Chap 15 - Principles of Info Assurance

Taylor is a security professional working for a retail organization. She is hiring a firm to conduct the Payment Card Industry Data Security Standard (PCI DSS) required quarterly vulnerability scans. What credential should she seek in a vendor?

Approved scanning vendor (ASV)

Joe is the CEO of a company that handles medical billing for several regional hospital systems. How would Joe's company be classified under the Health Insurance Portability and Accountability Act (HIPAA)?

Business associate of a covered entity

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?

Consumer

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y?

Customer

Privacy is the process used to keep data private. True or False

False

Special Publications (SPs) are standards created by the National Institute of Standards and Technology (NIST). True or False

False

The Centers for Medicare & Medicaid Services (CMS) investigates and responds to complaints from people who claim that a covered entity has violated the Health Insurance Portability and Accountability Act (HIPAA). True or False

False

The Family Educational Rights and Privacy Act (FERPA) requires that specific information security controls be implemented to protect student records. True or False

False

Under the Gramm-Leach-Bliley Act (GLBA), a customer is any person who gets a consumer financial product or service from a financial institution. True or False

False

Which of the following agencies is NOT involved in the Gramm-Leach-Bliley Act (GLBA) oversight process?

Federal Communications Commission (FCC)

Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system?

Federal Information Security Management Act (FISMA)

Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?

Integrity

What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries?

National Institute of Standards and Technology (NIST)

What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act?

Publicly traded companies

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances?

Required

Compliance not only includes the actual state of being compliant, but it also includes the steps and processes taken to become compliant. True or False

True

Sarbanes-Oxley Act (SOX) Section 404 requires an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR). True or False

True

The Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool, which can be used as a self-assessment tool for identifying a bank or financial institution's cyber security maturity. True or False

True

The Federal Information Security Management Act (FISMA) of 2014 defines the roles, responsibilities, accountabilities, requirements, and practices that are needed to fully implement FISMA security controls and requirements. True or False

True

Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals?

Chief information security officer (CISO)

Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors?

Children's Internet Protection Act (CIPA)

What entity is responsible for overseeing compliance with Family Educational Rights and Privacy Act (FERPA)?

Family Policy Compliance Office (FPCO)

Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?

Masking

Bobbi recently discovered that an email program used within her healthcare practice was sending sensitive medical information to patients without using encryption. She immediately corrected the problem because it violated the company's security policy and standard rules. What level of the Health Insurance Portability and Accountability Act (HIPAA) violation likely took place?

Tier A

Under Securities and Exchange Commission (SEC) rules, internal controls over financial reporting (ICFR) are processes that provide reasonable assurance that an organization's financial reports are reliable. True or False

True