Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Compliance > HIPAA Lesson 8 > Flashcards

HIPAA Lesson 8 Flashcards

1
Q

According to the Computer Crime and Security Survey, which of these is the most common form of computer attack or abuse?
o Computer viruses.
o Security breaches that lead to significant financial losses.
o Internal employee abuse.
o Denial of service (DoS) attacks.

A

Computer viruses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
When you're talking about the Security Rule, what's the correct name for standards that work for large and small organizations? 
o Best practices. 
o Technology-neutral. 
o Comprehensive. 
o Scalable.
A

Scalable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Which term best matches this definition? "The security principle that means valued information assets are free from unauthorized modification or destruction." 
o  Integrity. 
o  Confidentiality. 
o  Availability. 
o  Addressable.
A

Integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
What's the correct name for the strategy of implementing controls that reduce the causes of risk? 
o  Risk assumption. 
o  Risk transference. 
o  Risk elimination. 
o  Risk mitigation.
A

Risk mitigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
When you're conducting a risk assessment, what should be your final step? 
o Vulnerability identification. 
o Threat identification. 
o Risk determination. 
o System or asset criticality analysis.
A

Risk determination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Computer Security Institute concludes that ______ attacks continue to be the source of the greatest financial losses. Further, there’s been a significant increase in _______ access, which is now the second-most-significant contributor to computer crime losses.

A
  1. virus

2. unauthorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

______ are the methods that have proven most effective over time.

A

Best practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The Security Rule creators developed the philosophy that the Security Rule should be _____, _____, and _____.

A
  1. comprehensive
  2. technology-neutral
  3. scalable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Encompassing all areas of the organization.

A

Comprehensive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List the security standards three main categories:

A
  1. administrative controls
  2. physical controls
  3. technical controls.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_____ is a not-for-profit organization that sets standards for all sorts of technology fields.

A

NIST (National Institute for Standards & Technology)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Protection of valued information assets from unauthorized disclosure.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Unbiased about whose technology or whose software product an organization uses.

A

Technology-neutral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Rules and procedures that work just as well for a few users as they do for many.

A

Scalable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Free from unauthorized modification or destruction.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Obtainable to those who have authorization to access it when they need it.

A

Availability

17
Q

The Security Rule has ____ standards.

A

18

18
Q

These specifications provide details about how to comply with the Security standards.

A

Implementation specifications

19
Q

A _____ implementation specification means that an organization has to implement the specification, no matter what the organization does or what sized it is.

A

Required

20
Q

_____ implementation specifications give CEs some flexibility for compliance with the security standards. A covered entity must first do its own risk ______ and create its own risk ______ strategy. It must also ______ the security measures already in place and consider the _____ of implementation.

A
  1. Addressable
  2. analysis
  3. mitigation
  4. assess
  5. cost
21
Q

______ cannot be the sole reason for not adopting an implementation specification.

A

Cost

22
Q

The Security Management Process contains which risk implementation specifications.

A
  1. Risk Analysis

2. Risk Management

23
Q

Risk can be a ______ or ______ measure.

A

quantitative

qualitative

24
Q

A risk measure that uses a mathematical process and assigned weights and numbers.

A

Quantitative

25
Q

Risk can be a ______ measure of the likelihood of a particular threat affecting a particular vulnerability, and the resulting impact that it would have.

A

Qualitative (non-numerical)

26
Q

What Are the Sources of Threats to Protected Health Information?

A
  1. Human: hackers, viruses, unintentional deletion, deliberate attacks, unauthorized access
  2. Natural: floods, earthquakes, tornadoes, fires, lightning strikes
  3. Environmental: long-term power failure, broken water pipes, heat or air-conditioning problems
27
Q

List the key steps for conducting a Risk Assessment.

A
  1. System or asset criticality analysis: How important is the system and the data on it?
  2. Threat identification: What can damage the confidentiality, integrity, or availability of the data on this system?
  3. Vulnerability identification: What weaknesses in the system make it susceptible to effects of a given threat?
  4. Control analysis: What safeguards are in place?
  5. Likelihood determination: What are the odds that a given threat will happen?
  6. Impact analysis: What will happen if a threat occurs?
  7. Risk determination: Based on how you answered the previous questions, what is your quantitative or qualitative measure of risk?
28
Q

List the four risk strategies.

A
  1. Risk Assumption
  2. Risk Mitigation
  3. Risk Avoidance
  4. Risk Transference
29
Q

Accept the risk as it is.

A

Risk Assumption

30
Q

Put controls in place that will offset the risk or reduce the harmful effects of the threat.

A

Risk Mitigation

31
Q

Implementing controls that eliminate the cause of the risk.

A

Risk Avoidance

32
Q

Transfer the risk to someone else.

A

Risk Transference

33
Q

______ is this overall process of risk assessment and risk mitigation.

A

Risk management

34
Q

After you complete your risk mitigation, there will still be vulnerabilities. This is the _______ level of risk to your assets.

A

residual

35
Q

You can never eliminate all risks. You can only reduce them to an _______ level.

A

acceptable

36
Q

Determine each risk strategy used below when an individual purchases a laptop:

  1. Installed antivirus software
  2. Accepted risk of not installing antivirus software
  3. Didn’t connect the laptop to the Internet
  4. Bought insurance to cover costs if someone hacks into the laptop
A
  1. Risk Mitigation
  2. Risk Assumption
  3. Risk Avoidance
  4. Risk Transference

Compliance (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions