IS3230 CHAPTER 4 Flashcards
This is a title in the Code of Federal Regulations that deals with Food and Drug Administration (FDA) guidelines on electronic records and signatures. This title requires industries that fall under FDA regs to implement controls and is called ___.
21 CFR Part 11
A documented met odd or system of achieving a specific result in an effective efficient manner. It generally takes lessons learned from individuals or groups so that others can complete similar tasks in a more efficient manner is called ___.
Best practice
A US law passed in 2000. It requires schools and libraries receiving E-rate funds to filter some Internet content. The primary purpose is to protect minors from obscene or harmful content is called ___.
Children’s Internet Protection Act (CIPA)
Information about a student that an educational institution may release without the written consent of the student is called ___.
Directory information
Information about an individual’s health care stored in an electronic format is called ___.
Electronic protected health information (EPHI)
An act of Congress to protect the privacy of education records and applies to all education institutions receiving funding from the US Dept of Education is called ___.
Family Educational Rights and Privacy Act (FERPA)
An act of Congress that allowed banks, investment firms, and insurance companies to consolidate and also introduced some consumer protections, with one free credit report per year is called ___.
Gramm-Leach-Bliley Act (GLBA)
A collection of suggestions and best practices relating to a standard or procedure but doesn’t necessarily need to be met but compliance is strongly encouraged is called ___.
Guideline
Expanded and updated the civil and criminal penalties and requires notification if any breach causing the disclosure of this occurs is called ___.
Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
Legislation passed in 1996 that protects the privacy and availability of health care information is called ___.
Health Insurance Portability and Accountability Act (HIPAA)
This is a standard issued in August 2007 to enforce the standardization of security identification credentials for government employees and contractors. It covers both physical and logical access to government resources is called ___.
Homeland Security Presidential Directive 12 (HSPD 12)
A place where the operators vies the data that is received and processed and is connected to a database that gathers information from the RTUs is called ___.
Human machine interface (HMI)
Created in 1968 to ensure that the North American energy network is secure, adequate, and reliable and is mostly concerned with the creation of guidelines for strong access controls and processes is called ___.
North American Electric Reliability Council (NERC)
An electronic device used in industrial automation to provide logic and sequencing controls for machinery is called ___.
Programmable Logic controllers (PLCs)
Any information that concerns health status, health care, or any payment for health care that can be linked to the individual. This includes all of an individual’s medical record and payment history is called ___.
Protected health information (PHI)
A microprocessor-controlled electronic device that interfaces with objects in the physical world to a distributed control system or SCADA system by transmitting telemetry data to the system and/or altering the state of connected objects based on control messages received from the system is called ___.
Remote terminal unit (RTU)
Created to protect investors by improving the accuracy and reliability of corporate financial disclosures is called ___.
Sarbanes-Oxley (SOX) Act of 2002
A collection of requirements that must be met by anyone who performs a given task or works on a a specific system is called ___.
Standard
Systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities is called ___.
Supervisory Control and Data Acquisition (SCADA) process control systems
- In IT, it is imperative that you keep up to date with regulatory compliance laws.
TRUE OR FALSE
TRUE
- The Gramm-Leach-Blilely Act regulates which industry?
- Health Care
- Energy
- Financial services
- Automobile
- Education
Financial services
- A company regulated by GLBA is only required to protect against proven security threats, not perceived threats.
TRUE OR FALSE
FALSE
- HIPAA regulates which industry?
- Health Care
- Energy
- Financial services
- Automobile
- Education
Health Care
- Protected health information is interpreted very broadly and includes all of an individual’s medical records and payment history?
TRUE OR FALSE
TRUE
- The HIPAA Security Rule requires a set of ___, technical, and physical safeguards to electronic protected health information (EPHI)
Administrative
- The Sarbanes-Oxley Act regulates all ___ companies.
Publicly traded
- The Family Educational Rights and Privacy Act establishes a student’s right to know the information, location, and purpose of an educational record.
TRUE OR FALSE
TRUE
- Which regulation defines a standard for electronic records and signatures?
- Children’s Internet Protection Act
- 21 CFR Part 11
- HIPAA
- Sarbanes-Oxley
- HSPD 12
21 CFR Part 11
- ____ access controls enforce access created by the owner of the object.
Discretionary
- ____ are a collection of suggestions and best practices.
Guidelines
