Show Home Subjects Solutions Create Log in Sign up Upgrade to remove ads Only SGD 41.99/year
Terms in this set (111)A covered entity doesn't have to account for every PHI disclosure that it makes. The Privacy Rule states that some kinds of disclosures don't have to be included in an accounting. Any disclosure not specifically excluded must be included and tracked. Which of the following disclosures does not need to be tracked? disclosures made to carry out treatment, payment, and health care activities Before ____________________, many workers experienced "job lock" and were afraid that they would lose health care benefits if they changed jobs. HIPAA ____________________was created by Congress to make health insurance portable. HIPAA ____________________ forbids a new employer's health plan from denying health coverage for some reasons and prohibits discrimination against workers based on certain conditions such as pregnancy. HIPPA Which of the following parties is not among those who would share an individual's health information? potential employers PHI refers to: protected health information The HIPAA _________________ dictates how covered entities must protect the privacy of personal health information. Privacy Rule The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information. Security Rule Which of the following is not true about the Consolidated Omnibus Budget Reconciliation Act of 1986? requires former employers to continue paying health insurance premiums for a minimum of one year Which of the following is true about COBRA and HIPAA? HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues. _________________are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable. Internal controls Which of the following was not one of the outcomes of the Enron scandal? Public companies are required to file one comprehensive financial disclosure statement with the SEC. SOX requires the SEC to review a public company's Form 10-K and Form 10-Q reports at least once every three years. It must do this to try to detect fraud and inaccurate financial statements that could harm the investing public. SOX states the factors that the SEC should consider when deciding to conduct a review. Which of the following is not one of the factors that SEC must consider? how long the company has been in existence SOX ______________ requires CEOs and CFOs to certify a company's SEC reports. Section 302 A company's _______________________ provides a summary of the company's financial condition at a certain period. balance sheet The Enron scandal and similar corporate scandals led to the creation of which of the following? Sarbanes-Oxley Act The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years three The main goal of ______________ is to protect shareholders and investors from financial fraud. Sarbanes-Oxley Act (SOX) Which of the following SOX titles establishes rules to make sure that securities analysts can give independent opinions about a public company's stock risk? Analyst Conflicts of Interest (Title V) Which of the following reports, which generally are shared only between the organizations that are doing business with one another, are used by auditors to assess the ICFR at one entity that does business with another entity? SOC-1 Congress created the _____________ in response to the September 11, 2001, terrorist attacks. Federal Information Security Management Act (FISMA) FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responsibility? National Institute of Standards and Technology (NIST) ___________________________ must be in place for securing networks, facilities, and systems or groups of IT systems. They are intended for technologies or system components that are a part of the larger information security program. Subordinate plans __________________ restrict the transmission of certain types of information to non-U.S. citizens or non-permanent residents who are located in the United States. Export control regulations The ________________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries. Office of Foreign Assets Control (OFAC) The ______________________ was created by Congress to protect data collected by the government. Privacy Act of 1974 The __________________________enforces trade sanctions and embargoes. Office of Foreign Assets Control (OFAC) What was the first federal law to address federal computer security? Computer Security Act (CSA) Which of the following are types of export control regulations? both A and B Which of the following is not one of the guidelines in the DoD's policy on social media? DoD employees are not permitted to use social media from their personal devices for personal purposes After the ChoicePoint breach, 46 states, including the District of Columbia, have created breach notification laws. Although, most states used the California law as a model, there are some differences. Which of the following is not one of the differences? maximum requirements for encryption Which of the following statements summarizes why a breach notification is hard for entities? States have different laws about what constitutes a breach. The __________________ was created after a security breach at a state-operated data facility.
California Database Security Breach Notification Act What is a legal concept that protects an entity from legal liability and is written into the law? Entities that encrypt the personal information that they own or maintain do not have to follow the notification requirements of this concept if they have a data breach. safe harbor What is considered to be personal information by most states? both A and B Which of the follow does not count as personal information, as designated by California's Database Security Breach Notification Act? student ID Which of the following conditions is not taken under consideration by Congress when determining if an area is ripe for federal legislation? what the greatest economic advantage will be to the national market as it relates to the area under consideration Massachusett's "Standards for the Protection of Personal Information of Residents of the Commonwealth" was released in September 2008 and is known for being "unique" in terms of its data protection standard. Which of the following statements best captures that uniqueness? It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents. What was the first state to have a breach notification law? California Which of the following may be exempt from state breach notification laws because they are already subject to other laws with specific data security requirements? both A and B A ______________ protects the formulas, processes, methods, and information that give a business a competitive edge trade secret _____________________ is the area of law that protects a person's creative ideas, inventions, and innovations. Intellectual property law _____________ are used to protect words, logos, and symbols that identify a product or services. Trademarks Which of the following has the longest period of protection? patent Unlike ______________, trade secrets aren't registered. A person or business doesn't have to meet any registration or procedural formalities for protection. patents The bad faith registration of a domain name that's a registered trademark or trade name of another entity is referred to as: cybersquatting Patents, trademarks, and copyrights are all types of _________________. intellectual property A trademark has two criteria: 1) it must be used in interstate commerce and 2) _____________________. it must be distinctive In 1998, Congress passed the _________________________.This law helps protect copyrights in the multimedia world. It also contains provisions that help insulate Internet service providers from the actions of their customers. Digital Millennium Copyright Act _______________ patents protect the visual appearance of a product. Design In a situation where phishing attackers attempt to steal personal information, which of the following federal acts can be used to prosecute such a crime? Computer Fraud and abuse Act The _______________ makes identify theft a federal crime. Identity Theft and Assumption Deterrence Act The power of a court to decide certain types of cases is ______________________ jurisdiction. subject matter _______________________ criminal law defines the conduct that constitutes a crime and establishes penalties. Substantive _______________________ covers unsolicited commercial e-mail messages and requires commercial e-mail senders to meet certain requirements. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Which statement is true about the burden of proof in a criminal case? The government bears the burden of proving that the defendant violated the law. Which amendment to the U.S. Constitution guarantees defendants a speedy trial? Sixth What is the first piece of federal legislation that identified computer crimes as distinct offenses? The Computer Fraud and Abuse Act of 1984 ________________ law uses the reasonable person standard to determine whether a person acted appropriately. Tort Intentional torts most often occur when the defendant intended to commit the tort. Most torts involving ____________________ are intentional torts. computers and cyberspace COPPA requires Web site operators collecting information from children to: Obtain a parental consent FERPA applies to any education agencies or institutions that receive funding from the U.S. Department of Education (ED). Which of the following in not an educational agency or institution? non-profit organizations that offer educational programs In 2013, a social media company paid $800,000 to settle charges with the Federal Trade Commission (FTC). The company had an application that allowed children to create journals and share those journals online. Children could also post photos and share location information. The company collected the birth dates of 3,000 children before getting parental permission. The FTC alleged that the company violated which of the following? Children's Online Privacy Protection Act (COPPA) Under FERPA, which of the following may be disclosed in a school directory without consent? name, address, and telephone number The Family Policy Compliance Office (FPCO) provides oversight for ____________________. Family Educational Rights and Privacy Act (FERPA) Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the ______________ Amendment. First Schools may make the following type of disclosure without obtaining parental or student consent: disclosure of any information to any school official with a need to know Which of the following is a true statement regarding COPPA and CIPA rules? COPPA defines a minor as anyone under the age of 13 years, while CIPA defines a minor as someone under the age of 17 years. Which of the following is not a condition of "obscenity" as defined by the U.S. Supreme Court? depicts any type of sexual conduct The ________________________ ensures minors can't accidentally view obscene or objectionable material from school or library computers. Children's Internet Protection Act (CIPA) A merchant of an e-commerce Web site wants to accept credit cards as a form of payment. Which of the following must the merchant follow to ensure the safety of those payments? PCI DSS In January 2007, TJX disclosed that hackers had breached its credit card systems. The company reported that the attackers might have accessed credit card data going back to 2002. It reported that 45.7 million credit and debit card numbers might have been disclosed. At the time, the breach was believed to be the largest ever. Banks and customers sued TJX in connection with the breach. State governments also sued the company for failing to protect the credit card information of state residents. Given the nature of this breach, which federal agency opened an investigation? the Federal Trade Commission Required by the Fair and Accurate Credit Transaction Act of 2003 (FACTA), which of the following is an anti-identity theft rule created by federal bank regulatory agencies (the Fed, FDIC, OTS, OCC, and NCUA) and the FTC? Red Flags Rule Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate? Safeguards Rule Which of the following was enacted by Congress in response to growth in identity theft crime? Fair and Accurate Credit Transaction Act (FACTA) of 2003 The ________________________ is also known as the Financial Services Modernization Act. Gramm-Leach-Bliley Act All of the following are examples of consumer financial institutions except: the Federal Reserve System
The mission of the _____________________is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business. Federal Trade Commission (FTC) The purpose of the Gramm-Leach-Bliley Act __________________ is to fight identity theft. Pretexting Rule There are ______regional Federal Reserve Banks, which serve different geographic districts. 12 A(n) ____________________________ is a formal request for a higher authority to review the decision of a lower court. appeal _______________ governs the prosecution of those charged with serious offenses against public order, such as murder. Criminal law ____________is demonstrated by the processes and procedures that an organization uses Compliance Which of the following statements best fits the highest burden of proof? "beyond a reasonable doubt" Which of the following is a true statement about the Court of Appeals? A. It's a court of appellate jurisdiction. B. It does not review the facts of a case or additional evidence. C. Both A and B are correct. D. Neither A nor B are correct C. Both A and B are correct. Audits are ___________performed by independent organizations. occasionally
In the common law, courts decide cases by referring to established legal principles and the customs and values of society. They also look at decisions made in earlier cases to see if the cases are similar. If the cases are similar, a new case should reach a similar result. True The Supreme Court has exclusive original jurisdiction to decide cases about disputes between state governments and exercises this original jurisdiction with frequency. False The U.S. Supreme Court is the final source of authority for issues involving U.S. federal laws. True Federal courts can hear only the following kinds of cases: 1) Disputes regarding federal laws or constitutional issues and 2) Disputes between residents of different states where the amount of money in controversy is greater than $75,000. True A ______________ is some kind of wrongful act that harms or hurts a person. Tort In which of the following areas of the workplace is an employee most likely to have a reasonable expectation of privacy? employee lounge In which of the following places would a person have "a reasonable expectation of privacy"? In one's home The 2006 U.S. Federal Trade Commission (FTC) alleged that Zango, Inc., an Internet marketing company, had used unfair and deceptive methods to download _____________onto computers. Adware The first state to enact anti-spyware legislation was: Utah Which Act established the public's right to request information from federal agencies? Freedom of Information Act Which of following is not one of the steps in the data life cycle? data accounting Which statement about privacy is NOT true? Privacy is a simple term that describes a number of different but related concepts. Privacy means that a person has control over their personal data. All of the statements regarding privacy are true. Most traditional views on privacy include the belief that the government's power to interfere in the privacy of its citizens is limited.
____________ is the practice of tracking a user's actions on the Internet in order Online profiling What is the source of legal authority for the U.S. government? The U.S Constitution A _____________is a method of controlled entry into a facility and provides access to secure areas such as a research lab or data center. Mantrap A single point of failure is a piece of hardware or application that is key to ________________________. the functioning of the entire system All of the following are ways to protect confidentiality except: shoulder surfing In which of the following types of communication is phishing least likely to occur? phone calls _______________ is the process of reviewing known vulnerabilities and threats. Risk analysis ___________________ refers to applying safeguards designed to lower risks to a level deemed acceptable but without eliminating such risks. Risk mitigation _____________ means that only people with the right permission can access and use information. Confidentiality _________________________ involves tricking other people into breaking security procedures and sharing sensitive information. Social engineering What is the window of vulnerability? the time between exploit discovery and an installed security patch What situation would be an example of an exploit? An art thief sneaks into a museum and steals a famous painting and then sneaks out of the museum without being caught by security because the thief identified and traveled through the museum via blind spots of the museum's security cameras. After the incident, the museum increases the number of security guards and cameras guarding the museum at all times. Which of the following statements summarizes why the window of vulnerability is shrinking? More people are interested in information security, and have developed the skills to find new vulnerabilities. Sets with similar termsITN 267 Midterm51 terms savaq NVCC ITN 267 CyberLaw Midterm63 terms Lourdes_Solares ITN 267 Final Exam93 terms Hamez714 TEST 2 51/60 questions52 terms tehtehHAWS Other sets by this creatorSecurity + Practice Test Combined 1-4201 terms JustJay13 Jason Dion Security+ Study Guide45 terms JustJay13 ITN276 Aggregated Final Exam Study101 terms JustJay13 ITN263 Midterm Study Guide233 terms JustJay13 Other Quizlet setsPsychology 3rd Quarter Exam Vocabulary98 terms itsohsoclaire Fashion Retail Industry- Exam 368 terms kaywenzel Vet Prep (Week 8) 03.04.21146 terms mckennachui Macro Exam 1 (homeworks)46 terms abig1220 Which of the following statements best captures the reason why US compliance laws came about quizlet?Which of the following statements best captures the reason why U.S. compliance laws came about? The misuse and abuse of information is has major impact on the lives of individuals and their privacy.
Which role identifies the person in an organization who has the senior most role in protecting information security?The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
What was the first federal law to address federal security?In response to a growing fear of security threats to the U.S. Federal Government, the Computer Security Act (CSA) of 1987 was signed into law on June 11, 1987.
|