6) Laws & Regulations

Question 1

(T/F) A cybersecurity professional must be proficient with all current laws, both state and federal, that may apply to the organization he/she works with.

Answer 1

False

The number of laws and their complexities make it difficult for any one person to keep abreast of them, but the organization must have other resources studying these laws and making sure compliance is met. The information security specialist, Legal and HR departments, executives, and even industry groups will work together to make sure no laws or regulations are violated.

Question 2

FISMA refers to ___.

Answer 2

The Federal Information Security Modernization Act of 2014

Question 3

Not all schools are required to comply with this law.

Answer 3

FERPA

Question 4

Federal agencies must comply with the law administered by the Department of Homeland Security.

Answer 4

FISMA

Question 5

This law puts the burden to stop some forms of financial data sharing in the hands of the customer.

Answer 5

GLBA

Question 6

This broad law includes privacy aspects of past, current and future PHI.

Answer 6

HIPAA

Question 7

Although this law is aimed at public companies, it provides a blueprint of financial responsibility and transparency that many organizations strive to follow.

Answer 7

SOX

Question 8

(T/F) As long as the laws are abided by, industry standards without legal impacts may be ignored.

Answer 8

False

Question 9

(T/F) International computing laws must be considered if any customer resides outside the U.S.

Answer 9

True

Question 10

PII must always be monitored for compliance. What does PII stand for?

Answer 10

Personally identifiable information

Question 11

This law provides a framework for ensuring the effectiveness of information security controls in federal government.

Answer 11

FISMA

Question 12

This law improves the efficiency and effectiveness of the health care system and protects patient privacy.

Answer 12

HIPAA

Question 13

This law protects the privacy of students and their parents.

Answer 13

FERPA

Question 14

This law regulates the financial practice and governance of corporations.

Answer 14

SOX

Question 15

This law protects the customers of financial institutions.

Answer 15

GLBA

Question 16

Relating to an organization’s adherence to laws, regulations, and standards.

Answer 16

Compliance

Question 17

Regulations mandated by law, usually requiring regular audits and assessments.

Answer 17

Regulatory Compliance

Question 18

Regulations or standards designed for specific industries.

Answer 18

Industry Compliance

Question 19

The state or condition of being free from being observed or disturbed by other people.

Answer 19

Privacy

Question 20

This act safeguards privacy through the establishment of procedural and substantive rights in personal data.

Answer 20

The Federal Privacy Act of 1974

Question 21

Rights relating to the protection of an individual’s personal information.

Answer 21

Privacy rights

Question 22

___ ensures the protection of information, operations, and assets in federal government.

Answer 22

FISMA

Question 23

___ protects the privacy of students and their parents.

Answer 23

FERPA

Question 24

___ sets limits on the use and disclosure of patient information and grants individuals rights over their own health records.

Answer 24

HIPAA

Question 25

___ regulates the financial practice and governance of corporations.

Answer 25

SOX

Question 26

___ protects the customers of financial institutions.

Answer 26

GLBA

Question 27

Some standards are not mandated by law but are managed and enforced by the industry, often via a council or committee. Which of the options below is an example of this industry compliance?

a) HIPAA
b) SOX
c) PCI DSS
d) FISMA
e) GLBA

Answer 27

c) PCI DSS