Chapter 17 (Lesson 12) Flashcards
- What are the key rights guaranteed to individuals under the European Union’s directive on data privacy?
- Individuals have a right to access records kept about them and know the source of data included in those records.
They also have the right to correct inaccurate records.
Individuals have the right to withhold consent from data processors and have legal recourse if these rights are violated.
- What are some common questions that organizations should ask when considering outsourcing information storage, processing, or transmission?
- Some common questions that organizations may ask about outsourced service providers include:
- What type(s) of sensitive information are stored, processed, or transmitted by the vendor?
- What controls are in place to protect the organization’s information?
- How is our organization’s information segregated from that of other clients?
- If encryption is relied on as a security control, what encryption algorithms and key lengths are used? How is key management handled?
- What types of security audits does the vendor perform and what access does the client have to those audits?
- Does the vendor rely on any other third parties to store, process, or transmit data? How do the provisions of the contract related to security extend to those third parties?
- Where will data storage, processing, and transmission take place? If outside the home country of the client and/or vendor, what implications does that have?
- What is the vendor’s incident response process and when will clients be notified of a potential security breach?
- What provisions are in place to ensure the ongoing integrity and availability of client data?
- What are some common steps that employers take to notify employees of system monitoring?
- Some common steps that employers take to notify employees of monitoring include clauses in employment contracts that state the employee should have no expectation of privacy while using corporate equipment,
similar written statements in corporate acceptable use and privacy policies,
logon banners warning that all communications are subject to monitoring,
and labels on computers and telephones warning of monitoring.
- Which criminal law was the first to implement penalties for the creators of viruses, worms, and other types of malicious code that cause harm to computer system(s)?
A. Computer Security Act
B. National Infrastructure Protection Act
C. Computer Fraud and Abuse Act
D. Electronic Communications Privacy Act
- C. The Computer Fraud and Abuse Act, as amended, provides criminal and civil penalties for those individuals convicted of using viruses, worms, Trojan horses, and other types of malicious code to cause damage to computer system(s).
- Which law first required operators of federal interest computer systems to undergo periodic training in computer security issues?
A. Computer Security Act
B. National Infrastructure Protection Act
C. Computer Fraud and Abuse Act
D. Electronic Communications Privacy Act
- A. The Computer Security Act requires mandatory periodic training for all people involved in managing, using, or operating federal computer systems that contain sensitive information.
- What type of law does not require an act of Congress to implement at the federal level but rather is enacted by the executive branch in the form of regulations, policies, and procedures?
A. Criminal law
B. Common law
C. Civil law
D. Administrative law
- D. Administrative laws do not require an act of the legislative branch to implement at the federal level. Administrative laws consist of the policies, procedures, and regulations promulgated by agencies of the executive branch of government. Although they do not require an act of Congress, these laws are subject to judicial review and must comply with criminal and civil laws enacted by the legislative branch.
- Which federal government agency has responsibility for ensuring the security of government computer systems that are not used to process sensitive and/or classified information?
A. National Security Agency
B. Federal Bureau of Investigation
C. National Institute of Standards and Technology
D. Secret Service
- C. The National Institute of Standards and Technology (NIST) is charged with the security management of all federal government computer systems that are not used to process sensitive national security information. The National Security Agency (part of the Department of Defense) is responsible for managing those systems that do process classified and/or sensitive information.
- What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended?
A. Government-owned systems
B. Federal interest systems
C. Systems used in interstate commerce
D. Systems located in the United States
- C. The original Computer Fraud and Abuse Act of 1984 covered only systems used by the government and financial institutions. The act was broadened in 1986 to include all federal interest systems. The Computer Abuse Amendments Act of 1994 further amended the CFAA to cover all systems that are used in interstate commerce, covering a large portion (but not all) of the computer systems in the United States.
- What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?
A. Privacy Act
B. Fourth Amendment
C. Second Amendment
D. Gramm-Leach-Bliley Act
- B. The Fourth Amendment to the U.S. Constitution sets the “probable cause” standard that law enforcement officers must follow when conducting searches and/or seizures of private property. It also states that those officers must obtain a warrant before gaining involuntary access to such property
- Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs?
A. Copyright
B. Trademark
C. Patent
D. Trade secret
- A. Copyright law is the only type of intellectual property protection available to Matthew. It covers only the specific software code that Matthew used. It does not cover the process or ideas behind the software. Trademark protection is not appropriate for this type of situation. Patent protection does not apply to mathematical algorithms. Matthew can’t seek trade secret protection because he plans to publish the algorithm in a public technical journal.
- Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. To keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property protection best suits their needs?
A. Copyright
B. Trademark
C. Patent
D. Trade secret
- D. Mary and Joe should treat their oil formula as a trade secret. As long as they do not publicly disclose the formula, they can keep it a company secret indefinitely.
- Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status?
A. ©
B. ®
C. ™
D. †
- C. Richard’s product name should be protected under trademark law. Until his registration is granted, he can use the TM symbol next to it to inform others that it is protected under trademark law. Once his application is approved, the name becomes a registered trademark and Richard can begin using the ® symbol.
- What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?
A. Privacy Act
B. Electronic Communications Privacy Act
C. Health Insurance Portability and Accountability Act
D. Gramm-Leach-Bliley Act
- A. The Privacy Act of 1974 limits the ways government agencies may use information that private citizens disclose to them under certain circumstances.
- What law formalizes many licensing arrangements used by the software industry and attempts to standardize their use from state to state?
A. Computer Security Act
B. Uniform Computer Information Transactions Act
C. Digital Millennium Copyright Act
D. Gramm-Leach-Bliley Act
- B. The Uniform Computer Information Transactions Act (UCITA) attempts to implement a standard framework of laws regarding computer transactions to be adopted by all states. One of the issues addressed by UCITA is the legality of various types of software license agreements.
- The Children’s Online Privacy Protection Act was designed to protect the privacy of children using the Internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent?
A. 13
B. 14
C. 15
D. 16
- A. The Children’s Online Privacy Protection Act (COPPA) provides severe penalties for companies that collect information from young children without parental consent. COPPA states that this consent must be obtained from the parents of children younger than the age of 13 before any information is collected (other than basic information required to obtain that consent).