Security and Risk Management

Question 1

What are the four main types of compliance obligations?

Answer 1

Criminal law, Civil Law, Administrative Law, Private Regulations

Question 2

What sets Criminal law apart from the other types of law?

Answer 2

Violations of criminal law may be punishable by jail

Question 3

What are the most common results of Civil law cases?

Answer 3

Monetary payments, or refraining from an action

Question 4

What does Administrative law provide?

Answer 4

Procedural rules and regulations where missing from civil or criminal law

Question 5

What gives Private regulations their power?

Answer 5

Contractual obligations such as PCI compliance

Question 6

What is the most common intersection of security and the constitution?

Answer 6

The fourth ammendment

Question 7

What does the fourth amendment state?

Answer 7

A person has a right against unlawful searches and seizures

Question 8

What are the three HIPAA covered entities?

Answer 8

Healthcare providers, health insurers, and health information clearinghouses

Question 9

FERPA regulations protect what?

Answer 9

Handling of student records, provides right of inspection, right to request corrections, restricts release

Question 10

What does the Gram-Leach Billey Act (GLBA) cover?

Answer 10

Financial services sector

Question 11

What does GLBA require?

Answer 11

Written information security program, designated security officer, limitations of file sharing

Question 12

Children’s online privacy protection act (COPPA) protects children under 13 how?

Answer 12

Requires websites have a privacy policy, provides for parental inspection and deletion, as well as consent

Question 13

Privacy act of 1974 restricts the sharing of information for who?

Answer 13

Federal organizations only

Question 14

Computer Fraud and Abuse ACT (CFFA) makes what a federal offense?

Answer 14

Unauthorized access to any machine that is engaged in interstate commerce

Question 15

Electronic Communications Privacy Act (ECPA) does what?

Answer 15

Restricts government interception of communications

Question 16

What act makes it a federal crime to steal an identity?

Answer 16

Identity Theft and Asumption Deterrence Act (ITADA)

Question 17

Software licenses commonly contain provisions for what?

Answer 17

Number of users, amount of information that may be processed, locations of use, number of servers

Question 18

What are the types of agreements?

Answer 18

Negotiated contracts, Click-through agreements, Shrink-wrap agreements

Question 19

Types of intellectual property protection

Answer 19

Copyrights, trademarks, patents, trade secrets

Question 20

What does copyright protect?

Answer 20

Creative works such as music, art, computer software, and more

Question 21

How long does a copyright last?

Answer 21

For 70 years beyond creator’s death

Question 22

What do trademarks protect?

Answer 22

Words, branding, slogans

Question 23

How long do trademarks last?

Answer 23

Renewed every 10 years, and can last indefinitely

Question 24

What three criteria must an inventor meet for a patent?

Answer 24

Novelty (newness), Usefulness, Nonobvious

Question 25

How long do patents last?

Answer 25

20 years

Question 26

What is the first step in risk assessment?

Answer 26

Identify the risks facing your organization

Question 27

What is a common term for an external force jeopardizing security?

Answer 27

A Threat

Question 28

What is the method an attacker uses to exploit a vulnerability?

Answer 28

Threat Vector

Question 29

What step of the risk assessment process ranks by likelihood and outcome?

Answer 29

Step 2

Question 30

How does qualitative risk assessment rank items?

Answer 30

Low, Medium, High

Question 31

How does quantitative risk assessment rank items?

Answer 31

Dollars and numbers