Cyber Security Ethics and Privacy
If an organization's automated backup system is vulnerable to data loss or corruption, its cybersecurity vulnerability is a weakness or flaw in its
software.
Which of the following are common methods of indirect tracking? More than one answer may be selected.
A cookie tracks your browser activity after you click on an ad in your Facebook newsfeed & Starbucks tracks what type of coffee you order frequently from their app
Which of the following are examples of an organization using big data and analyzing predictive behavior with the goal of creating new offerings? More than one answer may be selected.
Amazon tracks what people who viewed inflatable water slides ultimately put in their cart and purchased, Facebook tracks which news stories a user clicks on, The Gap tracks which promotional emails cause people to go to their site and make a purchase
Why is a denial-of-service attack (DoS attack) a threat to data availability?
By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.
How does the cybersecurity goal of preserving data integrity relate to the goal of authenticating users?
Data integrity is more easily preserved if users must be authorized to access data and make changes.
What is the goal of the protect stage in the plan-protect-respond cycle? More than one answer may be correct.
Ensure critical infrastructure services can be delivered without interruption, Reduce the impact of an adverse cybersecurity event, Draft statements for the media to use in the event of a cybersecurity breach
A decision should be fair for everyone it affects, according to the Utilitarian Principle.
False
A type of cookie, sometimes called a transient cookie, that is not stored but just kept in memory when a user visits a website is called an authentication cookie.
False
Cookies stored on your device's hard drive and remain even if your computer has been restarted are called authentication cookies.
False
Raw facts that describe the characteristics of an event, object, or set of information that can be entered into a computer are known as cookies.
False
When you have groceries delivered, the company asks you to provide your email address and stores this information. This is an example of indirect tracking.
False
The U.S. Constitution specifically protects freedom of speech from government censorship through the
First Amendment.
A company wants to begin monitoring the Internet usage of its office employees to ensure that their working hours are spent productively. What is the least that the company should do to respect its employees' rights to information privacy?
Inform employees of the monitoring and obtain their consent.
Which of the following is true of structured data? More than one answer may be selected.
It can include numbers and dates & It is designed for input into databases
Which of the following statements describes a keylogger most accurately?
It is surveillance malware that captures confidential information through keyboard input.
Which of the following statements best illustrates why a rootkit is described as creating a back door?
Like an intruder coming through a back door, a rootkit allows an unknown user into an operating system.
Which of the following statements describe Internet robots, or bots? More than one answer may be correct.
Malicious bots can compromise a user's control of the computer.
Which of the following are correct statements regarding credit monitoring? More than one answer may be selected.
Ordering your FICO score from each major credit agency multiple times a year is an easy way to keep track of your credit score, Soft inquiries do not affect your credit rating, The three major credit reporting agencies are TransUnion, Equifax, and Experian
________ software allows managers to take control of an employee's computer remotely and record the computer's mouse and keyboard entries.
Remote desktop
Of the following statements, which apply to spyware? More than one answer may be correct.
Spyware harvests private information by monitoring how users interact online, Downloads from unvetted websites can be a vector for spyware, Spyware can be copied and passed from user to user
Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.
The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.
A form of spyware that records all actions typed on a keyboard is called a keystroke logger.
True
Changing cookie settings in one browser (Chrome, for example) does not automatically change your cookie settings in your other browsers (Safari, Firefox, Edge, for example).
True
Currently, one of the biggest vector opportunities for cybercriminals is MitMo.
True
Customers are offered a 20% off coupon if they complete a survey. This is an example of direct inquiry.
True
When you revisit a website, your browser will send the website's cookie (a small text file) to the web server which uses this information to customize and optimize your experience.
True
The Act that signed into law to monitor terrorist activities and communications following the 9/11 attacks and the 2001 anthrax attack on Congress is the
USA PATRIOT Act/USA Freedom Act.
The principle that states that when faced with an ethical dilemma a manager should choose the option that does the greatest good for the most people involved is called the
Utilitarian Principle.
Describe privacy concerns associated with cookies. More than one answer may be correct.
Websites that use cookies can collect information about surfing habits and sell that information to a variety of third parties, Websites can use cookies to track your surfing behavior and use this information to create specific user profiles, Cookies can be used to access your savings account
From the following list, select all the concerns that fall into the quality of life category of ethical dimensions.
You feel that a colleague who wastes time shopping online at work should be punished.
From the following list, select the items that are considered intellectual property and entitled to protection.
a mural that you painted, a song that you wrote, a story that you published
Which of the following names a type of cybersecurity threat? More than one answer may be correct.
an event or act that may lead to asset loss, a condition that may lead to asset loss, a harmful result or consequence of asset loss
What is a cybersecurity threat?
an event or condition that can lead to IT asset loss and the negative consequences of such loss
"Cybersecurity threat mitigation" includes all of the policies, procedures, and tools that help organizations
anticipate and counter threats from security vulnerabilities or incidents and reduce their impact.
Which of the following is an example of an activity that would be useful during the planning stage of the plan-protect-respond cycle?
attempting to exploit flaws from the outside, simulating attacks that a hacker would try
Managers can encourage employees to act less than ethically through which of the following ways? More than one answer may be correct.
by acting unethically themselves & by not enforcing strong ethical behavior
What are the core actions of the protect (PR) function?
controlling access to systems and preventing unauthorized access
A Trojan horse succeeds through
deceptive access.
When conducting an ethical analysis, what is the last step you should take?
deciding and preparing for consequences
What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?
detect function
Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle? More than one answer may be correct.
determine security weaknesses & develop a business continuity plan for instances where data are hacked
Living a virtuous life involves acting with high morals that are logically defined or shaped by
ethics.
From the following list, select all the types of problems that create a cybersecurity vulnerability.
faulty procedures for upholding system security, flaws in the design of system security, poor setup or implementation of system security, insufficient control or management of system security
How many dimensions or categories can the ethical concerns of the digital age be divided into?
five
Describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework. More than one answer may be correct.
give guidance to organizations who wish to understand potential security breaches & create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization
Describe the purpose of a cybersecurity risk analysis. More than one answer may be correct.
identify a company's assets, calculate potential loss due to security threats, train employees on cybersecurity
Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct.
increasing cybersecurity at the state and local level
The dimensions (categories) of ethical dilemmas raised by the use of information systems include challenges in which of these areas? More than one answer may be correct.
information privacy rights, copyright and intellectual property rights, honesty of content
Spyware is software that collects information about your Internet surfing habits and behaviors. Spyware includes the collection of which of the following?
keystrokes & passwords
What are causes of the costs estimated included during a risk analysis? More than one answer may be correct.
malware attacks & security breaches
Which of the following are examples of the direct inquiry method of data collection? More than one answer may be selected.
ordering food delivery via a smartphone app & registering an account for a new social media platform
How your private data and information are used, who has access to them, which techniques and technologies protect them, and the communications and preferences surrounding how they are handled are components of Internet
privacy.
Which of the following must remain confidential to achieve cybersecurity goals? More than one answer may be correct.
private or sensitive data and information & the specifications of the organization's IT systems
Bad actors seeking to create computer viruses primarily must know how to
program code.
What part of the plan-protect-respond cycle is occurring when an organization limits access to sensitive documents on a server to only those with the required security clearance?
protect
Which function of the NIST Cybersecurity Framework calls for an organization to implement plans for resilience?
recover (RC) function
Which of the NIST Cybersecurity Framework functions calls for quick action on the part of an organization's cybersecurity team to mitigate damage to systems?
respond (RS) function
Which 1986 law makes it illegal to intercept calls or messages without a warrant?
the Electronic Communications Privacy Act
Which principle of ethical conduct calls for allocating rewards equitably according to individuals' productivity?
the Principle of Distributive Justice
When facing an ethical decision regarding how to act, which three basic principles provide guidance?
the Principle of Moral Rights, the Principle of Virtue, the Principle of Distributive Justice
When a decision maker considers what a highly moral person would do when faced a particular question, which principle of ethical conduct is in play?
the Principle of Virtue
Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct.
the acceleration of new technologies & Only states can require compliance with certain privacy statutes addressed by cybersecurity laws
Which type of event or condition may represent a cybersecurity threat? More than one answer may be correct.
the incorrect use or abuse of a computer assets, an error, flaw, or weakness in a network asset, a lack of sufficient assets to support future growth
Why is it important to preserve the integrity of data, information, and systems?
these assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised.
Which type of cybersecurity breach can cause the most damage to an organization's systems, data, and information?
viruses
From the following list, select all the examples of different cybersecurity breaches.
viruses & spyware