IA 673 chapter 2
Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals. ACM ISACA (ISC)2 SANS
(ISC)2
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past? Normative ethics Deontological ethics Descriptive ethics Applied ethics
Descriptive ethics
The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for several reasons. Which of the following is NOT one of those reasons? For political advantage For purposes of commercial advantage In furtherance of a criminal act For private financial gain
For political advantage
Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________ True False
True
Which of the following is NOT used to categorize some types of law? regulatory statutory constitutional international
international
Which of the following is compensation for a wrong committed by an individual or organization? due diligence liability restitution jurisdiction
restitution
When an incident violates civil or criminal law, it is the organization's responsibility to notify the proper authorities; selecting the appropriate law enforcement agency depends on __________. how many perpetrators were involved the network provider the hacker used the type of crime committed what kind of computer the hacker used
the type of crime committed
Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community? fairness or justice utilitarian common good virtue
utilitarian
A more recently created area of law related to information security specifies a requirement for organizations to notify affected parties when they have experienced a specified type of information loss. This is commonly known as a __________ law. spill compromise breach notification
breach
Ethics carry the sanction of a governing authority. True False
False
Information ambiguation occurs when pieces of nonprivate data are combined to create information that violates privacy. _________________________ True False
False
Which law addresses privacy and security concerns associated with the electronic transmission of PHI? USA PATRIOT Act of 2001 National Information Infrastructure Protection Act of 1996 American Recovery and Reinvestment Act Health Information Technology for Economic and Clinical Health Act
Health Information Technology for Economic and Clinical Health Act
Any court can impose its authority over an individual or organization if it can establish which of the following? liability sovereignty jurisdiction jurisprudence
jurisdiction
Permission to search for evidentiary material at a specified location and/or to seize items to return to the investigator's lab for examination is known as a(n) _________. forensic clue subpoena affidavit search warrant
search warrant
Which of the following is NOT a requirement for laws and policies to deter illegal or unethical activity? fear of penalty probability of being penalized fear of humiliation probability of being caught
fear of humiliation
The coherent application of methodical investigatory techniques to collect, preserve, and present evidence of crimes in a court or court-like setting is known as _________. crime scene investigation data imaging evidentiary material forensics
forensics
In digital forensics, all investigations follow the same basic methodology once permission to search and seize is received, beginning with _________. acquiring (seizing) the evidence without alteration or damage investigating allegations of digital malfeasance identifying relevant items of evidentiary value analyzing the data without risking modification or unauthorized access
identifying relevant items of evidentiary value
_________ devices often pose special challenges to investigators because they can be configured to use advanced encryption and they can be wiped by the user even when the user is not present. Expansion Portable Desktop computer Satellite transceiver
Expansion Portable
A(n) compromise law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information. ____________ True False
False
ISACA is a professional association with a focus on authorization, control, and security. ___________ True False
False
Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them? HIPAA Sarbanes-Oxley ECPA Gramm-Leach-Bliley
HIPAA
This collaborative support group began as a cooperative effort between the FBI's Cleveland field office and local technology professionals with a focus of protecting critical national infrastructure. InfraGard CyberGard Homeland Security CyberWatch
InfraGard
A process focused on the identification and location of potential evidence related to a specific legal action after it was collected through digital forensics is known as _________. e-discovery indexing root cause analysis forensics
e-discovery
Which subset of civil law regulates the relationships among individuals and among individuals and organizations? private criminal public tort
private
Digital forensics can be used for two key purposes: ________ or _________. to investigate allegations of digital malfeasance; to solicit testimony to investigate allegations of digital malfeasance; to perform root cause analysis e-discovery; to perform root cause analysis to solicit testimony; to perform root cause analysis
to investigate allegations of digital malfeasance; to perform root cause analysis
Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications? Federal Privacy Act of 1974 The Telecommunications Deregulation and Competition Act of 1996 The Electronic Communications Privacy Act of 1986 National Information Infrastructure Protection Act of 1996
The Electronic Communications Privacy Act of 1986
Deterrence is the best method for preventing an illegal or unethical activity. ____________ True False
True
Sworn testimony that certain facts are in the possession of the investigating officer and that they warrant the examination of specific items located at a specific place is known as a(n) _________. affidavit search warrant forensic finding subpoena
affidavit
Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies, and technical controls. rehabilitation persecution deterrence remediation
deterrence
Investigations involving the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis are known as _________. crime scene investigation digital forensics criminal investigation e-discovery
digital forensics
