C727 Chapter 4

Ace your homework & exams now with Quizwiz!

Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property (IP) protection. Which type of protection is best suited to his needs? A. Copyright B. Trademark C. Patent D. Trade secret

A. Copyright law is the only type of intellectual property protection available to Matthew. It covers only the specific software code that Matthew used. It does not cover the process or ideas behind the software. Trademark protection is not appropriate for this type of situation because it would only protect the name and/or logo of the software, not its algorithms. Patent protection does not apply to mathematical algorithms. Matthew can't seek trade secret protection because he plans to publish the algorithm in a public technical journal.

What U.S. state was the first to pass a comprehensive privacy law modeled after the requirements of the European Union's General Data Protection Regulation? A. California B. New York C. Vermont D. Texas

A. The California Consumer Privacy Act (CCPA) of 2018 was the first sweeping data privacy law enacted by a U.S. state. This follows California's passing of the first data breach notification law, which was modeled after the requirements of the European Union's General Data Protection Regulation (GDPR).

The Children's Online Privacy Protection Act (COPPA) was designed to protect the privacy of children using the internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent? A. 13 B. 14 C. 15 D. 16

A. The Children's Online Privacy Protection Act (COPPA) provides severe penalties for companies that collect information from young children without parental consent. COPPA states that this consent must be obtained from the parents of children younger than the age of 13 before any information is collected (other than basic information required to obtain that consent).

Wendy recently accepted a position as a senior cybersecurity administrator at a U.S. government agency and is concerned about the legal requirements affecting her new position. Which law governs information security operations at federal agencies? A. FISMA B. FERPA C. CFAA D. ECPA

A. The Federal Information Security Management Act (FISMA) includes provisions regulating information security at federal agencies. It places authority for classified systems in the hands of the National Security Agency (NSA) and authority for all other systems with the National Institute for Standards and Technology (NIST).

Tom is an adviser to a federal government agency that collects personal information from constituents. He would like to facilitate a research relationship between that firm that involves the sharing of personal information with several universities. What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances? A. Privacy Act B. Electronic Communications Privacy Act C. Health Insurance Portability and Accountability Act D. Gramm-Leach-Bliley Act

A. The Privacy Act of 1974 limits the ways government agencies may use information that private citizens disclose to them under certain circumstances. The Electronic Communications Privacy Act (ECPA) implements safeguards against electronic eavesdropping. The Health Insurance Portability and Accountability Act (HIPAA) regulates the protection and sharing of health records. The Gramm-Leach Bliley Act requires that financial institutions protect customer records.

Frances learned that a user in her organization recently signed up for a cloud service without the knowledge of her supervisor and is storing corporate information in that service. Which one of the following statements is correct? A. If the user did not sign a written contract, the organization has no obligation to the service provider. B. The user most likely agreed to a click-through license agreement binding the organization. C. The user's actions likely violate federal law. D. The user's actions likely violate state law.

B. Cloud services almost always include binding click-through license agreements that the user may have agreed to when signing up for the service. If that is the case, the user may have bound the organization to the terms of that agreement. This agreement does not need to be in writing. There is no indication that the user violated any laws.

Roger is the CISO at a healthcare organization covered under HIPAA. He would like to enter into a partnership with a vendor who will manage some of the organization's data. As part of the relationship, the vendor will have access to protected health information (PHI). Under what circumstances is this arrangement permissible under HIPAA? A. This is permissible if the service provider is certified by the Department of Health and Human Services. B. This is permissible if the service provider enters into a business associate agreement. C. This is permissible if the service provider is within the same state as Roger's organization. D. This is not permissible under any circumstances.

B. Organizations subject to HIPAA may enter into relationships with service providers as long as the provider's use of protected health information is regulated under a formal business associate agreement (BAA). The BAA makes the service provider liable under HIPAA.

Congress passed CALEA in 1994, requiring that what type of organizations cooperate with law enforcement investigations? A. Financial institutions B. Communications carriers C. Healthcare organizations D. Websites

B. The Communications Assistance for Law Enforcement Act (CALEA) required that communications carriers assist law enforcement with the implementation of wiretaps when done under an appropriate court order. CALEA only applies to communications carriers and does not apply to financial institutions, healthcare organizations, or websites.

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities? A. Privacy Act B. Fourth Amendment C. Second Amendment D. Gramm-Leach-Bliley Act

B. The Fourth Amendment to the U.S. Constitution sets the "probable cause" standard that law enforcement officers must follow when conducting searches and/or seizures of private property. It also states that those officers must obtain a warrant before gaining involuntary access to such property. The Privacy Act regulates what information government agencies may collect and maintain about individuals. The Second Amendment grants the right to keep and bear arms. The Gramm-Leach-Bliley Act regulates financial institutions, not the federal government.

Greg recently accepted a position as a cybersecurity compliance officer with a privately held bank. What law most directly impacts the manner in which his organization handles personal information? A. HIPAA B. GLBA C. SOX D. FISMA

B. The Gramm-Leach-Bliley Act (GLBA) provides, among other things, regulations regarding the way financial institutions can handle private information belonging to their customers.

Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status? A. © B. ® C. ™ D. †

C. Richard's product name should be protected under trademark law. Until his registration is granted, he can use the ™ symbol next to it to inform others that it is protected under trademark law. Once his application is approved, the name becomes a registered trademark, and Richard can begin using the ® symbol. The © symbol is used to represent a copyright. The † symbol is not associated with intellectual property protections.

Ryan is reviewing the terms of a proposed vendor agreement between the financial institution where he works and a cloud service provider. Which one of the following items should represent the least concern to Ryan? A. What security audits does the vendor perform? B. What provisions are in place to protect the confidentiality, integrity, and availability of data? C. Is the vendor compliant with HIPAA? D. What encryption algorithms and key lengths are used?

C. Ryan does not likely need to be concerned about HIPAA compliance because that law applies to healthcare organizations and Ryan works for a financial institution. Instead, he should be more concerned about compliance with the Gramm-Leach-Bliley Act (GLBA). The other concerns should all be part of Ryan's contract review.

Brianna is working with a U.S. software firm that uses encryption in its products and plans to export its product outside of the United States. What federal government agency has the authority to regulate the export of encryption software? A. NSA B. NIST C. BIS D. FTC

C. The Bureau of Industry and Security within the Department of Commerce sets regulations on the export of encryption products outside of the United States. The other agencies listed here are not involved in regulating exports.

Justin is a cybersecurity consultant working with a retailer on the design of their new point-of-sale (POS) system. What compliance obligation relates to the processing of credit card information that might take place through this system? A. SOX B. HIPAA C. PCI DSS D. FERPA

C. The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations involved in storing, transmitting, and processing credit card information.

Ruth recently obtained a utility patent covering a new invention that she created. How long will she retain legal protection for her invention? A. 14 years from the application date B. 14 years from the date the patent is granted C. 20 years from the application date D. 20 years from the date the patent is granted

C. U.S. patent law provides for an exclusivity period of 20 years beginning at the time a utility patent application is submitted to the Patent and Trademark Office.

What type of law does not require an act of Congress to implement at the federal level but rather is enacted by the executive branch in the form of regulations, policies, and procedures? A. Criminal law B. Common law C. Civil law D. Administrative law

D. Administrative laws do not require an act of the legislative branch to implement at the federal level. Administrative laws consist of the policies, procedures, and regulations promulgated by agencies of the executive branch of government. Although they do not require an act of Congress, these laws are subject to judicial review and must comply with criminal and civil laws enacted by the legislative branch.

Kevin is assessing his organization's obligations under state data breach notification laws. Which one of the following pieces of information would generally not be covered by a data breach notification law when it appears in conjunction with a person's name? A. Social Security number B. Driver's license number C. Credit card number D. Student identification number

D. Although state data breach notification laws vary, they generally apply to Social Security numbers, driver's license numbers, state identification card numbers, credit/debit card numbers, and bank account numbers. These laws generally do not cover other identifiers, such as a student identification number.

Leonard and Sheldon recently co-authored a paper describing a new superfluid vacuum theory. How long will the copyright on their paper last? A. 70 years after publication B. 70 years after completion of the first draft C. 70 years after the death of the first author D. 70 years after the death of the last author

D. Copyright protection generally lasts for 70 years after the death of the last surviving author of the work.

Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. To keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property (IP) protection best suits their needs? A. Copyright B. Trademark C. Patent D. Trade secret

D. Mary and Joe should treat their oil formula as a trade secret. As long as they do not publicly disclose the formula, they can keep it a company secret indefinitely. Copyright and patent protection both have expiration dates and would not meet Mary and Joe's requirements. Trademark protection is for names and logos and would not be appropriate in this case.

Renee's organization is establishing a partnership with a firm located in France that will involve the exchange of personal information. Her partners in France want to ensure that the transfer will be compliant with the GDPR. What mechanism would be most appropriate? A. Binding corporate rules B. Privacy Shield C. Privacy Lock D. Standard contractual clauses

D. The European Union provides standard contractual clauses that may be used to facilitate data transfer. That would be the best choice in a case where two different companies are sharing data. If the data were being shared internally within a company, binding corporate rules would also be an option. The EU/US Privacy Shield was a safe harbor agreement that would previously have allowed the transfer but that is no longer valid. Privacy Lock is a made-up term.


Related study sets

AP Lang Unit 6 MCQ Progress Check

View Set

MSM-6610: Organizational Behavior

View Set

Mastering Biology Chapter 10 Pre-Lecture Assignment

View Set

Econ 202 - Study Guide Chapter 8

View Set

Marketing Research Exam 1 (chapters 5 & 6)

View Set