Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS4550 SECURITY POLICIES > IS4550 CHAPTER 3 > Flashcards

IS4550 CHAPTER 3 Flashcards

1
Q

Established rules on how consumers and their information should be handled during an e-commerce transaction is called ___.

A

CONSUMER RIGHTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The laws that set expectations on how your personal information should be protected and limits place on how the data should be shared is called ___.

A

DATA PRIVACY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

___ is defined as 1. Information that supports a conclusion or 2. Material presented to a regulator to show compliance.

A

EVIDENCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A formal process to identify threats, potential attacks, and impacts to an an organization is called ___.

A

INFORMATION SECURITY RISK ASSESSMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A framework that contains a comprehensive list of concepts, practices, and processes for managing IT services is called ___.

A

INFORMATION TECHNOLOGY AND INFRASTRUCTURE LIBRARY (ITIL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Software that blocks access to specific sites on the Internet is called ___.

A

INTERNET FILTERS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The practice of agreeing to use of personal information beyond its original purpose is called ___.

A

OPT-IN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The practice of declining persuasion to use personal information beyond its original purpose is called ___.

A

OPT-OUT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A worldwide information security standard that describes how to protect credit card information is called ___.

A

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In e-commerce, broadly deals with how personal information is handled and what it is used for is called ___.

A

PERSONAL PRIVACY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A formal process to identify threats, potential attacks, and impacts to an organization is called ___.

A

RISK ASSESSMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When related to compliance, it’s the mapping of regulatory requirements to policies and controls is called ___.

A

SECURITY CONTROL MAPPING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A person who buys stock in a company (investor) is called ___.

A

SHAREHOLDER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A widely accepted auditing standard created by the American Institute of Certified Public Accountants and examines an organizations control environment is called ___.

A

STATEMENT ON AUDITING STANDARD 70 (SAS 70)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. When creating laws and regulations, the government’s sole concern is the privacy of the individual.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following are pressures on creating security policies?
  2. Shareholder value
  3. Regulations
  4. Technology vulnerabilities and limitations
  5. 2 and 3 only
  6. All the above
A

Shareholder value
Regulations
Technology vulnerabilities and limitations

All the above

17
Q
  1. Which of the following laws require proper security controls for handling privacy data?
  2. HIPAA
  3. GLBA
  4. FERPA
  5. 2 & 3 only
  6. All the above
A

HIPAA
GLBA
FERPA
All the above

18
Q
  1. Which of the following are control objectives for PCI DSS?
  2. Maintain an information security policy
  3. Protect cardholder data
  4. Alert when credit cards are illegally used
  5. 1 & 2 only
  6. None of the above
A

Maintain an information security policy
Protect cardholder data

1 & 2 only

19
Q
  1. A SAS 70 audit is popular because it allows a service auditor to review an organization’s ___ and issue an independent opinion.
A

Control environment

20
Q
  1. Health care providers are those that process and facilitate billing.
    TRUE OR FALSE
A

FALSE

21
Q
  1. The law that attempts to limit children’s exposure to sexually explicit material is ___.
A

CIPA

22
Q
  1. It is easier to quantify leading practices than best practices.
    TRUE OR FALSE
A

TRUE

23
Q
  1. You should always write new security policies each time a new regulation is issued.
    TRUE OR FALSE
A

FALSE

24
Q
  1. What should you ask for to gain confidence that a vendor’s security controls are adequate?
  2. A SAS 70 Type I audit
  3. A SAS 70 Type II audit
  4. A list of all internal audits
  5. All the above
A

A SAS 70 Type II audit

25
Q
  1. Why is it important to map regulatory requirements to policies and controls?
  2. To demonstrate compliance to regulators
  3. To ensure regulatory requirements are covered
  4. To demonstrate the importance of a security control
  5. All the above
A

To demonstrate compliance to regulators
To ensure regulatory requirements are covered
To demonstrate the importance of a security control

All the above

IS4550 SECURITY POLICIES (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions