SlideShare a Scribd company logo

Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Download as DOCX, PDF
H
husseinalshomali

This document contains a quiz on ethics, laws, and compliance related to information security. It covers topics such as different types of laws (e.g. civil law, criminal law), frameworks for ethics (e.g. normative ethics, applied ethics), specific laws and acts (e.g. Computer Security Act, Electronic Communications Privacy Act), and definitions of key compliance-related terms (e.g. deterrence, jurisdiction). The quiz contains 50 multiple choice questions to test understanding of these concepts.

Technology
1 of 7
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 1 1. Ethics carry the sanction of a governing authority. a. True b. False ANSWER: False 2. The Secret Service is charged with the detection and arrest of any person committing a U.S. federaloffense relating to computer fraud, as well as false identification crimes. a. True b. False ANSWER: True 3. Deterrence is the best method for preventing an illegal or unethical activity. ____________ ANSWER: True 4. ISACA is a professional association with a focus on authorization, control, and security. ___________ ANSWER: False - auditing 5. Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________ ANSWER: True 6. The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act of 1999) contains a number of provisions that affect banks, securities firms, and insurance companies. ___________ ANSWER: True 7. It is the responsibility of InfoSec professionals to understand state laws and standards. ____________ ANSWER: False - regulations 8. InfraGard began as a cooperative effort between the FBI’s Cleveland field office and local intelligence professionals. ___________ ANSWER: False - technology 9. Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy. _________________________ ANSWER: False - aggregation 10. To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996. ___________ ANSWER: False - Economic 11. A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information. ____________ ANSWER: False - breach 12. Which subset of civil law regulates the relationships among individuals and among individuals and organizations? a. tort b. criminal
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 2 c. private d. public ANSWER: c 13. Which law addresses privacy and security concerns associated with the electronic transmission of PHI? a. USA Patriot Act of 2001 b. American Recovery and Reinvestment Act c. Health Information Technology for Economic and Clinical Health Act d. National Information Infrastructure Protection Act of 1996 ANSWER: c 14. The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following? a. For purposes of commercial advantage b. For private financial gain c. For political advantage d. In furtherance of a criminal act ANSWER: c 15. Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federalcomputer system? a. The Telecommunications Deregulation and Competition Act b. National Information Infrastructure Protection Act c. Computer Fraud and Abuse Act d. The Computer Security Act ANSWER: d 16. Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications? a. The Electronic Communications Privacy Act of 1986 b. The Telecommunications Deregulation and Competition Act of 1996 c. National Information Infrastructure Protection Act of 1996 d. Federal Privacy Act of 1974 ANSWER: a 17. Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them? a. ECPA b. Sarbanes-Oxley c. HIPAA d. Gramm-Leach-Bliley ANSWER: c 18. Which law extends protection to intellectual property, which includes words published in electronic formats? a. Freedom of Information Act b. U.S. Copyright Law c. Security and Freedom through Encryption Act d. Sarbanes-Oxley Act
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 3 ANSWER: b 19. Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics? a. Applied ethics b. Meta-ethics c. Normative ethics d. Deontological ethics ANSWER: d 20. Which of the following is an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures? a. U.S. Copyright Law b. PCI DSS c. European Council Cybercrime Convention d. DMCA ANSWER: d 21. Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right? a. Applied ethics b. Descriptive ethics c. Normative ethics d. Deontological ethics ANSWER: b 22. Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community? a. utilitarian b. virtue c. fairness or justice d. common good ANSWER: d 23. There are three generalcategories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them? a. ignorance b. malice c. accident d. intent ANSWER: b 24. Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls. a. remediation b. deterrence c. persecution d. rehabilitation ANSWER: b 25. Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals. a. (ISC)2 b. ACM c. SANS d. ISACA ANSWER: a
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 4 26. Which of the following is compensation for a wrong committed by an employee acting with or without authorization? a. liability b. restitution c. due diligence d. jurisdiction ANSWER: b 27. Any court can impose its authority over an individual or organization if it can establish which of the following? a. jurisprudence b. jurisdiction c. liability d. sovereignty ANSWER: b 28. ___________________ is a subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury. ANSWER: tort law 29. Ethics are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal group. ANSWER: cultural mores 30. An organization increases its _____________ if it refuses to take measures—due care—to make sure that every employee knows what is acceptable and what is not, and the consequences of illegal or unethical actions. ANSWER: liability 31. Information ____________ occurs when pieces of non-private data are combined to create information that violates privacy. ANSWER: aggregation 32. The act of attempting to prevent an unwanted action by threatening punishment or retaliation on the instigator if the act takes place is known as ___________. ANSWER: deterrence 33. The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment is known as ___________. ANSWER: ethics 34. Briefly describe five different types of laws. ANSWER: 1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations. 2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state. 3. Tort law is a subset of civil law which allows individuals to seek recourse against others in the event of personal, physical, or financial injury. 4. Private law regulates the relationships among individuals and among individuals and organizations, and encompasses family law, commercial law, and labor law. 5. Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law. 35. Discuss the three general categories of unethical behavior that organizations should try to control.
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 5 ANSWER: Ignorance: Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is education. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them. Reminders, training, and awareness programs support retention, and one hopes, compliance. Accident: Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. The carefulplacement of controls can help prevent accidental modification to systems and data. Intent: Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built upon whether or not the accused acted out of ignorance, by accident, or with the intent to cause harm or damage. Deterring those with criminal intent is best done by means of litigation, prosecution, and technical controls. Intent is only one of severalfactors to consider when determining whether a computer- related crime has occurred. 36. Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions? ANSWER: Fear of penalty—Threats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay. Probability of being caught—There must be a strong possibility that perpetrators of illegal or unethical acts will be caught. Probability of penalty being administered—The organization must be willing and able to impose the penalty. 37. What is the key difference between law an ethics? ANSWER: The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not. 38. The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the information obtained and whether the offense is judged to have been committed for one of three reasons. What are those reasons? ANSWER: For purposes of commercial advantage For private financial gain In furtherance of a criminal act 39. The Computer Security Act charges the National Bureau of Standards, in cooperation with the National Security Agency (NSA), with the development of five standards and guidelines establishing minimum acceptable security practices. What are three of these principles? ANSWER: Standards, guidelines, and associated methods and techniques for computer systems Uniform standards and guidelines for most federal computer systems Technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in federal computer systems Guidelines for use by operators of federalcomputer systems that contain sensitive information in training their employees in security awareness and accepted security practice Validation procedures for, and evaluation of the effectiveness of, standards and guidelines through research and liaison with other government and private agencies 40. Describe the Freedom of Information Act. How does its application apply to federalvs. state agencies? ANSWER: All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute. FOIA applies only to federalagencies and does not create a right of access
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 6 to records held by Congress, the courts, or by state or local government agencies. Each state has its own public access laws that should be consulted for access to state and local records. 41. A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear of legal retribution? ANSWER: Policies must be: Distributed to all individuals who are expected to comply with them Read by all employees Understood by all employees, with multilingual translations and translations for visually impaired or low- literacy employees Acknowledged by the employee, usually by means of a signed consent form Uniformly enforced, with no special treatment for any group (e.g., executives) 42. Describe three of the five foundations and frameworks of ethics. ANSWER: Normative ethics—The study of what makes actions right or wrong, also known as moral theory—that is, how should people act? Meta-ethics—The study of the meaning of ethical judgments and properties—that is, what is right? Descriptive ethics—The study of the choices that have been made by individuals in the past—that is, what do others think is right? Applied ethics—An approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice. Deontological ethics—The study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as dutybased or obligation-based ethics. This approach seeks to define a person’s ethical duty. a. criminal law b. public law c. ethics d. Computer Security Act (CSA) e. Electronic Communications Privacy Act f. Cybersecurity Act g. normative ethics h. applied ethics 43. one of the first attempts to protect federalcomputer systems by establishing minimum acceptable security practices ANSWER: d 44. focuses on enhancing the security of the critical infrastructure in the United States ANSWER: f 45. an approach that applies moral codes to actions drawn from realistic situations ANSWER: h 46. a collection of statutes that regulates the interception of wire, electronic, and oral communications
Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 7 ANSWER: e 47. regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments ANSWER: b 48. the study of what makes actions right or wrong, also known as moral theory ANSWER: g 49. addresses violations harmful to society and is actively enforced and prosecuted by the state ANSWER: a 50. defines socially acceptable behaviors ANSWER: c

Recommended

Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
husseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
husseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
husseinalshomali
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_risk
husseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_risk
husseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencies
husseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
husseinalshomali
 

Recommended

Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
husseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
husseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
husseinalshomali
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_risk
husseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_risk
husseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencies
husseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
husseinalshomali
 
Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
husseinalshomali
 
2016 Licensing exam-1.docx
2016 Licensing exam-1.docx2016 Licensing exam-1.docx
2016 Licensing exam-1.docx
RBGroup
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
Siphamandla9
 
Answered national council exam mixed 1-2.docx
Answered national council exam mixed 1-2.docxAnswered national council exam mixed 1-2.docx
Answered national council exam mixed 1-2.docx
RBGroup
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
BEd Multiple choice questions 205-17 Biology Set- 4
BEd Multiple choice questions 205-17 Biology Set- 4BEd Multiple choice questions 205-17 Biology Set- 4
BEd Multiple choice questions 205-17 Biology Set- 4
Rajashri Bhairamadgi
 
Physiology
PhysiologyPhysiology
Physiology
Dr.Faisal Ahmed Yousafzai
 
PCE Sample Exam_4
PCE Sample Exam_4PCE Sample Exam_4
PCE Sample Exam_4
Max Lee
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - FlierSunit Belapure
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Saqib Raza
 
Sergio Silva - CyberS3c - OSL19
Sergio Silva - CyberS3c - OSL19Sergio Silva - CyberS3c - OSL19
Sergio Silva - CyberS3c - OSL19
marketingsyone
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
ETAS_MCQ_01 structures of skin
ETAS_MCQ_01 structures of skinETAS_MCQ_01 structures of skin
ETAS_MCQ_01 structures of skinDerma202
 
900.gen.ed final coaching
900.gen.ed final coaching900.gen.ed final coaching
900.gen.ed final coaching
Arneyo
 
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docxEXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
RBGroup
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Review questions
Review questionsReview questions
Review questionsAnura Kumara
 

More Related Content

What's hot

Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
husseinalshomali
 
2016 Licensing exam-1.docx
2016 Licensing exam-1.docx2016 Licensing exam-1.docx
2016 Licensing exam-1.docx
RBGroup
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
Siphamandla9
 
Answered national council exam mixed 1-2.docx
Answered national council exam mixed 1-2.docxAnswered national council exam mixed 1-2.docx
Answered national council exam mixed 1-2.docx
RBGroup
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
BEd Multiple choice questions 205-17 Biology Set- 4
BEd Multiple choice questions 205-17 Biology Set- 4BEd Multiple choice questions 205-17 Biology Set- 4
BEd Multiple choice questions 205-17 Biology Set- 4
Rajashri Bhairamadgi
 
PCE Sample Exam_4
PCE Sample Exam_4PCE Sample Exam_4
PCE Sample Exam_4
Max Lee
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - FlierSunit Belapure
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Saqib Raza
 
Sergio Silva - CyberS3c - OSL19
Sergio Silva - CyberS3c - OSL19Sergio Silva - CyberS3c - OSL19
Sergio Silva - CyberS3c - OSL19
marketingsyone
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
ETAS_MCQ_01 structures of skin
ETAS_MCQ_01 structures of skinETAS_MCQ_01 structures of skin
ETAS_MCQ_01 structures of skinDerma202
 
900.gen.ed final coaching
900.gen.ed final coaching900.gen.ed final coaching
900.gen.ed final coaching
Arneyo
 
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docxEXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
RBGroup
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 

What's hot (20)

Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
 
2016 Licensing exam-1.docx
2016 Licensing exam-1.docx2016 Licensing exam-1.docx
2016 Licensing exam-1.docx
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
 
Answered national council exam mixed 1-2.docx
Answered national council exam mixed 1-2.docxAnswered national council exam mixed 1-2.docx
Answered national council exam mixed 1-2.docx
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
BEd Multiple choice questions 205-17 Biology Set- 4
BEd Multiple choice questions 205-17 Biology Set- 4BEd Multiple choice questions 205-17 Biology Set- 4
BEd Multiple choice questions 205-17 Biology Set- 4
 
Physiology
PhysiologyPhysiology
Physiology
 
PCE Sample Exam_4
PCE Sample Exam_4PCE Sample Exam_4
PCE Sample Exam_4
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - Flier
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Sergio Silva - CyberS3c - OSL19
Sergio Silva - CyberS3c - OSL19Sergio Silva - CyberS3c - OSL19
Sergio Silva - CyberS3c - OSL19
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
 
ETAS_MCQ_01 structures of skin
ETAS_MCQ_01 structures of skinETAS_MCQ_01 structures of skin
ETAS_MCQ_01 structures of skin
 
900.gen.ed final coaching
900.gen.ed final coaching900.gen.ed final coaching
900.gen.ed final coaching
 
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docxEXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
EXAMEN DE PERMIS D'OBSTÉTRIQUE france.docx
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 

Similar to Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Ethical issues and social issues related to systems upload
Ethical issues and social issues related to systems uploadEthical issues and social issues related to systems upload
Ethical issues and social issues related to systems upload
waiforchi Wagiteerhh
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
What are the two types of criminal prohibitions under the Economic E.pdf
What are the two types of criminal prohibitions under the Economic E.pdfWhat are the two types of criminal prohibitions under the Economic E.pdf
What are the two types of criminal prohibitions under the Economic E.pdf
amirajsharma
 
Presentation_on_protection_of_reporting_persons_UNCAC_LP.ppt
Presentation_on_protection_of_reporting_persons_UNCAC_LP.pptPresentation_on_protection_of_reporting_persons_UNCAC_LP.ppt
Presentation_on_protection_of_reporting_persons_UNCAC_LP.ppt
FranciscoJoaoVitug
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
EdFeranil
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
home based
 
Unveiling the Layers of Criminal Justice: Components and Challenges
Unveiling the Layers of Criminal Justice: Components and ChallengesUnveiling the Layers of Criminal Justice: Components and Challenges
Unveiling the Layers of Criminal Justice: Components and Challenges
assignmentcafe1
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
GiannisBasa
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Dawn Yankeelov
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
HaiderAli424102
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
mtvvvv
 
INT 1010 05-2.pdf
INT 1010 05-2.pdfINT 1010 05-2.pdf
INT 1010 05-2.pdf
Luis R Castellanos
 
Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.
Barack Obama for America 2012 Europe
 
Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.
Helmut Zermin
 
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
Identive
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Habib Ullah Qamar
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
DEEPAK948083
 

Similar to Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition (20)

Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
Review questions
Review questionsReview questions
Review questions
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Ethical issues and social issues related to systems upload
Ethical issues and social issues related to systems uploadEthical issues and social issues related to systems upload
Ethical issues and social issues related to systems upload
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
What are the two types of criminal prohibitions under the Economic E.pdf
What are the two types of criminal prohibitions under the Economic E.pdfWhat are the two types of criminal prohibitions under the Economic E.pdf
What are the two types of criminal prohibitions under the Economic E.pdf
 
Presentation_on_protection_of_reporting_persons_UNCAC_LP.ppt
Presentation_on_protection_of_reporting_persons_UNCAC_LP.pptPresentation_on_protection_of_reporting_persons_UNCAC_LP.ppt
Presentation_on_protection_of_reporting_persons_UNCAC_LP.ppt
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Unveiling the Layers of Criminal Justice: Components and Challenges
Unveiling the Layers of Criminal Justice: Components and ChallengesUnveiling the Layers of Criminal Justice: Components and Challenges
Unveiling the Layers of Criminal Justice: Components and Challenges
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
INT 1010 05-2.pdf
INT 1010 05-2.pdfINT 1010 05-2.pdf
INT 1010 05-2.pdf
 
Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.
 
Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.Consumer Privacy Bill of Rights.
Consumer Privacy Bill of Rights.
 
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
 

Recently uploaded

Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

  • 1. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 1 1. Ethics carry the sanction of a governing authority. a. True b. False ANSWER: False 2. The Secret Service is charged with the detection and arrest of any person committing a U.S. federaloffense relating to computer fraud, as well as false identification crimes. a. True b. False ANSWER: True 3. Deterrence is the best method for preventing an illegal or unethical activity. ____________ ANSWER: True 4. ISACA is a professional association with a focus on authorization, control, and security. ___________ ANSWER: False - auditing 5. Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________ ANSWER: True 6. The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act of 1999) contains a number of provisions that affect banks, securities firms, and insurance companies. ___________ ANSWER: True 7. It is the responsibility of InfoSec professionals to understand state laws and standards. ____________ ANSWER: False - regulations 8. InfraGard began as a cooperative effort between the FBI’s Cleveland field office and local intelligence professionals. ___________ ANSWER: False - technology 9. Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy. _________________________ ANSWER: False - aggregation 10. To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996. ___________ ANSWER: False - Economic 11. A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information. ____________ ANSWER: False - breach 12. Which subset of civil law regulates the relationships among individuals and among individuals and organizations? a. tort b. criminal
  • 2. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 2 c. private d. public ANSWER: c 13. Which law addresses privacy and security concerns associated with the electronic transmission of PHI? a. USA Patriot Act of 2001 b. American Recovery and Reinvestment Act c. Health Information Technology for Economic and Clinical Health Act d. National Information Infrastructure Protection Act of 1996 ANSWER: c 14. The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following? a. For purposes of commercial advantage b. For private financial gain c. For political advantage d. In furtherance of a criminal act ANSWER: c 15. Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federalcomputer system? a. The Telecommunications Deregulation and Competition Act b. National Information Infrastructure Protection Act c. Computer Fraud and Abuse Act d. The Computer Security Act ANSWER: d 16. Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications? a. The Electronic Communications Privacy Act of 1986 b. The Telecommunications Deregulation and Competition Act of 1996 c. National Information Infrastructure Protection Act of 1996 d. Federal Privacy Act of 1974 ANSWER: a 17. Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them? a. ECPA b. Sarbanes-Oxley c. HIPAA d. Gramm-Leach-Bliley ANSWER: c 18. Which law extends protection to intellectual property, which includes words published in electronic formats? a. Freedom of Information Act b. U.S. Copyright Law c. Security and Freedom through Encryption Act d. Sarbanes-Oxley Act
  • 3. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 3 ANSWER: b 19. Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics? a. Applied ethics b. Meta-ethics c. Normative ethics d. Deontological ethics ANSWER: d 20. Which of the following is an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures? a. U.S. Copyright Law b. PCI DSS c. European Council Cybercrime Convention d. DMCA ANSWER: d 21. Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right? a. Applied ethics b. Descriptive ethics c. Normative ethics d. Deontological ethics ANSWER: b 22. Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community? a. utilitarian b. virtue c. fairness or justice d. common good ANSWER: d 23. There are three generalcategories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them? a. ignorance b. malice c. accident d. intent ANSWER: b 24. Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls. a. remediation b. deterrence c. persecution d. rehabilitation ANSWER: b 25. Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals. a. (ISC)2 b. ACM c. SANS d. ISACA ANSWER: a
  • 4. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 4 26. Which of the following is compensation for a wrong committed by an employee acting with or without authorization? a. liability b. restitution c. due diligence d. jurisdiction ANSWER: b 27. Any court can impose its authority over an individual or organization if it can establish which of the following? a. jurisprudence b. jurisdiction c. liability d. sovereignty ANSWER: b 28. ___________________ is a subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury. ANSWER: tort law 29. Ethics are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal group. ANSWER: cultural mores 30. An organization increases its _____________ if it refuses to take measures—due care—to make sure that every employee knows what is acceptable and what is not, and the consequences of illegal or unethical actions. ANSWER: liability 31. Information ____________ occurs when pieces of non-private data are combined to create information that violates privacy. ANSWER: aggregation 32. The act of attempting to prevent an unwanted action by threatening punishment or retaliation on the instigator if the act takes place is known as ___________. ANSWER: deterrence 33. The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment is known as ___________. ANSWER: ethics 34. Briefly describe five different types of laws. ANSWER: 1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations. 2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state. 3. Tort law is a subset of civil law which allows individuals to seek recourse against others in the event of personal, physical, or financial injury. 4. Private law regulates the relationships among individuals and among individuals and organizations, and encompasses family law, commercial law, and labor law. 5. Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law. 35. Discuss the three general categories of unethical behavior that organizations should try to control.
  • 5. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 5 ANSWER: Ignorance: Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is education. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them. Reminders, training, and awareness programs support retention, and one hopes, compliance. Accident: Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. The carefulplacement of controls can help prevent accidental modification to systems and data. Intent: Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built upon whether or not the accused acted out of ignorance, by accident, or with the intent to cause harm or damage. Deterring those with criminal intent is best done by means of litigation, prosecution, and technical controls. Intent is only one of severalfactors to consider when determining whether a computer- related crime has occurred. 36. Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions? ANSWER: Fear of penalty—Threats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay. Probability of being caught—There must be a strong possibility that perpetrators of illegal or unethical acts will be caught. Probability of penalty being administered—The organization must be willing and able to impose the penalty. 37. What is the key difference between law an ethics? ANSWER: The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not. 38. The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the information obtained and whether the offense is judged to have been committed for one of three reasons. What are those reasons? ANSWER: For purposes of commercial advantage For private financial gain In furtherance of a criminal act 39. The Computer Security Act charges the National Bureau of Standards, in cooperation with the National Security Agency (NSA), with the development of five standards and guidelines establishing minimum acceptable security practices. What are three of these principles? ANSWER: Standards, guidelines, and associated methods and techniques for computer systems Uniform standards and guidelines for most federal computer systems Technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in federal computer systems Guidelines for use by operators of federalcomputer systems that contain sensitive information in training their employees in security awareness and accepted security practice Validation procedures for, and evaluation of the effectiveness of, standards and guidelines through research and liaison with other government and private agencies 40. Describe the Freedom of Information Act. How does its application apply to federalvs. state agencies? ANSWER: All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute. FOIA applies only to federalagencies and does not create a right of access
  • 6. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 6 to records held by Congress, the courts, or by state or local government agencies. Each state has its own public access laws that should be consulted for access to state and local records. 41. A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear of legal retribution? ANSWER: Policies must be: Distributed to all individuals who are expected to comply with them Read by all employees Understood by all employees, with multilingual translations and translations for visually impaired or low- literacy employees Acknowledged by the employee, usually by means of a signed consent form Uniformly enforced, with no special treatment for any group (e.g., executives) 42. Describe three of the five foundations and frameworks of ethics. ANSWER: Normative ethics—The study of what makes actions right or wrong, also known as moral theory—that is, how should people act? Meta-ethics—The study of the meaning of ethical judgments and properties—that is, what is right? Descriptive ethics—The study of the choices that have been made by individuals in the past—that is, what do others think is right? Applied ethics—An approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice. Deontological ethics—The study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as dutybased or obligation-based ethics. This approach seeks to define a person’s ethical duty. a. criminal law b. public law c. ethics d. Computer Security Act (CSA) e. Electronic Communications Privacy Act f. Cybersecurity Act g. normative ethics h. applied ethics 43. one of the first attempts to protect federalcomputer systems by establishing minimum acceptable security practices ANSWER: d 44. focuses on enhancing the security of the critical infrastructure in the United States ANSWER: f 45. an approach that applies moral codes to actions drawn from realistic situations ANSWER: h 46. a collection of statutes that regulates the interception of wire, electronic, and oral communications
  • 7. Name: Class: Date: Chapter 02: Compliance: Law and Ethics Copyright Cengage Learning. Powered by Cognero. Page 7 ANSWER: e 47. regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments ANSWER: b 48. the study of what makes actions right or wrong, also known as moral theory ANSWER: g 49. addresses violations harmful to society and is actively enforced and prosecuted by the state ANSWER: a 50. defines socially acceptable behaviors ANSWER: c