Chapter 10 - Data Security

Question 1

three basic types of backup

Answer 1

1. full backup - It is a full copy of your entire data set.
2. incremental backup - a backup of the data that has changed since the most recent backup (regardless of if its incremental or full). This is the fastest backup.
3. differential backup - a backup of everything that changes since the last full backup; it accumulates as more and more differential backups are done. This is slower than incremental backups.

Question 2

five threats to health information

Answer 2

1. internal employees who make unintentional errors
2. internal employees who abuse their access to information
3. internal employees who access the system for spite or profit
4. hostile outsiders who attempt to access information or steal resources
5. angry internal employees or hostile outsiders who attack the information system

Question 3

spite

Answer 3

(1) petty ill will or hatred with the disposition to irritate, annoy, or thwart
(2) the phrase “in spite of” = in defiance or contempt of, without being prevented by

Question 4

tailgating

Answer 4

A social engineering technique that allows a hacker, imposter, or other unauthorized individual to use an authorized individual’s access privileges to gain access to a restricted physical area.
For example, an imposter, hacker, or other unauthorized individual wants to gain access to a building that requires badge access. This unauthorized individual follows closely behind an individual who just swiped his or her badge and gains access by simply following the other individual inside the building. It is human nature for a person to hold a door open for someone behind him or her and not let the door close on that person. The unauthorized person knows this and exploits the good nature of another individual.

Question 5

administrative safeguards

Answer 5

documented, formal practices to manage data security measures throughout the CE

Question 6

spear phishing

Answer 6

Similar to phishing but requires a little more work on the part of the hacker. When the hacker engages in spear phishing, the hacker researches the individual whose identity the hacker will assume by looking up social media accounts and researching the individual’s activity on the web. The hacker will typically assume the identity of an individual in a high-level leadership position of an organization. While assuming this online identity, the hacker will then target other individuals within the ­organization to try to obtain personal ­information from them.

Question 7

tornado vs hurricane

Answer 7

Hurricanes and tornadoes are alike in basic ways. Both produce powerful, swirling winds — and both can leave a path of death and destruction.
While tornadoes originate on land, hurricanes are formed on large water bodies. The wind speed in tornadoes is significantly faster than the wind speed of the hurricane. However, while tornadoes usually last for minutes, a hurricane, once formed, can last for days, even weeks at times.

Question 8

rootkit

Answer 8

a set of software tools that enable an unauthorized user to gain control of a computer system without being detected

Question 9

CIA Triad

Answer 9

These three letters stand for confidentiality, integrity, and availability, otherwise known as the CIA triad. They are a standard used by information security professionals.

1. Confidentiality: Only authorized and appropriate individuals access the data within an information system.
2. Integrity: The data within the system can be trusted. This was discussed at the beginning of the chapter.
3. Availability: The data within the system is available to the end user wherever and whenever it is needed.

Question 10

likelihood determination

Answer 10

an estimate of the probability of threats occurring

Question 11

impact analysis

Answer 11

an estimate of the impact of threats on information assets

Question 12

single sign-on

Answer 12

an authorization strategy that allows a user to log in to many separate, although related, information systems. Single sign-on allows a user to log in one time and be able to access many information systems. This prevents the user from having to log in to each information system individually

Question 13

smart card

Answer 13

a physical card that has an embedded integrated chip that acts as a security token

Question 14

automatic logouts

Answer 14

timed logouts that reduce the chances that one’s account will be used by someone else

Question 15

information technology asset disposition (ITAD)

Answer 15

the process of disposing of unwanted electronic equipment in a responsible manner

Question 16

viable

Answer 16

(1) capable of living
(2) of a fetus: having attained such form and development of organs as to be normally capable of surviving outside the uterus
(3) capable of growing or developing
(4) capable of working, functioning, or developing adequately
(5) capable of existence and development as an independent unit
(6) having a reasonable chance of succeeding
(7) financially sustainable

Question 17

application safeguards

Answer 17

controls contained in application software or ­information systems to protect the security and integrity of information

Question 18

edit check

Answer 18

programmed routines designed to check input data and ensure for completeness, accuracy and reasonableness (e.g. cannot enter a thirteenth month in the date field)

Question 19

Transport Layer Security (TLS)

Answer 19

The successor of the now-deprecated Secure Sockets Layer (SSL); it is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use as the Security layer in HTTPS remains the most publicly visible.

Question 20

disaster recovery plan

Answer 20

a plan that addresses the resources, actions, tasks, and data necessary to ­restore those services identified as critical, such as the EHR, as soon as possible, and to manage business recovery processes

Question 21

business continuity plan (BCP)

Answer 21

a set of policies and procedures that direct the CE how to continue its business operations during an information system shutdown

Question 22

emergency mode of operations

Answer 22

An emergency plan that defines the processes and controls that will be followed until the operations are fully restored.

Question 23

HIPAA security rule

Answer 23

The HIPAA Security Rule requires physicians/hospitals to protect patients’ electronically stored, protected health information (known as “ePHI”) by using the following five things:

1. Administrative safeguards
2. Physical safeguards
3. Technical safeguards
4. Organizational requirements
5. Policies and procedures and documentation requirements

Question 24

sniffer

Answer 24

a software security product that runs in the background of a network, examining and logging packet traffic and serving as an early warning device against crackers

Question 25

hacker vs cracker

information security definition

Answer 25

A hacker is an individual whose job is to identify weaknesses in an information system so that they can be corrected. A cracker is an individual who exploits any weaknesses in an information system to his own advantage.

Question 26

unsecured electronic protected health information

Answer 26

ePHI that has not been made unusable, unreadable, or indecipherable to unauthorized persons

Question 27

deprecate

Answer 27

1. to express disapproval of
2. BELITTLE, DISPARAGE
3. to withdraw official support for or discourage the use of (something, such as a software product) in favor of a newer or better alternative
4. to seek to avert

Question 28

disparage

Answer 28

(1) to depreciate by indirect means (such as invidious comparison): speak slightingly about
(2) to lower in rank or reputation: DEGRADE

Question 29

invidious

Answer 29

1. of an unpleasant or objectionable nature: OBNOXIOUS
2. of a kind to cause harm or resentment
3. tending to cause discontent, animosity, or envy

Question 30

disposition

Answer 30

1: prevailing tendency, mood, or inclination
2: temperamental makeup
3: the tendency of something to act in a certain manner under given circumstances
4: the act or the power of disposing or the state of being disposed: ADMINISTRATION, CONTROL, COURT’S FINAL DECISION
5: transfer to the care or possession of another
6: orderly arrangement