CJIS Security Test Flashcards

Questions and Answers

FBI CJI data is sensitive information and security shall be afforded to prevent any unauthorized access, use or dissemination of the data.

True

FBI CJI data must be safeguarded to prevent:

Unauthorized access

Use or dissemination

All of the Above (correct)

None of the Above

Unauthorized requests, receipts, release, interception, dissemination or discussion of FBI CJI data could result in criminal prosecution and/or termination of employment.

True

A security incident shall be reported to the CJIS Systems Agency's (CSA's) Information Security Officer (ISO).

True

Training for appropriate personnel would include people who read criminal histories but do not have a NCIC workstation of their own.

True

A security incident is a violation or attempted violation of the FBI CJIS Security Policy.

True

FBI CJI data is any data derived from the national CJIS Division Systems.

True

Electronic media includes, but is not limited to:

All of the Above

According to many security experts, which group constitutes the biggest threat?

The agency's own personnel

Users do not need to log off of the software/system at the end of the shift or when another operator wants to use the software/system.

False

Training for appropriate personnel would include vendors who develop software for NCIC access.

True

You should never email Criminal Justice Information (CJI) unless your agency's email system meets all the requirements outlined in the latest CJIS Security policy.

True

__________ is sensitive data and unauthorized use could result in criminal prosecution or termination of employment.

CHRI

Sometimes you may only see indicators of a security incident.

True

Custodial workers that access the terminal area must have a fingerprint background check done and training unless they are escorted in these areas.

True

Criminal History Record Information (CHRI) includes:

All of the above

All persons who have access to CJI are required to have security training within ___ months of assignment.

6

The CJIS Security Policy outlines the minimum requirements.

True

Information obtained from the III is not considered CHRI.

False

Social Engineering is an attack based on deceiving users or administrators at the target site.

True

The state CJIS Systems Agency (CSA) is responsible for compliance with the FBI CJIS security policy.

True

Criminal justice purposes include detection, apprehension, detention, pretrial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders.

True

Each agency accessing FBI CJI data should have a written policy describing the actions to be taken in the event of a security incident.

True

Training records must be kept current by the State, Federal or Local Agency Officer.

True

Access to and use of FBI CJI is only for:

Both A and B

Study Notes

FBI CJI Data Security

• FBI Criminal Justice Information (CJI) is sensitive and requires strict security measures to prevent unauthorized access, use, or dissemination.
• Unauthorized handling of FBI CJI data may lead to criminal prosecution or termination of employment.

Security Incident Reporting

• Security incidents must be reported to the CJIS Systems Agency's Information Security Officer (ISO) with key details including the date, location, affected systems, detection method, incident nature, description, actions taken, and contact information.

Training Requirements

• Individuals who read criminal histories, even without personal NCIC workstations, require training.
• Vendors creating software for NCIC access also need appropriate security training.
• All personnel with access to CJI must complete security training within 6 months of being assigned.

Access and Use of Data

• FBI CJI data derives from national CJIS Division Systems and must be consistently safeguarded.
• The agency's own personnel pose the most significant threat to data security.
• Access to FBI CJI is restricted to authorized criminal justice or civil purposes only.

Electronic Media and Security Policies

• Electronic media encompasses a wide range of formats, all of which must be secured.
• The CJIS Security Policy defines minimal security requirements; agencies should develop specific internal policies.

Security Awareness and Prevention

• Always log off from systems after use to prevent unauthorized access.
• Sensitive Criminal History Record Information (CHRI) is at risk if improperly accessed; unauthorized use can have severe consequences.
• Indicators of security incidents may sometimes be the only signs present.

Additional Compliance and Responsibilities

• Custodial workers accessing sensitive areas need to undergo fingerprint background checks and receive training unless escorted.
• Training records must be maintained accurately by relevant agency officers.
• Each agency, when accessing FBI CJI data, should have a documented policy for addressing security incidents.

Criminal Justice Processes

• Criminal justice purposes encompass several functions including detection, apprehension, detention, prosecution, and rehabilitation of offenders.

Social Engineering Risks

• Social Engineering exploits deception against users or administrators to breach security.

Information Classification

• Information from the Interstate Identification Index (III) is considered CHRI and is subject to the same protections.

Description

Prepare for the CJIS Security Test with these flashcards that cover critical aspects of FBI Criminal Justice Information (CJI) data handling. Each card presents crucial definitions and scenarios related to data security and unauthorized access. Perfect for law enforcement and related fields.