Which of the following statements summarizes why a breach notification is hard for entities quizlet?

Home

Subjects

Solutions

Create

Log in

Sign up

Upgrade to remove ads

Only SGD 41.99/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Terms in this set (111)

A covered entity doesn't have to account for every PHI disclosure that it makes. The Privacy Rule states that some kinds of disclosures don't have to be included in an accounting. Any disclosure not specifically excluded must be included and tracked. Which of the following disclosures does not need to be tracked?

disclosures made to carry out treatment, payment, and health care activities

Before ____________________, many workers experienced "job lock" and were afraid that they would lose health care benefits if they changed jobs.

HIPAA

____________________was created by Congress to make health insurance portable.

HIPAA

____________________ forbids a new employer's health plan from denying health coverage for some reasons and prohibits discrimination against workers based on certain conditions such as pregnancy.

HIPPA

Which of the following parties is not among those who would share an individual's health information?

potential employers

PHI refers to:

protected health information

The HIPAA _________________ dictates how covered entities must protect the privacy of personal health information.

Privacy Rule

The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information.

Security Rule

Which of the following is not true about the Consolidated Omnibus Budget Reconciliation Act of 1986?

requires former employers to continue paying health insurance premiums for a minimum of one year

Which of the following is true about COBRA and HIPAA?

HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues.

_________________are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable.

Internal controls

Which of the following was not one of the outcomes of the Enron scandal?

Public companies are required to file one comprehensive financial disclosure statement with the SEC.

SOX requires the SEC to review a public company's Form 10-K and Form 10-Q reports at least once every three years. It must do this to try to detect fraud and inaccurate financial statements that could harm the investing public. SOX states the factors that the SEC should consider when deciding to conduct a review. Which of the following is not one of the factors that SEC must consider?

how long the company has been in existence

SOX ______________ requires CEOs and CFOs to certify a company's SEC reports.

Section 302

A company's _______________________ provides a summary of the company's financial condition at a certain period.

balance sheet

The Enron scandal and similar corporate scandals led to the creation of which of the following?

Sarbanes-Oxley Act

The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years

three

The main goal of ______________ is to protect shareholders and investors from financial fraud.

Sarbanes-Oxley Act (SOX)

Which of the following SOX titles establishes rules to make sure that securities analysts can give independent opinions about a public company's stock risk?

Analyst Conflicts of Interest (Title V)

Which of the following reports, which generally are shared only between the organizations that are doing business with one another, are used by auditors to assess the ICFR at one entity that does business with another entity?

SOC-1

Congress created the _____________ in response to the September 11, 2001, terrorist attacks.

Federal Information Security Management Act (FISMA)

FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responsibility?

National Institute of Standards and Technology (NIST)

___________________________ must be in place for securing networks, facilities, and systems or groups of IT systems. They are intended for technologies or system components that are a part of the larger information security program.

Subordinate plans

__________________ restrict the transmission of certain types of information to non-U.S. citizens or non-permanent residents who are located in the United States.

Export control regulations

The ________________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries.

Office of Foreign Assets Control (OFAC)

The ______________________ was created by Congress to protect data collected by the government.

Privacy Act of 1974

The __________________________enforces trade sanctions and embargoes.

Office of Foreign Assets Control (OFAC)

What was the first federal law to address federal computer security?

Computer Security Act (CSA)

Which of the following are types of export control regulations?

both A and B

Which of the following is not one of the guidelines in the DoD's policy on social media?

DoD employees are not permitted to use social media from their personal devices for personal purposes

After the ChoicePoint breach, 46 states, including the District of Columbia, have created breach notification laws. Although, most states used the California law as a model, there are some differences. Which of the following is not one of the differences?

maximum requirements for encryption

Which of the following statements summarizes why a breach notification is hard for entities?

States have different laws about what constitutes a breach.

The __________________ was created after a security breach at a state-operated data facility.

California Database Security Breach Notification Act

What is a legal concept that protects an entity from legal liability and is written into the law? Entities that encrypt the personal information that they own or maintain do not have to follow the notification requirements of this concept if they have a data breach.

safe harbor

What is considered to be personal information by most states?

both A and B

Which of the follow does not count as personal information, as designated by California's Database Security Breach Notification Act?

student ID

Which of the following conditions is not taken under consideration by Congress when determining if an area is ripe for federal legislation?

what the greatest economic advantage will be to the national market as it relates to the area under consideration

Massachusett's "Standards for the Protection of Personal Information of Residents of the Commonwealth" was released in September 2008 and is known for being "unique" in terms of its data protection standard. Which of the following statements best captures that uniqueness?

It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents.

What was the first state to have a breach notification law?

California

Which of the following may be exempt from state breach notification laws because they are already subject to other laws with specific data security requirements?

both A and B

A ______________ protects the formulas, processes, methods, and information that give a business a competitive edge

trade secret

_____________________ is the area of law that protects a person's creative ideas, inventions, and innovations.

Intellectual property law

_____________ are used to protect words, logos, and symbols that identify a product or services.

Trademarks

Which of the following has the longest period of protection?

patent

Unlike ______________, trade secrets aren't registered. A person or business doesn't have to meet any registration or procedural formalities for protection.

patents

The bad faith registration of a domain name that's a registered trademark or trade name of another entity is referred to as:

cybersquatting

Patents, trademarks, and copyrights are all types of _________________.

intellectual property

A trademark has two criteria: 1) it must be used in interstate commerce and 2) _____________________.

it must be distinctive

In 1998, Congress passed the _________________________.This law helps protect copyrights in the multimedia world. It also contains provisions that help insulate Internet service providers from the actions of their customers.

Digital Millennium Copyright Act

_______________ patents protect the visual appearance of a product.

Design

In a situation where phishing attackers attempt to steal personal information, which of the following federal acts can be used to prosecute such a crime?

Computer Fraud and abuse Act

The _______________ makes identify theft a federal crime.

Identity Theft and Assumption Deterrence Act

The power of a court to decide certain types of cases is ______________________ jurisdiction.

subject matter

_______________________ criminal law defines the conduct that constitutes a crime and establishes penalties.

Substantive

_______________________ covers unsolicited commercial e-mail messages and requires commercial e-mail senders to meet certain requirements.

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)

Which statement is true about the burden of proof in a criminal case?

The government bears the burden of proving that the defendant violated the law.

Which amendment to the U.S. Constitution guarantees defendants a speedy trial?

Sixth

What is the first piece of federal legislation that identified computer crimes as distinct offenses?

The Computer Fraud and Abuse Act of 1984

________________ law uses the reasonable person standard to determine whether a person acted appropriately.

Tort

Intentional torts most often occur when the defendant intended to commit the tort. Most torts involving ____________________ are intentional torts.

computers and cyberspace

COPPA requires Web site operators collecting information from children to:

Obtain a parental consent

FERPA applies to any education agencies or institutions that receive funding from the U.S. Department of Education (ED). Which of the following in not an educational agency or institution?

non-profit organizations that offer educational programs

In 2013, a social media company paid $800,000 to settle charges with the Federal Trade Commission (FTC). The company had an application that allowed children to create journals and share those journals online. Children could also post photos and share location information. The company collected the birth dates of 3,000 children before getting parental permission. The FTC alleged that the company violated which of the following?

Children's Online Privacy Protection Act (COPPA)

Under FERPA, which of the following may be disclosed in a school directory without consent?

name, address, and telephone number

The Family Policy Compliance Office (FPCO) provides oversight for ____________________.

Family Educational Rights and Privacy Act (FERPA)

Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the ______________ Amendment.

First

Schools may make the following type of disclosure without obtaining parental or student consent:

disclosure of any information to any school official with a need to know

Which of the following is a true statement regarding COPPA and CIPA rules?

COPPA defines a minor as anyone under the age of 13 years, while CIPA defines a minor as someone under the age of 17 years.

Which of the following is not a condition of "obscenity" as defined by the U.S. Supreme Court?

depicts any type of sexual conduct

The ________________________ ensures minors can't accidentally view obscene or objectionable material from school or library computers.

Children's Internet Protection Act (CIPA)

A merchant of an e-commerce Web site wants to accept credit cards as a form of payment. Which of the following must the merchant follow to ensure the safety of those payments?

PCI DSS

In January 2007, TJX disclosed that hackers had breached its credit card systems. The company reported that the attackers might have accessed credit card data going back to 2002. It reported that 45.7 million credit and debit card numbers might have been disclosed. At the time, the breach was believed to be the largest ever. Banks and customers sued TJX in connection with the breach. State governments also sued the company for failing to protect the credit card information of state residents. Given the nature of this breach, which federal agency opened an investigation?

the Federal Trade Commission

Required by the Fair and Accurate Credit Transaction Act of 2003 (FACTA), which of the following is an anti-identity theft rule created by federal bank regulatory agencies (the Fed, FDIC, OTS, OCC, and NCUA) and the FTC?

Red Flags Rule

Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate?

Safeguards Rule

Which of the following was enacted by Congress in response to growth in identity theft crime?

Fair and Accurate Credit Transaction Act (FACTA) of 2003

The ________________________ is also known as the Financial Services Modernization Act.

Gramm-Leach-Bliley Act

All of the following are examples of consumer financial institutions except:

the Federal Reserve System

The mission of the _____________________is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business.

Federal Trade Commission (FTC)

The purpose of the Gramm-Leach-Bliley Act __________________ is to fight identity theft.

Pretexting Rule

There are ______regional Federal Reserve Banks, which serve different geographic districts.

12

A(n) ____________________________ is a formal request for a higher authority to review the decision of a lower court.

appeal

_______________ governs the prosecution of those charged with serious offenses against public order, such as murder.

Criminal law

____________is demonstrated by the processes and procedures that an organization uses

Compliance

Which of the following statements best fits the highest burden of proof?

"beyond a reasonable doubt"

Which of the following is a true statement about the Court of Appeals?

A. It's a court of appellate jurisdiction.

B. It does not review the facts of a case or additional evidence.

C. Both A and B are correct.

D. Neither A nor B are correct

C. Both A and B are correct.

Audits are ___________performed by independent organizations.

occasionally

In the common law, courts decide cases by referring to established legal principles and the customs and values of society. They also look at decisions made in earlier cases to see if the cases are similar. If the cases are similar, a new case should reach a similar result.

True

The Supreme Court has exclusive original jurisdiction to decide cases about disputes between state governments and exercises this original jurisdiction with frequency.

False

The U.S. Supreme Court is the final source of authority for issues involving U.S. federal laws.

True

Federal courts can hear only the following kinds of cases: 1) Disputes regarding federal laws or constitutional issues and 2) Disputes between residents of different states where the amount of money in controversy is greater than $75,000.

True

A ______________ is some kind of wrongful act that harms or hurts a person.

Tort

In which of the following areas of the workplace is an employee most likely to have a reasonable expectation of privacy?

employee lounge

In which of the following places would a person have "a reasonable expectation of privacy"?

In one's home

The 2006 U.S. Federal Trade Commission (FTC) alleged that Zango, Inc., an Internet marketing company, had used unfair and deceptive methods to download _____________onto computers.

Adware

The first state to enact anti-spyware legislation was:

Utah

Which Act established the public's right to request information from federal agencies?

Freedom of Information Act

Which of following is not one of the steps in the data life cycle?

data accounting

Which statement about privacy is NOT true?

Privacy is a simple term that describes a number of different but related concepts.

Privacy means that a person has control over their personal data.

All of the statements regarding privacy are true.

Most traditional views on privacy include the belief that the government's power to interfere in the privacy of its citizens is limited.

____________ is the practice of tracking a user's actions on the Internet in order
to create a user profile.

Online profiling

What is the source of legal authority for the U.S. government?

The U.S Constitution

A _____________is a method of controlled entry into a facility and provides access to secure areas such as a research lab or data center.

Mantrap

A single point of failure is a piece of hardware or application that is key to ________________________.

the functioning of the entire system

All of the following are ways to protect confidentiality except:

shoulder surfing

In which of the following types of communication is phishing least likely to occur?

phone calls

_______________ is the process of reviewing known vulnerabilities and threats.

Risk analysis

___________________ refers to applying safeguards designed to lower risks to a level deemed acceptable but without eliminating such risks.

Risk mitigation

_____________ means that only people with the right permission can access and use information.

Confidentiality

_________________________ involves tricking other people into breaking security procedures and sharing sensitive information.

Social engineering

What is the window of vulnerability?

the time between exploit discovery and an installed security patch

What situation would be an example of an exploit?

An art thief sneaks into a museum and steals a famous painting and then sneaks out of the museum without being caught by security because the thief identified and traveled through the museum via blind spots of the museum's security cameras. After the incident, the museum increases the number of security guards and cameras guarding the museum at all times.

Which of the following statements summarizes why the window of vulnerability is shrinking?

More people are interested in information security, and have developed the skills to find new vulnerabilities.

Sets with similar terms

ITN 267 Midterm

51 terms

savaq

NVCC ITN 267 CyberLaw Midterm

63 terms

Lourdes_Solares

ITN 267 Final Exam

93 terms

Hamez714

TEST 2 51/60 questions

52 terms

tehtehHAWS

Other sets by this creator

Security + Practice Test Combined 1-4

201 terms

JustJay13

Jason Dion Security+ Study Guide

45 terms

JustJay13

ITN276 Aggregated Final Exam Study

101 terms

JustJay13

ITN263 Midterm Study Guide

233 terms

JustJay13

Other Quizlet sets

Psychology 3rd Quarter Exam Vocabulary

98 terms

itsohsoclaire

Fashion Retail Industry- Exam 3

68 terms

kaywenzel

Vet Prep (Week 8) 03.04.21

146 terms

mckennachui

Macro Exam 1 (homeworks)

46 terms

abig1220

Which of the following statements best captures the reason why US compliance laws came about quizlet?

Which role identifies the person in an organization who has the senior most role in protecting information security?

What was the first federal law to address federal security?