Legal Issues in Information Security (ITN 267) Midterm Review
Which of the following statements best fits the highest burden of proof? A) "beyond reasonable doubt" B) "clear and convincing evidence" C) "not arbitrary or capricious"
A) "beyond reasonable doubt"
COBRA benefits generally last a maximum of: A) 18 months B) 6 months C) 12 months
A) 18 months
Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the ______________ Amendment. A) 1st B) 2nd C) 4th
A) 1st
What is the ISO/IEC 27002? A) A reference guide to help organizations choose safeguards B) a reference guide for standardized computing practices for large organizations C) a reference guide to help organizations identify threats
A) A reference guide to help organizations choose safeguards
HIPAA's _____________________ provisions are designed to encourage "the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information." A) Administrative Simplification B) Privacy Rule C) Genetic Information Non-Discrimination Act
A) Administrative Simplification
A company's _______________________ provides a summary of the company's financial condition at a certain period. A) Balance Sheet B) Profit and loss statement C) Pospectus
A) Balance Sheet
Sponsored by five U.S. financial organizations, ___________ is a nonprofit organization that was established in 1985 to identify factors that contributed to fraudulent financial reporting. A) COSO B) PCAOB C) GAAP
A) COSO
Collection and use of a child's personal information, such as name, e-mail address, or social security number, by a Web site operate is governed by: A) Children's Online Privacy Protection Act (COPPA) B) Family Educational Rights and Privacy Act (FERPA) C) Health Insurance Portability and Accountability Act (HIPAA)
A) Children's Online Privacy Protection Act (COPPA)
In 2013, a social media company paid $800,000 to settle charges with the Federal Trade Commission (FTC). The company had an application that allowed children to create journals and share those journals online. Children could also post photos and share location information. The company collected the birth dates of 3,000 children before getting parental permission. The FTC alleged that the company violated which of the following? A) Children's Online Privacy Protection Act (COPPA) B) Children's Internet Protection Act (CIPA) C) Family Educational Rights and Privacy Act (FERPA)
A) Children's Online Privacy Protection Act (COPPA)
The mission of the _____________________ is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business. A) Federal Trade Commission (FTC) B) National Credit Union Administration (NCUA) C) Federal Financial Institutions Examination Council (FFIEC)
A) Federal Trade Commission (FTC)
A company uses _____________ to file its yearly report. The form is a very detailed conclusion of a company's financial position. A company needs to provide financial statements, and also fully describe the business and how it works. A) Form 10-K B) Form 10-Q C) Form 8-K
A) Form 10-K
What other laws affect health care in the USA? A) HITECH Act B) 12th Amendment C) Privacy act of 1974
A) HITECH Act
The Florida A&M case illustrates which of the following about safeguards? A) How safeguards protect the integrity of computer systems B) that safeguards cannot be used to discover hackers identities C) How safeguards can be used in an accidental integrity compromise
A) How safeguards protect the integrity of computer systems
The _____________________ established the national banking system in the United States. A) National Bank Act of 1864 B) Gramm-Leach-Bliley Act C) Bank Secrecy Act of 1970
A) NationalBank Act of 1864
Audits are ________________ performed by indecent organizations. A) Occasionally B) Never C) Always
A) Occasionally
Based on the descriptions given, what film does NOT exemplify the concept of social engineering? A) Office Space: Three friends and disgruntled coworkers at a tech company discover that the company's accounting system has a computer glitch that calculates certain financial information to six decimal points, but only records the first two decimal points in the accounting files and then regularly discards the remaining fractions of pennies. When the trio learns their jobs are in jeopardy, they create a computer program that diverts the discarded fractions of pennies into a bank account they share. They believe that the company will continue to pay them in installments small enough that the company will never notice but that will lead to a very large amount of money over time. B) The Sting: Two grifters create an elaborate plan to rob a mob boss of a substantial amount of money. The grifters' plan relies on understanding the personalities and gaining the trust of the mob boss and the people who surround him. C) Paper Moon: A con man meets a recently orphaned nine-year-old girl and he agrees to take her to live with her aunt, who lives very far away. On their way to her aunt's house, the girl sees that the con man routinely visits recently widowed women pretending to be a bible salesman coming to collect money that the deceased husband owes for the fancy, personalized bibles they allegedly purchased before dying. The widows are usually grief stricken, and they agree to pay him after he earns their trust. On their journey, the girl joins the con and pretends to be his daughter, and they become a formidable duo. D) Ocean's Eleven: A team of 11 men of with various areas of expertise work together to rob $150,000,000 from a Casino. In order for the plan to work, the men must gain access to sensitive security information about vaults, security cameras, and safeguards by gaining the trust of various people who work in the casino.
A) Office Space: Three friends and disgruntled coworkers at a tech company discover that the company's accounting system has a computer glitch that calculates certain financial information to six decimal points, but only records the first two decimal points in the accounting files and then regularly discards the remaining fractions of pennies. When the trio learns their jobs are in jeopardy, they create a computer program that diverts the discarded fractions of pennies into a bank account they share. They believe that the company will continue to pay them in installments small enough that the company will never notice but that will lead to a very large amount of money over time.
What are the 3 types of jurisdiction? A) Original, Concurrent and Appellate B) Original, Current, and Appeal C) Common, Written, and Original
A) Original, Concurrent and Appellate
SOX ___________ imposes criminal liability for fraudulent financial certifications. A) Section 906 B) Section 404 C) Section 302
A) Section 906
This domain refers to the equipment and data an organization uses to support its IT infrastructure. It includes hardware, operating system software, database software, and client-server applications. A) System/application Domain B) Remote access domain C) WAN Domain
A) System/Application Domain
In January 2007, TJX disclosed that hackers had breached its credit card systems. The company reported that the attackers might have accessed credit card data going back to 2002. It reported that 45.7 million credit and debit card numbers might have been disclosed. At the time, the breach was believed to be the largest ever. Banks and customers sued TJX in connection with the breach. State governments also sued the company for failing to protect the credit card information of state residents. Given the nature of this breach, which federal agency opened an investigation? A) The Federal Trade Commission B) The federal Reserve System C) The federal Deposit Insurance Corporation
A) The Federal Trade Commission
Which of the following must be protected per PCI DSS requirements? A) an e-commerce Web Server B) A print server C) Both A and B
A) an e-commerce Web Server
In which of the following types of communication is phishing least likely to occur? A) phone calls B) e-mail C) Chat room
A) phone calls
PHI refers to: A) protected health information B) public health information B) private health insurance
A) protected health information
Which of the follow is not a method that web site operators can use to distinguish children from adults? A) requiring a name and address B) requiring payment C) using parental controls D) requiring parental consent
A) requiring a name and address
Which of the following U.S. Constitution amendments contribute to the right of privacy? A) 1st, 2nd, 3rd B) 1st, 2nd, 4th C) 1st, 3rd, 4th
B) 1st, 2nd, 4th
To be COPPA-compliant, a privacy policy must provide "assurance that participation is not conditioned on data collection." Which of the following statements offer the best explanation of this criterion? A) Web sites must state how the information will be used. It must be specific. B) A Web site can't require children to submit contact details in order to be allowed to use the site. Web sites are not allowed to collect more information than necessary for a child to participate in an activity. C) The Web site must state whether collected information is shared with a third party.
B) A Web site can't require children to submit contact details in order to be allowed to use the site. Web sites are not allowed to collect more information than necessary for a child to participate in an activity.
The District of Columbia and 45 states have enacted breach notification laws, which require an organization to notify state residents if it experiences a security breach that involves the personal information of the residents. Which group of four states does not have a breach notification law? A) Alabama, Kentucky, New Mexico, and Wisconsin B) Alabama, Kentucky, New Mexico, and South Dakota C) Alabama, Arizona, New Mexico and South Dakota
B) Alabama, Kentucky, New Mexico, and South Dakota
What is a bitcoin? A) A physical currency B) An online virtual currency operating independently of a central bank C) A currency Africa uses
B) An online virtual currency operating independently of a central bank
The _______________________, also known as the Currency and Foreign Transactions Reporting Act, was created to fight drug trafficking, money laundering, and other crimes. A) National Bank Act of 1864 B) Bank Secrecy Act of 1970 C) Gramm_Leach-Bliley Act
B) Bank Secrecy Act of 1970
The ________________________ ensures minors can't accidentally view obscene or objectionable material from school or library computers. A) Children's Online Privacy Protection Act (COPPA) B) Children's Internet Protection Act (CIPA) C) Family Educational Rights and Privacy Act (FERPA)
B) Children's Internet Protection Act (CIPA)
________________ means that only people with the right permission can access and use information. A) Integrity B) Confidentiality C) Encryption
B) Confidentiality
What case caused accurate financial reporting? A) United States vs Jones B) Enron Case C) Davidson vs Internet Gateway
B) Enron Case
Federal law requires companies to file _______which is a company's quarterly report. A) Form 10-K B) Form 10-Q C) Form 8-K
B) Form 10-Q
Before ____________________, many workers experienced "job lock" and were afraid that they would lose health care benefits if they changed jobs. A) HITECH B) HIPAA C) COBRA
B) HIPAA
Which of the following is true about COBRA and HIPAA? A) They provide the same functions but are governed by different branches of the federal government. B) HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues. C) COBRA was enacted to fight Medicare fraud.
B) HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues.
_________________ are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable. A) Disclosure controls B) Internal controls C) External
B) Internal controls
The purpose of the Gramm-Leach-Bliley Act __________________ is to fight identity theft. A) Privacy Rule B) Pretexting Rule C) Safeguards Rule
B) Pretexting Rule
Which of the following was NOT one of the outcomes of the Enron scandal? A) The SEC began to require more information to be reported on its financial statements. B) Public companies are required to file one comprehensive financial disclosure statement with the SEC. C) The SEC began to require that the accuracy of financial statements be certified in a number of different ways. D) Investors started to significantly lose confidence in large public companies.
B) Public companies are required to file one comprehensive financial disclosure statement with the SEC.
A ____________________ is owned by many investors in the form of stock. A) Privately held company B) Public company C) Closed corporation
B) Public company
In November 2004, the FTC filed a complaint against Nationwide Mortgage Group, Inc. In its complaint, the FTC stated that Nationwide collected sensitive customer information, but that it had no policies and procedures in place to protect that information. It also stated that Nationwide failed to monitor its computer network for vulnerabilities that would expose stored customer information to attack. Which of the following rules did the Nationwide violate? A) Privacy Rule B) Safeguards Rule C) Pretexting RUle
B) Safeguards Rule
Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate? A) Privacy Rule B) Safeguards Rule C) Pretexting Rule
B) Safeguards Rule
The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information. A) Privacy rule B) Security rule C) Red Flag rule
B) Security Rule
Which of the following is true about U.S. Supreme Court justices? A) They are nationally elected B) They are nominated by the president C) They are nominated by congress
B) They are nominated by the president
A ________ is some kind of wrongful act that harms or hurts a person. A) Criminal Act B) Tort C) Breach
B) Tort
The Federal Reserve reports directly to: A) US Supreme Court B) US Congress C) President
B) US Congress
Which of the following questions does not apply to an audit? A) Are the rules being followed? B) What are the rules? C) How are the rules being following?
B) What are the rules?
How might the average person use cookies in a beneficial way? A) Publish a post on your blog B) You save an image of a relaxing, cloud-filled sky that appears every time you log on to your twitter account C) You play a computer game
B) You save an image of a relaxing, cloud-filled sky that appears every time you log on to your twitter account
SOX requires the SEC to review a public company's Form 10-K and Form 10-Q reports at least once every three years. It must do this to try to detect fraud and inaccurate financial statements that could harm the investing public. SOX states the factors that the SEC should consider when deciding to conduct a review. Which of the following is not one of the factors that SEC must consider? A) Whether a company has amended its financial reports B) how long the company has been in existence C) how much stock the company has issued
B) how long the company has been in existence
A single point of failure is a piece of hardware or application that is key to __________________________. A) The success of safeguards B) the functioning of the entire system C) Specifying how long systems may be offline before an organization starts to lose money
B) the functioning of the entire system
Which of the following statements best captures the function of the Federal Trade Commission (FTC)? A) to be one of the most important regulatory authorities for consumer and some business practice issues B) to promote consumer protection and eliminate practices that are harmful to competitive business C) to make frequent reports to the president on its actions
B) to promote consumer protection and eliminate practices that are harmful to competitive business
The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years. A) 4 B) 5 C) 3
C) 3
What are some challenges with protecting children on the internet? A) Identification of children B) The First Amendment and Censorship B) Defining objectionable content C) All of the above
C) All of the above
A(n) _____________ is a formal request for a higher authority to review the decision of a lower court A) pleading B) holding C) appeal
C) Appeal
Which of the following is a true statement about the Court of Appeals? A) It's a court of appellate jurisdiction B) It does not review the facts of a case or additional evidence C) Both A and B
C) Both A and B: - It's a court of appellate jurisdiction - It does not review the facts of a case or additional evidence
The state with some of the strictest patient privacy protections is: A) Virginia B) Texas C) California
C) California
___________ is demonstrated by the processes and procedures that an organization uses to meet the law. A) Audit B) Security C) Compliance
C) Compliance
COPPA requires Web site operators collecting information from children to: A)obtain a signed acceptable use policy from at least one parent B) review all parental permissions annually C)obtain parental consent
C) Correct obtain parental consent
_______________ governs the prosecution of those charged with serious offenses against public order, such as murder. A) Civil Law B) Adminisrative C) Criminal law
C) Criminal Law
Schools may make the following type of disclosure without obtaining parental or student consent: A) Disclosure of school disciplinary records B) Disclosure of grades or test scores C) Disclosure of any information to any school official with a need to know
C) Disclosure of any information to any school official with a need to know
The Family Policy Compliance Office (FPCO) provides oversight for the ____________________. A) Children's Internet Protection Act (CIPA) B) Health Insurance Portability and Accountability Act (HIPAA) C) Family Educational Rights and Privacy Act (FERPA)
C) Family Educational Rights and Privacy Act (FERPA)
The _________________ requires schools to protect students' records. A) Children's Online Privacy Protection Act (COPPA) B)Children's Internet Protection Act (CIPA) C) Family Educational Rights and Privacy Act (FERPA)
C) Family Educational Rights and Privacy Act (FERPA)
The purpose of the ______________________ is to address financial uncertainty and provide the nation with a more stable economy. A) Office of the Comptroller of the Currency B) Office of Thrift Supervision C) Federal Reserve System
C) Federal Reserve System
If companies experience a major event, such as filing for a bankruptcy, that could affect their financial position they must file __________ within 4 days of the major event. A) Form 10-K B) Form 10-Q C) Form 8-K
C) Form 8-K
Which Act established the public's right to request information from federal agencies? A) Privacy act of 1974 B) Electronic Communications Privacy Act C) Freedom of Information Act
C) Freedom of Information Act
____________________ forbids a new employer's health plan from denying health coverage for some reasons and prohibits discrimination against workers based on certain conditions such as pregnancy. A) HITECH B) COBRA C) HIPAA
C) HIPAA
Under SEC rules, internal controls over financial reporting (ICFR) are processes that provide reasonable assurance that financial reports are reliable. Which of the following is NOT assured by ICFR? A) Transactions are prepared according to GAAP rules and are properly recorded. B) Unauthorized acquisition or use of data or assets that could affect financial statements will be prevented or detected in a timely manner. C) IT controls that contain financial data are maintained.
C) IT controls that contain financial data are maintained.
Required by the Fair and Accurate Credit Transaction Act of 2003 (FACTA), which of the following is an anti-identity theft rule created by federal bank regulatory agencies (the Fed, FDIC, OTS, OCC, and NCUA) and the FTC? A) Privacy Rule B) Safeguards Rule C) Red Flags Rule
C) Red Flags rule
The __________________ framework of COSO refers to the identification and review of threats that are internal and external to the organization. A) Control activities B) Monitoring C) Risk Assessment
C) Risk Assessment
The Enron scandal and similar corporate scandals led to the creation of which of the following? A) Securities and Exchange Commission B) Gramm-Leach-Bliley Act C) Sarbanes-Oxley Act
C) Sarbanes-Oxley Act
According to the federal Administrative Procedure Act, an agency is any governmental authority besides Congress and the courts. Which function does NOT fall under the category of what an agency does? A) Creates rules B) enforces Compliance C) Sets precedents
C) Sets precedents
_____________________ are tools that filter offensive content. A) Proxy Servers B) Network Databases C) Technology Protection Measures (TPM)
C) Technology Protection Measures (TPM)
What is the source of legal authority for the U.S. government? A) 1st Amendment B) 4th Amendment C) The US Constitution
C) The US Constitution
Which of the following is not one of the events that that triggers a Form 8-K disclosure requirement? A) filing for bankruptcy B) selling off significant assets C) acquiring an inheritance
C) acquiring an inheritance
Regarding pre-existing conditions, HIPAA: A) only allows employer-provided health plans to look back six months for pre-existing conditions B) in most instances limits the amount of time health plans can require an individual to "sit out" of coverage to no more than 12 months C) both A and B
C) both A and B - only allows employer-provided health plans to look back six months for pre-existing conditions - in most instances limits the amount of time health plans can require an individual to "sit out" of coverage to no more than 12 months
Which of the following is not a condition of "obscenity" as defined by the U.S. Supreme Court? A) depicts or describes sexual conduct in a patently offensive way B) lacks serious literary, artistic, political, or scientific value C) depicts any type of sexual conduct
C) depicts any type of sexual conduct
A covered entity doesn't have to account for every PHI disclosure that it makes. The Privacy Rule states that some kinds of disclosures don't have to be included in an accounting. Any disclosure not specifically excluded must be included and tracked. Which of the following disclosures does not need to be tracked? A) disclosures to HHS for its compliance functions B) disclosures required by law C) disclosures made to carry out treatment, payment, and health care activities
C) disclosures made to carry out treatment, payment, and health care activities
FERPA applies to any education agencies or institutions that receive funding from the U.S. Department of Education (ED). Which of the following in not an educational agency or institution? A) primary and secondary schools B) vocational colleges C) non-profit organizations that offer educational programs D) community colleges
C) non-profit organizations that offer educational programs
All of the following are true with respect to cryptography except: A) hides information so unauthorized persons can't access it B) preserves confidentiality C) only used today by health care providers to protect health care data
C) only used today by health care providers to protect health care data
All of the following are characteristics of HIPAA except: A) requires that employers offer health coverage B) used to fight health insurance fraud and eliminate waste C) simplifies how health insurance is administered D) protects the privacy and security of personally identifiable health information
C) requires that employers offer health coverage
Online Privacy Alliance (OPA) is an organization of companies dedicated to protecting online privacy. Members of OPA agree to create a privacy policy for a customer that is easy to read and understand. Which of the following provisions is NOT included in the policy? A) types of data collected B) how data is used C) the option of choosing who sees the data
C) the option of choosing who sees the data
The main goal of information security is to protect:
Confidentiality, integrity, and availability (CIA)
Some requirements of the PCAOB are: A) registering accounting firms that prepare audit reports for public companies B) establishing standards for the preparation of audit reports C) enforcing SOX compliance D) All of the above
D) All of the above
All of the following are examples of consumer financial information EXCEPT: A) SSN B) Address and telephone Numbers C) Employment History D) Biometric Data
D) Biometric Data
The Payment Card Industry Security Standards Council (PCI Council) is made up of representatives of the major credit card companies. The major credit card companies are also called credit card brands. Which of the following is not one of the major brands? A) VISA B) American Express C) JCB International D) Chase Bank
D) Chase Bank The major brands are VISA, American Express, and JCB International
All of the following are examples of protected health information (PHI) EXCEPT: A) information regarding physical or mental health B) past, present, or future health information C) publicly available information regarding insurance companies D) information regarding different health insurance premium cost options
D) information regarding different health insurance premium cost options
The three branches of the federal government are:
Executive, legislative, and Judicial
Because torts are a part of the law, somebody who steals your identity will be prosecuted whether or not you press charges. T OR F?
FALSE
Before the PCI Council was formed, all major credit card companies shared the same security requirements that applied to the credit cards that they issued. T OR F?
FALSE
A keystroke logger is harmful code intentionally left on a computer system. It lies dormant for a certain period, and when specific conditions are met, it "explodes" and carries out its malicious function. T OR F?
FALSE Correct Term: Logic Bomb
A high quality security system is prepared and able to identify and respond to all threats and risks and repair all vulnerabilities that may befall the system. T OR F?
FALSE Correct term: A risk analysis
Statutes or codes depend on principles developed from years of legal tradition and court decisions. T OR F?
FALSE Correct term: Common Law
The Supreme Court has exclusive original jurisdiction to decide cases about disputes between state governments and exercises this original jurisdiction with frequency. T OR F?
FALSE Supreme court has original jurisdiction NOT exclusive
The Constitution specifies the basic lawmaking process. A bill is the initial draft of a potential law. Only one chamber of Congress needs to approve the bill, and the president must sign it before it becomes a law. T OR F?
FALSE because both the house and the senate need to approve the bill
An employee's off-duty Internet activity is not considered a privacy concern, so employers are not likely to search the Internet for information related to potential and current employees, nor will they view employee postings on blogs, Web pages, or e-mail lists.
FALSE because your job will WATCH your social media.
Any time a covered entity discloses PHI, it must follow the maximum necessary rule. The amount disclosed must be able to satisfy the reason why the information is being used or disclosed and any other pertinent information. T OR F?
FALSE.. Any time a covered entity discloses PHI, it must follow the MINIMUM necessary rule.
Citizens and members of the legal profession are all bound by the terms of the common law. T OR F?
FALSE.. Citizens and members of the legal profession are all bound by the terms of the WRITTEN law.
The DSS offers a single approach to safeguarding sensitive cardholder data for all credit card issuers. It recommends 12 basic categories of security requirements that should be followed in order to protect credit card data. T OR F?
FALSE.. Correct Term: PCI DSS
SOX Section 404 imposes criminal liability for fraudulent certifications. Under this section, CEOs and CFOs that knowingly certify fraudulent reports may be fined up to $1 million. T OR F?
FALSE.. Correct term: SOX Section 906 SOX Section 404 requires a company's executive management to report on effectiveness of the company internal controls over financial reporting (ICFR)
The COSO Framework specifically states that all organizations should follow the Guide to Assessment of IT Risk (GAIT). T OR F?
FALSE.. SOME organizations should follow the Guide to Assessment of IT Risk (GAIT)
The HHS said that the Privacy Rule has two main purposes: 1) to allow consumers to control the use of their health information (including providing consumers with a way to access their health information) and 2) to improve health care in the U.S. by restoring consumer trust in the health care system. T OR F?
FALSE.. THE HHS said that the Privacy Rule has THREE main purposes (NOT 2) 3) To create a national framework for health privacy protection
While each federal district court also has its own bankruptcy court. The Constitution gives state governments the sole power over bankruptcy law. T OR F?
FALSE.. The Constitution gives the FEDERAL GOVERNMENT the sole power over bankruptcy law
The Office of the Comptroller of the Currency (OCC) is led by a comptroller, which is an elected position. T OR F?
FALSE.. The OCC is appointed by the president and approved by the senate
The American Library Association and the American Civil Liberties Union sued the U.S. government. They claimed CIPA violated the free speech rights of adults. In 2002 the U.S. District Court for the Eastern District of Pennsylvania agreed that CIPA violated First Amendment rights. The U.S. District Court said that the government could not enforce CIPA. The U.S. government appealed that decision, and the lawsuit went to the U.S. Supreme Court. In United States et al. v. American Library Association, Inc. et al. in 2003, the U.S. Supreme Court struck down the law as unconstitutional. T OR F?
FALSE.. The US Supreme court said the law was constitutional because it was conditional.
In order for financial institutions to comply with the FTC Safeguards Rule, they must create a written information security program that keeps confidential how the institution collects and uses customer information. T OR F?
FALSE.. They must create a written information security program that DESCRIBES their program to protect customer information.
A company that created virtual online gaming worlds agreed to pay $3 million in 2011 to settle charges with the FTC. The FTC alleged that the company improperly collected and disclosed the personal information of thousands of children without parental consent. This is the largest civil penalty so far in a Children's Internet Protection Act (CIPA) action. T OR F?
FALSE.. This is the largest civil penalty so far in COPPA action
A customer is any individual who obtains a financial product or service from a financial institution, whereas a consumer is an individual who has a continuing relationship with a financial institution. T OR F?
FALSE.. A customer is an individual who has a continuing relationship with a financial institution and a consumer is any individual who obtains a financial product or service from a financial institution
SOX requires companies to report accurate financial data. They must do this to protect their CEO and CFO from harm. T OR F?
FALSE.. Correct: They Must do this to protect their investors from harm
The FDIC insures deposit accounts in the event of bank failure. If a bank fails, the FDIC returns the money that a customer put in the bank, no matter how great or small the amount. T OR F?
FALSE..the FDIC insures up to $250,0000 if a bank fails
____________ was created by Congress to make health insurance portable. A) FERPA B) HIPAA C) HITECH ACT
HIPAA
If the government restricts a child's access to objectionable online materials is that a violation of their first amendment rights? Does this also restrict free speech? A) YES B) NO
NO
5 components of COSO are: - Control Environment - Risk assessment - Control activities - Information and Communication - Monitoring organizations interanal control systems T OR F??
TRUE
A limited data set is PHI that doesn't contain any data that identifies a person. T OR F?
TRUE
A policy tells an organization how it must act and the consequences for failing to act properly. T OR F?
TRUE
All of the following are privacy data elements for HIPAA: - Dates - Names - Account numbers - SSN - Face Pictures T OR F?
TRUE
All these rules show how HIPAA protects health care information: - The Privacy rule protects the type of data being communicated. - The Security Rule protects databases for security. - The Enforcement Rule shows processes for enforcement and processes for penalties. - Breach Notification Rule requires health care providers to let customers know when there has been a breach of protected health information. T OR F?
TRUE
An Internet safety policy must educate minors about appropriate online behavior. This includes how to use social networking Web sites and chatrooms safely. The policy must include information on how to recognize cyberbullying. It also must tell minors how to respond to cyberbullying. T OR F?
TRUE
An educational record includes any personal and education data on a student maintained by an educational agency or institution. T OR F?
TRUE
Appellate jurisdiction is the power of a court to review a decision made by a lower court. T OR F?
TRUE
Bitcoin is not protected by the FDIC because they are stored in "digital wallets" T OR F?
TRUE
CIPA has two main requirements. The first is that schools and libraries that accept E-Rate funding must implement technologies that filter offensive visual content so that minors don't access it. The second requirement is that schools implement an Internet safety policy. T OR F?
TRUE
COBRA allows you to continue your coverage from your job once you leave. HIPAA allows you to go from job to job without previous conditions being waived. HIPAA also allows you to get a HIPAA plan after COBRA is overdue. T OR F?
TRUE
COSO was an organization that was established to distinguish factors that added to fraudulent financial reporting. T OR F?
TRUE
Concurrent jurisdiction is shared by several different courts. T OR F?
TRUE
Confidential describes information that could cause damage to U.S. security if disclosed to an unauthorized person. This is the lowest data classification level. T OR F?
TRUE
Congress hoped that the Sarbanes-Oxley Act of 2002 (SOX) reforms would prevent another Enron scandal. The main goal of SOX is to protect shareholders and investors from financial fraud. SOX increased corporate disclosure requirements. T OR F?
TRUE
Covered entities must keep records of how they disclose a person's PHI. Under the Privacy Rule, a person has the right to receive an accounting of how the covered entity has used or disclosed the person's PHI. T OR F?
TRUE
Enron Case: U.S. natural gas company who was thought to be a very successful company throughout the 90s and early 2000s. stock although, this company was really struggling and in debt. In order to hide these financial records, the companies' CFO and other employees created some companies to store the records. Once Enron announced its first ever loss, the SEC started to investigate Enron's financial statements. A month later Enron filed for bankruptcy and those who invested their savings in stock lost it all. T OR F?
TRUE
Explain the CIA Triad: Confidentiality means that only a person with the right permission can access and use information. It also means protecting it from unauthorized access at all stages of its life. Integrity means that information systems and their data are accurate. Availability means you can get information when you need it. T OR F?
TRUE
Federal courts can hear only the following kinds of cases: 1) Disputes regarding federal laws or constitutional issues and 2) Disputes between residents of different states where the amount of money in controversy is greater than $75,000. T OR F?
TRUE
Health care information is sensitive because it contains personal information about the patient. T OR F?
TRUE
In 1973, the U.S. Supreme Court decided that for material to be identified as "obscene," it must meet three conditions: 1) appeals predominantly to prurient interests—prurient indicates a morbid, degrading, and unhealthy interest in sex; 2) depicts or describes sexual conduct in a patently offensive way, and 3) lacks serious literary, artistic, political, or scientific value. T OR F?
TRUE
In 1992, COSO issued guidance on internal controls. The COSO framework says that internal controls are effective when they give the management of a company reasonable assurance that: 1) It understands how the entity's operational objectives are being achieved; 2) Its published financial statements are being prepared reliably; and 3) It's complying with applicable laws and regulations. T OR F?
TRUE
In general, a covered entity may disclose PHI to certain governmental entities without consent for certain purposes that include, but are not limited to, the following: to provide vital statistics, to control communicable diseases, and to report abuse and neglect. T OR F?
TRUE
In the common law, courts decide cases by referring to established legal principles and the customs and values of society. They also look at decisions made in earlier cases to see if the cases are similar. If the cases are similar, a new case should reach a similar result. T OR F?
TRUE
Incidental disclosures don't have to be tracked by covered entities. An incidental disclosure can be from any use or disclosure that is allowed under the Privacy Rule. Although covered entities have to take actions to limit incidental disclosures such as being efficient in protecting information about the patient all the time. T OR F?
TRUE
Many SOX provisions require companies to verify the accuracy of their financial information. Because IT systems hold many types of financial information, companies and auditors quickly realized that these systems were in scope for SOX compliance. That meant that how those systems are used and the controls used to safeguard those systems had to be reviewed. T OR F?
TRUE
Original jurisdiction is the power of a court to hear the initial dispute between parties. These courts conduct trials and usually trial courts have original jurisdiction. T OR F?
TRUE
Physical safeguards are actions that an organization takes to protect its actual, tangible resources. They keep unauthorized individuals out of controlled areas. T OR F?
TRUE
Procedural law provides the process that a case will go through while substantive law defines how the facts in the case will be handled and how the crime will be charged. T OR F?
TRUE
Public companies are required to file a number of financial disclosure statements with the SEC. These forms help investors understand the financial stability of a company. The most commonly filed forms are: 1) Form 10-K—Annual report, 2) Form 10-Q—Quarterly report, and 3) Form 8-K—Current report. T OR F?
TRUE
Schools are required to make and provide copies of the educational records in special circumstances. If a parent does not live within commuting distance to the school and cannot come to the school to inspect the records, then the school must provide the parent with copies. T OR F?
TRUE
States have the power to create laws that give more protection than HIPAA. T OR F?
TRUE
THE GLBA Safeguard Rule requires the federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate. This protects the Confidentiality, Integrity and Availability of customer information. T OR F?
TRUE
The FTC Red Flags rule requires covered financial institutions to be on the lookout for certain warning signs that might indicate that identity theft is taking place in consumer financial transactions. This is in order to fight identity theft. The Red Flags rules doesn't require institutions to protect data in a certain way but it requires them to be flexible and responsive to different situations where identity theft could be a factor. T OR F?
TRUE
The Fourth Amendment protects federal employees from unreasonable government search and seizure. The federal government must provide employees with notice if it intends to monitor the electronic communications of its employees. T OR F?
TRUE
The GLBA privacy rule requires financial institutions to protect a customer's nonpublic financial information. It restricts financial institutions from sharing non-public information with non-affiliated third parties unless the institution gives notice to the consumer. T OR F?
TRUE
The Gramm-Leach Bliley Act defines financial institution as any institution that conducts financial activities. It allowed banks, securities, and insurance companies to merge together. T OR F?
TRUE
The Privacy Rule forbids a covered entity from requiring a person to sign an authorization in order to receive health care treatment. The entity can't condition benefit eligibility on signing an authorization; this is so covered entities can't force people to sign authorizations under pressure by withholding needed care. T OR F?
TRUE
The Sarbanes-Oxley Act of 2002 was passed because of cases like Enron to prevent that from happening again. SOX has rules that protects shareholders and investors from financial scams. Some include, Corporate Responsibility, Enhanced Financial Disclosures, and Corporate and Criminal Fraud Accountability. This Act helped boost investor confidence in public companies. T OR F?
TRUE
The differences between federal and state powers are: Federal powers are established under the U.S. Constitution and states powers are established from the state. They also have different types of jurisdiction. States have an appellate jurisdiction so they deal with internal cases such as robberies, broken contracts, and traffic violations while federal powers have more of an original jurisdiction where they are limited to types of cases only involving the United States, violations of the U.S. Constitution or federal laws, and cases between citizens of different states. T OR F?
TRUE
The doctrine of Stare decisis is used to ensure that laws are fairly and consistently applied. T OR F?
TRUE
The legislative branch makes the laws, while the Executive branch enforces them and the judicial branch reviews the laws to make sure they are constitutional. T OR F?
TRUE
The main purpose of CIPA is to protect minors from accessing offensive content on the Internet such as pornography, gore, or anything harmful to the child visual deception. CIPA's main requirements are that schools and libraries that accept E-Rate funding must implement technologies that filter offensive visual content so that minors don't access it. The other requirement is that schools need to implement an Internet safety policy. T OR F?
TRUE
The main purpose of COPA is to protect children's privacy on the Internet. Web sites have to follow specific rules if they collect or use a child's personal information. They must get a parent's consent before doing anything. They also have to post a privacy policy explaining their practices. T OR F?
TRUE
The main purpose of FERPA is to protect the privacy of student educational records. Its main requirements include Annual notification, access to education records, amendment of education records, and disclosure of education records. Schools must also follow certain FERPA guidelines. T OR F?
TRUE
The penalties for failing to retain records for the right amount of time can be severe. SOX makes it a crime for a person or company to knowingly and willfully violate its records retention provisions. A person who violates this provision can face fines and up to 10 years in prison. T OR F?
TRUE
The purpose of an asset classification is to evaluate the shape of the company by comparing how well each of the company's type of assets are contributing. T OR F?
TRUE
Under federal law, stored electronic communications can be accessed by the organization that provides the electronic communications service. This "stored communication" exception is very broad. If the employer provides the e-mail service, then it may properly access stored e-mails from that service. T OR F?
TRUE
Under the Fair Credit Reporting Act of 1970 (FCRA), consumers can stop financial institutions from sharing their credit report or credit applications with affiliates. T OR F?
TRUE
Under the GLBA Pretexting Rule, it's illegal to make false, fictitious, or fraudulent statements to a financial institution or its customers in order to get customer information. Pretexting is also called social engineering. It's also illegal to use forged, counterfeit, lost, or stolen documents to do the same things. The rules attempt to stop identity theft before it takes place. T OR F?
TRUE
Under the Privacy Rule, there are only two situations in which a covered entity must disclose PHI: 1) when a person requests access to his or her PHI, and 2) when a person requests that their PHI be sent directly to a third party. T OR F?
TRUE