The FBI CJIS Security Policy requires that all personnel fitting the 2 following criteria must complete this training: - ANSWER-Before authorizing access to the system, information, or performing assigned duties
-Every year after the initial training
Security and Privacy training must be comp...
Training Questions &Answers
The FBI CJIS Security Policy requires that all personnel fitting the 2 following criteria
must complete this training: - ANSWER-Before authorizing access to the system,
information, or performing assigned duties
-Every year after the initial training
Security and Privacy training must be completed by whom? - ANSWERAll personnel
whose duties require them to have unescorted access to a physically secure location
that processes or stores Criminal Justice Information (CJI)
All training records must be kept current and be maintained for how long
and by whom? - ANSWER-Minimum of 3 years
-By: the Federal, State, or Local Agency.
What is: Security and Privacy Literacy - ANSWERThe understanding of the threats,
vulnerabilities, and risks associated with security and privacy. It is also about the actions
necessary for users to maintain security and personal privacy and to respond to
suspected incidents.
Literacy training must be taken at the following times: - ANSWER-Before accessing CJI
-Every year after the initial training
-Within 30 days of any security event for all users involved in the event
-When required by system changes
What is: A Security Threat - ANSWERAny circumstance or event with the potential to
cause harm to an IT system in the form of destruction, disclosure, adverse modification
of data, or denial of service.
3 Examples of Threats: - ANSWER-Natural:
Lightning, Heat, or Water
-Intentional:
Someone wanting to cause harm on purpose (ex. cyber attack)
-Unintentional:
A user accidentally erasing a critical file while "playing" on the computer
What is one of the greatest threats to an agency's security, whether intentional or
unintentional? - ANSWERIt's own personnel
Insider Threat - Potential indicators and possible precursors can include behaviors such
as: - ANSWER-Inordinate, long-term job dissatisfaction
, -Attempts to gain access to information not required for job performance
-Unexplained access to financial resources
-Bullying or harassment of fellow employees
-Workplace violence
-Other serious violations of policies, procedures, directives, regulations, rules, or
practices
Define - Social engineering - ANSWERAn attempt to trick an individual into revealing
information or taking an action that can be used to attack systems or networks.
Define - Social mining - ANSWERAn attempt to gather information about the
organization that may be used to support future attacks.
Define - Phishing - ANSWERA digital form of social engineering that uses authentic-
looking emails to trick users into sharing personal information.
-It usually includes a link that takes the user to a fake website. If you cannot verify the
source, do not open the link. Report suspicious messages to your IT team.
Define - Spear Phishing - ANSWERA type of phishing where a specific user or group of
users is targeted because of their position (such as a company's administrators).
Define - Social media exploitation - ANSWERIs where the attacker uses information
found on a user's social media profiles to create targeted spear phishing attack.
What is Pretexting and Impersonation? - ANSWERIs where the attacker creates a
fictional backstory that is used to manipulate someone into providing private information
or to influence behavior.
-Attackers will often impersonate a person of authority, co-worker, or trusted
organization to engage in back-and-forth communication prior to launching a targeted
spear phishing attack.
What is Fake IT Support calls? - ANSWERA common form of impersonation where
someone pretends to be an authorized user or administrator in an attempt to gain illicit
access to protected data systems.
-The person has enough information to sound credible, and they ask the user for some
bit of information that allows the attacker to gain access to the desired system.
Define - Baiting - ANSWERThe use of a false promise to lure the user into a trap
-Including enticing ads that lead to malicious sites or encourage users to download a
malware-infected application.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Bestgrades2. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
