Module 2 Quiz
The Council of Europe adopted the Convention of Cybercrime in ____.
2001
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
Accept Control
Laws and policies and their associated penalties only deter if which of the following conditions is present?
All Of The Above
Management of classified data includes its storage and ____.
All of the above
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
Appetite
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ____.
By Accident
The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____.
CBA
The National Information Infrastructure Protection Act of 1996 modified which Act?
Computer Fraud and Abuse Act
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?
Computer Fraud and Abuse Act of 1986
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
Confidential
Risk ____ is the application of controls to reduce the risks to an organization's data and information systems.
Control
Many corporations use a ____ to help secure the confidentiality and integrity of information.
Data Classification Scheme
The ____ strategy attempts to prevent the exploitation of the vulnerability.
Defend Control
The concept of competitive ____ refers to falling behind the competition.
Disadvantage
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.
Dumpster Diving
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
Electronic Communications Privacy Act
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
What is the subject of the Computer Security Act?
Federal Agency Information Security
What is the subject of the Sarbanes-Oxley Act?
Financial Reporting
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?
Financial Services Modernization Act
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
Fraud
The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.
General
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
Health Insurance
The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan.
IR
Criminal or unethical ____ goes to the state of mind of the individual performing the act.
Intent
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes.
Marketing
The ____ security policy is a planning document that outlines the process of implementing security in the organization.
Program
The first phase of risk management is ____.
Risk Identification
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
Security and Freedom through Encryption Act
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.
Standard of Due Care
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____.
To Harass
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.
Transfer Control
In a(n) ____, each information asset is assigned a score for each of a set of assigned critical factor.
Weighted Factor Analysis
The military uses a ____-level classification scheme.
five
