Topic 3.3 Confidentiality And Privacy

Question 1

It is especially important to encrypt sensitive information in:

Answer 1

Databases

Question 2

What are the privacy controls of security

Answer 2

Deals with protecting customer information vs internal company information

Same controls:

• identification
• encryption
• access control
• training

Question 3

What are privacy concerns?

Answer 3

SPAM
identity theft
Unauthorised use of personal data for perpetrators benefit

Question 4

What are the generally accepted privacy principles

Answer 4

• Management
• Notice
• Choice and consent
• Collection
• Use, retention, and disposal
• Access
• Disclosure to third parties
• Security
• Quality
• Monitoring and enforcement

Question 5

What are the factors that influence encryption strength

Answer 5

• Key Length (longer = stronger)
• Algorithm
• management policies
• stored securely

Question 6

What are the steps of encryption

Answer 6

• Takes plain text and with an encryption key and algorithm, converts to unreadable cipher text
• to read cipher text, encryption key reverses process to make information readable

Question 7

Types of encryption

Answer 7

Symmetric

• uses one key to encrypt and decrypt
• both parties need to know the key

Asymmetric

• public, everyone has access
• private, used to decrypt
• public key can be used by all your trading partners

Question 8

Why are digital signatures use?

Answer 8

To create a legally binding agreement

Question 9

What does a virtual Private Network do

Answer 9

Securely transmits encrypted data between sender and receiver
- sender and receiver have the appropriate encryption keys

Question 10

The batch processing data entry control that sums the number of items in a batch is called

Answer 10

Record count

Question 11

Modest expectations investment services allows customers to manager their investments over the internet. If customers attempt to spend more money than they have in their account, an error message is displayed. This is an example of

Answer 11

Reasonableness test

Question 12

A __________ control ensures that the correct and most current files are being updates

Answer 12

File labels

Question 13

Whose responsibility is it to determine the amount of time an organisation can afford to be without its information system

Answer 13

Senior management

Question 14

When a computer systems files are automatically duplicated on a second data storage system as they are changed, the process is referred to as

Answer 14

Real time monitoring

Question 15

With regards to system’s availability, developing and using multiple components provides an AIS with

Answer 15

Fault tolerance

Question 16

Cancellation and storage of documents means

Answer 16

Documents are defaced and stored

Question 17

The control that verifies accuracy by comparing two alternative ways of calculating the same total is called

Answer 17

Cross footing balance test

Question 18

A _______ determines if all required data items have been entered

Answer 18

Completeness check

Question 19

______ is a data entry input control that involves summing the first four digits of a customer number to calculate the value of the fifth digit, then comparing the calculated number to the number entered during data entry

Answer 19

Check digit verification

Question 20

Which of the following is an important control to prevent buffet overflow vulnerabilities

Answer 20

Size check

Question 21

The maximum acceptable down time after a computer system failure is determined by a company’s

Answer 21

Recovery time objective

Question 22

A copy of a database, master file, or software that will be retained indefinitely as a historical record is known as

Answer 22

An archive