deleted from the “Deleted Items” folder can be recovered for up to ______ days from the date of deletion, and may be used in any subsequent investigative processes.

Answer 17

30 days

HPM 40.4, Chapter 3

Question 18

Computer users who receive or download files from remote computers ________ (should/shall) scan the files for computer viruses before they store the files on the network or transfer files to others.

Answer 18

Shall

HPM 40.4, Chapter 4

Question 19

CHP employees may use the internet for approved ____________ only.

Answer 19

Business purposes.

HPM 40.4, Chapter 4

Question 20

Employees requesting internet access privileges shall use the ______ form.

Answer 20

CHP 109, Information Technology Request

HPM 40.4, Chapter 4

Question 21

How often are employees required to renew a request for privileges submitted via a CHP 109, Information Technology Request?

Answer 21

Upon transfer to a new command.

HPM 40.4, Chapter 4

Question 22

Are CHP personnel permitted to enter into contracts on behalf of the Department with Internet Service Provers for internet access?

Answer 22

No

HPM 40.4, Chapter 4

Question 23

What does the acronym CLETS stand for?

Answer 23

California Law Enforcement Telecommunications System

HPM 40.4, Chapter 6

Question 24

How long are agencies required to keep a record of each release of criminal offender record information (from the date of release)?

Answer 24

A minimum of three years

HPM 40.4, Chapter 6

Question 25

A record of all releases of criminal histories is maintained on the ______ form.

Answer 25

CHP 263B, Criminal Offender Record Information Release Log

HPM 40.4, Chapter 6

Question 26

Is it permissible to run a preliminary record check on a person prior to a “sit-along” or “ride-along” with departmental personnel?

Answer 26

Yes

HPM 40.4, Chapter 6

Question 27

Is it permissible to have someone else inquire into your own CLETS records?

Answer 27

No

HPM 40.4, Chapter 6

Question 28

What is the penalty for misuse of CLETS?

Answer 28

Adverse action

HPM 40.4, Chapter 6

Question 29

The ______ is required to be notified in an instance of unauthorized disclosure, access, loss, or misuse of CLETS data.

Answer 29

Information Security Officer (ISO)

HPM 40.4, Chapter 6

Question 30

True or False: an employee may request assistance directly from the California Department of Justice when an investigation is necessary due to a breach involving CLETS.

Answer 30

False (must contact the ISO first)

HPM 40.4, Chapter 6

Question 31

How many levels of CLETS user access are there?

Answer 31

Four

HPM 40.4, Chapter 6

Question 32

An evidence officer is an example of a _______ Access Operator for CLETS at an Area office.

Answer 32

Full Access Operator

HPM 40.4, Chapter 6

Question 33

Are janitors and maintenance workers required to have CLETS training?

Answer 33

Yes (Practitioner Level Training)

HPM 40.4, Chapter 6

Question 34

How often are CLETS users required to complete recertification training?

Answer 34

Biennially (every two years)

HPM 40.4, Chapter 6

Question 35

How many Area CLETS Coordinators may each Area have?

Answer 35

Up to two

HPM 40.4, Chapter 6

Question 36

When an inquiry is made in the CLETS Stolen Vehicle System, Wanted Persons System, etc. and a “hit” is made, what must be done?

Answer 36

Immediately confirm the hit

HPM 40.4, Chapter 6

Question 37

When establishing CHP network accounts, standard security principles of _________ to perform a function shall be used.

Answer 37

“Least required access”

HPM 40.4, Chapter 7

Question 38

How often are CHP account audits, reviews, and change notifications performed to ensure that access and account privileges are commensurate with job function, need-to-know, and employment status.

Answer 38

Quarterly

HPM 40.4, Chapter 7

Question 39

How long are CHP 109, Information Technology Request forms retained in an employee’s personnel field folder.

Answer 39

The duration of their employment

HPM 40.4, Chapter 7

Question 40

Laptop computer users must connect their laptop to the network and log in at least every _____ days to ensure virus software is updated.

Answer 40

60 days

HPM 40.4, Chapter 10

Question 41

_________ software includes software not licensed for use by the Department.

Answer 41

“Illegal” software

HPM 40.4, Chapter 10

Question 42

Employees shall not copy or share ________ software.

Answer 42

Copyrighted

HPM 40.4, Chapter 10

Question 43

_________ software includes software purchased for a specific computer for use by the Department.

Answer 43

Copyrighted

HPM 40.4, Chapter 10

Question 44

If sued for copyright infringement, individuals can be charged with penalties up to _________ per infringement.

Answer 44

$150,000

HPM 40.4, Chapter 10

Question 45

If charged with a criminal violation of copyright infringement, individuals can be fined up to __________ per title infringed and up to five years imprisonment.

Answer 45

$250,000

HPM 40.4, Chapter 10

Question 46

True or False: under certain circumstances, use of personally-owned software on departmental computer systems is permitted.

Answer 46

False (it is prohibited)

HPM 40.4, Chapter 10

Question 47

True or False: installation of personally-owned or third party screensavers and/or wallpaper is permitted.

Answer 47

False (it is prohibited)

HPM 40.4, Chapter 10

Question 48

True or False: installation of departmental software on personally-owned computers is prohibited.

Answer 48

True

HPM 40.4, Chapter 10

Question 49

If an electronic storage device requires repair by a non-CHP employee but remains in a CHP facility, the repair person must sign a ________ form.

Answer 49

CHP 110, Confidentiality Agreement

HPM 40.4, Chapter 15

Question 50

When donating, selling, transferring, or disposing of computers or removable media, all sensitive and confidential data must be rendered ________.

Answer 50

Unreadable

HPM 40.4, Chapter 15

Question 51

Disposal, wiping, destroying, disintegration, incineration, pulverization, melting, and shredding are all forms of _____________.

Answer 51

Media sanitation and disposal methods.

HPM 40.4, Chapter 15

Question 52

What are two practices that do not effectively remove or protect sensitive or confidential data on data media storage and should not be used?

Answer 52

Reformatting and Ghosting

HPM 40.4, Chapter 15

Question 53

When destroying microforms by burning, what must the residue be turned into.

Answer 53

White ash

HPM 40.4, Chapter 15

Question 54

What office must be contacted in order to request approval to use social media on behalf of the Department?

Answer 54

Office of Community Outreach and Media Relations (COMR)

HPM 40.4, Chapter 16

Question 55

If the request to use social media is approved by COMR, who reviews the request for final approval?

Answer 55

The Information Security Officer (ISO)

HPM 40.4, Chapter 16

Question 56

True or False: someone who is perceived to be speaking on behalf of an agency or the state through social media Web sites is subject to all agency and state requirements addressing prohibited or inappropriate behavior in the workplace.

Answer 56

True

HPM 40.4, Chapter 16

Question 57

True or False: users shall not use their work password on social media Web sites.

Answer 57

True

HPM 40.4, Chapter 16

Question 58

True or False: personal and family matters (such as a phone call or email to a child’s daycare or school) are permitted over CHP resources while on duty.

Answer 58

True (when the matters are incidental and necessary)

HPM 40.4, Chapter 18

Question 59

True or False: CHP employees may independently elect to conduct CHP network scanning or security scanning.

Answer 59

False

HPM 40.4, Chapter 18

Question 60

True or False: peer-to-peer (file sharing) software is prohibited at CHP

Answer 60

True

HPM 40.4, Chapter 18

Question 61

Emails and instant messages (IM) distributed via CHP email and IM systems are the property of _________.

Answer 61

The Department

HPM 40.4, Chapter 18

Question 62

True or False: automatic forwarding of email messages to external recipients is permitted within the CHP network.

Answer 62

True

HPM 40.4, Chapter 18

Question 63

Under what circumstances is it permissible to transmit confidential information to external recipients over the CHP network?

Answer 63

When encrypted with a method approved by the ISO and it is appropriate to the employee’s job duties and responsibilities.

(HPM 40.4, Chapter 18)

Question 64

Prior to storing files received by either Internet or departmental email on the network, computer users shall _____________.

Answer 64

Scan the files for computer viruses

HPM 40.4, Chapter 5

Question 65

State and departmental policy require all users to _______ and ________ their computer systems at the end of the work day.

Answer 65

Shut down and power off

HPM 40.4, Chapter 5

Question 66

Employees shall utilize the ____________ as their primary file storage location.

Answer 66

Network file server

HPM 40.4, Chapter 5

Question 67

True or False: a user on CHP premises may connect CHP equipment to non-departmental wireless networks or Internet services.

Answer 67

False

HPM 40.4, Chapter 21

Question 68

The departmental File Share (CFS) system should be used to share files greater than ______ megabytes in size.

Answer 68

10

HPM 40.4, Chapter 22

Question 69

All File Share links will automatically expire _______ days from the date the link was sent.

Answer 69

30 days

HPM 40.4, Chapter 22

Question 70

Shared File Share links containing confidential information shall have an expiration set for no longer than _______ days.

Answer 70

7 days

HPM 40.4, Chapter 22

Question 71

_________ investigates the misuse of the CHP File Share system.

Answer 71

Computer Crimes Investigations Unit (CCIU)

HPM 40.4, Chapter 22

Question 72

What forms must be completed by an employee before he or she is permitted to access departmental email via a personal smartphone and/or tablet?

Answer 72

1) CHP 109, Information Technology Request
2) SIMM 5360-B, Remote Access Agreement

(HPM 40.4, Chapter 17)