HIPAA Lesson 8 Flashcards
(36 cards)
According to the Computer Crime and Security Survey, which of these is the most common form of computer attack or abuse?
o Computer viruses.
o Security breaches that lead to significant financial losses.
o Internal employee abuse.
o Denial of service (DoS) attacks.
Computer viruses.
When you're talking about the Security Rule, what's the correct name for standards that work for large and small organizations? o Best practices. o Technology-neutral. o Comprehensive. o Scalable.
Scalable.
Which term best matches this definition? "The security principle that means valued information assets are free from unauthorized modification or destruction." o Integrity. o Confidentiality. o Availability. o Addressable.
Integrity.
What's the correct name for the strategy of implementing controls that reduce the causes of risk? o Risk assumption. o Risk transference. o Risk elimination. o Risk mitigation.
Risk mitigation.
When you're conducting a risk assessment, what should be your final step? o Vulnerability identification. o Threat identification. o Risk determination. o System or asset criticality analysis.
Risk determination.
The Computer Security Institute concludes that ______ attacks continue to be the source of the greatest financial losses. Further, there’s been a significant increase in _______ access, which is now the second-most-significant contributor to computer crime losses.
- virus
2. unauthorized
______ are the methods that have proven most effective over time.
Best practices
The Security Rule creators developed the philosophy that the Security Rule should be _____, _____, and _____.
- comprehensive
- technology-neutral
- scalable
Encompassing all areas of the organization.
Comprehensive
List the security standards three main categories:
- administrative controls
- physical controls
- technical controls.
_____ is a not-for-profit organization that sets standards for all sorts of technology fields.
NIST (National Institute for Standards & Technology)
Protection of valued information assets from unauthorized disclosure.
Confidentiality
Unbiased about whose technology or whose software product an organization uses.
Technology-neutral
Rules and procedures that work just as well for a few users as they do for many.
Scalable
Free from unauthorized modification or destruction.
Integrity
Obtainable to those who have authorization to access it when they need it.
Availability
The Security Rule has ____ standards.
18
These specifications provide details about how to comply with the Security standards.
Implementation specifications
A _____ implementation specification means that an organization has to implement the specification, no matter what the organization does or what sized it is.
Required
_____ implementation specifications give CEs some flexibility for compliance with the security standards. A covered entity must first do its own risk ______ and create its own risk ______ strategy. It must also ______ the security measures already in place and consider the _____ of implementation.
- Addressable
- analysis
- mitigation
- assess
- cost
______ cannot be the sole reason for not adopting an implementation specification.
Cost
The Security Management Process contains which risk implementation specifications.
- Risk Analysis
2. Risk Management
Risk can be a ______ or ______ measure.
quantitative
qualitative
A risk measure that uses a mathematical process and assigned weights and numbers.
Quantitative
