This document contains a quiz on ethics, laws, and compliance related to information security. It covers topics such as different types of laws (e.g. civil law, criminal law), frameworks for ethics (e.g. normative ethics, applied ethics), specific laws and acts (e.g. Computer Security Act, Electronic Communications Privacy Act), and definitions of key compliance-related terms (e.g. deterrence, jurisdiction). The quiz contains 50 multiple choice questions to test understanding of these concepts.
Sharing with you my dear readers who may find it useful.
Feel free to connect with me at maxermesilliam@gmail.com.
P/S: taken the insurance exam but has yet to practice as an insurance agent.
This lecture includes detail about ethical hacking profession, there jobs description, responsibilities duties and skills required to excel in their field.
Title: CyberSecurity with OpenSource.
In the talk Sergio will demonstrate that you do not need a big budget to protect you organization.
OpenSource can be the ansawer to reduce the risk of a cyberattack. Firewalls, IDS, Network Monitoring, traing a testing resources are some of the topics on this talk. This time Sérgio promizes that he will not bring a cat photo!
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
Course is designed for those who are willing to write ISC2 CC (Certified in Cybersecurity) exam and not sure where to start and how to move forward.
Course is designed in two parts, this is part 2 which focuses on each of the ISC2 CC domain. At the end of the course , it suggest the additional reference study that could help to pass the exam in first attempt. Part 1 is focused more on course outline, exam registration using free vouchers & necessary precautions to avoid exam day issues.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
Sharing with you my dear readers who may find it useful.
Feel free to connect with me at maxermesilliam@gmail.com.
P/S: taken the insurance exam but has yet to practice as an insurance agent.
This lecture includes detail about ethical hacking profession, there jobs description, responsibilities duties and skills required to excel in their field.
Title: CyberSecurity with OpenSource.
In the talk Sergio will demonstrate that you do not need a big budget to protect you organization.
OpenSource can be the ansawer to reduce the risk of a cyberattack. Firewalls, IDS, Network Monitoring, traing a testing resources are some of the topics on this talk. This time Sérgio promizes that he will not bring a cat photo!
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
Course is designed for those who are willing to write ISC2 CC (Certified in Cybersecurity) exam and not sure where to start and how to move forward.
Course is designed in two parts, this is part 2 which focuses on each of the ISC2 CC domain. At the end of the course , it suggest the additional reference study that could help to pass the exam in first attempt. Part 1 is focused more on course outline, exam registration using free vouchers & necessary precautions to avoid exam day issues.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Statement of Michelle Richardson, Director, Privacy & Data
Center for Democracy & Technology
before the
United States Senate Committee on the Judiciary
GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation
March 12, 2019
On behalf of the Center for Democracy & Technology (CDT), thank you for the
opportunity to testify about the importance of crafting a federal consumer privacy law that
provides meaningful protections for Americans and clarity for entities of all sizes and sectors.
CDT is a nonpartisan, nonprofit 501(c)(3) charitable organization dedicated to advancing the
rights of the individual in the digital world. CDT is committed to protecting privacy as a
fundamental human and civil right and as a necessity for securing other rights such as access to
justice, equal protection, and freedom of expression. CDT has offices in Washington, D.C., and
Brussels, and has a diverse funding portfolio from foundation grants, corporate donations, and
individual donations.1
The United States should be leading the way in protecting digital civil rights. This hearing
is an opportunity to learn how Congress can improve upon the privacy frameworks offered in
the European Union via the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) to craft a comprehensive privacy law that works for the U.S. Our
digital future should be one in which technology supports human rights and human dignity. This
future cannot be realized if people are forced to choose between protecting their personal
information and using the technologies and services that enhance our lives. This future depends
on clear and meaningful rules governing data processing; rules that do not simply provide
1 All donations over $1,000 are disclosed in our annual report and are available online at:
https://cdt.org/financials/.
2
people with notices and check boxes but actually protect them from privacy and security
abuses and data-driven discrimination; protections that cannot be signed away.
Congress should resist the narratives that innovative technologies and strong privacy
protections are fundamentally at odds, and that a privacy law would necessarily cement the
market dominance of a few large companies. Clear and focused privacy rules can help
companies of all sizes gain certainty with respect to appropriate and inappropriate uses of data.
Clear rules will also empower engineers and product managers to design for privacy on the
front end, rather than having to wait for a public privacy scandal to force the rollback of a
product or data practice.
We understand that drafting comprehensive privacy legislation is a complex endeavor.
Over the past year we have worked with partners in civil societ.
What are the two types of criminal prohibitions under the Economic E.pdfamirajsharma
What are the two types of criminal prohibitions under the Economic Espionage Act?
Question 59 options:
1831 (theft of trade secrets to benefit a foreign government, instrumentality, or agent).
1832 (theft of trade secrets to benefit anyone other than the owner).
1831 (theft of trade secrets to benefit anyone other than the owner).
1832 (theft of trade secrets to benefit a foreign government, instrumentality, or agent).
Which agency has the lead responsibility for protecting the cybersecurity of civilian U.S.
networks?
Question 61 options:
Central Intelligence Agency.
Federal Bureau of Investigation.
National Security Agency.
The Cybersecurity and Infrastructure Security Agency, within the Department of Homeland
Security.
Under PPD 41, which agency has the lead for threat response after a cybersecurity incident?
Question 62 options:
National Aeronautics and Space Administration.
National Security Agency.
Justice Department.
Federal Bureau of Investigation.
Under PPD 41, which agency has the lead for asset response after a cybersecurity incident?
Question 63 options:
Department of Homeland Security.
Justice Department.
Federal Bureau of Investigation.
Central Intelligence Agency.
Under PPD 41, which agency has the lead for intelligence support and related activities after a
cybersecurity incident?
Question 64 options:
Central Intelligence Agency.
Office of Director of National Intelligence.
Department of Homeland Security.
Justice Department.
What are the four key pillars of the Trump Administration's National Cyber Strategy?
Question 65 options:
Defend cyber sovereignty ensuring each country has the right to police the internet within their
own boarders.
Preserve peace and security by strengthening the ability of the United Statesin concert with allies
and partnersto deter and, if necessary, punish those who use cyber tools for malicious purposes.
Expand American influence abroad to extend the key tenets of an open, interoperable, reliable,
and secure internet.
Promote American prosperity by nurturing a secure, thriving digital economy and fostering
strong domestic innovation.
Defend the American energy grids by filling the gas reserves.
Defend the homeland by protecting networks, systems, functions, and data.
The Cybersecurity Act of 2015 allows companies to share; cyber threat indicators and defensive
measures, for cybersecurity purposes.
Question 66 options:
Do "defensive measures" as authorized by the Cybersecurity Act of 2015 include hacking back?
Question 67 options:
Yes.
No.
What are the five main principles of the NIST Cybersecurity Framework?
Question 68 options:
Encrypt.
Identify.
Protect.
Recover.
Detect.
Respond.
Locate.
Anonymize.
Reboot.
Prevent.
Which federal agency serves as the general data security regulator in the United States?
Question 1 options:
Although the United States does not formally have a general data security or privacy regulator,
the Federal Trade Commission effectively serves in that role under its authority in.
Unveiling the Layers of Criminal Justice: Components and Challengesassignmentcafe1
Join us as we delve into the complex world of criminal justice, exploring its various components and the challenges they face. In this insightful presentation, we will peel back the layers of the criminal justice system, shedding light on its key elements and the obstacles that hinder its effectiveness.
In this presentation, we will start by providing an overview of the criminal justice system and its main components, including law enforcement, judiciary, and corrections. Gain a deeper understanding of how these components work together to maintain public safety, ensure justice, and rehabilitate offenders.
We will explore the challenges faced by law enforcement agencies in maintaining law and order. Discuss issues such as limited resources, changing crime patterns, community relations, and the use of technology in crime prevention and investigation. Understand the delicate balance between protecting civil liberties and ensuring public safety.
Next, we will examine the judiciary and its role in the criminal justice process. Explore the challenges related to the fair and impartial administration of justice, including case backlogs, judicial discretion, access to legal representation, and the ongoing need for judicial reforms. Discuss the importance of upholding due process and procedural fairness.
We will also delve into the challenges and controversies surrounding corrections, including incarceration rates, prison overcrowding, rehabilitation programs, and the reintegration of offenders into society. Discuss alternative sentencing approaches, restorative justice practices, and the need for effective prisoner rehabilitation and reentry programs.
Throughout the presentation, we will address the intersecting issues of racial and social disparities within the criminal justice system. Explore the impact of bias, discrimination, and systemic inequalities on various stages of the criminal justice process, and discuss initiatives aimed at promoting equity and fairness.
Whether you are a student, practitioner, or concerned citizen, this presentation will provide valuable insights into the layers of the criminal justice system and the challenges it faces. Join us as we unravel the complexities, engage in thought-provoking discussions, and explore strategies for a more effective and equitable criminal justice system.
U.S. INTELLECTUAL PROPERTY
ENFORCEMENT COORDINATOR
ANNUAL REPORT ON
INTELLECTUAL PROPERTY
ENFORCEMENT
COVER TITLE HERE
FEBRUARY 2 01 2
CONSUMER DATA PRIVACY
IN A NETWORKED WORLD:
A FRAMEWORK FOR PROTECTING
PRIVACY AND PROMOTING INNOVATION
IN THE GLOBAL DIGITAL ECONOMY
U.S. INTELLECTUAL PROPERTY
ENFORCEMENT COORDINATOR
ANNUAL REPORT ON
INTELLECTUAL PROPERTY
ENFORCEMENT
COVER TITLE HERE
FEBRUARY 2 01 2
CONSUMER DATA PRIVACY
IN A NETWORKED WORLD:
A FRAMEWORK FOR PROTECTING
PRIVACY AND PROMOTING INNOVATION
IN THE GLOBAL DIGITAL ECONOMY
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
When stars align: studies in data quality, knowledge graphs, and machine lear...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
1. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 1
1. Ethics carry the sanction of a governing authority.
a. True
b. False
ANSWER: False
2. The Secret Service is charged with the detection and arrest of any person committing a U.S. federaloffense relating to
computer fraud, as well as false identification crimes.
a. True
b. False
ANSWER: True
3. Deterrence is the best method for preventing an illegal or unethical activity. ____________
ANSWER: True
4. ISACA is a professional association with a focus on authorization, control, and security. ___________
ANSWER: False - auditing
5. Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________
ANSWER: True
6. The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act of 1999) contains a
number of provisions that affect banks, securities firms, and insurance companies. ___________
ANSWER: True
7. It is the responsibility of InfoSec professionals to understand state laws and standards. ____________
ANSWER: False - regulations
8. InfraGard began as a cooperative effort between the FBI’s Cleveland field office and local intelligence professionals.
___________
ANSWER: False - technology
9. Information ambiguation occurs when pieces of non-private data are combined to create information that violates
privacy. _________________________
ANSWER: False - aggregation
10. To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in
1996. ___________
ANSWER: False - Economic
11. A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a
specified type of loss of information. ____________
ANSWER: False - breach
12. Which subset of civil law regulates the relationships among individuals and among individuals
and organizations?
a. tort b. criminal
2. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 2
c. private d. public
ANSWER: c
13. Which law addresses privacy and security concerns associated with the electronic transmission of PHI?
a. USA Patriot Act of 2001
b. American Recovery and Reinvestment Act
c. Health Information Technology for Economic and Clinical Health Act
d. National Information Infrastructure Protection Act of 1996
ANSWER: c
14. The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether
the offense is judged to have been committed for one of the following reasons except which of the following?
a. For purposes of commercial advantage
b. For private financial gain
c. For political advantage
d. In furtherance of a criminal act
ANSWER: c
15. Which law requires mandatory periodic training in computer security awareness and accepted computer security
practice for all employees who are involved with the management, use, or operation of each federalcomputer system?
a. The Telecommunications Deregulation and Competition Act
b. National Information Infrastructure Protection Act
c. Computer Fraud and Abuse Act
d. The Computer Security Act
ANSWER: d
16. Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications?
a. The Electronic Communications Privacy Act of 1986
b. The Telecommunications Deregulation and Competition Act of 1996
c. National Information Infrastructure Protection Act of 1996
d. Federal Privacy Act of 1974
ANSWER: a
17. Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this
information, as well as policies and procedures to maintain them?
a. ECPA
b. Sarbanes-Oxley
c. HIPAA
d. Gramm-Leach-Bliley
ANSWER: c
18. Which law extends protection to intellectual property, which includes words published in electronic formats?
a. Freedom of Information Act b. U.S. Copyright Law
c. Security and Freedom through Encryption Act d. Sarbanes-Oxley Act
3. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 3
ANSWER: b
19. Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the
rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics?
a. Applied ethics b. Meta-ethics
c. Normative ethics d. Deontological ethics
ANSWER: d
20. Which of the following is an international effort to reduce the impact of copyright, trademark,
and privacy infringement, especially via the removal of technological copyright protection measures?
a. U.S. Copyright Law
b. PCI DSS
c. European Council Cybercrime Convention
d. DMCA
ANSWER: d
21. Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past;
attempting to answer the question, what do others think is right?
a. Applied ethics b. Descriptive ethics
c. Normative ethics d. Deontological ethics
ANSWER: b
22. Which ethical standard is based on the notion that life in community yields a positive outcome for the individual,
requiring each individual to contribute to that community?
a. utilitarian b. virtue
c. fairness or justice d. common good
ANSWER: d
23. There are three generalcategories of unethical behavior that organizations and society should seek to eliminate. Which
of the following is NOT one of them?
a. ignorance b. malice
c. accident d. intent
ANSWER: b
24. Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws,
policies and technical controls.
a. remediation b. deterrence
c. persecution d. rehabilitation
ANSWER: b
25. Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have
earned their certifications? The code includes the canon: Provide diligent and competent service to principals.
a. (ISC)2 b. ACM
c. SANS d. ISACA
ANSWER: a
4. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 4
26. Which of the following is compensation for a wrong committed by an employee acting with or without authorization?
a. liability b. restitution
c. due diligence d. jurisdiction
ANSWER: b
27. Any court can impose its authority over an individual or organization if it can establish which of the following?
a. jurisprudence b. jurisdiction
c. liability d. sovereignty
ANSWER: b
28. ___________________ is a subset of civil law that allows individuals to seek redress in the event of personal,
physical, or financial injury.
ANSWER: tort law
29. Ethics are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal
group.
ANSWER: cultural mores
30. An organization increases its _____________ if it refuses to take measures—due care—to make sure that every
employee knows what is acceptable and what is not, and the consequences of illegal or unethical actions.
ANSWER: liability
31. Information ____________ occurs when pieces of non-private data are combined to create information that violates
privacy.
ANSWER: aggregation
32. The act of attempting to prevent an unwanted action by threatening punishment or retaliation on the instigator if the
act takes place is known as ___________.
ANSWER: deterrence
33. The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment is known as
___________.
ANSWER: ethics
34. Briefly describe five different types of laws.
ANSWER: 1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and
organizations.
2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state.
3. Tort law is a subset of civil law which allows individuals to seek recourse against others in the event of
personal, physical, or financial injury.
4. Private law regulates the relationships among individuals and among individuals and organizations, and
encompasses family law, commercial law, and labor law.
5. Public law regulates the structure and administration of government agencies and their relationships with
citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional
law.
35. Discuss the three general categories of unethical behavior that organizations should try to control.
5. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 5
ANSWER: Ignorance:
Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence
is education. Organizations must design, publish, and disseminate organizational policies and relevant laws,
and employees must explicitly agree to abide by them. Reminders, training, and awareness programs support
retention, and one hopes, compliance.
Accident:
Individuals with authorization and privileges to manage information within the organization have the greatest
opportunity to cause harm or damage by accident. The carefulplacement of controls can help prevent
accidental modification to systems and data.
Intent:
Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal
defense can be built upon whether or not the accused acted out of ignorance, by accident, or with the intent to
cause harm or damage. Deterring those with criminal intent is best done by means of litigation, prosecution,
and technical controls. Intent is only one of severalfactors to consider when determining whether a computer-
related crime has occurred.
36. Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions?
ANSWER: Fear of penalty—Threats of informal reprimand or verbal warnings may not have the same impact as the threat
of imprisonment or forfeiture of pay.
Probability of being caught—There must be a strong possibility that perpetrators of illegal or unethical acts
will be caught.
Probability of penalty being administered—The organization must be willing and able to impose the penalty.
37. What is the key difference between law an ethics?
ANSWER: The key difference between law and ethics is that law carries the sanction of a governing authority and ethics
do not.
38. The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the
information obtained and whether the offense is judged to have been committed for one of three reasons. What are those
reasons?
ANSWER: For purposes of commercial advantage
For private financial gain
In furtherance of a criminal act
39. The Computer Security Act charges the National Bureau of Standards, in cooperation with the National Security
Agency (NSA), with the development of five standards and guidelines establishing minimum acceptable security
practices. What are three of these principles?
ANSWER: Standards, guidelines, and associated methods and techniques for computer systems
Uniform standards and guidelines for most federal computer systems
Technical, management, physical, and administrative standards and guidelines for the cost-effective security
and privacy of sensitive information in federal computer systems
Guidelines for use by operators of federalcomputer systems that contain sensitive information
in training their employees in security awareness and accepted security practice
Validation procedures for, and evaluation of the effectiveness of, standards and guidelines
through research and liaison with other government and private agencies
40. Describe the Freedom of Information Act. How does its application apply to federalvs. state agencies?
ANSWER: All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested
in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three
exclusions contained in the statute. FOIA applies only to federalagencies and does not create a right of access
6. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 6
to records held by Congress, the courts, or by state or local government agencies. Each state has its own public
access laws that should be consulted for access to state and local records.
41. A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to
assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear
of legal retribution?
ANSWER: Policies must be:
Distributed to all individuals who are expected to comply with them
Read by all employees
Understood by all employees, with multilingual translations and translations for visually impaired or low-
literacy employees
Acknowledged by the employee, usually by means of a signed consent form
Uniformly enforced, with no special treatment for any group (e.g., executives)
42. Describe three of the five foundations and frameworks of ethics.
ANSWER: Normative ethics—The study of what makes actions right or wrong, also known as moral theory—that is, how
should people act?
Meta-ethics—The study of the meaning of ethical judgments and properties—that is, what is right?
Descriptive ethics—The study of the choices that have been made by individuals in the past—that is, what do
others think is right?
Applied ethics—An approach that applies moral codes to actions drawn from realistic situations; it seeks to
define how we might use ethics in practice.
Deontological ethics—The study of the rightness or wrongness of intentions and motives as opposed to the
rightness or wrongness of the consequences; also known as dutybased or obligation-based ethics. This
approach seeks to define a person’s ethical duty.
a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Act
g. normative ethics
h. applied ethics
43. one of the first attempts to protect federalcomputer systems by establishing minimum acceptable security practices
ANSWER: d
44. focuses on enhancing the security of the critical infrastructure in the United States
ANSWER: f
45. an approach that applies moral codes to actions drawn from realistic situations
ANSWER: h
46. a collection of statutes that regulates the interception of wire, electronic, and oral communications
7. Name: Class: Date:
Chapter 02: Compliance: Law and Ethics
Copyright Cengage Learning. Powered by Cognero. Page 7
ANSWER: e
47. regulates the structure and administration of government agencies and their relationships with citizens, employees, and
other governments
ANSWER: b
48. the study of what makes actions right or wrong, also known as moral theory
ANSWER: g
49. addresses violations harmful to society and is actively enforced and prosecuted by the state
ANSWER: a
50. defines socially acceptable behaviors
ANSWER: c