CSCI 2201: Chapter 6 Laws & Regulations

Question 1

What does the USA PATRIOT Act stand for?

Answer 1

Computer Fraud and Abuse Act

Question 2

What is the USA PATRIOT Act applied to?

Answer 2

Computing and computer-related issue

Question 3

True or False: Information security, privacy, HR, and legal departments work closely to each other to take care any law violations

Answer 3

True

Question 4

European Union’s (EU) Data Protection Directive (Directive 95/46/EC):

Answer 4

Protects individual’s personally identifiable information (PII)

Much more stringent than current US requirements

Thus, if an US company is storing data on EU citizens in the United States, they must still comply with EU laws

Question 5

Regulatory Compliance is…

Answer 5

very specific to the industry in which a given company or organization is OPERATING and how it is STRUCTURED

Question 6

An important detail about Industry Compliance is that…

Answer 6

Industries may have compliance with regulations not mandated by law

Question 7

Privacy-related Information for E-commerce:

Answer 7

name, address, social security number, phone number, e-mail address, mobile device information, IP address, MAC address, and any number of other similar points of data

Question 8

Privacy-related Information for financial institutions or schools:

Answer 8

date of birth, information on dependants, credit history, previous residences, sample of a signature

Question 9

Thee unauthorized exposure of _______ information can be very harmful

Answer 9

privacy-related personal information

Question 10

What are the penalties for unauthorized exposure of personal information?

Answer 10

lawsuits, reputational damage, fines from regulators, and a number of other expenses. For a large breach, the cost of mitigation can be hi

Question 11

Thee dictionary definition of privacy is…

Answer 11

“The state or condition of being free from being observed or disturbed by other people”

Question 12

InfoSec Example of the concept of privacy:

Answer 12

There are federal, state, local, and tribal laws that govern what can be done or recorded

We have to follow these laws if we have, e.g., camera as part of our security infrastructure

Question 13

According to USA Federal Privacy Act, the first privacy right is:

Answer 13

First: it requires government agencies to show an individual any records kept on him or her

Question 14

According to USA Federal Privacy Act, the second privacy right is:

Answer 14

Second: it requires agencies to follow certain principles, called ‘fair information practices,’ when gathering and handling personal data

Question 15

According to USA Federal Privacy Act, the third privacy right is:

Answer 15

Third: it places restrictions on how agencies can share an individual’s data with other people and agencies

Question 16

According to USA Federal Privacy Act, the fourth privacy right is:

Answer 16

Fourth: it lets individuals sue the government for violating its provisions

Question 17

Large business across all states, like Amazon, need to ensure…

Answer 17

compliance with all states and federal laws

Question 18

Example of sensitive data:

Answer 18

name, address, social security number, payment card data, date of birth, e-mail address, phone numbers, IP addresses, MAC addresses, operating system and application information, mobile device information, biometric data

Question 19

Asocial media company may not tread any of the information as sensitive but rather users may sign an agreement that…

Answer 19

their data is open

Question 20

Computing security laws and regulations may vary across…

Answer 20

geographical locations

Question 21

______________ might affect businesses and organizations

Answer 21

Regulatory compliance and industry compliance

Question 22

Privacy issues may come into play when…

Answer 22

conducting business

Question 23

Which of the following departments must work together to take care of any law violations?

a. Security
b. HR
c. Legal department
d. All of the above

Answer 23

d. All of the above

Question 24

Regulatory compliance in a specific company highly depends on ______

a. Its operations and structures
b. Its policies and regulations
c. Its Incident Response Plan and data policies
d. Its logging and data validation

Answer 24

a. Its operations and structures

Question 25

In e-commerce, privacy related information includes_______

a. E-mail address
b. IP address
c. Mailing Address
d. Social security number
e. All of the above

Answer 25

e. All of the above

Question 26

A large business that spans across all provinces of a country must ensure compliance with ____

a. Only federal laws
b. Only provincial laws
c. All provincial and federal laws
d. None of the above

Answer 26

c. All provincial and federal laws

Question 27

In the case of a data breach or a leak, it is important to __________ all the information and data that has been compromised.

a. Catalog and categorize
b. Trace and recover
c. Decrypt and evaluated.
d. None of the above

Answer 27

a. Catalog and categorize

Question 28

How can a compliance audit be a positive occurrence?

Answer 28

Answer: It can help the participating company to educate its employee, find and fix compliance issues, revisit the compliance policy to be consistent with standards

Question 29

If there is any information leak, what you must do as a security analyst?

Answer 29

Answer: You must create a catalog and categorize the compromised information.