IS3350 CHAPTER 8 Flashcards Preview

CSC 6530 SECOND-TERM > IS3350 CHAPTER 8 > Flashcards

Flashcards in IS3350 CHAPTER 8 Deck (21)
Loading flashcards...
1

A federal government official who independently evaluates the performance of federal agencies. These are independent officials and called ___?

INSPECTOR GENERAL

2

Information technology systems that hold military, defense, and intelligence information is called ___?

NATIONAL SECURITY SYSTEMS

3

A review of how a federal agency's IT systems process personal information. The E-Government Act of 2002 requires Federal agencies to conduct these assessments and is called ___?

PRIVACY IMPACT ASSESSMENT (PIA)

4

Any information about a person that a federal agency maintains. This term is also defined by the Privacy Act of 1974 and is called a ___?

RECORD

5

A federal agency's notice about agency record-keeping systems that can retrieve records through the use of a personal identifies. The Privacy Act of 1974 requires federal agencies to provide these notices. This is called ___?

SYSTEM OF RECORDS NOTICE (SORN)

6

1. Which regulation controls the export of military or defense applications and technology?

1. ITAR
2. EAR
3. OFAC
4. FDIC
5. none of the above

ITAR

7

2. What information must a federal agency include in a privacy impact assessment?

State what information is to be collected;
Why the information is being collected;
The intended use of the information;
How the agency will share the information;
Whether people have the opportunity to consent to specific uses of the info;
How the information will be secured;
Whether the info collected will be a system of records as defined by the Privacy Act of 1974

8

3. The information collected in a PIA and a SORN is based upon what principles?

1. NIST standards
2. OMB standards
3. Fair information privacy practices
4. OTAR regulations
5. None of the above

Fair information privacy practices

9

4. Which assessment must be completed any time a federal agency collects personal information that can be retrieved via a personal identifier?

1. PIA
2. SORN
3. ACORN
4. OFAC
5. None of the above

SORN

10

5. Which agency has primary oversight responsibilities under FISMA?

1. DoD
2. CIA
3. NIST
4. CNSS
5. None of the above

None of the above

11

6. Federal agencies must report information security incidents to ____?

US-CERT

12

7. Federal agencies must test their information security controls every six months.
TRUE OR FALSE

FALSE

13

8. What are federal information security challenges?

1. A culture of merely complying with reporting requirement
2. Lack of an enterprise approach
3. Lack of coordination within the federal government
4. All the above
5. None of the above

1. A culture of merely complying with reporting requirement
2. Lack of an enterprise approach
3. Lack of coordination within the federal government

ALL THE ABOVE

14

9. What is the name of the FISMA data-collection tool?

CyberScope

15

10. Which type of NIST guidance follows a formal creation process?

1. Special Publications
2. Federal Information Processing Standards
3. Guidelines for Information Security
4. Fair information practice principles
5. None of the above

Federal Information Processing Standards

16

11. How many steps are there in the NIST Risk Management Framework?

1. Six
2. Five
3. Four
4. Three
5. None of the above

Six

17

12. Which level of impact for a FIPS security category best describes significant damage to organizational assets?

1. Low
2. Moderate
3. High
4. Severe
5. None of the above

Moderate

18

13. FedCIRC is the federal information security incident center.
TRUE OR FALSE

FALSE

19

14. How quickly must a federal agency report an unauthorized access incident?

1. Monthly
2. Weekly
3. Daily
4. Within two hours of discovery
5. Within one hour of discovery

Within one hour of discovery

20

15. How many categories of security controls are designated in FIPS 200?

1. 20
2. 19
3. 18
4. 17
5. None of the above

17

21

16. The following info is defined as ___?
*State what information is to be collected;
*Why the information is being collected;
*The intended use of the information;
*How the agency will share the information;
*Whether people have the opportunity to consent to specific uses of the info;
*How the information will be secured;
*Whether the info collected will be a system of records as defined by the Privacy Act of 1974

What information a federal agency must include in a privacy impact assessment.