Domain 3: Enterprise Information Systems

Question 1

Examples of technical security controls at the network level

Answer 1

Firewalls
IDPS (intrusion detection and prevention systems)
NAC (network access control)
VPN (virtual private networks)
DLP (data leakage protection)

Question 2

When does public media and secretary of HHS need to be notified about a breach?

Answer 2

If > 500 records are breached

Question 3

45 CFR 164.308 (a)(1) stipulates that entities

Answer 3

Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process

Question 4

Formula for # of connection required using point-to-point interfaces?

Answer 4

N*(N-1)/2

Question 5

What does Hick-Hyman Law state?

Answer 5

User response time (RT) is a function of # of possible responses

Question 6

What does Fitts Law state?

Answer 6

Time it takes to track to an object with a cursor is a function of distance traveled (D) and width of the target (W)

Question 7

Risk of maintaining a software product is transferred from the institution to the vendor by means of a?

Answer 7

Service Level Agreement (SLA)

Question 8

What does Application Service Provider (ASP) model refer to?

Answer 8

Business that provides computer services over the internet. Benefit of ASP model is that heavy computing is performed off-site by vendor so investment in data center is not needed.

Question 9

What is Norman’s Theory of Action

Answer 9

Human Information Processing theory. Separates each mental activity cycle into seven inter-related stages

1. Forming the target
2. Forming the intention
3. Specifying an action
4. Executing the action
5. Perceiving the state of the world
6. Interpreting the state of the world
7. Evaluating the outcome

Question 10

What is external representations

Answer 10

Example of external cognition, which is using external elements to help us make decisions. Use of the external element must change the cognitive task in some way.

Examples: Use of pen and paper to help with complex math; use of hand-drawn sketches to assist with brainstorming; graphical visualization of lab result to understand trends.

Question 11

What is distributed cognition?

Answer 11

Cognitive model focused on multiple people in a “cognitive system” collaborating to accomplish a shared goal.

Examples: crew working together to operate a ship; team of healthcare providers working together to care for a patient.

Question 12

3 categories of cognitive theories

Answer 12

1. Human Information Processing
2. External Cognition
3. Distributed Cognition

Question 13

Difference between Application Service Provider (ASP) and Software as a Service (Saas)

Answer 13

In ASP model, user is given access to virtual or physical computer

In SaaS model, user access is provided via web-based application that connects with vendor’s central database via API. Instead of running 1000 instances of app, vendor only needs to run one instance. Multitenancy is term used when multiple users share the same software instance.