PA Information Security and Ethics Flashcards
A company is updating its information security policies after several updates and changes have been made to its enterprise information system. One component of the new policies indicates that management is only allowed access to employee data that is necessary and directly related to a defined business task.
Which ethical concern is addressed by the policy?
A. Justice
B. Transparency
C. Due process
D. Privacy
Correct Answer: D. Privacy
Explanation:
This policy ensures that employee data is protected from unnecessary access, addressing the ethical concern of privacy. It restricts access to only what is relevant for business tasks.
An online retailer has experienced rapid growth over the past several years and has decided to revisit its information security policies. Among many changes, one aspect indicates that a specific team will be established to handle internal policy disputes or questions of conduct.
Which ethical concern is addressed by this aspect of the new policies?
A. Human welfare
B. Justice
C. Due process
D. Proportionality
Correct Answer: C. Due process
Explanation:
Establishing a team to handle disputes ensures fairness and provides a structured mechanism for addressing concerns, aligning with the ethical principle of due process.
A company recently experienced an internal information security breach, but the company is reluctant to report the computer crime.
Which reason explains why the company is reluctant to report the crime?
A. The extent of the damage is not yet known.
B. The crime involves employees.
C. The vulnerability has not yet been fixed.
D. The vulnerability was unknown.
Correct Answer: B. The crime involves employees.
Explanation:
Companies may hesitate to report crimes involving employees due to concerns about reputation, legal issues, or employee morale.
A financial firm serving tens of millions of clients was recently the target of a cybercrime attack. Valuable company data and sensitive customer data were copied, resulting in harm to both customers and the company.
What is a societal consequence related to this large-scale attack?
A. Shift away from business technology use
B. Higher prices for goods and services
C. Reduced labor availability
D. Loss of public trust
Correct Answer: D. Loss of public trust
Explanation:
Large-scale data breaches erode trust in businesses, as customers may fear that their data is not adequately protected.
A national retailer reported that computer hackers were able to penetrate their information system and steal sensitive company and customer data, potentially affecting millions of customers and threatening business operations.
Which societal consequence is expected for this large-scale attack?
A. Reduced labor availability
B. Shift away from business technology use
C. More stringent regulatory oversight
D. Higher prices for goods and services
Correct Answer: C. More stringent regulatory oversight
Explanation:
Breaches often lead to stricter regulations and oversight to ensure that businesses improve their security practices and protect consumer data.
A business owner is working on bolstering information security and is especially concerned about protecting user identities.
Which tool should the business owner use to address this concern?
A. Peer-to-peer architecture
B. System auditing
C. Employee education
D. Identity management
Correct Answer: D. Identity management
Explanation:
Identity management systems help protect user identities by managing and securing authentication, access, and personal data.
A cross-functional team is working with a vendor to develop and implement information system policies in response to the growing use of customer information and networking within business operations. The team is currently addressing concerns about unauthorized access to stored customer information.
Which type of controls should this team create?
A. Software
B. Computer operations
C. Data security
D. Hardware
Correct Answer: C. Data security
Explanation:
Data security controls are essential to prevent unauthorized access to sensitive customer information, ensuring compliance and safeguarding data integrity.
A small business owner has concerns about information security but is not sure where to begin.
What should this business owner do first?
A. Educate employees on the dangers of phishing attacks
B. Install an intrusion detection system
C. Implement administrative controls
D. Conduct a risk assessment
Correct Answer: D. Conduct a risk assessment
Explanation:
Conducting a risk assessment is the first step to identify vulnerabilities and prioritize security measures for the business.
With its rapidly growing level of business, a company wants a process-based approach for establishing an information security management system.
Which standard should the company use for this purpose?
A. HIPAA
B. ISO 27001
C. PCI DSS
D. Six Sigma
Correct Answer: B. ISO 27001
Explanation:
ISO 27001 provides a comprehensive framework for establishing, maintaining, and improving information security management systems.
An organization is seeking to enhance its information security measures. The organization wants guidelines for the integration of information security into operational plans.
Which standard provides these guidelines?
A. ISO 27001
B. PCI DSS
C. ISO 9001
D. Six Sigma
Correct Answer: A. ISO 27001
Explanation:
ISO 27001 includes guidelines for integrating security measures into business operations, ensuring a strategic approach to information security.
An organization that operates completely within the U.S. needs guidelines for creating a disaster recovery plan to restore information systems after an attack.
What should this organization use to obtain the needed guidelines?
A. ISO 9001
B. IEEE 802
C. NIST Framework
D. Six Sigma
Correct Answer: C. NIST Framework
Explanation:
The NIST Framework offers guidelines tailored for U.S. organizations to prepare for, respond to, and recover from cyberattacks and other information security threats.
