ITN 267

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

There are ______regional Federal Reserve Banks, which serve different geographic districts.

12

COBRA benefits generally last a maximum of:

18 months

To be COPPA-compliant, a privacy policy must provide "assurance that participation is not conditioned on data collection." Which of the following statements offer the best explanation of this criterion?

A Web site can't require children to submit contact details in order to be allowed to use the site. Web sites are not allowed to collect more information than necessary for a child to participate in an activity.

Which of the following statements does not apply to credit unions?

A credit union must have a three-member board of directors.

HIPAA's _____________________ provisions are designed to encourage "the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information."

Administrative Simplification

The District of Columbia and 45 states have enacted breach notification laws, which require an organization to notify state residents if it experiences a security breach that involves the personal information of the residents. Which group of four states does not have a breach notification law?

Alabama, Kentucky, New Mexico, and South Dakota

Which of the following correctly summarizes an employer's right to monitor telephone conversations?

An employer has right to monitor telephone conversations in the ordinary course of business without a court order.

___________________ allows employees and their families to continue health coverage when they lose or change a job.

COBRA

Which of the following is a true statement regarding COPPA and CIPA rules?

COPPA defines a minor as anyone under the age of 13 years, while CIPA defines a minor as someone under the age of 17 years.

The Payment Card Industry Security Standards Council (PCI Council) is made up of representatives of the major credit card companies. The major credit card companies are also called credit card brands. Which of the following is not one of the major brands?

Chase Bank

Collection and use of a child's personal information, such as name, e-mail address, or social security number, by a Web site operate is governed by:

Children's Online Privacy Protection Act (COPPA)

In 2013, a social media company paid $800,000 to settle charges with the Federal Trade Commission (FTC). The company had an application that allowed children to create journals and share those journals online. Children could also post photos and share location information. The company collected the birth dates of 3,000 children before getting parental permission. The FTC alleged that the company violated which of the following?

Children's Online Privacy Protection Act (COPPA)

The ________________________ protects the personal information of children online.

Children's Online Privacy Protection Act (COPPA)

____________ is demonstrated by the processes and procedures that an organization uses to meet the law.

Compliance

______________ means that only people with the right permission can access and use information.

Confidentiality

_______________ governs the prosecution of those charged with serious offenses against public order, such as murder.

Criminal law

Which of the following is not included the Electronic Communications Privacy Act?

Driver's Privacy Protection Act

In which of the following areas of the workplace is an employee most likely to have a reasonable expectation of privacy?

Employee lounge

Which of the following was enacted by Congress in response to growth in identity theft crime?

Fair and Accurate Credit Transaction Act (FACTA) of 2003

A company that created virtual online gaming worlds agreed to pay $3 million in 2011 to settle charges with the FTC. The FTC alleged that the company improperly collected and disclosed the personal information of thousands of children without parental consent. This is the largest civil penalty so far in a Children's Internet Protection Act (CIPA) action. T or F

False

A contract tells an organization how it must act and the consequences for failing to act properly. T or F

False

A covered entity is required, upon a person's request, to correct data in the person's PHI. T or F

False

A keystroke logger is harmful code intentionally left on a computer system. It lies dormant for a certain period, and when specific conditions are met, it "explodes" and carries out its malicious function. T or F

False

All information—no matter how sensitive—should have the extensive protection of safeguards. T or F

False

Because torts are a part of the law, somebody who steals your identity will be prosecuted whether or not you press charges. T or F

False

Before the PCI Council was formed, all major credit card companies shared the same security requirements that applied to the credit cards that they issued. T or F

False

Citizens and members of the legal profession are all bound by the terms of the common law. T or F

False

First-party cookies are set by one Web site but readable by another site, and third-party cookies are exchanged between a user's browser and the Web site the user is visiting. T or F

False

In situations when a covered entity may use or disclose PHI to the extent that it's required by law, the covered entity may only do so in response to a subpoena issued by a grand jury. T or F

False

Individual consumers are the targets of hackers far more often that financial institutions. T or F

False

Passive data collection practices are obvious to the customer, whereas active data collection happens secretly and may use devices such as cookies and Web beacons. T or F

False

Patches exacerbate vulnerabilities, because they merely mask problems but do not offer solutions. T or F

False

Phishing is a form of Internet fraud in which attackers sift through trash to discover personal information. It's an issue because individuals and organizations dispose of personal information in unsecure ways. T or F

False

Private, personal information may become public under the Freedom of Information Act. T or F

False

The American Library Association and the American Civil Liberties Union sued the U.S. government. They claimed CIPA violated the free speech rights of adults. In 2002 the U.S. District Court for the Eastern District of Pennsylvania agreed that CIPA violated First Amendment rights. The U.S. District Court said that the government could not enforce CIPA. The U.S. government appealed that decision, and the lawsuit went to the U.S. Supreme Court. In United States et al. v. American Library Association, Inc. et al. in 2003, the U.S. Supreme Court struck down the law as unconstitutional. T or F

False

The C-I-A triad refers to the way that the Central Intelligence Agencies classifies sensitive information. T or F

False

The Constitution specifies the basic lawmaking process. A bill is the initial draft of a potential law. Only one chamber of Congress needs to approve the bill, and the president must sign it before it becomes a law. T or F

False

The DSS offers a single approach to safeguarding sensitive cardholder data for all credit card issuers. It recommends 12 basic categories of security requirements that should be followed in order to protect credit card data. T or F

False

The FCC rules specifically state that the U.S. federal government may establish the criteria for making a determination that a filter is CIPA compliant. T or F

False

The FDIC insures deposit accounts in the event of bank failure. If a bank fails, the FDIC returns the money that a customer put in the bank, no matter how great or small the amount. T or F

False

The FTC enforces GLBA for any financial institution that isn't regulated by one of the other agencies. Like the other agencies, the FTC may bring an action against any financial institution that doesn't comply with GLBA. The FTC rarely pursues GLBA enforcement actions. T or F

False

The Federal Communications Commission (FCC) mandates that a TPM should be 100 percent effective. This effectiveness is determined by the CIPA and the FC. T or F

False

The HHS said that the Privacy Rule has two main purposes: 1) to allow consumers to control the use of their health information (including providing consumers with a way to access their health information) and 2) to improve health care in the U.S. by restoring consumer trust in the health care system. T or F

False

The O.J. Simpson criminal and civil trials illustrate the basic difference between criminal and civil law, because O.J. Simpson was found "guilty" of murder in the criminal case, and he was found not liable in the civil case. The reason for the apparently inconsistent results is that the murder case was in the criminal system and the wrongful death case was a civil action. T or F

False

The Patriot Act made three major changes to the Electronic Communications Privacy Act (ECPA), and as a result, electronic communications privacy has greater government protections. T or F

False

The Supreme Court has exclusive original jurisdiction to decide cases about disputes between state governments and exercises this original jurisdiction with frequency. T or F

False

The Supreme Court is under obligation to review a decision from the U.S. Court of Appeals, as guaranteed by the writ of certiorari. T or F

False

The United States Code is the United States' comprehensive data privacy law. T or F

False

The United States has one comprehensive data protection law and relies on the Federal Trade Commission (FTC) to ensure compliance. T or F

False

The domain of Telecommunications and Network Security describes how to protect information systems resources during their normal operational state. It includes items such as vulnerability management and incident response activities. T or F

False

The following is an example of an inadvertent disclosure: a patient going to a hospital to pay a bill briefly views another patient's payment information on the billing clerk's computer monitor. The first patient can see this information only briefly before the clerk accesses the patient's own record. T or F

False

The portrayal in a false light involves appropriating, or taking, an individual's name or likeness without their consent. T or F

False

While each federal district court also has its own bankruptcy court. The Constitution gives state governments the sole power over bankruptcy law. T or F

False

While external and internal attackers are both deliberate threats, only internal attackers seek to embarrass an organization. T or F

False

The Family Policy Compliance Office (FPCO) provides oversight for the ____________________.

Family Educational Rights and Privacy Act (FERPA)

The _________________ requires schools to protect students' records.

Family Educational Rights and Privacy Act (FERPA)

The purpose of the ______________________ is to address financial uncertainty and provide the nation with a more stable economy.

Federal Reserve System

The mission of the _____________________ is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business.

Federal Trade Commission FTC

Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the ______________ Amendment.

First

Which of the following U.S. Constitution amendments contribute to the right of privacy?

First, Third, and Fourth Amendments

Which Act established the public's right to request information from federal agencies?

Freedom of Information Act

____________________ forbids a new employer's health plan from denying health coverage for some reasons and prohibits discrimination against workers based on certain conditions such as pregnancy.

HIPAA

Which of the following is true about COBRA and HIPAA?

HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues.

What is the purpose of Executive Order 13526?

It describes rules for using and a system of for classifying national security information.

Which of the following is a true statement about the Court of Appeals?

It's court of appellate jurisdiction & it does not review the facts of a case or additional evidence.

A _____________ is a method of controlled entry into a facility and provides access to secure areas such as a research lab or data center.

Mantrap

Which of the following statements summarizes why the window of vulnerability is shrinking?

More people are interested in information security, and have developed the skills to find new vulnerabilities.

Based on the descriptions given, what film does NOT exemplify the concept of social engineering?

Office Space: Three friends and disgruntled coworkers at a tech company discover that the company's accounting system has a computer glitch that calculates certain financial information to six decimal points, but only records the first two decimal points in the accounting files and then regularly discards the remaining fractions of pennies. When the trio learns their jobs are in jeopardy, they create a computer program that diverts the discarded fractions of pennies into a bank account they share. They believe that the company will continue to pay them in installments small enough that the company will never notice but that will lead to a very large amount of money over time.

____________ is the practice of tracking a user's actions on the Internet in order to create a user profile.

Online profiling

A merchant of an e-commerce Web site wants to accept credit cards as a form of payment. Which of the following must the merchant follow to ensure the safety of those payments?

PCI DSS

Which of the follow is not one of the rights that parents are guaranteed under COPPA?

Parents will be notified by a Web site if is collecting an e-mail address to respond to a one-time request from a child.

In which of the following types of communication is phishing least likely to occur?

Phone calls

What is PIA?

Privacy Impact Assessment

Which statement about privacy is NOT true?

Privacy means that a person can specify the collection, use, and sharing of their data.

Required by the Fair and Accurate Credit Transaction Act of 2003 (FACTA), which of the following is an anti-identity theft rule created by federal bank regulatory agencies (the Fed, FDIC, OTS, OCC, and NCUA) and the FTC?

Red Flags Rule

_______________ is the process of reviewing known vulnerabilities and threats.

Risk Analysis

In November 2004, the FTC filed a complaint against Nationwide Mortgage Group, Inc. In its complaint, the FTC stated that Nationwide collected sensitive customer information, but that it had no policies and procedures in place to protect that information. It also stated that Nationwide failed to monitor its computer network for vulnerabilities that would expose stored customer information to attack. Which of the following rules did the Nationwide violate?

Safeguards Rule

Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate?

Safeguards Rule

In what ways can you classify safeguards?

Safeguards can be classified by how they work or how they act.

The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information.

Security Rule

All of the following are ways to protect confidentiality except:

Shoulder surfing

Which of the following is not a true statement?

State constitutions are nearly identical versions of the U.S. Constitution.

_____________________ are tools that filter offensive content.

Technology protection measures (TPM)

The doctrine of precedent is one of the most important traditions in the American legal system. Which of the following statements accurately summarizes how the Plessy v. Ferguson (1896) and Brown v. Board of Education (1954) cases dramatically illustrated how precedent can change and how changing precedent can have a significant impact on society?

The Brown decision was remarkable because the Court departed from the precedent set in Plessy. In fact, the Court specifically rejected the reasoning that it had used to support its decision in Plessy. Brown established new legal precedent that separate but equal laws are unconstitutional.

Which of the following is true about U.S. Supreme Court justices?

They are nominated by the president.

A Web beacon is a small, invisible electronic file that is placed on a Web page or in an e-mail message. It counts users who visit a Web page. T or F

True

A limited data set is PHI that doesn't contain any data that identifies a person. T or F

True

A major privacy concern of social networking includes information sharing. T or F

True

A material change is a significant change in an organization's operating practices. Material changes can affect how people understand their rights or interact with an organization. T of F

True

An Internet safety policy must educate minors about appropriate online behavior. This includes how to use social networking Web sites and chatrooms safely. The policy must include information on how to recognize cyberbullying. It also must tell minors how to respond to cyberbullying. T or F

True

Appellate jurisdiction is the power of a court to review a decision made by a lower court T or F

True

As defined by HIPAA, the term "covered entities" means: health care providers, health care clearinghouses, and health plans that transmits certain types of health information in electronic form. T or F

True

Biometric data is considered personally identifiable information. T or F

True

CIPA has two main requirements. The first is that schools and libraries that accept E-Rate funding must implement technologies that filter offensive visual content so that minors don't access it. The second requirement is that schools implement an Internet safety policy. T or F

True

COPPA has several rules for getting parental consent. One of them is that the parent's consent is required to collect, use, or disclose the child's information. The notice must state that the operator will not collect, use, or disclose the child's information without parental consent. T or F

True

Confidential describes information that could cause damage to U.S. security if disclosed to an unauthorized person. This is the lowest data classification level. T or F

True

Covered entities must keep records of how they disclose a person's PHI. Under the Privacy Rule, a person has the right to receive an accounting of how the covered entity has used or disclosed the person's PHI. T or F

True

FERPA requires schools to provide an annual notification to students and parents. This notice lets parents and eligible students know what their FERPA rights are. The annual notification also must state how to file a complaint with the Department of Education if the school violates any of FERPA's provisions. T or F

True

Federal courts can hear only the following kinds of cases: 1) Disputes regarding federal laws or constitutional issues and 2) Disputes between residents of different states where the amount of money in controversy is greater than $75,000. T or F

True

Health care operations are actions that support the covered entity's business. T or F

True

Identity Theft Prevention Programs are required to detect, prevent, and mitigate identity theft in covered accounts. The written program must address both new and existing covered accounts. T or F

True

In 1973, the U.S. Supreme Court decided that for material to be identified as "obscene," it must meet three conditions: 1) appeals predominantly to prurient interests—prurient indicates a morbid, degrading, and unhealthy interest in sex; 2) depicts or describes sexual conduct in a patently offensive way, and 3) lacks serious literary, artistic, political, or scientific value. T or F

True

In general, a covered entity may disclose PHI to certain governmental entities without consent for certain purposes that include, but are not limited to, the following: to provide vital statistics, to control communicable diseases, and to report abuse and neglect. T or F

True

In the federal system, intermediate appellate courts are called the U.S. Courts of Appeals. There are 13 Courts of Appeals. The 94 district courts are grouped into 12 geographical circuits. T or F

True

Nonpublic personal information (NPI) is personally identifiable financial information that a consumer gives to a financial institution. NPI also includes private information that an institution gets from other sources. It includes lists or descriptions of consumers that are prepared by using this kind of information. T or F

True

Organizations have a number of options for responding to risk, which include risk avoidance, risk mitigation, and risk transfer. T or F

True

Physical safeguards are actions that an organization takes to protect its actual, tangible resources. They keep unauthorized individuals out of controlled areas. T or F

True

Pretexting, which is also known as social engineering, is the act of trying to gain access to customer information without proper authority to do so. T or F

True

Schools are required to make and provide copies of the educational records in special circumstances. If a parent does not live within commuting distance to the school and cannot come to the school to inspect the records, then the school must provide the parent with copies. T or F

True

States usually have two appellate courts: a state intermediate appellate court and a state supreme court. States usually have both types of courts. T or F

True

Subject matter areas of law are areas in which an attorney might specialize, and procedural law deals with the processes that courts use to decide cases. T or F

True

The Drug Abuse Prevention, Treatment, and Rehabilitation Act of 1980 protects patient information about alcohol or drug abuse. This law applies to any federally assisted alcohol or drug abuse treatment program, and it states that these programs may not disclose patient information without consent. T or F

True

The Federal Financial Institutions Examination Council (FFIEC) promotes uniform practices among the federal financial institutions. Its purpose is to: 1) establish principles and standards for the examination of federal financial institutions; 2) develop a uniform reporting system for federal financial institutions; 3) conduct training for federal bank examiners; 4) make recommendations regarding bank supervision matters, and 5) encourage the adoption of uniform principles and standards by federal and state banks. T or F

True

The Gramm-Leach-Bliley Act requires financial institutions to protect consumer financial information by complying with the Privacy Rule, the Safeguards Rule, and the Pretexting Rule T or F

True

The National Bank Act of 1864 established the national banking system in the United States. The Act still governs U.S. national banks even though Congress has updated it many times since 1864. T or F

True

The PCI Council was formed in 2006 to create safeguards designed to protect credit card data. Any merchant or service provider who accepts credit cards must follow the safeguards. T or F

True

The Tenth Amendment says, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." T or F

True

The U.S. Supreme Court is the final source of authority for issues involving U.S. federal laws. T or F

True

The three conditions for defining obscenity are known as the Miller test. T of F

True

Threats fall into four categories: Human, Natural, Technology and Operational, and Physical and Environmental. T or F

True

Types of information that most people consider private include financial information, health information, and criminal history data. T or F

True

Under the Fair Credit Reporting Act of 1970 (FCRA), consumers can stop financial institutions from sharing their credit report or credit applications with affiliates. T or F

True

Under the Privacy Rule, there are only two situations in which a covered entity must disclose PHI: 1) when a person requests access to his or her PHI, and 2) when a person requests that their PHI be sent directly to a third party. T or F

True

How might the average person use cookies in a beneficial way?

You save an image of a relaxing, cloud-filled sky that appears every time you log-on to your Twitter account.

What is the ISO/IEC 27002?

a reference guide for standardized computing practices for large organizations

The 2006 U.S. Federal Trade Commission (FTC) alleged that Zango, Inc., an Internet marketing company, had used unfair and deceptive methods to download _____________ onto computers.

adware

In the legal system, compliance is the action of following applicable laws and rules and regulations. Which of the following processes would not be used to demonstrate compliance:

allowing employees in an organization to create policies for self-governance documents to comply with legal or regulatory requirements at the employees' discretion

Which of the following must be protected per PCI DSS requirements?

an e-commerce Web server

Which of the following roles is not included in the domain of a creditor?

collects payment in arrears

What is a small string of text that a Web site stores on a user's computer?

cookie

All of the following are true statements about the American legal system except:

decisions by each branch of government may be overturned by administrative agency courts

Schools may make the following type of disclosure without obtaining parental or student consent:

disclosure of any information to any school official with a need to know

A covered entity doesn't have to account for every PHI disclosure that it makes. The Privacy Rule states that some kinds of disclosures don't have to be included in an accounting. Any disclosure not specifically excluded must be included and tracked. Which of the following disclosures does not need to be tracked?

disclosures made to carry out treatment, payment, and health care activities

The three branches of the federal government are:

executive, legislative, and judicial

The Florida A&M case illustrates which of the following about safeguards?

how safeguards protect the integrity of computer systems

FERPA applies to any education agencies or institutions that receive funding from the U.S. Department of Education (ED). Which of the following in not an educational agency or institution?

non-profit organizations that offer educational programs

COPPA requires Web site operators collecting information from children to:

obtain parental consent

Audits are ___________ performed by independent organizations.

occasionally

Which of the following parties is not among those who would share an individual's health information?

potential employers

With respect to protected health information, HIPAA:

prohibits state laws that are contrary to HIPAA

PHI refers to:

protected health information

Which of the following is not true about the Consolidated Omnibus Budget Reconciliation Act of 1986?

requires former employers to continue paying health insurance premiums for a minimum of one year

All of the following are characteristics of HIPAA except:

requires that employers offer health coverage

Which of the follow is not a method that web site operators can use to distinguish children from adults?

requiring a name and address

___________________ is used to assess the vulnerabilities and threats that could harm electronic protected health information (EPHI).

risk analysis

According to the federal Administrative Procedure Act, an agency is any governmental authority besides Congress and the courts. Which function does not fall under the category of what an agency does?

sets precedents

The separation of duties principle requires which of the following practices?

that two or more employees must split critical task functions so that no employee knows all of the steps of the critical task

Online Privacy Alliance (OPA) is an organization of companies dedicated to protecting online privacy. Members of OPA agree to create a privacy policy for a customer that is easy to read and understand. Which of the following provisions is not included in the policy?

the option of choosing who sees the data

Which of the following statements best captures the function of the Federal Trade Commission (FTC)?

to promote consumer protection and eliminate practices that are harmful to competitive business

A ______________ is some kind of wrongful act that harms or hurts a person.

tort


Ensembles d'études connexes

Lewis Chapter 20: Assessment of Visual and Auditory Systems

View Set

Chapter 16 Sorting, Searching, and Algorithm Analysis

View Set

Chapter 9: Teaching and Counseling

View Set

Combining like terms, distribution, and factoring

View Set