Information Security Chapter 3 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?
answer
Financial Services Modernization Act
question
"Long arm ____________________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems.
answer
Jurisdiction
question
Family law, commercial law, and labor law are all encompassed by ____________________ law.
answer
Private
question
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ____.
answer
By accident
question
The ____________________ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.
answer
USA Patriot or U.S.A Patriot
question
____________________ is the legal obligation of an entity that extends beyond criminal or contract law.
answer
Liability
question
Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?
answer
Singapore
question
____________________ are rules that mandate or prohibit certain behavior in society.
answer
Laws
question
The National Information Infrastructure Protection Act of 1996 modified which Act?
answer
Computer Fraud and Abuse Act
question
The _____________Association is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals.
answer
Information Systems Audit and Control or ISACA
question
Laws and policies and their associated penalties only deter if which of the following conditions is present?
answer
Probability of penalty being administered, Probability of being caught, and Fear of penalty
question
____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
answer
Public
question
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
answer
Fraud
question
The ____________________ Act of 1996 attempts to prevent trade secrets from being illegally shared.
answer
Economic Espionage
question
____ law comprises a wide variety of laws that govern a nation or state.
answer
Civil
question
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
answer
Electronic Communications Privacy Act
question
What is the subject of the Computer Security Act?
answer
Federal Agency Information Security
question
Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is ____________________.
answer
Education
question
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes.
answer
Marketing
question
____________________ are the fixed moral attitudes or customs of a particular group.
answer
Cultural Mores
question
The _________ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
answer
DMCA or Digital Millennium Copyright Act
question
Criminal or unethical ____ goes to the state of mind of the individual performing the act.
answer
Intent
question
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
answer
Health Insurance
question
The _______________ manages a body of knowledge on information security and administers and evaluates examinations for information security certifications.
answer
International Information Systems Security Certification Consortium, Inc. (ISC)
question
Software license infringement is also often called software ____________________.
answer
Piracy
question
____ defines stiffer penalties for prosecution of terrorist crimes.
answer
USA Patriot Act
question
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____.
answer
To Harass
question
The ______________________________ contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies.
answer
Financial Services Modernization or Gramm-Leach-Bliley Act of 1999)
question
The ____________________ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies.
answer
Sarbanes-Oxley
question
The ____________ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications.
answer
Electronic Communications Privacy
question
The low overall degree of tolerance for ____________________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts.
answer
Illicit
question
____ attempts to prevent trade secrets from being illegally shared.
answer
Economic Espionage Act
question
The _________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security.
answer
Freedom of Information
question
____________________ information is created by combining pieces of non-private data—often collected during software updates, and via cookies—that when combined may violate privacy.
answer
Aggregate
question
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?
answer
Computer Fraud and Abuse Act
question
The ___________ is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society."
answer
Association of Computing Machinery
question
What is the subject of the Sarbanes-Oxley Act?
answer
Financial Reporting
question
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
answer
Security and Freedom through Encryption Act
question
Guidelines that describe acceptable and unacceptable employee behaviors in the workplace are known as ____________________.
answer
Policies
question
The Council of Europe adopted the Convention of Cybercrime in ____.
answer
2001
question
The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC.
answer
False
question
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.
answer
True
question
Every state has implemented uniform laws and regulations placed on organizational use of computer technology.
answer
False
question
In 1995 the Directive 95/46/EC was adopted by the European Union.
answer
True
question
The U.S. Secret Service is a department within the Department of the Interior.
answer
False
question
DHS is made up of three directorates.
answer
False
question
Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBI's Cleveland Field Office and local technology professionals.
answer
True
question
The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not.
answer
False
question
Ethics define socially acceptable behaviors.
answer
True
question
The code of ethics put forth by (ISC)2 focuses on four mandatory canons: "Protect society, the commonwealth, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession.".
answer
True
question
Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort.
answer
False
question
The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage.
answer
True
question
The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about national security.
answer
False
question
Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group.
answer
True
question
Privacy is not absolute freedom from observation, but rather is a more precise "state of being free from unsanctioned intrusion."
answer
True
question
The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms.
answer
False
question
Civil law addresses activities and conduct harmful to society and is actively enforced by the state.
answer
False
question
Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April 2010.
answer
False
question
The Information Systems Security Association (ISSA) is a nonprofit society of information security professionals whose primary mission is to bring together qualified information security practitioners for information exchange and educational development.
answer
True
question
Deterrence can prevent an illegal or unethical activity from occurring.
answer
True
question
The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, the resources.
answer
False
question
The communications networks of the United States carry more funds than all of the armored cars in the world combined.
answer
True
question
The NSA is responsible for signal intelligence and information system security.
answer
True
question
Studies have reported that the Pacific Rim countries of Singapore and Hong Kong are hotbeds of software piracy.
answer
True
question
Cultural differences can make it easy to determine what is and is not ethical—especially when it comes to the use of computers.
answer
False
question
The Federal Bureau of Investigation's National InfraGard Program serves its members in four basic ways: Maintains an intrusion alert network using encrypted e-mail; Maintains a secure Web site for communication about suspicious activity or intrusions; Sponsors local chapter activities; Operates a help desk for questions.
answer
True
question
HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information.
answer
False
question
The difference between a policy and a law is that ignorance of a law is an acceptable defense.
answer
False
question
In a study on software licence infringement, those from United States were significantly more permissive.
answer
False
question
The Association for Computing Machinery and the Information Systems Security Association have the authority to banish violators of their ethical standards from practicing their trade.
answer
False
question
Intellectual privacy is recognized as a protected asset in the United States.
answer
False
question
There are four general causes of unethical and illegal behavior.
answer
False
question
The Secret Service is charged with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
answer
True
question
The Department of Homeland Security was created in 1999.
answer
False
question
The Clipper Chip can be used to monitor or track private communications.
answer
True