CHAPTER 4: PROTECTION OF SENSITIVE INFORMATION Flashcards
(154 cards)
The purpose for employing an access control program includes:
a. To protect persons, materials, or information
b. To slow or speed up the rate of movement to, from, or within an establishment
c. To permit or deny entrance
d. Both a and c
e. All of the above
E
Identification and access control systems have the widest application of:
a. Manual identification systems
b. Magnetic readers
c. Biometric-based systems
d. Dielectric readers
e. None of the above
A
The performance requirements of any trustworthy system of identification include:
a. Resistance to surreptitious substitution or counterfeiting
b. Reliability
c. Validity
d. Both b and c
e. All of the above
E
A general defect of manual identification systems is that:
a. Many are made of plastic
b. Many do not have biometric characteristics on them
c. Once issued, they tend to remain valid indefinitely
d. They lack identifying colors
e. None of the above
C
Any formula, pattern, device, or compilation of information that is used in one’s business and that gives you an opportunity to gain an advantage over competitors who do not use it or know about it is:
a. A patent
b. A trade secret
c. A monopoly
d. Copyrighted material
e. None of the above
B
What is most likely the main reason for loss of sensitive information?
a. Industrial espionage
b. An employee’s loose lips
c. Inadvertent disclosure
d. Deliberate theft by an outsider
e. Both b and c
f. None of the above
E
Which of the following should be part of an effective information security program?
a. Preemployment screening
b. Nondisclosure agreements from employees
c. Employee awareness programs
d. Policy and procedural statements on the recognition, classification, and handling of sensitive information
e. All of the above
E
The primary tool of preemployment screening is the:
a. Application form
b. Interview
c. Polygraph
d. Investigator performing the interview
A
Which of the following is generally not allowed to be disclosed on an employment questionnaire?
a. Current residence
b. References
c. Prior employment
d. Prior arrests
e. None of the above
D
To be within the definition of a trade secret, sensitive information must meet which of the following criteria?
a. Individuals to whom it is disclosed must know that it is secret.
b. It must be identifiable.
c. It must not be already available in public sources.
d. There must be some obvious indication that the owner is attempting to prevent its unauthorized disclosure.
d. a, c, and d.
e. All of the above.
E
According to the “restatement of the law of torts,” a trade secret is:
a. All information about a company that the company desires to protect
b. Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it
c. Information about a company that is registered with the US Patent Office
d. Both a and b
e. All of the above
B
A trade secret may be:
a. A formula for a chemical compound
b. A process of manufacturing materials
c. A pattern for a machine
d. A list of customers
e. All of the above
E
The characteristics of a trade secret as compared with other confidential information are:
a. Those business secrets that have been duly registered pursuant to the requirements of law
b. Continuous or consistent business applications of a secret not known to others, from the use of which some advantage is
gained by the user
c. Those business secrets that are fully protected in accordance with the Federal Privacy Act
d. Both a and c
e. All of the above
B
Which of the following is generally not true in regard to trade secrets?
a. The more a business narrowly defines what it regards as a secret, the easier it is to protect that body of information.
b. It is difficult to protect a trade secret that can be found in publicly accessible sources.
c. Secret information does have to be specifically identifiable.
d. Secret information must be effectively protected.
e. None of the above.
E
In regard to a trade secret, it may be decided that its disclosure by another was innocent, rather than wrongful, even in the case
where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when:
a. The trade secret was not registered
b. The trade secret did not involve national defense information
c. The trade secret was not in current use
d. There is absence of evidence that an owner has taken reasonable precautions to protect confidential information
e. All of the above
D
Proprietary information is:
a. Private information of a highly sensitive nature
b. Information that must be classified according to executive order of the US government
c. Sensitive information that is classified under federal regulations
d. Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly
e. None of the above
D
The class of person under a duty to safeguard a proprietary secret is known as:
a. Agent
b. Proprietary security employee
c. Fiduciary
d. Business associate
e. None of the above
C
It is important for employees to know whether confidential information is a trade secret, or some other confidential material, because:
a. If it is a trade secret, the employee may be prevented from disclosing it by injunction
b. If it is not a trade secret and it is disclosed, the employer must take action after the disclosure and must be able to prove some
actual damage in order to recover
c. If it is not a trade secret, the information, once disclosed, is no longer defendable
d. If it is not a trade secret, the information, once disclosed, cannot be further prevented from disclosure by an injunction
e. All of the above
E
Which of the following is not a correct statement as a general rule involving the protection of proprietary information?
a. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship.
b. By operation of common law, employees are presumed to be fiduciaries to the extent that they may not disclose secrets of their employers without authorization.
c. Other than the employees, any other persons to be bound to secrecy must agree to be so bound.
d. Any agreements to be bound must always be in writing and are not implied from acts.
D
To effectively involve the law for the protection of sensitive information, the owner of the proprietary information must be able
to show “objective indications of attempts to protect secrecy.” Which of the following has been recognized in the past as such an
indication?
a. Use of warning signs to alert employees to sensitive data and the places where it is stored
b. Separately storing sensitive information in security containers with the appropriate security precautions
c. Special instructions providing a “need-to-know” basis
d. Restrictions to nonemployee access to places containing sensitive information
e. All of the above
E
Which of the following should be made part of a proprietary information protection program?
a. Preemployment screening
b. Effective perimeter control system
c. Execution of patent and secrecy agreement
d. Paper and data control
e. Both a and c
f. All of the above
F
In designing a proprietary information protection program, the area of greatest vulnerability is:
a. Personnel files
b. Employees
c. Computers
d. Marketing data
e. Perimeter boundaries
B
In devising proprietary information procedures, which of the following is considered to be a main area of paper or document
vulnerability?
a. Comprehensive paper controls
b. A technical report system
c. Control and issue of notebooks
d. All of the above
e. None of the above
D
When a loss of proprietary information is discovered, which of the following steps should be taken first?
a. Attempt to recover the material
b. Attempt to apprehend the perpetrators
c. Assess economic damage
d. Reevaluate the protection system
e. All of the above
E