Review Questions Ethics (Ch. 1-5)

Ace your homework & exams now with Quizwiz!

A(n) ___ is an individual who hacks computers or websites in an attempt to promote a political ideology.

Hacktivist

Persistent or malicious harassment aimed at an ethnic, racial, or religious group can be prosecuted as hate speech. T/F?

false

A(n) ___ is a company that monitors, manages, and maintains computer and network security for other organizations.

managed security service provider (MSSP)

____ involves the deployment of malware that secretly steals data in the computer systems of organizations that can be used to gain an unfair competitive advantage for the perpetrator

Cyberespionage

Identifying the stakeholders and their positions on an issue is part of which decision-making step?

Define the problem

A(n) ____ is an attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks

Distributed Denial of Service

____ involves doing research on the Internet to obtain someone's private personal information (such as home address, email address, phone numbers, and place of employment) and even private electronic documents (such as photographs), and then posting that information online without permission.

Doxing

____ is the process of scrambling messages or data in such a way that only authorized parties can read it

Encryption

In the event of a successful cyberattack, the best way to give out specific information is through use of online discussion groups, email, and other systems connected to the compromised system. T/F?

false

Laws provide a complete guide to ethical behavior. T/F

false

Publicly traded organizations have an obligation to report all data breaches to the Securities and Exchange Commission. T/F?

false

The Supreme Court has stated that American citizens are protected by the Fourth Amendment with no exception. T/F?

false

The business recovery plan is the documented process to recover an organization's business information system assets including hardware, software, data, networks, and facilities in the event of a disaster. T/F?

false

The goodwill that CSR activities generate can make it easier for corporations to conduct their business but is unlikely to affect the profitability of the firm. T/F?

false

Unlike certification, which applies only to people and is required by law, licensing can also apply to products. True or False.

false

A ____ is hardware or software (or a combination of both) that serves as the first line of defense between an organization's network and the Internet; it also limits access to the company's network based on the organization's Internet-usage policy

firewall

Which of the following laws required federally finance schools and libraries to use some form of technological protection to block computer access to obscene material, pornography, and anything else considered harmful to minors? a) Telecommunications Act b) Children's Internet Protection Act c) Child Online Protection Act d) Communications Decency Act

b) Children's Internet Protection Act

Many companies obtain information about web surfers through the use of ___, which are text files that can be downloaded to the hard drives of users so that the website is able to identify visitors on subsequent visits

cookies

The moral corruption of people in power has been given the name ____

Bathsheba syndrome

The Supreme Court has held that obscene speech and defamation may be forbidden by the government. T/F?

True

____ is an exploit in which victims receive a voice-mail message telling them to call a phone number or access a website

Vishing

An anti-SLAPP law is used by government officials against citizens who oppose them on matters of public concern. T/F?

false

China has more surveillance cameras per person than Great Britain. T/F?

false

If an employee acts in a manner contrary to corporate policy and their employee's directions, the employer cannot be held responsible for these actions. T/F?

false

A recent study revealed that between ____ percent of workers' time online had nothing to do with work

60 and 80

The ____ Act specifies requirements that commercial emailers must follow when sending out messages that advertise or promote a commercial product or service.

CAN-SPAM

The country with perhaps the most rigorous Internet censorship in the world is ____

China

Section 230 of the ____ provides immunity to an Internet service provider that publishes user-generated content, as long as it's actions do not rise to the level of a content provider.

Communications Decency Act

(The) ____ approves the use of any intelligence collection techniques that are in accordance with procedures established by the head of the intelligence community and approved by the attorney general.

Executive Order 12333

This act allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies.

Fair and Accurate Credit Transactions Act

Under (the) ______________, the presumption is that a student's records are private and not available to the public without the consent of the student.

Family Educational Rights and Privacy Act (FERPA)

The ____ protects Americans' rights to freedom of religion, freedom of expression, and freedom to peaceably assemble.

First Amendment

____ describes procedures for the electronic surveillance in collection of foreign intelligence between foreign powers in agents of foreign powers. It also created a special court, which meets in secret to hear applications for orders approving electronic surveillance anywhere within the United States

Foreign Intelligence Surveillance Act

Federal agencies receiving a ____ request must acknowledge that the request has been received and indicate when the request will be fulfilled, with an initial response within 20 working days unless an unusual circumstance occurs.

Freedom of Information Request

The ____ is designed to strengthen data protection for individuals within the EU and includes stiff penalties for privacy violations.

General Data Protection Regulation

____ is the process established by an organization's board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations.

Internal control

An aggrieved party can file a ____ lawsuit against a defendant whose identity is temporarily unknown because he or she is communicating anonymously or using a pseudonym.

John Doe

An important Supreme Court case that established a three-part test to determine if material is obscene and therefore not protected speech was

Miller v. California

_____ is/are one's personal beliefs about what is right and wrong

Morals

A(n) ___ is a hardware or software based network security system that is able to detect and block sophisticated attacks by filtering network traffic depend on the contents of data packets

Next Generation Firewall

____ is a system employed to collect Internet data including search histories, photos sent and received; the contents of email, file transfers, and voice and video chats; and other Internet communication data

PRISM

____ is the process of assessing security-related risks to an organization's computers and networks from both internal and external threats

Risk assessment

A(n) ____ exploit is an attack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.

Zero-day

If you find yourself rationalizing a decision with the statement, "Well, our competitors are doing something far worse"-what action should you not take? a) drop this option, and implement the same policy as your competitors b) reconsider your options c) identify and evaluate options d) choose the best option

a) drop this option, and implement the same policy as your competitors

Which of the following is not a multi factor authentication method?

a) entering a user name and a strong end-user password at least 10 characters long

Non-managers are responsible for what percent of instances of reported misconduct?

about 40%

The number of global companies that have an overall security strategy is ___

about 58 percent

Which of the following is not one of the five key elements of an acceptable use policy (AUP)? a) Purpose of the AUP, why it is needed and what are its goals b) background and make-up of the infosec organization that enforces the AUP c) definition of the actions that will be taken against an individual who violates the policy d) scope of who and what is covered under the AUP

b) background and make-up of the infosec organization that enforces the AUP

A(n) ___ is a sophisticated threat that combines the features of a virus, worm, trojan horse, and other malicious code into a single payload

blended threat

The core _____ for any profession outlines agreed-upon sets of skills and abilities that all licensed professionals must possess.

body of knowledge

Which of the following is not a key goal of employee ethics training? a) increase the percentage of employees who report incidents of misconduct b) make employees more aware of the company's code of ethics and how to apply it c) become familiar with various philosophers and how they dealt with ethical issues d) reduce the company's liability in the event of legal action

c) become familiar with various philosophers and how they dealt with ethical issues

A statement that highlights an organization's key ethical issues and identifies the over-arching values and principles that are important to the organization and its decision making.

code of ethics

____ is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer system, networks, and storage devices in a manner that preserves the integrity of data gathered so that it is admissible as evidence in a court of law.

computer forensics

According to the Ethics Resource Center, which of the following is the most commonly observed form of employee misconduct a) lying to employees b) abusive behavior c) inappropriate social networking d) misuse of company time

d. Misuse of company time

Making either an oral or a written statement of alleged fact that is false and harms another person is ___

defamation

The term ___ describes the standards or codes of behavior expected of an individual by a group to which the individual belongs

ethics

The software piracy rates in Albania, Kazakhstan, Libya, Panama, and Zimbabwe ___

exceed 70 percent

A(n) _____ is an attack on an information system that takes advantage of a particular system vulnerability.

exploit

Although a number of independent laws and ask have been implemented overtime, no single, overarching data privacy policy has been developed in the United States. However, there is an established advisory agency that recommends acceptable privacy practices to U.S. businesses. T/F?

false

The computer security triad consists of ____

integrity, confidentiality, and availability

Often organizations who are engaged in litigation will send a __________________________ notice to its employees or to the opposing party to save relevant data and to suspend data that might be due to be destroyed based on normal data-retention rules.

litigation hold

____ occurs when a party fails to perform certain express or implied obligations, which impairs of destroys the very essence of a contract.

material breach of contract

____ is a process that couples human guidance with computer-driven concept searching in order to train document review software to recognize relevant documents with a document universe.

predictive coding

To become licensed as a software engineer in the United States, one must pass the Fundamental of Engineering Exam and a software engineering ___ exam

principles and practices

A (An) __________________________ states the principles and core values that are essential to the work of a particular occupational group.

professional code of ethics or code of ethics

Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as ___

professional malpractice

Approximately how many U.S workers have reported worker or manager misconduct and then suffered some sort of retribution from their supervisor or negative reactions from their coworkers?

some 6.2 million

The mission of the Software & Information Industry Association and the Business Software Alliance is to ___________________.

stop the unauthorized copying of software produced by its members

A virtual private network (VPN) enables remote users to securely access an organization's collection of computing and storage devices and share data remotely transmitting and receiving data over public networks such as the Internet. T/F?

true

An IT worker cannot be sued for professional malpractice unless he or she is licensed. True or False.

true

Beginning with the model year 2011 vehicles, the National Highway Safety Administration defined a minimum set of 15 data elements that must be captured for manufacturers who voluntarily install electronic data recorders on their vehicles. T/F?

true

Important decisions with strong ethical implications are too often left to the technical experts; general business managers must assume greater responsibility for these decisions. T/F?

true

Senior management (including members of the audit committee) must always follows the recommendations of the internal audit committee. T/F

true

The Fourth Amendment cannot be used to limit how a private employer treats its employees, and private-sector employees must seek legal protection against an invasive employer under various state statues. T/F?

true

The number of U.S government intelligence-gathering units identified in Executive Order 12333 exceeds 18. T/F?

true

The worldwide financial services industry spent over $27 billion on IT security and fraud prevention in 2015. T/F?

true

Under the Foreign Corrupt Practices Act (FCPA), it is permissible to pay an official to perform some official function (for example, to speed customs clearance). T/F

true

Antivirus software scans for a specific sequence of bytes known as a(n) ____ that indicates the presence of a specific virus.

virus signature

The California State Court in Pre-Paid vs Sturtz et al. set a legal precedent that courts apply when deciding ____

whether or not to approve subpoenas requesting the identity of anonymous web posters

____ is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest.

whistle-blowing


Related study sets

CompTIA A+ Complete Study Guide: Exam 220-1001 Fourth Edition

View Set

Hist 130 - Ole Miss iStudy Final

View Set

Lecture 4 - Governmental Programs

View Set

Unit 1 Key Terms- American History II

View Set

Obtaining and Keeping a License in CA

View Set

HS CS: Introduction to Software Technology

View Set

Chapter 6: Georgia Rules and Codes Pertinent to Life Insurance Only

View Set

Unit Test Review (Modern World History B)

View Set