Ethical Impacts

Question 1

What is a patent?

Answer 1

Grant of property right issued by the US Patent and Trademark Office (USPTO) to an inventor, permitting owner to exclude public from making, using, or selling the protected invention, and allows for legal action in violations.

Question 2

Which law grants citizens the right to access certain information and records of the federal government upon request?

Answer 2

The Freedom of Information Act (FOIA)

Question 3

What is a utility patent?

Answer 3

Issued for a new process, machine, manufacture, or composition of matter

Question 4

What are three advantages of trade secret law over patents and copyrights?

Answer 4

1. No time limitations on trade secret protections
2. No need to file an application or otherwise disclose to outsiders for protection
3. No risk that trade secret will be found invalid in court

Question 5

What is the focus of CALEA?

Answer 5

To require telecom industry to build tools into its products that federal investigators can use to eavesdrop on conversations and intercept electronic communications

Question 6

Which law defined standards to improve portability and continuity of health insurance coverage, reduce fraud, and simplify administration?

Answer 6

The Health Insurance Portability and Accountability Act

Question 7

Which law prohibits US government agencies from concealing the existence of any personal data record keeping system?

Answer 7

The Privacy Act

Question 8

What are the three areas addressed by ECPA?

Answer 8

1. Protection of communications while in transfer
2. Protection of communications held in electronic storage
3. Prohibition of devices from recording dialling, routing, addressing, and signalling information without a search warrant

Question 9

What type of information is excluded from FOIA requests?

Answer 9

Freedom of Information Act prohibits request for excessively wide range searches of records.

Question 10

What are fair information practices?

Answer 10

Guidelines that govern the collection and use of personal data

Question 11

Which law mandates websites catering to children to offer comprehensive privacy policies, notify parents or guardians about their data collection practices, and receive parental consent before collecting any personal information from children under 13?

Answer 11

Children’s Online Privacy Protection Act (COPPA)

Question 12

Which law has strong privacy provisions for electronic health records (EHRs) - banning sale of info, promoting audit trails and encryption, and rights of access for patients?

Answer 12

The American Recovery and Reinvestment Act

Question 13

What is a trademark?

Answer 13

A logo, package design, phrase, sound, or word that differentiates a brand

Question 14

What is cyberterrorism?

Answer 14

Intimidation of the government or civilian population by using IT to disable national infrastructure (energy, transportation, finance, law enforcement, and emergency response) to achieve political, religious, or ideological goals.

Question 15

What is the basis for protecting personal privacy under law?

Answer 15

The Fourth Amendment’s defence against unreasonable searches and seizures without a warrant or probable cause.

Question 16

What types of speech are not protected by the First Amendment?

Answer 16

1. Perjury
2. Fraud
3. Defamation
4. Obsenity

Question 17

Which law ensures accuracy, fairness, and privacy of information gathered by credit card companies?

Answer 17

Fair Credit Reporting Act

Question 18

What is a copyright?

Answer 18

Exclusive right to distribute, display, perform, or reproduce an original work in copies, to prepare derivative works, and to grant these exclusive rights to others.

Question 19

Which law granted a four year extension of the US PATRIOT Act that allowed roving wiretaps and searches of business records, and extended authorization intelligence gathering on lone wolves?

Answer 19

The PATRIOT Sunsets Extension Act

Question 20

Which agreement created the World Trade Organization in Geneva to enforce compliance and has a section called Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS)?

Answer 20

The General Agreement on Tariffs and Trade (GATT), 1993

Question 21

What are key elements of end user security layer?

Answer 21

1. Security education
2. Authentication methods
3. Antivirus software
4. Data encryption

Question 22

What is the difference between data manipulation and misrepresentation?

Answer 22

Manipulation is largely illustrative

Misrepresentation deliberately influences audiences toward an outcome

Question 23

How does an organization implement a risk-based security strategy?

Answer 23

1. Risk assessment
2. Disaster recovery plan
3. Define security policies
4. Periodic security audits
5. Compliance standards defined by external parties
6. Track with security dashboard

Question 24

What are the keys laws establishing the legal framework for electronic surveillance?

Answer 24

1. Communication Act (1934)
2. Foreign Intelligence Surveillance Act (FISA) (1978, amended 2008)
3. Title III of the Omnibus Crime Control and Safe Streets Act (1968, amended 1986) (the “Wiretap Act”)

Also:

4. Electronic Communication Privacy Act (ECPA) (1986)
5. Communication Assistance for Law Enforcement Act (1994)
6. USA PATRIOT Act (2001)

Question 25

Which legislation directly repeals the EU Data Protection Directive and indirectly the Privacy Shield framework?

Answer 25

The General Data Protection Regulation (GDPR) in 2018

Noncompliance can result in penalties for privacy violations amounting to as much as 4% of companies annual global revenue

Question 26

What is confidentiality?

Answer 26

Protecting an organizations most sensitive information: IP, finance and payroll, customers, etc.

Question 27

Which law modified 15 existing statutes and gave sweeping new powers to domestic law enforcement and international intelligence agencies for increased eavesdropping ability, email interception, and medical/financial records searches, and eased restrictions on foreign intelligence gathering in the States?

Answer 27

The US PATRIOT Act

Question 28

Which law set requirements for sex offender registration and notification in the United States?

Answer 28

1994 Jacob Wetterling Crimes Against Children and Sexually Violent Offender Registration Act

(States required to create web sites to provide info for registered sex offenders)

Question 29

What was ECPA passed to amend?

Answer 29

Title III of the Omnibus Crime Control and Safe Streets Act

Question 30

Which law established mandatory guidelines for the collection and disclosure of personal financial information by financial institutions, including documenting their security plans?

Answer 30

The Gramm-Leach-Bliley Act (GLBA)

Question 31

Which law governs national standards as to which sex offenders must register and which data must be captured?

Answer 31

The Sex Offender Registration and Notification Provisions (SORNA) of the Adam Walsh Child Protection and Safety Act of 2006

Question 32

What is the right of privacy?

Answer 32

The right of privacy is the right to be left alone - the most comprehensive of rights, and the right most valued by free people

Question 33

What are the two common payment methods for paid media marketing?

Answer 33

Cost per click

Cost per thousand impressions

Question 34

Which law terminated the bulk collection of phone metadata by the NSA, instead requiring telecom carriers to respond to NSA queries for data; the act also restored authorization for roving wiretaps and the tracking of lone wolf terrorists?

Answer 34

USA Freedom Act

Question 35

What are common benefits of data?

Answer 35

1. Human understanding

2. Social, institutional, economic efficiency

Question 36

Which law changed the US patent system from “first to invent” to “first inventor to file”, and expanding the definition of prior art, making it more difficult to obtain a patent?

Answer 36

The Leahy-Smith America Invents Act

Question 37

Who put forward a privacy multistakeholder process to develop a voluntary enforceable code of conduct specifying how Consumer Privacy Bill of Rights applies to facial recognition tech?

Answer 37

National Telecommunications and Information Administration (NTIA) of the US Department of Commerce

Question 38

What is the purpose of the Title III of the Omnibus Crime Control and Safe Streets Act?

Answer 38

To regulate the interception of wire and oral communications

Question 39

What is the purpose of the Privacy Act (1974)?

Answer 39

To regulate the concealment of data record keeping in the systems of the federal government

Question 40

What is intellectual property?

Answer 40

Works of the mind that are distinctly owned or created by a single person or group

Question 41

What is earned media?

Answer 41

Exposure an organization gets through press or social media mentions, positive ratings or reviews, tweets and shares, reposts, recommendations, etc.

Question 42

Which UN agency is dedicated to the use of intellectual property?

Answer 42

The World Intellectual Property Organization (WIPO)

Question 43

Why is integrity?

Answer 43

Data can only be changed by authorized individuals so that the accuracy, consistency, and trustworthiness of the data are gauaranteed

Question 44

Which law allows consumers the request and obtain a free credit report each year from each of three consumer credit reporting agencies?

Answer 44

The Fair and Accurate Credit Transaction Act

Question 45

What is a white hat hacker?

Answer 45

Someone hired to test security of information systems in order to improve defences

Question 46

How was FISA amended in 2004 and 2008?

Answer 46

2004: authorized FISA to collect intel on lone wolf individuals
2008: granted NSA expanded authority to collect international communications flowing through US telecom equipment and facilities

Question 47

How many firms record and review employee communications and activities on the job?

Answer 47

80%

Question 48

Which law deals with the protection of communications while in transit from sender to receiver; the protection of communications held in electronic storage; and the prohibition of devices from recording dialing, routing, addressing, and signaling info without a warrant?

Answer 48

The Electronic Communications Privacy Act (ECPA) of 1986

Question 49

What is the law functioning as a stopgap measure allowing businesses to transfer personal data about European citizens to the United States, after the Safe Harbour agreement was deemed invalid by the European Court of Justice?

Answer 49

The European-United States Privacy Shield Data Transfer Program Guidelines

Question 50

How many internet users worldwide?

Answer 50

4 billion

Question 51

What is the purpose of FISA?

Answer 51

To describe procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of those powers.

Question 52

Which organization combats cyberstalking?

Answer 52

The National Center for Victims of Crime

Question 53

What is a design patent?

Answer 53

Issued for a new design embodied in or applied to an article of manufacture

Question 54

What is a MSSP?

Answer 54

Managed Security Service Provider, who monitor, manage, maintain computer and network security

Question 55

How is data accuracy defined?

Answer 55

Associated with data legitimacy

Question 56

Which law requires member countries to ensure that data transferred to non-EU countries is protected and bars export to countries without EU-comparable data privacy protection standards?

Answer 56

The European Union Data Protection Directive, led to Safe Harbour agreement

Question 57

What is the most common source of data inaccuracy?

Answer 57

Human error

Question 58

What are five reasons for prevalent computer incidents?

Answer 58

1. Increase in complexity
2. Expansion and change in systems
3. Increase in BYOD policies
4. Growing reliance on software with known vulnerabilities
5. Increasing bad actor sophistication

Question 59

Which law authorized intelligence gathering on individuals not affiliated with any terrorist org (lone wolves)?

Answer 59

The FISA Amendments Act of 2004

Question 60

Who is responsible for US cyber security and resilience?

Answer 60

DHS, Office of Cybersecurity and Communications

Question 61

What standard is often held up as a model for ethical treatment of consumer data?

Answer 61

The Organization for Economic co-Operation and Development (OECD)‘s fair information practices, to be adopted by member countries on a voluntary basis

Question 62

What must characterize a patentable invention?

Answer 62

1. It must be useful.
2. It must be novel.
3. It must not be obvious to a person with ordinary skill in the same field.

Question 63

What is a stalking app?

Answer 63

Cell phone app making it possible to track location, record calls, view every text and photo, and record website URLs.

Question 64

What does CIA stand for?

Answer 64

Confidentiality
Integrity
Availability

The security practices of organizations worldwide must ensure confidentiality, maintain integrity, guarantee availability (the security triad).

Question 65

Why was the main focus of the USA Freedom Act (2015)?

Answer 65

After the NSA revelations by Edward Snowden, this Act terminated the bulk collection of telephone metadata by the NSA; instead, now telecom holds the data and responds to NSA inquiries.

Also authorized roving wiretaps (surveillance of individual over multiple devices) and lone wolf terrorist tracking.

Question 66

Which law regulates operations of credit reporting bureaus?

Answer 66

The Fair Credit Reporting Act

Question 67

Which law protects investors by improving accuracy and reliability of corporate disclosures?

Answer 67

The Sarbanes-Oxley Act of 2002

Question 68

Which law increased trademark and copyright enforcement and penalties for infringement?

Answer 68

The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008

Question 69

Which law protects financial records from unauthorized scrutiny by federal government?

Answer 69

The Right to Financial Privacy Act

Question 70

What does the First Amendment not protect?

Answer 70

1. Promote hate
2. Defamation
3. Obscenity
4. Sedition

Question 71

Which law describes procedures for electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers?

Answer 71

The Foreign Intelligence Surveillance Act (FISA) of 1978

Question 72

What are the two primary objectives of social media marketing?

Answer 72

1. Brand awareness

2. Driving traffic to website to increase sales

Question 73

What is organic media marketing?

Answer 73

Employs tools tailored for social media platform to build a community and share with that community

Question 74

Which law allowed NSA expanded authority to collect, without court-approved warrants, international communications flowing through US telecom equipment and facilities?

Answer 74

The Foreign Intelligence Surveillance Act (FISA) of 1978 Amendments Act of 2008

Question 75

How is data integrity defined as a state and process?

Answer 75

1. State: defines a data set both valid and accurate

2. Process: describes measures used to ensure validity and accuracy of a data set

Question 76

What qualifies as a trade secret?

Answer 76

Information must have economic value

Must not be readily ascertainable

Owner must have taken steps to maintain secrecy

Question 77

Which laws were enacted to prosecute computer crime?

Answer 77

1. Computer Fraud and Abuse Act
2. Fraud and Related Activity in Connection with Access Devices Statute
3. The Stored Wire and Electronic Communications and Transactional Records Access Statutes
4. USA PATRIOT Act

Question 78

Which laws protect trade secrets?

Answer 78

1. Uniform Trade Secrets Act
2. Economic Espionage Act
3. Defend Trade Secrets Act, amending EEA to create a federal civil remedy for trade secret misappropriation

Question 79

What is the primary danger to facial recognition technology?

Answer 79

Loss of anonymity

Question 80

What are key elements of the network security layer?

Answer 80

1. Authentication methods
2. Firewalls
3. Routers
4. Encryptions
5. Proxy servers
6. VPNs
7. IDSs

Question 81

Which organization and initiative created set of fair information practices held up as a model for organizations to adopt the ethical treatment of consumer data?

Answer 81

The Organization for Economic Co-operation and Development (OECD) for the Protection of Privacy and Transborder Data Flows of Personal Data

Question 82

What is black hat?

Answer 82

A hacker who violates computer security for their own personal profit or malice

Question 83

Which law requires the telecom industry to build tools into its products that federal investigators can use with a court order to eavesdrop and intercept e-communications?

Answer 83

The Communications Assistance for Law Enforcement Act (CALEA) or “Digital Telephony Act”

Question 84

Which law implements two WIPO treaties in the US: making it illegal to circumvent technical protection and providing tools to circumvent technical protection, and limiting the liability of ISPs for copyright infringement by their customers?

Answer 84

The Digital Millennium Copyright Act (DMCA)

Question 85

What is the difference between security safeguards and purpose specification in the context of fair information practices?

Answer 85

1. Security safeguards focus on access, modification, or disclosure of personal data
2. Purpose specification is focused on specified purpose of the data collection and absence of consequent change in collected data

Question 86

What quality management system certification is ubiquitous?

Answer 86

International Organization for Standardization (ISO) 9001

Question 87

How is data privacy defined?

Answer 87

Aligned to information access and consent

Question 88

What did CALEA amend?

Answer 88

The Communications Assistance for Law Enforcement Act (CALEA) amended both the Wiretap Act and the ECPA, because of growing wireless data networks

Question 89

What is predictive coding?

Answer 89

A process coupling human intelligence with computer-driven concept searching to “train” software to recognize certain relevant documents

Question 90

What is a data breach and what is a fundamental issue associated with it?

Answer 90

Unintended release of sensitive data or the access of sensitive data by unauthorized individuals

Many companies have a lack of initiative in informing people of data breaches, leading to data breach notification laws

Question 91

Which law addresses the export of personal data outside the EU, enabling citizens to see and correct their personal data, standardizing data privacy regulations within the EU, and establishing penalties for violation of its guidelines?

Answer 91

The General Data Protection Regulation (GDPR)

Question 92

What is cyber espionage?

Answer 92

Deployment of malware that secretly steals data in the computer systems of organizations; this data often provides a competitive advantage to the perpetrator.

Question 93

What is an EDR?

Answer 93

The event data recorder records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy airbags.

Question 94

Why are key elements of the application security layer?

Answer 94

1. Authentication methods
2. User roles and accounts
3. Data encryption

Question 95

What is one way around inaccurately captured data?

Answer 95

Machine learning systems can use incomplete or occasionally inaccurate information without severe consequence

Question 96

How does the fair use doctrine pertain to the use of copyrighted property?

Answer 96

1. The purpose and character of the use
2. The nature of the copyrighted work
3. The portion of the copyrighted work used
4. The effect of the use on the value of the copyrighted work

Question 97

Why is the concept of reasonable assurance?

Answer 97

Managers must use their judgment to ensure that the cost of control doesn’t exceed the systems benefits or the risks involved

Question 98

Which US companies where allowed to process and store the data of EU consumers and companies under the Safe Harbor framework?

Answer 98

Companies that were certified as meeting the directive’s safe harbour principles.

The European Court of Justice declared this invalid in 2015 after Snowden- framework now replaced by European-United States Privacy Shield Data Transfer Program.

Question 99

What piece of legislation ensures a US citizen’s ability to obtain records of interest kept by the federal government?

Answer 99

FOIA

Question 100

Which law provides students and their parents with specific rights regarding the release of student records?

Answer 100

Family Educational Rights and Privacy Act (FERPA)

Question 101

Which order identifies various government intelligence-gathering agencies and defines what information can be collected, retained, and disseminated by the agencies; allowing for tangential collection of US citizen data (even when not specifically targeted)?

Answer 101

Executive Order 12333 (Reagan, 1981)

Question 102

What is an exploit?

Answer 102

An attack on an information system that takes advantage of a particular system vulnerability (often due to poor design or implementation)

Question 103

What are two advantages of social media marketing over traditional?

Answer 103

1. Marketers can create a conversation with ad viewers

2. Ads can be specifically targeted

Question 104

What is information privacy?

Answer 104

1. Communications privacy (ability to communicate with others without being monitored by a third party)
2. Data privacy (ability to limit access to one’s personal data by other individuals and organizations)

Question 105

To what countries in the UN does the European Union Data Protection Directive allow the export of data?

Answer 105

To countries with data privacy protection standards comparable to the EU

Question 106

Which law regulates the interception of wire and oral communications?

Answer 106

Title III of the Omnibus Crime Control and Safe Streets Act (“Wiretap Act”)

Question 107

What do marketers use along with cookies to provide targeted advertisements to online consumers?

Answer 107

Tracking software

Question 108

Why is the 2013 Target data breach a “poster child” for these breaches?

Answer 108

1. Breach included financial data including debit and cc numbers
2. Breach caused $800M sales drop in the quarter partly due to loss of goodwill from customers
3. Breach caused $200M to banking industry in card replacement plus millions more as loss for fraudulent purchases

Question 109

How many major companies record and review employee communications and activities on the job?

Answer 109

80%

Question 110

How prevalent is cyberloafing and why does it cost US businesses annually?

Answer 110

More than 60% of least productive worker time lost, and costs $86B a year.

Question 111

What are two ways that EDRs are used?

Answer 111

Vehicle event data recorders can be subpoenaed by court for use in court proceedings, and can capture and record data to be used by vehicle manufacturers to improve vehicle crash performance.

Question 112

What is a cyber attack that takes place before the security community or software developers become aware of vulnerability and fix it?

Answer 112

Zero day exploit

Question 113

What is the VEP policy?

Answer 113

The Vulnerability Equities Process (VEP) is how US federal agencies determine on a case to case basis how it should treat zero day computer security vulnerabilities, whether to disclose to public or company or keep them secret for offensive use

Question 114

What is a piece of programming code, usually disguised, that causes a computer to behave in an unexpected and usually undesirable manner?

Answer 114

A virus

Question 115

What is a harmful program that resides in the active memory of a computer and duplicates itself?

Answer 115

A worm

Question 116

Why law declares spam to be illegal unless the message meets specific requirements?

Answer 116

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)

Question 117

What is a set of programs that enable the user to gain admin-level access to a computer without consent?

Answer 117

Rootkit

Question 118

Why is an APT attack?

Answer 118

Advanced persistent threat (APT) is a network attack where the intruder gains access to a network and stays for a long time undetected to steal data (rather than disrupt services)

Question 119

What are the five phases of an APT attack?

Answer 119

1. Recon
2. Incursion
3. Discovery
4. Capture
5. Export

Question 120

What are federal laws for prosecuting computer attacks?

Answer 120

1. Computer Fraud and Abuse Act
2. Fraud and Related Activity in Connection with Access Devices Statute
3. Stored Wire and Electronic Communications and Transactional Records Access Statutes
4. USA PATRIOT Act

Question 121

What is US-CERT?

Answer 121

The United States Computer Emergency Readiness Team is a partnership between the Department of Homeland Security and private sectors that was established to protect internet infrastructure against cyberattacks

Question 122

What % of internet users have personally experienced cyber abuse?

Answer 122

47%

72% have witnessed it

Question 123

How is cyber stalking a problem?

Answer 123

14% of internet users under 30 have experienced

20% of women under 30

8% of total internet users have experienced

Question 124

What law improved on the 1994 Wetterling Act?

Answer 124

SORNA of the Adam Walsh Child Protection and Safety Act of 2006 improved on the Jacob Wetterling Act by setting national standards for sex offender registration (the original called for local registration).

Question 125

Who does Section 230 of the Communications Decency Act protect?

Answer 125

The website