IS3230 CHAPTER 4 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 4 > Flashcards

Flashcards in IS3230 CHAPTER 4 Deck (30):
1

This is a title in the Code of Federal Regulations that deals with Food and Drug Administration (FDA) guidelines on electronic records and signatures. This title requires industries that fall under FDA regs to implement controls and is called ___.

21 CFR Part 11

2

A documented met odd or system of achieving a specific result in an effective efficient manner. It generally takes lessons learned from individuals or groups so that others can complete similar tasks in a more efficient manner is called ___.

Best practice

3

A US law passed in 2000. It requires schools and libraries receiving E-rate funds to filter some Internet content. The primary purpose is to protect minors from obscene or harmful content is called ___.

Children's Internet Protection Act (CIPA)

4

Information about a student that an educational institution may release without the written consent of the student is called ___.

Directory information

5

Information about an individual's health care stored in an electronic format is called ___.

Electronic protected health information (EPHI)

6

An act of Congress to protect the privacy of education records and applies to all education institutions receiving funding from the US Dept of Education is called ___.

Family Educational Rights and Privacy Act (FERPA)

7

An act of Congress that allowed banks, investment firms, and insurance companies to consolidate and also introduced some consumer protections, with one free credit report per year is called ___.

Gramm-Leach-Bliley Act (GLBA)

8

A collection of suggestions and best practices relating to a standard or procedure but doesn't necessarily need to be met but compliance is strongly encouraged is called ___.

Guideline

9

Expanded and updated the civil and criminal penalties and requires notification if any breach causing the disclosure of this occurs is called ___.

Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009

10

Legislation passed in 1996 that protects the privacy and availability of health care information is called ___.

Health Insurance Portability and Accountability Act (HIPAA)

11

This is a standard issued in August 2007 to enforce the standardization of security identification credentials for government employees and contractors. It covers both physical and logical access to government resources is called ___.

Homeland Security Presidential Directive 12 (HSPD 12)

12

A place where the operators vies the data that is received and processed and is connected to a database that gathers information from the RTUs is called ___.

Human machine interface (HMI)

13

Created in 1968 to ensure that the North American energy network is secure, adequate, and reliable and is mostly concerned with the creation of guidelines for strong access controls and processes is called ___.

North American Electric Reliability Council (NERC)

14

An electronic device used in industrial automation to provide logic and sequencing controls for machinery is called ___.

Programmable Logic controllers (PLCs)

15

Any information that concerns health status, health care, or any payment for health care that can be linked to the individual. This includes all of an individual's medical record and payment history is called ___.

Protected health information (PHI)

16

A microprocessor-controlled electronic device that interfaces with objects in the physical world to a distributed control system or SCADA system by transmitting telemetry data to the system and/or altering the state of connected objects based on control messages received from the system is called ___.

Remote terminal unit (RTU)

17

Created to protect investors by improving the accuracy and reliability of corporate financial disclosures is called ___.

Sarbanes-Oxley (SOX) Act of 2002

18

A collection of requirements that must be met by anyone who performs a given task or works on a a specific system is called ___.

Standard

19

Systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities is called ___.

Supervisory Control and Data Acquisition (SCADA) process control systems

20

1. In IT, it is imperative that you keep up to date with regulatory compliance laws.
TRUE OR FALSE

TRUE

21

2. The Gramm-Leach-Blilely Act regulates which industry?
1. Health Care
2. Energy
3. Financial services
4. Automobile
5. Education

Financial services

22

3. A company regulated by GLBA is only required to protect against proven security threats, not perceived threats.
TRUE OR FALSE

FALSE

23

4. HIPAA regulates which industry?
1. Health Care
2. Energy
3. Financial services
4. Automobile
5. Education

Health Care

24

5. Protected health information is interpreted very broadly and includes all of an individual's medical records and payment history?
TRUE OR FALSE

TRUE

25

6. The HIPAA Security Rule requires a set of ___, technical, and physical safeguards to electronic protected health information (EPHI)

Administrative

26

7. The Sarbanes-Oxley Act regulates all ___ companies.

Publicly traded

27

8. The Family Educational Rights and Privacy Act establishes a student's right to know the information, location, and purpose of an educational record.
TRUE OR FALSE

TRUE

28

9. Which regulation defines a standard for electronic records and signatures?
1. Children's Internet Protection Act
2. 21 CFR Part 11
3. HIPAA
4. Sarbanes-Oxley
5. HSPD 12

21 CFR Part 11

29

10. ____ access controls enforce access created by the owner of the object.

Discretionary

30

11. ____ are a collection of suggestions and best practices.

Guidelines