Management of Information Security Chapter 12
____ law is classified as a public law.
Administrative
Strong procedures for the handling of potential evidentiary material can minimize the probability of an organization's losing a legal challenge. Organizations should develop specific procedures, along with guidance on the use of these procedures. The policy document should specify all but which of the following?
All of these should be specified
Policies must be all but which of the following?.
Approved by legal
____ law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations.
Civil
____ law is classified as a private law.
Commercial
The Council of Europe drafted the European Council ____________________ Convention, which empowers an international task force to oversee a range of Internet security functions and to standardize technology laws across international borders.
Cyber-Crime
By enacting the ____ in 1996, Congress sought to protect intellectual property and competitive advantage.
EEA
If an individual wishes to request information from a federal agency, the agency must provide that information (unless doing so is a breach of law or national security) under which Act?
FOIA
A(n) search warrant is sworn testimony that certain facts are in the possession of the investigating officer that the officer believes warrant the examination of specific items located at a specific place.
False
Digital forensics is based on the field of traditional forensics. Forensics is the coherent application of criminal investigatory techniques to present evidence of crimes in a court or court-like setting.
False
Due care for a wrongful act includes the obligation to make payment or restitution.
False
In 1996, HIPAA was enacted to protect the confidentiality and security of business data.
False
In digital forensics, all investigations follow the same basic methodology, beginning with the acquisition or seizure of evidence without alteration or damage.
False
Public law regulates the relationships among individuals, and among individuals and organizations.
False
The Electronic Communications Privacy Act of 1986 is also known as the Federal Interception Act.
False
The FOIA requires organizations that retain health care information to use information security mechanisms to protect this information.
False
The Freedom of Information Act (FOIA) requires all local agencies to disclose records requested in writing by any person.
False
The Health Insurance Portability & Accountability Act of 1996 has five essential privacy principles focusing on the protection of personal identity information.
False
The National InfoGard Program began as a joint effort between the FBI's Cleveland office and local technology professionals.
False
The National Information Infrastructure Protection Act of 1996 assigned the National Bureau of Standards, in cooperation with the National Security Agency, with the task of developing standards, guidelines, and associated methods and techniques for computer systems.
False
The Normative ethics framework is the study of what makes actions right or wrong; also known as deontological theory.
False
The Secret Service is responsible for the security of communications and information systems at many government agencies associated with national security.
False
The fairness or rights ethical approach was founded on the work of Aristotle and other Greek philosophers who contributed the idea that all persons who are equal should be treated equally.
False
Laws and policies and their associated penalties only deter if three conditions are present. Which of the following is NOT one of these conditions?
Fear of social contempt
Security of health information is a principle of the ____.
HIPAA
In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed FIRST in a digital forensics investigation?
Identify relevant items of evidentiary value (EM)
Any court can impose its authority over an individual or organization if it can establish ____, a court's right to hear a case if the act was committed in its territory or involving its citizenry.
Jurisdiction
___________________ refers to the ability of law to reach across boundaries to bring accused individuals into its court systems.
Long-arm jurisdiction
____________________ law encompasses family law, commercial law, and labor law.
Private
____ law is pursued in civil court and is not prosecuted by the state.
Tort
(ISC)², which offers the CISSP, requires its members to agree to a code of ethics consisting of four mandatory canons.
True
By adding felony violations of the Computer Fraud and Abuse Act to the list of offenses associated with computer hacking, the Patriot Act identifies specific crimes under which investigators may obtain a wiretap order for wire communications.
True
Digital forensics (also known as e-discovery) involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis.
True
The NSA coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information.
True
The Public Company Accounting Reform and Investor Protection Act addresses issues related to the accountability of company executives.
True
The Sarbanes-Oxley Act of 2002 is also known as the Public Company Accounting Reform and Investor Protection Act.
True
The key difference between policy and law is that, in the case of the former, ignorance is an acceptable defense.
True
The ___ ethical approach emphasizes that an ethical action is one that results in the most good, or the least harm.
Utilitarian
A crime against or using digital media, computer technology, or related components (computer as source or object of crime) is referred to as ____.
digital malfeasance
Due diligence requires that an organization make a valid and ongoing effort to protect others.
digital malfeasance
Due ____________________ requires that an organization make sufficient and ongoing efforts to protect others.
diligence
Socially acceptable behaviors that conform to the widely held principles of the members of that society are referred to as ____________________.
ethics
Enacted in 1999, the Gramm-Leach-Bliley Act addresses ____ issues.
financial
Rules that are adopted and enforced by governments to classify expected behavior in modern society are called ____________________.
laws
Evidentiary ____________________, also known as items of potential evidentiary value, is any information that could potentially support the organization's legal- or policy-based case against a suspect.
material
The origins of ____________________ rights can be traced back to a 1772 document titled The Rights of the Colonists and a List of Infringements and Violations of Rights written by Samuel Adams.
privacy
The structure and administration of government agencies and their relationships with citizens, employees, and other governments is regulated by ____________________ law.
public
Financial compensation for committing a wrongful act is referred to as ____________________.
restitution
The Economic Espionage Act addresses the area of ____.
trade secrets
