IS3230 CHAPTER 4

Question 1

This is a title in the Code of Federal Regulations that deals with Food and Drug Administration (FDA) guidelines on electronic records and signatures. This title requires industries that fall under FDA regs to implement controls and is called ___.

Answer 1

21 CFR Part 11

Question 2

A documented met odd or system of achieving a specific result in an effective efficient manner. It generally takes lessons learned from individuals or groups so that others can complete similar tasks in a more efficient manner is called ___.

Answer 2

Best practice

Question 3

A US law passed in 2000. It requires schools and libraries receiving E-rate funds to filter some Internet content. The primary purpose is to protect minors from obscene or harmful content is called ___.

Answer 3

Children’s Internet Protection Act (CIPA)

Question 4

Information about a student that an educational institution may release without the written consent of the student is called ___.

Answer 4

Directory information

Question 5

Information about an individual’s health care stored in an electronic format is called ___.

Answer 5

Electronic protected health information (EPHI)

Question 6

An act of Congress to protect the privacy of education records and applies to all education institutions receiving funding from the US Dept of Education is called ___.

Answer 6

Family Educational Rights and Privacy Act (FERPA)

Question 7

An act of Congress that allowed banks, investment firms, and insurance companies to consolidate and also introduced some consumer protections, with one free credit report per year is called ___.

Answer 7

Gramm-Leach-Bliley Act (GLBA)

Question 8

A collection of suggestions and best practices relating to a standard or procedure but doesn’t necessarily need to be met but compliance is strongly encouraged is called ___.

Answer 8

Guideline

Question 9

Expanded and updated the civil and criminal penalties and requires notification if any breach causing the disclosure of this occurs is called ___.

Answer 9

Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009

Question 10

Legislation passed in 1996 that protects the privacy and availability of health care information is called ___.

Answer 10

Health Insurance Portability and Accountability Act (HIPAA)

Question 11

This is a standard issued in August 2007 to enforce the standardization of security identification credentials for government employees and contractors. It covers both physical and logical access to government resources is called ___.

Answer 11

Homeland Security Presidential Directive 12 (HSPD 12)

Question 12

A place where the operators vies the data that is received and processed and is connected to a database that gathers information from the RTUs is called ___.

Answer 12

Human machine interface (HMI)

Question 13

Created in 1968 to ensure that the North American energy network is secure, adequate, and reliable and is mostly concerned with the creation of guidelines for strong access controls and processes is called ___.

Answer 13

North American Electric Reliability Council (NERC)

Question 14

An electronic device used in industrial automation to provide logic and sequencing controls for machinery is called ___.

Answer 14

Programmable Logic controllers (PLCs)

Question 15

Any information that concerns health status, health care, or any payment for health care that can be linked to the individual. This includes all of an individual’s medical record and payment history is called ___.

Answer 15

Protected health information (PHI)

Question 16

A microprocessor-controlled electronic device that interfaces with objects in the physical world to a distributed control system or SCADA system by transmitting telemetry data to the system and/or altering the state of connected objects based on control messages received from the system is called ___.

Answer 16

Remote terminal unit (RTU)

Question 17

Created to protect investors by improving the accuracy and reliability of corporate financial disclosures is called ___.

Answer 17

Sarbanes-Oxley (SOX) Act of 2002

Question 18

A collection of requirements that must be met by anyone who performs a given task or works on a a specific system is called ___.

Answer 18

Standard

Question 19

Systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities is called ___.

Answer 19

Supervisory Control and Data Acquisition (SCADA) process control systems

Question 20

1. In IT, it is imperative that you keep up to date with regulatory compliance laws.
   TRUE OR FALSE

Answer 20

TRUE

Question 21

2. The Gramm-Leach-Blilely Act regulates which industry?
3. Health Care
4. Energy
5. Financial services
6. Automobile
7. Education

Answer 21

Financial services

Question 22

3. A company regulated by GLBA is only required to protect against proven security threats, not perceived threats.
   TRUE OR FALSE

Answer 22

FALSE

Question 23

4. HIPAA regulates which industry?
5. Health Care
6. Energy
7. Financial services
8. Automobile
9. Education

Answer 23

Health Care

Question 24

5. Protected health information is interpreted very broadly and includes all of an individual’s medical records and payment history?
   TRUE OR FALSE

Answer 24

TRUE

Question 25

6. The HIPAA Security Rule requires a set of ___, technical, and physical safeguards to electronic protected health information (EPHI)

Answer 25

Administrative

Question 26

7. The Sarbanes-Oxley Act regulates all ___ companies.

Answer 26

Publicly traded

Question 27

8. The Family Educational Rights and Privacy Act establishes a student’s right to know the information, location, and purpose of an educational record.
   TRUE OR FALSE

Answer 27

TRUE

Question 28

9. Which regulation defines a standard for electronic records and signatures?
10. Children’s Internet Protection Act
11. 21 CFR Part 11
12. HIPAA
13. Sarbanes-Oxley
14. HSPD 12

Answer 28

21 CFR Part 11

Question 29

10. ____ access controls enforce access created by the owner of the object.

Answer 29

Discretionary

Question 30

11. ____ are a collection of suggestions and best practices.

Answer 30

Guidelines