Chapter 2 - ITS - 2545

A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information A) True B) False

B) False

Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them? A) ECPA B) Sarbanes-Oxley C) HIPAA D) Gramm-Leach-Bliley

C) HIPAA

Which subset of civil law regulates the relationships among individuals and among individuals and organizations? A) Tort B) Criminal C) Private D) Public

C) Private

Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community? A) utilitarian B) virtue C) fairness or justice D) common good

D) common good

InfraGard began as a cooperative effort between the FBI's Cleveland field office and local intelligence professionals. A) True B) False

B) False

To protect intellectual property and competitive advantage, congress passed the Entrepreneur Espionage Act (EEA) in 1996. A) True B) False

B) False

Which law extends protection to intellectual property, which includes words published in electronic formats? A) Freedom of Information Act B) U.S. Copyright Law C) Security and Freedom through Encryption Act D) Sarbanes-Oxley Act

B) U.S. Copyright Law

Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls. A) remediation B) deterrence C) persecution D) rehabilitation

B) deterrence

Any court can impose its authority over an individual or organization if it can establish which of the following? A) jurisprudence B) jurisdiction C) liability D) sovereignty

B) jurisdiction

There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them? A) ignorance B) malice C) accident D) intent

B) malice

Which of the following is compensation for a wrong committed by an employee acting with or without authorization? A) liability B) restitution C) due diligence D) jurisdiction

B) restitution

Which law addresses privacy and security concerns associated with the electronic transmission of PHI? A) USA Patriot Act of 2001 B) American Recovery and Reinvestment Act C) Health information technology for economic and clinical health act D) National informaiton infrastructure act of 1996

C) Health information technology for economic and clinical health act

Which of the following is an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures? A) U.S. Copyright Law B) PCI DSS C) European Council Cybercrime Convention D) DMCA

D) DMCA

Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics? A) Applied ethics B) Meta-ethics C) Normative ethics c

D) Deontological ethics

Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federal computer system? A) The Telecommunications Deregulation and Competition Act B) National Information Infrastructure Protection Act C) Computer Fraud and Abuse Act D) The Computer Security Act

D) The Computer Security Act

Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals. A) (ISC)2 B) ACM C) SANS D) ISACA

A) (ISC)2

Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications? A) The Electronic Communications Privacy Act of 1986 B) The Telecommunications Deregulation and Competition Act of 1996 C) National Information Infrastructure Protection Act of 1996 D) Federal Privacy Act of 1974

A) The Electronic Communications Privacy Act of 1986

The Gramm-Leach-Bliley (GLA) Act (also known as the Financial Services Modernization Act of 1999) contains a number of provisions that affect banks, securities firms, and insurance companies. A) True B) False

A) True

Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right? A) Applied ethics B) Descriptive ethics C) Normative ethics D) Deontological ethics

B) Descriptive ethics

The penalties for offenses related to the National Informaion Infrastructure Protection Act of 1996 depends on whether the offense is judged to have been committed for one of the following reasons except which of the following? A) For purposes of commercial advantage B) For private financial gain C) For political advantage D) In furtherance of a criminal act

C) For political advantage