Cyber Law&Ethics, CH 7,8,9,10,11.

Under the Digital Millennium Copyright Act, which of the following must pay licensing fees to record companies? a. Libraries b. "Webcasters" c. Higher education institutions d. Nonprofit "public" radio stations

"Webcasters"

What was the first state to have a breach notification law? a. California b. Texas c. New York d. N. Carolina

California

__________________ restrict the transmission of certain types of information to non-U.S. citizens or non-permanent residents who are located in the United States. a. Department of State b. Import control regulations c. Department of Energy d. Office of International Information Transference

Department of State

Which of the following are types of export control regulations? a. Intentional Traffic in Armory Regulations (ITAR) b. Export Administration Regulations (EAR) c. both A and B d. neither A nor B

Export Administration Regulations (EAR)

Form 10-Q quarterly report is a very detailed disclosure of a company's financial condition. True False

False

Congress created the _____________ in response to the September 11, 2001, terrorist attacks. a. Computer Security Act (CSA) b. Office of Management and Budget (OMB) c. Federal Information Security Management Act (FISMA) d. National Security Agency (NSA)

Federal Information Security Management Act (FISMA)

_____________________ is the area of law that protects a person's creative ideas, inventions, and innovations. a. Intellectual property law b. Civil law c. Criminal law d. Property interest law

Intellectual property law

Under the Digital Millennium Copyright Act, which of the following are protected from copyright infringement liability for the act of transmitting information over the Internet? a. Libraries b. Higher education institutions c. Internet service providers d. Individuals

Internet service providers

Which of the following legal terms means assisting in or inducing people to engage in infringement activity? a. Material contribution b. Principal use c. Substantial use d. Probable cause

Material contribution

Which of the following statements best captures the role and responsibility of NIST? a. NIST creates the standards and guidelines for National Security Systems to help agencies meet their FISMA obligations. b. NIST uses procedures described in the Administrative Procedures Act (APA) to create Federal Information Processing Standards (FIPS). c. NIST raises awareness of FISMA reporting requirements and security best practices. d. NIST conducts independent and objective audits, investigations, and inspections.

NIST uses procedures described in the Administrative Procedures Act (APA) to create Federal Information Processing Standards (FIPS).

The main goal of ______________ is to protect shareholders and investors from financial fraud. a. Sarbanes-Oxley Act (SOX) b. Gramm-Leach-Bliley Act c. Securities and Exchange Commission d. Public Company Accounting Oversight Board

Sarbanes-Oxley Act (SOX)

Which of the following supported the Digital Millennium Copyright Act? a. Librarians b. Academics c. Scientists d. Software and entertainment industries

Software and entertainment industries

Sponsored by five U.S. financial organizations, ___________ is a nonprofit organization that was established in 1985 to identify factors that contributed to fraudulent financial reporting. a. COSO b. PCAOB c. GAAP d. IFRS

a. COSO

SOX ______________ requires CEOs and CFOs to certify a company's SEC reports. a. Section 906 b. Section 404 c. Section 302 d. Section 708

c. Section 302

Compensatory, consequential, nominal, and liquidated are all types of ___________. a. remedies b. damages c. breach d. performance

damages

Item, price, quantity, and when the item is available for delivery are all examples of ______________ terms. a. remedial b. material c. foundation d. consequential

material

What is required for an invention or discovery to be patentable? a. must be novel b. can be useful or without any use c. must be obvious d. must be environmentally sustainable

must be novel

Which of the following is a type of damage that is awarded when no financial loss is suffered as a result of the breach? a. compensatory b. consequential c. liquidated d. nominal

nominal

Stocks and bonds are called ___________. a. dividends b. securities c. profits d. assets

securities

If you design a graphic, slogan, or symbol for your company and its product, then you would file for a(n): a. trademark. b. copyright. c. patent. d. exception.

trademark.

To enter into a legally binding contract, you must be at least: a. 16 b. 14 c. 18 d. 21

18

FISMA applies to both federal and state agencies. True False

False

North Carolina law requires that notice be given in a "concrete and inconspicuous" form, which means that it can be understood by individuals. True False

True

Utility, plan, and design are all types of _________________. a. patents b. copyrights c. trademarks d. trade secrets

patents

The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years. a. five b. three c. four d. two

three

A ______________ protects the formulas, processes, methods, and information that give a business a competitive edge. a. copyright b. utility patent c. trade secret d. strict liability

trade secret

RIAA claimed that Napster made a(n): a. "indirect" infringement on its patent. b. "direct" infringement on its trademark. c. "direct" infringement on its copyright. d. "indirect" infringement on its copyright.

"direct" infringement on its copyright.

Which of the following is an example of intellectual property? a. Artwork that an individual created. b. A house that one individual purchased from a previous owner who did not design the house. c. Land that one individual purchased from a previous owner. d. A car that one individual purchased from a previous owner who did not design the car.

Artwork that an individual created.

Which of the following is an information security issue you should consider in a cloud computing contract? a. Which type of user creates data? b. How is data defined and used? c. What is the level of compliance with the Uniform Electronic Transactions Act? d. Both A and B

Both A and B

Which of the following statements best captures the difference between civil law and criminal law? a. Criminal law requires a trial by jury, whereas civil law requires only a hearing. b. In civil law, a defendant is sent to jail as a punishment. However, criminal law imposes fines. c. In civil law a defendant is not required to reimburse a plaintiff for damages, whereas this is a requirement in criminal law. d. Civil law only requires paying fines, whereas in criminal law the punishment is jail.

Civil law only requires paying fines, whereas in criminal law the punishment is jail.

What was the first federal law to address federal computer security? a. Federal Information Security Management Act (FISMA) b. Computer Security Act (CSA) c. Sarbanes-Oxley Act (SOX) d. The E-Privacy Act

Computer Security Act (CSA)

In 1998, Congress passed the _________________________.This law helps protect copyrights in the multimedia world. It also contains provisions that help insulate Internet service providers from the actions of their customers. a. Digital Millennium Copyright Act b. Online Copyright Infringement Liability Limitation act c. Computer Maintenance Competition Assurance Act d. Vessel Hull Design Protection Act

Digital Millennium Copyright Act

The law that stopped Napster from continuing its operations is the __________ that was enacted in 1998. a. Napster Act (NA) b. Digital Millennium Copyright Act (DMCA) c. Intellectual Property Act (IPA) d. Gramm-Leach-Bliley Act (GLBA)

Digital Millennium Copyright Act (DMCA)

The result of the United States copyright extension is now known as the: a. Napster Act (NA). b. Digital Millennium Copyright Act (DMCA). c. Intellectual Property Act (IPA). d. Gramm-Leach-Bliley Act (GLBA).

Digital Millennium Copyright Act (DMCA).

A patent application contains the following basic parts: specifications, photos, authentication, and files attached. True False

False

According to California law, entities don't need to give notice of a breach if the personal information in their computer system was not encrypted. True False

False

Although California law doesn't assess any penalties against an entity that doesn't follow the notification law, it does permit a person a private cause of action against those entities. People can sue the private entity for any damages they have because they didn't receive notification in a timely manner True False

False

An oral contract is not as enforceable as a contract that is written down. True False

False

California's Database Security Breach Notification Act law requires entities to notify California residents whenever a security breach occurs without any delays in notification if they reasonably believe that a breach has occurred. True False

False

Copyright owners allow others to use their copyrighted material by using a special kind of contract called a litigation. True False

False

Even if a person is intoxicated, as long he or she is over the age of 18 and mentally competent then the person has contractual capacity in all cases True False

False

In February 2014, the Obama administration passed a federal breach notification Law, which was created in response to the Target Corporation credit card breach in late 2013. True False

False

In certain circumstances, courts will enforce illegal contracts. True False

False

In the Federal Information Processing Standards (FIPS) created by NIST, there is one over-arching security category—high—wherein the loss of confidentiality, integrity, or availability has a severe or catastrophic adverse effect on the agency, its information assets, or people. A high impact event results in major damage to assets. True False

False

It is not considered copyright infringement to duplicate another person's content on your own Web page as long as you acknowledge their work by posting the URL their Web page. True False

False

SOX Section 404 imposes criminal liability for fraudulent certifications. Under this section, CEOs and CFOs that knowingly certify fraudulent reports may be fined up to $1 million. True False

False

SOX requires companies to report accurate financial data. They must do this to protect their CEO and CFO from harm. True False

False

The COSO Framework specifically states that all organizations should follow the Guide to Assessment of IT Risk (GAIT). True False

False

The Enron scandal proved that self-regulation has only benefits and little to no drawbacks, as evidenced by the role of their accounting firm, Arthur Andersen. True False

False

The SEC has five commissioners. The U.S. President must appoint them. They serve for five-year terms. All five commissioners can belong to the same political party. True False

False

_________________ are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable. a. Disclosure controls b. Internal controls c. External d. Risk assessment

Internal controls

Massachusetts' "Standards for the Protection of Personal Information of Residents of the Commonwealth" was released in September 2008 and is known for being "unique" in terms of its data protection standard. Which of the following statements best captures that uniqueness? a. It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents. b. It states that an entity's information security program must be a good fit for its size and scope. It also must fit the entity's type of business. c. Under the data protection standard, personal information is a person's first and last name, or first initial and last name, and any of the following: Social Security number, driver's license number, or state identification card number. d. The standard states that an information security program must include specific security requirements.

It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents.

________________ means that the parties to the contract must show that they intended to enter into a specific transaction with specific terms. a. Mutual assent b. Enforceable contract c. Binding d. Capacity

Mutual assent

Which of the following was a company (in existence only from June 1999 to July 2001) that used peer-to-peer networking to provide a file-sharing service that gave its users the ability to share music? a. iTunes b. Napster c. Soundz d. Pandora

Napster

FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responsibility? a. Office of Management and Budget (OMB) b. National Institute of Standards and Technology (NIST) c. Institute of Electrical and Electronics Engineers (IEEE) d. U.S. Government Accountability Office (GAO)

National Institute of Standards and Technology (NIST)

In May 2007, the ___________________ required all federal agencies to create a breach notification plan. This instruction was issued in response to a large data breach at the Department of Veterans Affairs. a. FISMA b. OMB c. HIPAA d. GAO

OMB

The ________________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries. a. Department of Commerce b. Department of Defense (DoD) c. Office of Management and Budget (OMB) d. Office of Foreign Assets Control (OFAC)

Office of Foreign Assets Control (OFAC)

The _________________ requires all federal agencies to create a breach notification plan. a. Office of Management and Budget (OMB) b. Computer Security Act (CSA) c. Federal Information and Security Management Act (FISMA) d. Department of Homeland Security (DHS)

Office of Management and Budget (OMB)

The ______________________ was created by Congress to protect data collected by the government. a. Computer Security Act (CSA) b. Privacy Act of 1974 c. E-Government Act of 2002 d. Federal Information and Security Management Act (FISMA)

Privacy Act of 1974

_____________________ refers to the purchase of application services over the Internet. a. Cloud computing b. Software as a Service (SaaS) c. Social media d. Specific performance

Software as a Service (SaaS)

___________________refers to situations where a court orders a party to complete their contractual duties. a. Mitigation duty b. Reformation c. Specific performance d. Rescission

Specific performance

__________ means that an inventor can hold an infringer liable for violating a patent even if the infringer acted unwittingly. a. Patent infringement b. Strict liability c. Property interest d. Patent prosecution

Strict liability

_____________ are used to protect words, logos, and symbols that identify a product or services. a. Trademarks b. Patents c. Copyrights d. Trade secrets

Trademarks

An infringer is a person who violates the IP rights of another, whereas a patent troll is an overly aggressive and opportunistic person who owns a patent but doesn't intend to make, use, or sell the invention. True False

True

An inspector general (IG) is an official who reviews the actions of a federal agency. An IG examines the agency's activities to make sure that it's operating efficiently and following good governance practices. True False

True

Because Congress can't usually interfere in state matters, it can't create a uniform federal law in areas legislated by the states unless there's a compelling reason to do so. Thus, there is no existing federal law on information security. True False

True

Certain contracts that are not enforceable because of public policy reasons can include contracts that reduce commercial competition and contracts to commit a crime or other wrongdoing. True False

True

Congress hoped that the Sarbanes-Oxley Act of 2002 (SOX) reforms would prevent another Enron scandal. The main goal of SOX is to protect shareholders and investors from financial fraud. SOX increased corporate disclosure requirements. True False

True

FISMA merges a number of different laws. All of these laws address different information security issues. Because no one law was comprehensive, Congress heard many reports that information security efforts at the federal level were not effective. Congress intended FISMA to be a strong law to fix this problem. True False

True

In 1987, Congress passed the Computer Security Act (CSA). This was the first law to address federal computer security. Under the CSA, every federal agency had to inventory its IT systems. Agencies also had to create security plans for those systems and review their plans every year. True False

True

In 1992, COSO issued guidance on internal controls. The COSO framework says that internal controls are effective when they give the management of a company reasonable assurance that: 1) It understands how the entity's operational objectives are being achieved; 2) Its published financial statements are being prepared reliably, and 3) It's complying with applicable laws and regulations. True False

True

In the context of property law, a person is a real person or other legal entity, which includes corporations, businesses, private organizations, and governments. True False

True

NIST created a FISMA Implementation Project to help it meet its FISMA duties. The project helped it create FISMA-related standards and guidelines in a timely manner. The project had two phases. In the first phase, NIST developed standards and guidelines to help agencies meet basic FISMA requirements. The documents developed in this phase helped agencies create their information security programs. True False

True

One of the main functions of the PCAOB is to set standards for how auditors review public companies. It has created standards related to auditing, ethics, independence, and quality control. True False

True

Public companies are required to file a number of financial disclosure statements with the SEC. These forms help investors understand the financial stability of a company. The most commonly filed forms are: 1) Form 10-K—Annual report, 2) Form 10-Q—Quarterly report, and 3) Form 8-K—Current report. True False

True

Some states require entities doing business within the state to follow basic information security practices, while other states are more aggressive and require entities to use specific security practices, such as encryption. True False

True

Substantial performance means that a party performs all material contract promises. True False

True

The ChoicePoint data breach is unique because if it weren't for the California breach notification law, ChoicePoint might not have notified any consumers at all about the data breach. Other states, such as Illinois, realized that their residents might not be able to protect themselves from identity theft in similar situations without these laws. Thirty-five states considered breach notification laws in 2005, and the ChoicePoint case is widely seen as the reason why other states have these laws. True False

True

The law states that fair use of a copyrighted work isn't copyright infringement, and that fair use is permitted in the following situations in order to promote free speech: criticism, news reporting, and teaching (including multiple copies for classroom use). True False

True

The reason why a trademark must be used in interstate commerce in order to be federally registered is that the federal government can regulate interstate commerce only under its Commerce Clause authority. True False

True

The rules stated in the Gramm-Leach-Bliley Act (GLBA) require that entities engaged in certain kinds of financial transactions need to follow privacy and information security rules that are designed to protect customers' personal information. True False

True

The term cyberwar specifically refers to conflicts between nations and their militaries. This is the main distinction between cyberwar and other types of information system attacks that are reported in the news media. True False

True

Though it is not a law, businesses that wish to accept credit cards for payment must follow the PCI DSS, which is enforced by major credit companies like Visa and MasterCard. True False

True

To establish a trade secret, the information that's to be protected must meet the following criteria: have value; be unknown; be unascertainable, and be protected. True False

True

Under the Privacy Act, a record is any information about a person that an agency maintains. It includes a person's educational, financial, medical, and criminal history information. The act requires agencies to keep accurate and complete records. It also states that an agency should store only the data that it needs to conduct business. It shouldn't store any extra or unnecessary data. True False

True

Congress can create laws in areas where the________________ allows it. a. President b. U.S. Supreme Court c. House of Representatives d. U.S. Constitution

U.S. Constitution

The purpose of the ___________________ is to remove barriers to electronic commerce by validating electronic contracts. a. Uniform Commercial Code (UCC) b. Electronic Signatures Act (ESA) c. Uniform Electronic Transactions Act (UETA) d. Electronic Communications Act (ECA)

Uniform Electronic Transactions Act (UETA)

______________ patents are used for inventions and discoveries related to machines, manufactured products, processes, and compositions of matter. a. Design b. Plant c. Composition d. Utility

Utility

The Digital Millennium Copyright Act addresses treaties signed in 1996 at the: a. World Intellectual Property Organization (WIPO) Geneva conference. b. World Music Organization (WMO) London conference. c. World United Songwriters Association (WUSA) Nashville conference. d. We Are the World concert.

World Intellectual Property Organization (WIPO) Geneva conference.

A company's _______________________ provides a summary of the company's financial condition at a certain period. a. balance sheet b. profit and loss statement c. prospectus d. futures contract

a. balance sheet

RIAA, the plaintiff, represented __________ in its legal action against Napster. a. Bruce Springsteen and Billy Joel b. the Black Keys c. the Smashing Pumpkins d. all major record labels

all major record labels

Which of the following is included in a law's legislative history? a. any materials generated in the course of creating legislation; this includes committee reports, hearings, and transcripts of debate and reports issued by legislatures b. any materials generated in the course of creating legislation that were specifically written in the final draft of law c. selected committee reports, hearings, and transcripts of debate and reports issued by legislatures d. any materials generated in the course of creating legislation excluding committee reports, hearings, and transcripts of debate and reports issued by legislatures

any materials generated in the course of creating legislation; this includes committee reports, hearings, and transcripts of debate and reports issued by legislatures

SOX _________ requires a company's executive management to report on the effectiveness of the company's internal controls over financial reporting (ICFR). a. Section 302 b. Section 404 c. Section 903 d. Section 708

b. Section 404

SOX requires the SEC to review a public company's Form 10-K and Form 10-Q reports at least once every three years. It must do this to try to detect fraud and inaccurate financial statements that could harm the investing public. SOX states the factors that the SEC should consider when deciding to conduct a review. Which of the following is not one of the factors that SEC must consider? a. whether a company has amended its financial reports b. how long the company has been in existence c. how much stock the company has issued d. the difference between a company's stock price and its earnings

b. how long the company has been in existence

A ____________________ is owned by many investors in the form of stock. a. privately held company b. public company c. closed corporation d. sole proprietorship

b. public company

What is considered to be personal information by most states? a. Social Security numbers b. account numbers c. both A and B d. neither A nor B

both A and B

Which of the following may be exempt from state breach notification laws because they are already subject to other laws with specific data security requirements? a. GLBA financial institutions b. entities covered by HIPAA c. both A and B d. neither A nor B

both A and B

A _____________________ does not require the user to make an affirmative action to accept the terms of the contract. Agreement is assumed when the user visits the Web page or downloads a product. a. shrinkwrap contract b. clickwrap contract c. browsewrap contract d. remedy

browsewrap contract

In 2007 Minnesota created the Plastic Card Security Act, which is the first state law that attempted to codify certain parts of the PCI DSS. It forbids businesses from storing cardholder information for more than 48 hours after the credit card transaction is approved. Which of the following lists of information can't be stored? a. card verification number, PIN number, and contents of the card magnetic stripe b. name, address, and PIN number c. name, PIN number, and contents of the card magnetic stripe d. name, card verification number, and PIN number

card verification number, PIN number, and contents of the card magnetic stripe

The Digital Millennium Copyright Act makes it a crime to: a. crack copyright protection devices to assess product interoperability. b. crack copyright protection devices for the purpose of testing security systems. c. crack copyright protection devices for the purpose of encryption research. d. circumvent antipiracy measures in commercial software.

circumvent antipiracy measures in commercial software.

FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to ____________ information. a. personally identifiable b. classified c. sensitive d. intellectual property

classified

In forming a contract, the parties must bargain for something of value. This is called ____________________. a. offer b. acceptance c. meeting of the minds d. consideration

consideration

Which of the following is not a legal remedy in contract law? a. contract identification b. money damages c. specific performance d. contract rescission

contract identification

In December 1999, the Recording Industry Association of America (RIAA) took legal action against Napster for: a. copyright infringements. b. patent infringements. c. trademark infringements. d. identity theft.

copyright infringements.

If you write a song, produce a film, sculpt a piece of art, or write a mobile phone application and wish to protect it, then you will claim a(n): a. trademark. b. copyright. c. patent. d. exception.

copyright.

The bad faith registration of a domain name that's a registered trademark or trade name of another entity is referred to as: a. patent infringement b. strict liability in tort c. copyright infringement d. cybersquatting

cybersquatting

Which of the following items is not part of the in "SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach" that NIST uses to create a risk management framework (RMF) approach to FISMA compliance? a. categorize IT systems b. select minimum security controls c. implement security controls on IT support staff d. monitor security controls

implement security controls on IT support staff

A trademark has two criteria: 1) it must be used in interstate commerce and 2) _____________________. a. it must be useful b. it must be distinctive c. it must be novel d. it must be innovative

it must be distinctive

A(n) ___________ is an invitation to enter into a relationship or transaction of some kind. a. acceptance b. offer c. negotiation d. capacity

offer

If you invent a machine or design a special process, you may wish to file for a(n): a. trademark. b. copyright. c. patent. d. exception.

patent.

Unlike ______________, trade secrets aren't registered. A person or business doesn't have to meet any registration or procedural formalities for protection. a. patents b. prior art c. intellectual property d. servicemarks

patents

Which of the following has the longest period of protection? a. trademarks b. patents c. trade secrets d. copyrights

patents

Since March 2013, a patent is awarded to the: a. company that produces the invention. b. person with the best idea for a product or process. c. person who first came up with the invention. d. person who files first for the patent.

person who files first for the patent.

For more than 200 years prior to March 2013, a patent was awarded to the: a. company that produces the invention. b. person with the best idea for a product or process. c. person who first came up with the invention. d. person who files first for the patent.

person who first came up with the invention.

What is a legal concept that protects an entity from legal liability and is written into the law? Entities that encrypt the personal information that they own or maintain do not have to follow the notification requirements of this concept if they have a data breach. a. safety net b. caveat emptor c. safe harbor d. the Malpractice Act of 1998

safe harbor

The most famous case involving ___________________ is ProCD Inc. v. Zeidenberg (1996). ProCD sold a software product that was a searchable telephone directory database. ProCD sued Zeidenberg based on the argument that Zeidenberg breached the terms of the license agreement that was included in the ProCD software box. a. shrinkwrap contracts b. clickwrap contracts c. browsewrap contracts d. damages

shrinkwrap contracts

To help protect intellectual property, the United States used established treaties from __________ to extend its own copyright law in the online realm. a. the European Union (EU) b. the National Conference of State Legislatures (NCSL) c. Napster d. the World Intellectual Property Organization (WIPO)

the World Intellectual Property Organization (WIPO)

Indiana law requires that a state agency may not disclose a person's Social Security number to anyone. There are limited exceptions to this law. Which of the following situations is not among those in which a SSN can be disclosed? a. a person gives explicit written consent for the disclosure of their SSN b. the disclosure is required by state or federal law c. the disclosure is required by a court order d. the disclosure is required by a collection agency

the disclosure is required by a collection agency

Historically, a contract acceptance had to have exactly the same words and terms as the original offer. This was called _____________________. a. the mirror image rule b. the mailbox rule c. meeting of the minds d. consideration

the mirror image rule

The primary difference between a copyright, a trademark, and a patent is the: a. profession of the individual applying for intellectual property protection. b. industry in which the intellectual property is used. c. type of intellectual property being protected. d. length of protection the intellectual property owner desires.

type of intellectual property being protected.