CJIS Security Test Flashcards

Questions and Answers

FBI CJI data is sensitive information and security shall be afforded to prevent any unauthorized access, use or dissemination of the data.

True (A)

FBI CJI data must be safeguarded to prevent:

• Unauthorized access
• Use or dissemination
• All of the Above (correct)
• None of the Above

Unauthorized requests, receipts, release, interception, dissemination or discussion of FBI CJI data could result in criminal prosecution and/or termination of employment.

True (A)

A security incident shall be reported to the CJIS Systems Agency's (CSA's) Information Security Officer (ISO).

True (A)

Training for appropriate personnel would include people who read criminal histories but do not have a NCIC workstation of their own.

True (A)

A security incident is a violation or attempted violation of the FBI CJIS Security Policy.

True (A)

FBI CJI data is any data derived from the national CJIS Division Systems.

True (A)

Electronic media includes, but is not limited to:

All of the Above (D)

According to many security experts, which group constitutes the biggest threat?

The agency's own personnel

Users do not need to log off of the software/system at the end of the shift or when another operator wants to use the software/system.

False (B)

Training for appropriate personnel would include vendors who develop software for NCIC access.

True (A)

You should never email Criminal Justice Information (CJI) unless your agency's email system meets all the requirements outlined in the latest CJIS Security policy.

True (A)

__________ is sensitive data and unauthorized use could result in criminal prosecution or termination of employment.

CHRI

Sometimes you may only see indicators of a security incident.

True (A)

Custodial workers that access the terminal area must have a fingerprint background check done and training unless they are escorted in these areas.

True (A)

Criminal History Record Information (CHRI) includes:

All of the above (D)

All persons who have access to CJI are required to have security training within ___ months of assignment.

6

The CJIS Security Policy outlines the minimum requirements.

True (A)

Information obtained from the III is not considered CHRI.

False (B)

Social Engineering is an attack based on deceiving users or administrators at the target site.

True (A)

The state CJIS Systems Agency (CSA) is responsible for compliance with the FBI CJIS security policy.

True (A)

Criminal justice purposes include detection, apprehension, detention, pretrial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders.

True (A)

Each agency accessing FBI CJI data should have a written policy describing the actions to be taken in the event of a security incident.

True (A)

Training records must be kept current by the State, Federal or Local Agency Officer.

True (A)

Access to and use of FBI CJI is only for:

Both A and B (C)

Flashcards

FBI CJI Security

Strict security measures to prevent unauthorized access, use, or sharing of sensitive FBI criminal justice information.

Unauthorized CJI Handling

Misusing FBI CJI data, leading to legal action and job termination.

Security Incident Reporting

Reporting security incidents to the CJIS ISO, including detail about the incident.

CJI Training Requirements

Mandatory security training for personnel with access to CJI data within 6 months of assignment.

CJI Data Source

FBI CJI data comes from national CJIS Division Systems.

Internal Data Threat

FBI employees pose the biggest risk to CJI data security.

Restricted Access

Access to FBI CJI limited to authorized purposes only.

Electronic Media Security

All electronic formats, like files and devices, need protection.

Security Policy

Minimum security requirements defined in the CJIS Security Policy, but agencies can have specific internal policies.

Log Off

Prevent unauthorized access by logging off systems when not in use.

CHRI Risks

Improper handling of Criminal History Record Information leads to risks.

Security Incident Indicators

Security issues may be discovered through signs rather than direct events.

Custodial Worker Security

Background checks and training needed for custodial workers accessing sensitive areas.

Training Records

Accurate and detailed records must be kept.

Agency Security Incident Response

Each agency must have a policy and process to handle security incidents.

Criminal Justice Processes

Processes of detection, apprehension, prosecution, etc., for criminal offences.

Social Engineering

Exploiting deception to breach security.

Information Classification

Categorizing information based on sensitivity.

III and CHRI

Information from the Interstate Identification Index (III) is protected as CHRI.

Study Notes

FBI CJI Data Security

• FBI Criminal Justice Information (CJI) is sensitive and requires strict security measures to prevent unauthorized access, use, or dissemination.
• Unauthorized handling of FBI CJI data may lead to criminal prosecution or termination of employment.

Security Incident Reporting

• Security incidents must be reported to the CJIS Systems Agency's Information Security Officer (ISO) with key details including the date, location, affected systems, detection method, incident nature, description, actions taken, and contact information.

Training Requirements

• Individuals who read criminal histories, even without personal NCIC workstations, require training.
• Vendors creating software for NCIC access also need appropriate security training.
• All personnel with access to CJI must complete security training within 6 months of being assigned.

Access and Use of Data

• FBI CJI data derives from national CJIS Division Systems and must be consistently safeguarded.
• The agency's own personnel pose the most significant threat to data security.
• Access to FBI CJI is restricted to authorized criminal justice or civil purposes only.

Electronic Media and Security Policies

• Electronic media encompasses a wide range of formats, all of which must be secured.
• The CJIS Security Policy defines minimal security requirements; agencies should develop specific internal policies.

Security Awareness and Prevention

• Always log off from systems after use to prevent unauthorized access.
• Sensitive Criminal History Record Information (CHRI) is at risk if improperly accessed; unauthorized use can have severe consequences.
• Indicators of security incidents may sometimes be the only signs present.

Additional Compliance and Responsibilities

• Custodial workers accessing sensitive areas need to undergo fingerprint background checks and receive training unless escorted.
• Training records must be maintained accurately by relevant agency officers.
• Each agency, when accessing FBI CJI data, should have a documented policy for addressing security incidents.

Criminal Justice Processes

• Criminal justice purposes encompass several functions including detection, apprehension, detention, prosecution, and rehabilitation of offenders.

Social Engineering Risks

• Social Engineering exploits deception against users or administrators to breach security.

Information Classification

• Information from the Interstate Identification Index (III) is considered CHRI and is subject to the same protections.

Description

Prepare for the CJIS Security Test with these flashcards that cover critical aspects of FBI Criminal Justice Information (CJI) data handling. Each card presents crucial definitions and scenarios related to data security and unauthorized access. Perfect for law enforcement and related fields.