Policy & Procedure
Audit & Compliance
Privacy
Phishing
Third-Party Contracts
Procurements
Access Control
Pop Culture
100

This application is used by CDSS to create, review, approve, publish, and manage the lifecycle of policies and procedures.

What is ConvergePoint?

100

This term describes the mandatory written rules that outline how staff must perform tasks to meet compliance standards.

What are standard operating procedures?

100

This privacy principle means collecting only the personal information you need.

What is data minimization?

100

This type of cyber attack tricks people into clicking malicious links or giving away sensitive information by pretending to be a trusted source.

What is phishing?

100

When conducting contract reviews, the Risk & Governance Unit focuses exclusively on these two types of contracts.

What are Non-IT and IT contracts?

100

This complex software is used for tracking and processing third-party security questionnaires regarding Procurements.

What is Prevalent?

100

IBM’s primary security software for mainframe environments like z/OS and z/VM. It acts as the gatekeeper of the system by authenticating users, authorizing access to sensitive data and resources (like datasets and files), and auditing security events to ensure compliance.

What is a Resource Access Control Facility (RACF)?

100

This singer's "Eras Tour" became the highest-grossing concert tours ever.

Who is Taylor Swift?

200

This document provides recommended best practices to help users comply with a policy but is generally not mandatory unless specifically incorporated into a policy or procedure.

What is a guideline?

200

This document records planned corrective actions for security findings.

What is a Plan of Action and Milestones (POA&M)?

200

This type of information can identify a specific person, such as a Social Security number, email address, or driver's license number

What is personally identifiable information (PII)?

200

This common red flag in a phishing email often appears as a subtle change, such as an extra character or misspelling, in the sender’s address or website link.

What is spoofed domain (spoofed email)?

200

CDSS uses this questionnaire to assess the security posture of external entities.

What is External Third Party Security Questionnaire, External survey or vendor survey?

200

This person’s signature is the final step of a SIMM22B approval.

Who is Chad Crow?

200

This form is used to authorize, change and terminate access to all systems and applications containing CDSS data. The information on this form must be kept current. It must be signed by the Supervisor and the appropriate System Administrator(s). It must also be signed by the user before he/she obtains access.

What is a GEN 1321 CDSS System and Application Access Form?

200

This 2019 film became the first non‑English movie to win Best Picture at the Oscars, and its director once described the movie as “a comedy without clowns and a tragedy without villains.”

What is Parasite?

300

This document formally defines a program's purpose, scope, objectives, governance structure, and stakeholder roles.

What is a Program Charter?

300

This required process ensures that state departments follow laws, regulations, and internal policies when handling public records?

What is a compliance review?

300

Privacy laws often require organizations to report this event when personal information is accessed, disclosed, or stolen without authorization.

What is data breach?

300

This type of phishing attack uses personalized details, like your name, department, or recent activity, to make the message highly convincing and targeted.

What is spear phishing?

300

This document sets forth the information security and privacy requirements for a Contractor/Entity.

What is Confidentiality and Information Security Requirements or CISR?

300

A technology-specific risk assessment and transparency disclosure required when a contractor or vendor proposes to use, offer, or make available Generative AI technology in a state procurement.

What is a GEN1000 or STD1000?

300

A statewide data hub serving a variety of eligibility, enrollment and reporting functions for Medi-Cal and other state and federal benefits. This system maintains eligibility history for Medi-Cal and other health and human services programs. It has data exchanges and interfaces with the Statewide Automated Welfare System (SAWS) and the federal Social Security Administration.

What is Medi-Cal Eligibility Data System (MEDS) Modernization system?

300

This music video became the first on YouTube to surpass 10 billion views.

What is Baby Shark?

M
e
n
u