Ethics

A survey by the Fawcett Society on the use of computing resources at work found that:

20 percent of men admit to viewing porn while at work

A survey by the Nielsen found that what percentage of the workforce accessed pornography from their workplace computer?

25 percent

Which of the following can be used against an anonymous defendant to reveal truths about the defendant's identity?

A John Doe lawsuit

A strategy employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest is known as which of the following?

A SLAPP

A network attack in which an intruder gains access to a network and stays there, undetected, with the intention of stealing data over a long period of time is known as which of the following?

APT

The piracy rate is nearly 80 percent across which continent?

Africa

Which act included strong privacy provisions for electronic health records and bans the sale of health information, promotes the use of audit trails and encryption, and provides rights of access for patients?

American Recovery and Reinvestment Act

Which of the following allows people to state their opinions without revealing their identity?

Anonymous expression

Which entity is a computing society founded in 1947 with more than 97,000 student and professional members in more than 100 countries, and it publishes over 50 journals and 30 newsletters?

Association for Computing Machinery

Although the Constitution does not contain the word privacy, the U.S. Supreme Court has ruled that the concept of privacy is protected by which of the following?

Bill of Rights

A business policy that permits employees to use their own mobile devices to access company computing resources and applications is known as which of the following?

Bring your own device (BYOD)

Which of the following is a trade group that is funded through dues based on member companies' software revenues and through settlements from companies that commit software piracy?

Business Software Alliance (BSA)

Which of the following is a trade group that represents the world's largest software and hardware manufacturers?

Business Software Alliance (BSA)

Which of the following statements is true of Children's Internet Protection Act (CIPA)?

CIPA requires federally financed schools to use some form of technological protection to block computer access to obscene material.

The goodwill that is created by which of the following can make it easier for corporations to conduct their business?

CSR activities

Violation of which of the following acts can cause a school or public library to lose funding to help pay for its Internet connections?

Children's Internet Protection Act (CIPA)

Which country has the largest online population in the world and also perhaps the most rigorous Internet censorship?

China

Under which act did the Federal Communications Commission respond to appeals from the Department of Justice by requiring providers of Internet phone services and broadband services to ensure that their equipment accommodated the use of law enforcement wiretaps?

Communications Assistance for Law Enforcement Act

Section 230 of which act provides immunity to an Internet service provider (ISP) that publishes user-generated content, as long as its actions do not rise to the level of a content provider?

Communications Decency Act

Which of the following steps in the decision-making process gathers and analyzes facts and also identifies stakeholders affected by the decision?

Develop problem statement

Which of the following is the most critical step in the decision-making process?

Development of a problem statement

Which of the following involves the examination of Internet records in an attempt to reveal the identity of an anonymous poster?

Doxing

Which of the following acts restricted the government's ability to intercept electronic communications such as email, fax, and text messages?

ECPA

Title I of which of the following acts extends the protections offered under the Wiretap Act to electronic communications, such as fax and messages sent over the Internet?

Electronic Communications Privacy Act

Which act prohibits unauthorized access to stored wire and electronic communications, such as the contents of email inboxes, instant messages, message boards, and social networking sites?

Electronic Communications Privacy Act

Standards or codes of behavior expected of an individual by a group (nation, organization, profession) to which an individual belongs is known as which of the following?

Ethics

Which act bars the export of data to countries that do not have data privacy protection standards comparable to those of its member countries?

European Union Data Protection Directive

Which act allows consumers to request and obtain a free credit report each year from each of the three primary credit reporting companies?

Fair Credit Reporting Act

Which act outlines who may access a user's credit information, how users can find out what is in their file, how to dispute inaccurate data, and how long data is retained?

Fair Credit Reporting Act

A National Security Letter is subject to judicial review and oversight.

False

A U.S. citizen who posts material on the Web that is illegal in a foreign country cannot be prosecuted in that country.

False

A breach of the duty of care is defined as a failure to conform to the code of ethics of a professional organization.

False

A pen register is a device that records the originating number of incoming calls for a particular phone number.

False

A router is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

False

A spear phishing attack typically employs a group of zombies to keep the target so busy responding to a stream of automated requests that legitimate users cannot access the target.

False

After virus eradication, you can use a previous backup to restore an infected computer.

False

American citizens are protected by the Fourth Amendment even when there is no reasonable expectation of privacy.

False

An oral defamatory statement is libel.

False

Anonymity on the Internet is practically guaranteed.

False

Anti-SLAPP laws are designed to protect children from pornography.

False

Computer forensics is such a new field that there is little training or certification processes available.

False

Computer viruses differ from worms in that viruses can propagate without human intervention, often sending copies of themselves to other computers by email.

False

Cyberterrorism involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.

False

Free-speech advocates believe that purchasing adult pornographic material is illegal and wrong even for consenting adults.

False

Installation of a corporate firewall is the least common security precaution taken by businesses as it does not provide sufficient security.

False

Internet filters cannot block users from accessing useful information.

False

Messages whose primary purpose is to communicate information about a specific transaction are subject to the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act.

False

Online marketers can capture personal information, such as names, addresses, and Social Security numbers without requiring consent.

False

The Fifth Amendment protects American's rights to freedom of religion and freedom of expression.

False

The Fifth Amendment regulates the collection of the content of wire and electronic communications.

False

The Privacy Act of 1974 extends to the actions of the CIA, U.S. law enforcement agencies, and the private industry.

False

The Supreme Court has ruled that the Fifth Amendment protects the right to speak anonymously as part of the guarantee of free speech.

False

The U.S. has a single, overarching national data privacy policy.

False

The USA PATRIOT Act grants citizens the right to access certain information and records of federal, state, and local governments upon request.

False

The cost of creating an email campaign for a product or a service is typically more expensive and takes longer to conduct than a direct-mail campaign.

False

The plaintiff in a strategic lawsuit against public participation (SLAPP) can present themselves to the court admitting that their intent is to censor their critics.

False

The rights assigned to parents by the Family Educational Rights and Privacy Act transfer to the student once the student reaches the age of 21.

False

There is virtually no way to limit the deposit of cookies on a user's hard drive.

False

Title III of the Wiretap Act allows state and federal law enforcement officials to use wiretapping without requiring them to obtain warrants.

False

Trojan horse has become an umbrella term for many types of malicious code.

False

Typically, Internet service providers (ISPs) have the resources to prescreen online content.

False

Under the Right to Financial Privacy Act, a financial institution can release a customer's financial records without the customer's authorization as long as it is a government authority that is seeking the records.

False

Vishing frequently leads consumers to counterfeit Web sites designed to trick them into initiating a denial-of-service attack.

False

Which act presumes that a student's records are private and not available to the public without the consent of the student?

Family Educational Rights and Privacy Act

In the United States, speech that is merely annoying, critical, demeaning, or offensive enjoys protection under which Amendment?

First

In Doe v. Holder, the courts ruled that the NSL gag provision violates which of the following?

First Ammendment

In 2008, which act granted expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecom network equipment and facilities?

Foreign Intelligence Surveillance Act Amendments Act

Which act protects citizens from unreasonable government searches and is often invoked to protect the privacy of government employees?

Fourth Ammendment

Which act enables the public to gain access to certain government records?

Freedom of Information Act

Which act requires that financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected?

Gramm-Leach-Bliley Act

Which of the following is an act that repealed a depression-era law known as Glass-Steagall?

Gramm-Leach-Bliley Act

Which type of attacker hacks computers or websites in an attempt to promote a political ideology?

Hacktivists

Which of the following terms is defined as the control or suppression of the publishing or accessing of information on the Internet?

Internet censorship

Software that can be installed with a Web browser to block access to certain Web sites that contain inappropriate or offensive material is known as which of the following?

Internet filter

Proponents of the Children's Internet Protection Act (CIPA) contended that shielding children from drugs, hate, pornography, and other topics is a sufficient reason to justify which of the following?

Internet filters

Proponents of the Children's Internet Protection Act (CIPA) argued that:

Internet filters are highly flexible and customizable.

Which of the following is true about certification?

It can be applied to products.

A defining moment in the history of freedom of the press in the United States came in 1735 when jurors refused to convict a man for seditious libel. Who was that man?

John Zenger

What type of viruses have become a common and easily created form of malware that are created using applications such as Visual Basic or VBScript?

Macro viruses

Which of the following is the Supreme Court case that established a test to determine if material is obscene and therefore not protected by the First Amendment?

Miller v. California

The act of fraudulently using email to try to get the recipient to reveal personal data is known as which of the following?

Phishing

Which act prohibits the government from concealing the existence of any personal data record-keeping systems?

Privacy Act

Which of the following can provide a virtually untraceable level of anonymity to email messages?

Remailers

Which organization offers a number of security-related policy templates that can help an organization quickly develop effective security policies?

SANS Institute

Which of the following rules requires each financial institution to document a data security plan describing the company's preparation and plans for the ongoing protection of clients' personal data?

Safeguards Rule

Which of the following statements best describes the reason why social networking companies cannot be sued for defamation for user postings that appear on their sites?

Section 230 of the Communications Decency Act (CDA) is not considered unconstitutional.

In 1972, which organization recommended that publicly held organizations establish audit committees?

Securities and Exchange Commission (SEC)

Which trade group protects the intellectual property of member companies and advocates a legal and regulatory environment that benefits the software industry?

Software & Information Industry Association (SIIA)

What exploit is characterized as the abuse of email systems to send unsolicited email to large numbers of people?

Spam

Which type of exploit is defined as the sending of fraudulent emails to an organization's employees designed to look like they came from high-level executives from within the organization?

Spear phishing

Which act became law in 1996 with the purpose of allowing freer competition among phone, cable, and TV companies?

Telecommunications Act

Which of the following statements is true of Communications Decency Act (CDA)?

The problem with the CDA was its broad language and vague definition of "indecency," a standard that was left to individual communities to determine.

A completed risk assessment identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff.

True

A security policy outlines exactly what needs to be done to safeguard computers and their data, but not how it must be accomplished.

True

A strategic lawsuit against public participation (SLAPP) is typically without merit.

True

A vehicle event data recorder (EDR) is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle's air bags.

True

Anonymous political expression played an important role in the early formation of the United States.

True

Anti-SLAPP laws can identify whether there are any merits to a lawsuit.

True

Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.

True

Cyberterrorism is the intimidation of government or civilian population by using information technology to disable critical national infrastructure to achieve political, religious, or ideological goals.

True

Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well.

True

Each violation of the provisions of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act can result in a fine of up to $250 for each unsolicited email, and fines can be tripled in certain cases.

True

Electronic discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

True

Electronically stored information includes any form of digital information stored on any form of electronic storage device.

True

Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.

True

Even when preventive measures are implemented, no organization is completely secure from a determined computer attack.

True

Fairness and generosity are examples of virtues.

True

In general, the closer an Internet service provider (ISP) is to a pure service provider than to a content provider, the more likely that the Section 230 immunity of the Communications Decency Act (CDA) will apply.

True

Information privacy is the combination of communications privacy and data privacy.

True

It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs.

True

Most countries other than the United States do not provide constitutional protection for hate speech.

True

Over the years, a number of federal, state, and local laws have been found unconstitutional because they violated one of the tenets of the First amendment.

True

Pornography purveyors are free to produce and publish whatever they want; however, if what they distribute is judged obscene, they are subject to prosecution under the obscenity laws.

True

Private schools may prohibit students, instructors, and other employees from engaging in offensive speech.

True

Ransomware is malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.

True

Rootkit is a set of programs that enables its users to gain administrator-level access to a computer without the end user's consent or knowledge.

True

The Children's Internet Protection Act (CIPA) was an attempt to protect children from accessing pornography and other explicit material online.

True

The Constitution does not contain the word privacy, but the Supreme Court has ruled that the concept of privacy is protected by the Bill of Rights.

True

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act states that it is legal to spam, provided the messages meet a few basic requirements.

True

The European Union Data Protection Directive requires member countries to ensure that data transferred to non-European Union countries is protected.

True

The Foreign Intelligence Surveillance Act describes procedures for the electronic surveillance of communications between foreign powers and the agents of foreign powers.

True

The Gramm-Leach-Bliley Act includes three key rules that affect personal privacy: financial privacy rule, safeguards rule, and pretexting rule.

True

The Health Insurance Portability and Accountability Act requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records thus making it possible to exchange medical records over the Internet.

True

The cost of a data breach can be quite expensive, by some estimates nearly $200 for each record lost.

True

The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occasion.

True

The goal of the Child Online Protection Act (COPA) was to protect children from harmful material on the World Wide Web, however, it was ruled unconstitutional.Over the years, a number of federal, state, and local laws have been found unconstitutional because they violated one of the tenets of the First amendment.

True

The right to freedom of expression is restricted when the expressions, whether spoken or written, are untrue and cause harm to another person.

True

The use of cookies and tracking software is controversial because companies can collect information about consumers without their explicit permission.

True

The use of information technology in business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used.

True

Through the use of cookies, a Web site is able to identify visitors on subsequent visits.

True

Today's computer menace is much better organized and may be part of an organized group.

True

Under the USA PATRIOT Act, the FBI can issue a National Security Letter to compel banks, Internet service providers, and credit reporting companies to turn over information about their customers without a court order simply on the basis that the information is needed for an ongoing investigation.

True

Whenever possible, automated system rules should mirror an organization's written policies.

True

With URL filtering, a particular URL or domain name is identified as an objectionable site and the user is not allowed access to it.

True

With dynamic content filtering, each Web site's content is evaluated immediately before it is displayed, using techniques such as object analysis and image recognition.

True

Which of the following is considered an absolute defense against a charge of defamation?

Truth

Which of the following is a partnership between the Department of Homeland Security and the public and private sectors, established in 2003 to protect the nation's Internet infrastructure against cyberattacks?

U.S. Computer Emergency Readiness Team

Which of the following acts gave sweeping new powers both to domestic law enforcement and international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records?

USA PATRIOT Act

Which of the following is a federal law that provides a definition of the term cyberterrorism and under which young people primarily involved in what they consider to be minor computer pranks have been tried as cyberterrorist?

USA Patriot Act

Under what circumstance might a gift be considered a bribe?

When the gift has not been declared

Which of the following is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest?

Whistle-blowing

The Foreign Intelligence Surveillance Act:

allows surveillance, without court order, within the United States for up to a year unless the "surveillance will acquire the contents of any communication to which a U.S. person is a party."

In the case of United States v. New York Central & Hudson River Railroad Co., the U.S. Supreme Court established that:

an employer can be held responsible for the acts of its employees even if the employees act in a manner contrary to their employer's directions.

Despite the importance of which of the following in early America, it took nearly 200 years for the Supreme Court to render rulings that addressed it as an aspect of the Bill of Rights?

anonymity

In a for-profit organization, the primary objective of which of the following is to oversee the organization's business activities and management for the benefit of shareholders, employees, customers, suppliers, and the community?

board of directors

Spammers can defeat the registration process of free email services by launching a coordinated attack that can sign up for thousands of untraceable email accounts. What is this type of attack known as?

bot attack

Before the IT security group can begin an eradication effort, it must:

collect and log all possible criminal evidence from the system

Which of the following positions provides an organization with vision and leadership in the area of business conduct?

corporate ethics officer

In the context of tenets of the European Union Data Protection Directive, which of the following terms refers to an individual's right to challenge the accuracy of the data and provide the corrected data?

correction

If an employee sees a coworker viewing porn on a workplace computer, that employee may be able to claim that the company has:

created a hostile work environment

A type of computer crime perpetrator whose primary motive is to achieve financial gain is known as which of the following?

cybercriminal

The intimidation of government or civilian population by using information technology to disable critical national infrastructure in order to achieve political, religious, or ideological goals is known as which of the following?

cyberterrorism

The Organisation for Economic Co-operation and Development's requirement that personal data collected should be accurate, complete, current, and relevant to the purpose for which it is used is based on which principle?

data quality

Based on a 2013 National Business Ethics Survey, the percentage of employees who said they reported misconduct in the workplace when they saw it is characterized by which of the following statements?

decreased from 2011 to 2013

Although people have the right to express opinions, they must exercise care in their Internet communications to avoid possible charges of which of the following?

defamation

The Supreme Court has held that obscene speech and which of the following are not protected by the First Amendment and may be forbidden by the government?

defamation

During which step of the decision-making process should one be extremely careful not to make assumptions about the situation?

develop problem statement

What type of attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in?

distributed denial-of-service

In malpractice lawsuits, many courts have ruled that IT workers are not liable for malpractice because they:

do not meet the legal definition of a professional.

The Children's Online Privacy Protection Act:

does not cover the dissemination of information to children

Which of the following gets a rootkit installation started and can be easily activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file?

dropper code

A code of ethics cannot gain company-wide acceptance unless it is fully endorsed by the organization's leadership and developed with which of the following?

employee participation

In the context of tenets of The European Union Data Protection Directive, which of the following terms refers to an individual's right to seek legal relief through appropriate channels to protect privacy rights?

enforcement

Companies that develop and maintain strong employee relations:

enjoy lower turnover rates.

A set of beliefs about right and wrong behavior within a society is known as which of the following?

ethics

One purpose of which of the following is to capture and record data that can be used by the manufacturer to make future changes to improve vehicle performance in the case of a crash?

event data recorder

Discovery is part of the pretrial phase of a lawsuit in which each party can obtain which of the following from the other party by various means?

evidence

In computing, a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability is known as which of the following?

exploit

Established in 1980, The Organisation for Economic Co-operation and Development's created which of the following, which are often held up as the model of ethical treatment of consumer data?

fair information practices

A hardware or software device that serves as a barrier between a company and the outside world and limits access to the company's network based on the organization's Internet usage policy is known as which of the following?

firewall

The most common computer security precaution taken by businesses is the installation of which of the following?

firewall

Possession of child pornography is a federal offense punishable by up to how many years in prison?

five

A discrepancy between employee's own values and an organization's actions:

fosters poor performance.

The posting of thousands of State Department documents on the WikiLeaks Web site is an example of which of the following?

inappropriate sharing of information

Software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies network traffic that attempts to circumvent the security measures of a networked computer environment is known as which of the following?

intrusion detection system

In the legal system, compliance usually refers to behavior that is in accordance with which of the following?

legislation

A well-implemented ethics and compliance program and a strong ethical culture can lead to:

less pressure on employees to misbehave.

Which of the following is a form of Trojan horse which executes when it is triggered by a specific event such as a change in a particular file, by typing a specific series of keystrokes, or by a specific time or date?

logic bomb

Many organizations outsource their network security operations to a company that monitors, manages, and maintains computer and network security for them. This type of company is known as which of the following?

managed security service provider

Which of the following occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract?

material breach of contract

A vendor certification:

may focus too narrowly on the technical details of the vendor's technology.

Which of the following is defined as the misstatement or incomplete statement of a material fact?

misrepresentation

One's personal beliefs about right and wrong are known as which of the following?

morals

Which of the following is defined as not doing something that a reasonable person would do or doing something that a reasonable person would not do?

negligence

Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue which of the following, in order to eliminate the problem?

patch

A clear, concise statement of an issue that needs to be addressed is known as which of the following?

problem statement

Which of the following states the principles and core values that are essential to the work of a particular occupational group?

professional code of ethics

Although they may implement a speech code, which of the following entities are legally considered agents of the government and therefore must follow the First Amendment's prohibition against speech restrictions based on content or viewpoint?

public schools and universities

Malware that stops you from using your computer or accessing your data until you meet certain demands is known as which of the following?

ransomware

Which of the following concepts recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved?

reasonable assurance

One of the most common ethical problems for members of the IT profession when a potential employee lies on a resume and claims competence in an IT skill that is in high demand. This act is known as which of the following?

resume inflation

Many organizations use software to provide a comprehensive display of all key performance indicators related to an organization's security defenses, including threats, exposures, policy compliance, and incident alerts. What is this type of software known as?

security dashboard

An oral defamatory statement is called which of the following?

slander

Someone who stands to gain or lose, depending on how a situation is resolved is known as which of the following?

stakeholder

At which level is licensing generally administered?

state

The California State Court in Pre-Paid Legal v. Sturtz et al. set a legal precedent that refined the criteria courts apply to which of the following?

subpoenas requesting the identity of anonymous Web posters

When a U.S. citizen engages in an activity protected by the U.S. Constitution, even if the activity violates the criminal laws of another country, U.S. laws do not allow which of the following?

the person to be extradited

A rapid increase in the appointment of corporate ethics officers typically follows:

the revelation of a major business scandal.

To prove fraud in a court of law, prosecutors must demonstrate that:

the wrongdoer made a false representation of material fact.

Information used in a business, generally unknown to the public, that the company has taken strong measures to keep confidential is known as which of the following?

trade secret

In the decision-making process of implementing the decision, what plan must be defined to explain to people how they will move from the old way of doing things to the new way?

transition

A device that records the originating number of incoming calls for a particular phone number is known as which of the following?

trap and trace

In an environment where employees are encouraged to do "whatever it takes" to get the job done, employees may feel pressure to act in which of the following ways?

unethically

The goal of the standards set by the Foreign Corrupt Practices Act (FCPA) is to prevent companies from:

using slush funds or other means to disguise payments to officials.

The fundamental problem with trying to detect a rootkit is that the operating system cannot be trusted to provide which of the following?

valid test results

What term is used to describe a habit of unacceptable behavior?

vice

Which of the following enables remote users to securely access an organization's collection of computing and storage devices and share data remotely?

virtual private network

Which of the following terms best describes a habit that inclines people to do what is acceptable?

virtue

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner is known as which of the following?

virus

An antivirus software scans for a specific sequence of bytes that indicates the presence of specific malware. This sequence of bytes is known as which of the following?

virus signature

In the context of the Fourth Amendment, the courts have ruled that:

without a reasonable expectation of privacy, there is no privacy right

The Health Insurance Portability and Accountability Act requires healthcare providers to obtain which of the following from patients prior to disclosing any information in their medical records?

written consent

Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been able to repair it?

zero-day attack

Multinational and global organizations must not present a consistent face to their shareholders, customers, and suppliers but instead must operate with a different value system in each country they do business in.

False

Software piracy in a corporate setting is rarely directly traceable to IT staff members?

False

Stakeholders who stand to lose or gain from a situation should be kept out of the decision making process as they will simply introduce their personal biases.

False

The Business Software Alliance (BSA) has a few dozen lawyers and investigators who prosecute only the 100 or so most egregious cases of software piracy each year.

False

The Foreign Corrupt Practices Act is a legally binding global treaty to fight bribery and corruption.

False

The United Nations Convention Against Corruption makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office.

False

The board of directors of an organization is normally responsible for day-to-day management and operations of the organization.

False

The core body of knowledge for any profession outlines an agreed-upon code of ethics and practices for those who practice in that profession.

False

The countries with the highest software piracy rate in the world include Luxembourg, Japan, and New Zealand.

False

The greater reliance of information systems in all aspects of life has decreased the risk that information technology will be used unethically.

False

The internal audit department includes members of the board of directors who determine that the internal systems and controls of the organization are adequate and effective.

False

To qualify legally as a bribe, the gift or payment must be made directly from donor to recipient.

False

When it comes to distinguishing between bribes and gifts, the perceptions of the donor and recipient almost always coincide.

False

The crime of obtaining goods, services, or property through deception or trickery is known as which of the following?

Fraud

Members of the internal audit team must be expert in detecting and investigating financial statement fraud.

False

Which of the following statements best describes a reason why organizations pursue corporate social responsibility (CSR) goals and promote a work environment in which employees are encouraged to act ethically when making business decisions?

To gain the goodwill of the community

Legal acts conform to what an individual believes to be the right thing to do.

False

Penalties for violating the Foreign Corrupt Practices Act (FCPA) are severe-corporations face a fine of up to how much per violation?

$2 million

Which of the following identifies the concept that an organization should act ethically by taking accountability for the impact of its actions on the environment, the community, and the welfare of its employees?

Corporate social responsibility

Individual views on what is moral are so strongly held that there is nearly universal agreement in spite of differences in age, cultural group, ethnic background, religion, life experience, education, and gender.

False

Lawrence Kohlberg found that the most crucial factor that stimulates a person's moral development is monetary reward for good behavior.

False

Laws provide a complete guide to ethical behavior.

False

What term refers to the obligation to protect people against any unreasonable harm or risk?

Duty of care

A bribe is a crime even if the payment was lawful under the laws of the foreign country in which it was paid.

False

A mission statement is a clear, concise description of the issue that needs to be addressed.

False

An organization's mission statement highlights its key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making.

False

Because an activity is defined as legal, the activity is also considered ethical.

False

Compliance means to be in conformance with a profession's core body of knowledge.

False

Government licensing is generally administered at the federal level in the United States.

False

Government licensing of IT workers is common within most of the states of the United States.

False

If the desired results are not achieved upon implementation of a solution, one should return to the "identify alternatives" step of the decision making process and rework the decision.

False

Which term distinguishes the person who uses a hardware or software product from the IT workers who develop, install, service, and support the product?

IT user

A trade secret is information, generally unknown to the public, that a company has taken strong measures to keep confidential.

True

Certification indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization.

True

Consistency means that shareholders, customers, suppliers, and the community know what they can expect of an organization-that it will behave in the future much as it has in the past.

True

Currently no one IT professional organization has emerged as preeminent, so there is no universal code of ethics for IT workers.

True

Employees may suppress their tendency to act in a manner that seems ethical to them and instead act in a manner that will protect them against anticipated punishment.

True

Ethics has risen to the top of the business agenda because risks associated with inappropriate behavior have increased, both in their likelihood and in their potential negative impact.

True

From a legal perspective, there is both a reasonable person standard and a reasonable professional standard to decide whether parties owe a duty of care.

True

Gifts come with no expectation of a future favor for the donor.

True

Ideally, the corporate ethics officer should be a well respected, senior-level manager who reports directly to the CEO.

True

In a nonprofit organization, the board of directors reports to the local community that it serves.

True

In the business world, important decisions are too often left to the technical experts; general business managers must assume greater responsibility for these decisions.

True

Increasingly, managers are including ethical conduct as part of an employee's performance appraisal.

True

Laws can proclaim an act as legal, although many people may consider the act immoral.

True

Most people have developed a decision-making process they use almost automatically, without thinking about the steps they go through.

True

Setting corporate social responsibility (CSR) goals encourages an organization to achieve higher moral and ethical standards.

True

The term ethics describes standards or codes of behavior expected of an individual by a group to which the individual belongs.

True

The term morals refers to the personal principles upon which an individual bases his or her decisions about what is right and what is wrong.

True

There are many industry association certifications in a variety of IT-related subject areas.

True

There is a potential conflict of interest when IT consultants or auditors recommend their own products and services or those of an affiliated vendor to remedy a problem they have detected.

True

Vendor certifications require passing a written exam, which usually contains multiple-choice questions because of legal concerns about whether other types of exams can be graded objectively.

True

When the Business Software Alliance (BSA) finds cases of software piracy, it can assess heavy monetary penalties.

True

While no policy can stop wrongdoers, it can establish boundaries for acceptable and unacceptable behavior and enable management to punish violators.

True

Which term is used to describe the failure to act as a reasonable person would act?

breach of the duty of care

The Foreign Corrupt Practices Act (FCPA) makes it a crime to do which of the following?

bribe a foreign official

In which step of the decision-making process should the decision makers consider laws, guidelines, policies, and principles that might apply to the decision?

choose alternative

A statement that highlights an organization's key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making is known as which of the following?

code of ethics

Which of the following helps ensure that employees abide by the law, follow necessary regulations, and behave in an ethical manner?

code of ethics

To extend to all people the same respect and consideration that you expect from them is considered which of the following character traits?

integrity

Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as which of the following?

professional malpractice

Which of the following activities describes when an organization reviews how well it is meeting its ethical and social responsibility goals, and communicates its new goals for the upcoming year?

social audit