NT2580 Chapter 15 – Flashcards
Unlock all answers in this set
Unlock answersquestion
An addressable implementation specification under HIPAA must be used if it's ________.
answer
Reason and appropriate
question
What elements must a written GLBA information security program include?
answer
All of the Above
question
What types of companies must follow all Sarbanes-Oxley Act provisions?
answer
Public
question
CIPA requires a library to be able to disable the TPM for some situations.
answer
True
question
What law governs the release of student information?
answer
FERPA
question
What is the maximum yearly fine for a violation of the HIPAA Privacy or Security Rule?
answer
$1.5 million
question
The U.S. has one comprehensive data protection law.
answer
False
question
What must an educational institution get prior to releasing student personal information to a third party?
answer
Written consent
question
Who is considered a "minor" under CIPA?
answer
Anyone under the age of 17
question
What is personally identifiable information?
answer
Data that can be used to individually identify a person. It includes Social Security numbers, driver's license, financial account data, and health data.
question
FISMA requires federal agencies to test their information security controls every six months.
answer
False
question
What is the main goal of the Sarbanes-Oxley Act?
answer
To protect shareholders and investors from financial fraud. SOX also was designed to restore investor faith in American stock markets
question
What option must be included in a GLBA privacy practices notice?
answer
Opt out
question
A HIPAA breach is a breach of ________ PHI.
answer
Unsecured
question
How many steps are there in the NIST Risk Management Framework?
answer
Six
