Review Questions Ethics (Ch. 1-5)
A(n) ___ is an individual who hacks computers or websites in an attempt to promote a political ideology.
Hacktivist
Persistent or malicious harassment aimed at an ethnic, racial, or religious group can be prosecuted as hate speech. T/F?
false
A(n) ___ is a company that monitors, manages, and maintains computer and network security for other organizations.
managed security service provider (MSSP)
____ involves the deployment of malware that secretly steals data in the computer systems of organizations that can be used to gain an unfair competitive advantage for the perpetrator
Cyberespionage
Identifying the stakeholders and their positions on an issue is part of which decision-making step?
Define the problem
A(n) ____ is an attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks
Distributed Denial of Service
____ involves doing research on the Internet to obtain someone's private personal information (such as home address, email address, phone numbers, and place of employment) and even private electronic documents (such as photographs), and then posting that information online without permission.
Doxing
____ is the process of scrambling messages or data in such a way that only authorized parties can read it
Encryption
In the event of a successful cyberattack, the best way to give out specific information is through use of online discussion groups, email, and other systems connected to the compromised system. T/F?
false
Laws provide a complete guide to ethical behavior. T/F
false
Publicly traded organizations have an obligation to report all data breaches to the Securities and Exchange Commission. T/F?
false
The Supreme Court has stated that American citizens are protected by the Fourth Amendment with no exception. T/F?
false
The business recovery plan is the documented process to recover an organization's business information system assets including hardware, software, data, networks, and facilities in the event of a disaster. T/F?
false
The goodwill that CSR activities generate can make it easier for corporations to conduct their business but is unlikely to affect the profitability of the firm. T/F?
false
Unlike certification, which applies only to people and is required by law, licensing can also apply to products. True or False.
false
A ____ is hardware or software (or a combination of both) that serves as the first line of defense between an organization's network and the Internet; it also limits access to the company's network based on the organization's Internet-usage policy
firewall
Which of the following laws required federally finance schools and libraries to use some form of technological protection to block computer access to obscene material, pornography, and anything else considered harmful to minors? a) Telecommunications Act b) Children's Internet Protection Act c) Child Online Protection Act d) Communications Decency Act
b) Children's Internet Protection Act
Many companies obtain information about web surfers through the use of ___, which are text files that can be downloaded to the hard drives of users so that the website is able to identify visitors on subsequent visits
cookies
The moral corruption of people in power has been given the name ____
Bathsheba syndrome
The Supreme Court has held that obscene speech and defamation may be forbidden by the government. T/F?
True
____ is an exploit in which victims receive a voice-mail message telling them to call a phone number or access a website
Vishing
An anti-SLAPP law is used by government officials against citizens who oppose them on matters of public concern. T/F?
false
China has more surveillance cameras per person than Great Britain. T/F?
false
If an employee acts in a manner contrary to corporate policy and their employee's directions, the employer cannot be held responsible for these actions. T/F?
false
A recent study revealed that between ____ percent of workers' time online had nothing to do with work
60 and 80
The ____ Act specifies requirements that commercial emailers must follow when sending out messages that advertise or promote a commercial product or service.
CAN-SPAM
The country with perhaps the most rigorous Internet censorship in the world is ____
China
Section 230 of the ____ provides immunity to an Internet service provider that publishes user-generated content, as long as it's actions do not rise to the level of a content provider.
Communications Decency Act
(The) ____ approves the use of any intelligence collection techniques that are in accordance with procedures established by the head of the intelligence community and approved by the attorney general.
Executive Order 12333
This act allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies.
Fair and Accurate Credit Transactions Act
Under (the) ______________, the presumption is that a student's records are private and not available to the public without the consent of the student.
Family Educational Rights and Privacy Act (FERPA)
The ____ protects Americans' rights to freedom of religion, freedom of expression, and freedom to peaceably assemble.
First Amendment
____ describes procedures for the electronic surveillance in collection of foreign intelligence between foreign powers in agents of foreign powers. It also created a special court, which meets in secret to hear applications for orders approving electronic surveillance anywhere within the United States
Foreign Intelligence Surveillance Act
Federal agencies receiving a ____ request must acknowledge that the request has been received and indicate when the request will be fulfilled, with an initial response within 20 working days unless an unusual circumstance occurs.
Freedom of Information Request
The ____ is designed to strengthen data protection for individuals within the EU and includes stiff penalties for privacy violations.
General Data Protection Regulation
____ is the process established by an organization's board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations.
Internal control
An aggrieved party can file a ____ lawsuit against a defendant whose identity is temporarily unknown because he or she is communicating anonymously or using a pseudonym.
John Doe
An important Supreme Court case that established a three-part test to determine if material is obscene and therefore not protected speech was
Miller v. California
_____ is/are one's personal beliefs about what is right and wrong
Morals
A(n) ___ is a hardware or software based network security system that is able to detect and block sophisticated attacks by filtering network traffic depend on the contents of data packets
Next Generation Firewall
____ is a system employed to collect Internet data including search histories, photos sent and received; the contents of email, file transfers, and voice and video chats; and other Internet communication data
PRISM
____ is the process of assessing security-related risks to an organization's computers and networks from both internal and external threats
Risk assessment
A(n) ____ exploit is an attack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.
Zero-day
If you find yourself rationalizing a decision with the statement, "Well, our competitors are doing something far worse"-what action should you not take? a) drop this option, and implement the same policy as your competitors b) reconsider your options c) identify and evaluate options d) choose the best option
a) drop this option, and implement the same policy as your competitors
Which of the following is not a multi factor authentication method?
a) entering a user name and a strong end-user password at least 10 characters long
Non-managers are responsible for what percent of instances of reported misconduct?
about 40%
The number of global companies that have an overall security strategy is ___
about 58 percent
Which of the following is not one of the five key elements of an acceptable use policy (AUP)? a) Purpose of the AUP, why it is needed and what are its goals b) background and make-up of the infosec organization that enforces the AUP c) definition of the actions that will be taken against an individual who violates the policy d) scope of who and what is covered under the AUP
b) background and make-up of the infosec organization that enforces the AUP
A(n) ___ is a sophisticated threat that combines the features of a virus, worm, trojan horse, and other malicious code into a single payload
blended threat
The core _____ for any profession outlines agreed-upon sets of skills and abilities that all licensed professionals must possess.
body of knowledge
Which of the following is not a key goal of employee ethics training? a) increase the percentage of employees who report incidents of misconduct b) make employees more aware of the company's code of ethics and how to apply it c) become familiar with various philosophers and how they dealt with ethical issues d) reduce the company's liability in the event of legal action
c) become familiar with various philosophers and how they dealt with ethical issues
A statement that highlights an organization's key ethical issues and identifies the over-arching values and principles that are important to the organization and its decision making.
code of ethics
____ is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer system, networks, and storage devices in a manner that preserves the integrity of data gathered so that it is admissible as evidence in a court of law.
computer forensics
According to the Ethics Resource Center, which of the following is the most commonly observed form of employee misconduct a) lying to employees b) abusive behavior c) inappropriate social networking d) misuse of company time
d. Misuse of company time
Making either an oral or a written statement of alleged fact that is false and harms another person is ___
defamation
The term ___ describes the standards or codes of behavior expected of an individual by a group to which the individual belongs
ethics
The software piracy rates in Albania, Kazakhstan, Libya, Panama, and Zimbabwe ___
exceed 70 percent
A(n) _____ is an attack on an information system that takes advantage of a particular system vulnerability.
exploit
Although a number of independent laws and ask have been implemented overtime, no single, overarching data privacy policy has been developed in the United States. However, there is an established advisory agency that recommends acceptable privacy practices to U.S. businesses. T/F?
false
The computer security triad consists of ____
integrity, confidentiality, and availability
Often organizations who are engaged in litigation will send a __________________________ notice to its employees or to the opposing party to save relevant data and to suspend data that might be due to be destroyed based on normal data-retention rules.
litigation hold
____ occurs when a party fails to perform certain express or implied obligations, which impairs of destroys the very essence of a contract.
material breach of contract
____ is a process that couples human guidance with computer-driven concept searching in order to train document review software to recognize relevant documents with a document universe.
predictive coding
To become licensed as a software engineer in the United States, one must pass the Fundamental of Engineering Exam and a software engineering ___ exam
principles and practices
A (An) __________________________ states the principles and core values that are essential to the work of a particular occupational group.
professional code of ethics or code of ethics
Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as ___
professional malpractice
Approximately how many U.S workers have reported worker or manager misconduct and then suffered some sort of retribution from their supervisor or negative reactions from their coworkers?
some 6.2 million
The mission of the Software & Information Industry Association and the Business Software Alliance is to ___________________.
stop the unauthorized copying of software produced by its members
A virtual private network (VPN) enables remote users to securely access an organization's collection of computing and storage devices and share data remotely transmitting and receiving data over public networks such as the Internet. T/F?
true
An IT worker cannot be sued for professional malpractice unless he or she is licensed. True or False.
true
Beginning with the model year 2011 vehicles, the National Highway Safety Administration defined a minimum set of 15 data elements that must be captured for manufacturers who voluntarily install electronic data recorders on their vehicles. T/F?
true
Important decisions with strong ethical implications are too often left to the technical experts; general business managers must assume greater responsibility for these decisions. T/F?
true
Senior management (including members of the audit committee) must always follows the recommendations of the internal audit committee. T/F
true
The Fourth Amendment cannot be used to limit how a private employer treats its employees, and private-sector employees must seek legal protection against an invasive employer under various state statues. T/F?
true
The number of U.S government intelligence-gathering units identified in Executive Order 12333 exceeds 18. T/F?
true
The worldwide financial services industry spent over $27 billion on IT security and fraud prevention in 2015. T/F?
true
Under the Foreign Corrupt Practices Act (FCPA), it is permissible to pay an official to perform some official function (for example, to speed customs clearance). T/F
true
Antivirus software scans for a specific sequence of bytes known as a(n) ____ that indicates the presence of a specific virus.
virus signature
The California State Court in Pre-Paid vs Sturtz et al. set a legal precedent that courts apply when deciding ____
whether or not to approve subpoenas requesting the identity of anonymous web posters
____ is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest.
whistle-blowing