Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITEC85A - Information Assurance AND Security 1 > Lecture 3 > Flashcards

Lecture 3 Flashcards

1
Q

?

rules that mandate or prohibit certain societal behavior

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

?

define socially acceptable behavior

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Ethics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

?

fixed moral attitudes or customs of a particular group; ethics based on these

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Cultural mores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

?

fixed moral attitudes or customs of a particular group; ethics based on these

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Cultural mores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

? carry sanctions of a governing authority; ?? do not

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A
  • Laws
  • Ethics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

?, ??, ???, ????, ?????

(5) Types of Law

Legal, Ethical, and Professional Issues in Information Security

A
  • Civil
  • Criminal
  • Tort
  • Private
  • Public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

?, ??, ???, ????, ?????, ??????

(6) Relevant U.S. Laws (General)

Legal, Ethical, and Professional Issues in Information Security

A
  • Computer Fraud and Abuse Act of 1986 (CFA Act)
  • National Information Infrastructure Protection Act of 1996
  • USA Patriot Act of 2001
  • Telecommunications Deregulation and Competition Act of 1996
  • Communications Decency Act of 1996 (CDA)
  • Computer Security Act of 1987
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

?

One of the hottest topics in information security

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

?

Is a “state of being free from unsanctioned intrusion”

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

?

Ability to aggregate data from multiple sources allows creation of information databases previously unheard of

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

?

Ability to aggregate data from multiple sources allows creation of information databases previously unheard of

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

?, ??, ???, ????, ?????

(5) Privacy of Customer Information

Legal, Ethical, and Professional Issues in Information Security

A
  • Privacy of Customer Information Section of common carrier regulation
  • Federal Privacy Act of 1974
  • Electronic Communications Privacy Act of 1986
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act
  • Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

?, ??

(2) Export and Espionage Laws

Legal, Ethical, and Professional Issues in Information Security

A
  • Economic Espionage Act of 1996 (EEA)
  • Security And Freedom Through Encryption Act of 1999 (SAFE)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

?, ??

Intellectual property recognized as protected asset in the U.S.; ?? extends to electronic formats

Legal, Ethical, and Professional Issues in Information Security

A
  • U.S. Copyright Law
  • copyright law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

?

With proper acknowledgement, permissible to include portions of others’ work as reference

Legal, Ethical, and Professional Issues in Information Security

A

U.S. Copyright Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

?

Allows access to federal agency records or information not determined to be matter of national security

Legal, Ethical, and Professional Issues in Information Security

A

Freedom of Information Act of 1966 (FOIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

?

U.S. government agencies required to disclose any requested information upon receipt of written request. Some information protected from disclosure

Legal, Ethical, and Professional Issues in Information Security

A

Freedom of Information Act of 1966 (FOIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

?

Restrictions on organizational computer technology use exist at international, national, state, local levels

Legal, Ethical, and Professional Issues in Information Security

A

State and Local Regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

? responsible for understanding state regulations and ensuring organization is compliant with regulations

State and Local Regulations

Legal, Ethical, and Professional Issues in Information Security

A

Information security professional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Establishes international task force overseeing Internet security functions for standardized international technology laws

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Attempts to improve effectiveness of international investigations into breaches of technology law

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Lacks realistic provisions for enforcement

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement

Legal, Ethical, and Professional Issues in Information Security

A

Digital Millennium Copyright Act (DMCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data

Legal, Ethical, and Professional Issues in Information Security

A

Digital Millennium Copyright Act (DMCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Makes provisions, to a degree, for information security during information warfare (IW)

Legal, Ethical, and Professional Issues in Information Security

A

United Nations Charter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

?

involves use of information technology to conduct organized and lawful military operations

United Nations Charter

Legal, Ethical, and Professional Issues in Information Security

A

IW (Information Warefare)

28
Q

?

is relatively new type of warfare, although military has been conducting electronic warfare operations for decades

United Nations Charter

Legal, Ethical, and Professional Issues in Information Security

A

IW (Information Warefare)

29
Q

Most organizations develop and formalize a body of expectations called ?

Policy Versus Law

Legal, Ethical, and Professional Issues in Information Security

A

policy

30
Q

?

serve as organizational laws

Policy Versus Law

Legal, Ethical, and Professional Issues in Information Security

A

Policies

31
Q

To be enforceable, ? must be distributed, readily available, easily understood, and acknowledged by employees

Policy Versus Law

Legal, Ethical, and Professional Issues in Information Security

A

policy

32
Q

To be enforceable, ? must be distributed, readily available, easily understood, and acknowledged by employees

Policy Versus Law

Legal, Ethical, and Professional Issues in Information Security

A

policy

33
Q

The ten commandments of Computer Ethics

Ethics and Information Security

Legal, Ethical, and Professional Issues in Information Security

A
  1. Thou shalt not use a computer to harm other people
  2. Thou shalt not interfere with other people’s computer work
  3. Thou shalt not snoop around in other people’s computer files
  4. Thou shalt not use a computer to steal
  5. Thou shalt not use a computer to bear false witness
  6. Thou shalt not copy or use proprietary software for which you have not paid
  7. Thou shalt not use other people’s computer resources without authorization or proper compensation
  8. Thou shalt not appropriate other people’s intellectual output
  9. Thou shalt think about the social consequences of the program you are writing or the system you are designing
  10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans
34
Q

?

create difficulty in determining what is and is not ethical

Ethical Differences Across Cultures

Legal, Ethical, and Professional Issues in Information Security

A

Cultural differences

35
Q

?

arise when one nationality’s ethical behavior conflicts with ethics of another national group

Ethical Differences Across Cultures

Legal, Ethical, and Professional Issues in Information Security

A

Difficulties

36
Q

Overriding factor in leveling ethical perceptions within a small population is ?

Ethics and Education

Legal, Ethical, and Professional Issues in Information Security

A

education

37
Q

Employees must be trained in expected behaviors of an ethical employee, especially in areas of ?

Ethics and Education

Legal, Ethical, and Professional Issues in Information Security

A

information security

38
Q

? vital to creating informed, well prepared, and low risk system user

Ethics and Education

Legal, Ethical, and Professional Issues in Information Security

A

Proper ethical training

39
Q

?

best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls

Deterrence to Unethical and Illegal Behavior

Legal, Ethical, and Professional Issues in Information Security

A

Deterrence

40
Q

?, ??, ???

Laws and policies only deter if three conditions are present

Deterrence to Unethical and Illegal Behavior

Legal, Ethical, and Professional Issues in Information Security

A
  • Fear of penalty
  • Probability of being caught
  • Probability of penalty being administered
41
Q

Several professional organizations have established ?

Codes of Ethics and Professional Organizations

Legal, Ethical, and Professional Issues in Information Security

A

codes of conduct/ethics

42
Q

?

can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations

Codes of Ethics and Professional Organizations

Legal, Ethical, and Professional Issues in Information Security

A

Codes of ethics

43
Q

?

to act ethically and according to policies of employer, professional organization, and laws of society

Codes of Ethics and Professional Organizations

Legal, Ethical, and Professional Issues in Information Security

A

Responsibility of security professionals

44
Q

?

established in 1947 as “the world’s first educational and scientific computing society”

Legal, Ethical, and Professional Issues in Information Security

A

ACM (Association of Computing Machinery)

45
Q

?

contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property

Association of Computing Machinery (ACM)

Legal, Ethical, and Professional Issues in Information Security

A

Code of ethics

46
Q

?

Non-profit organization focusing on development and implementation of information security certifications and credentials

Legal, Ethical, and Professional Issues in Information Security

A

International Information Systems Security Certification Consortium, Inc. (ISC)^2

47
Q

Code primarily designed for information security professionals who have certification from ?

International Information Systems Security Certification Consortium, Inc

Legal, Ethical, and Professional Issues in Information Security

A

(ISC)^2 (International Information Systems Security Certification Consortium, Inc.

48
Q

Code of ethics focuses on four ?

International Information Systems Security Certification Consortium, Inc

Legal, Ethical, and Professional Issues in Information Security

A

mandatory canons

49
Q

?

Professional organization with a large membership dedicated to protection of information and systems

Legal, Ethical, and Professional Issues in Information Security

A

System Administration, Networking, and Security Institute (SANS)

50
Q

SANS offers set of certifications called ?

System Administration, Networking, and Security Institute (SANS)

Legal, Ethical, and Professional Issues in Information Security

A

Global Information Assurance Certification (GIAC)

51
Q

Professional association with focus on auditing, control, and security

Legal, Ethical, and Professional Issues in Information Security

A

Information Systems Audit and Control Association (ISACA)

52
Q

Concentrates on providing IT control practices and standards

Legal, Ethical, and Professional Issues in Information Security

A

Information Systems Audit and Control Association (ISACA)

53
Q

has code of ethics for its professionals

Legal, Ethical, and Professional Issues in Information Security

A

Information Systems Audit and Control Association (ISACA)

54
Q

Provides information and training to support computer, networking, and information security professionals

Legal, Ethical, and Professional Issues in Information Security

A

Computer Security Institute (CSI)

55
Q

Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals

Legal, Ethical, and Professional Issues in Information Security

A

Computer Security Institute (CSI)

56
Q

Nonprofit society of information security (IS) professionals

Legal, Ethical, and Professional Issues in Information Security

A

Information Systems Security Association (ISSA)

57
Q

Primary mission to bring together qualified IS practitioners for information exchange and educational development

Legal, Ethical, and Professional Issues in Information Security

A

Information Systems Security Association (ISSA)

58
Q

Promotes code of ethics similar to (ISC)^2, ISACA and ACM

Legal, Ethical, and Professional Issues in Information Security

A

Information Systems Security Association (ISSA)

59
Q

promotes development and implementation of education, standards, policy and
education to promote the Internet

Other Security Organizations

Legal, Ethical, and Professional Issues in Information Security

A

Internet Society (ISOC)

60
Q

division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals

Other Security Organizations

Legal, Ethical, and Professional Issues in Information Security

A

Computer Security Division (CSD)

61
Q

center of Internet security expertise operated by Carnegie Mellon University

Other Security Organizations(continued)

Legal, Ethical, and Professional Issues in Information Security

A

CERT Coordination Center (CERT/CC)

62
Q

public organization for anyone concerned with impact of computer technology on society

Other Security Organizations(continued)

Legal, Ethical, and Professional Issues in Information Security

A

Computer Professionals for Social Responsibility (CPSR)

63
Q

?, ??, ???, ????

(4) Key U.S. Federal Agencies

Other Security Organizations(continued)

Legal, Ethical, and Professional Issues in Information Security

A
  • Department of Homeland Security (DHS)
  • Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)
  • National Security Agency (NSA)
  • U.S. Secret Service
64
Q

?

is legal obligation of an entity; includes legal obligation to make restitution for wrongs committed

Organizational Liability and the Need for Counsel

Legal, Ethical, and Professional Issues in Information Security

A

Liability

65
Q

Organization increases liability if it refuses to take measures known as ?

Organizational Liability and the Need for Counsel

Legal, Ethical, and Professional Issues in Information Security

A

due care

66
Q

?

requires that an organization make valid effort to protect others and continually maintain that level of effort

Organizational Liability and the Need for Counsel

Legal, Ethical, and Professional Issues in Information Security

A

Due diligence

ITEC85A - Information Assurance AND Security 1 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions