Chapter2 Flashcards
Ethics carry the sanction of a governing authority.
False
The Secret Service is charged with the detection and arrest of any person committing a U.S. federaloffense relating to computer fraud, as well as false identification crimes
True
Deterrence is the best method for preventing an illegal or unethical activity. ____________
True
ISACA is a professional association with a focus on authorization, control, and security. ___________
False- Auditing
Due diligence requires that an organization make a valid and ongoing effort to protect others. __________
True
The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act of 1999) contains a number of provisions that affect banks, securities firms, and insurance companies. ___________
True
It is the responsibility of InfoSec professionals to understand state laws and standards. ____________
False-Regulations
InfraGard began as a cooperative effort between the FBI’s Cleveland field office and local intelligence professionals. _________
False-Technology
Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy. _____________
False-Aggregation
To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996. _____
False- Economic
A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information. ____
False- breach
Which subset of civil law regulates the relationships among individuals and among individuals and organizations? a. tort b. criminal c. private d. public
C- private
Which law addresses privacy and security concerns associated with the electronic transmission of PHI? a. USA Patriot Act of 2001 b. American Recovery and Reinvestment Act c. Health Information Technology for Economic and Clinical Health Act d. National Information Infrastructure Protection Act of 1996
C- Health IT for Economic and Clinical health Act
The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following? a. For purposes of commercial advantage b. For private financial gain c. For political advantage d. In furtherance of a criminal act
C- for political advantage
Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federalcomputer system? a. The Telecommunications Deregulation and Competition Act b. National Information Infrastructure Protection Act c. Computer Fraud and Abuse Act d. The Computer Security Act
d.- The Computer Security Act
Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications? a. The Electronic Communications Privacy Act of 1986 b. The Telecommunications Deregulation and Competition Act of 1996 c. National Information Infrastructure Protection Act of 1996 d. Federal Privacy Act of 1974
A- The Electronic Communication Privacy act of 1986
Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them? a. ECPA b. Sarbanes-Oxley c. HIPAA d. Gramm-Leach-Bliley
C- HIPAA
Which law extends protection to intellectual property, which includes words published in electronic formats? a. Freedom of Information Act b. U.S. Copyright Law c. Security and Freedom through Encryption Act d. Sarbanes-Oxley Act
B- U.S Copyright Law
Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics? a. Applied ethics b. Meta-ethics c. Normative ethics d. Deontological ethics
D- Deontological ethics
Which of the following is an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures? a. U.S. Copyright Law b. PCI DSS c. European Council Cybercrime Convention d. DMCA
D- DCMA
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right? a. Applied ethics b. Descriptive ethics c. Normative ethics d. Deontological ethics
B- Descriptive Ethics
Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community? a. utilitarian b. virtue c. fairness or justice d. common good
D-Common Good
There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them? a. ignorance b. malice c. accident d. intent
B- malice
Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls. a. remediation b. deterrence persecution d. rehabilitation
B- deterrence
