Preview Extract
Name:
Class:
Date:
chapter 2
Indicate whether the statement is true or false.
1. Ethics carry the sanction of a governing authority.
a. True
b. False
2. The Secret Service is charged with the detection and arrest of any person who commits a U.S. federal offense relating
to computer fraud, as well as false identification crimes.
a. True
b. False
Indicate whether the statement is true or false. If it is false, change the identified word(s) to make the statement
true.
3. It is the responsibility of InfoSec professionals to understand state laws and bills. ____________
4. Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________
5. Information ambiguation occurs when pieces of nonprivate data are combined to create information that violates
privacy. _________________________
6. The Gramm-Leach-Bliley (GLB) Act, also known as the Financial Services Modernization Act of 1999, contains a
number of provisions that affect banks, securities firms, and insurance companies. ___________
7. InfraGard began as a cooperative effort between the FBIโs Cleveland field office and local intelligence professionals.
___________
8. A(n) compromise law specifies a requirement for organizations to notify affected parties when they have experienced a
specified type of loss of information. ____________
9. To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in
1996. ___________
10. ISACA is a professional association with a focus on authorization, control, and security. ___________
11. Deterrence is the best method for preventing an illegal or unethical activity. ____________
Indicate the answer choice that best completes the statement or answers the question.
12. Another key U.S. federal agency is _________, which is responsible for coordinating, directing, and
performing highly specialized activities to protect U.S. information systems and produce foreign intelligence information.
a. InfraGard
b. Homeland Security
c. the National Security Agency
d. the Federal Bureau of Investigation
13. Which of the following is compensation for a wrong committed by an individual or organization?
a. liability
b. restitution
Copyright Cengage Learning. Powered by Cognero.
Page 1
Name:
Class:
Date:
chapter 2
c. due diligence
d. jurisdiction
14. Which law addresses privacy and security concerns associated with the electronic transmission of PHI?
a. USA PATRIOT Act of 2001
b. American Recovery and Reinvestment Act
c. Health Information Technology for Economic and Clinical Health Act
d. National Information Infrastructure Protection Act of 1996
15. Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications?
a. The Electronic Communications Privacy Act of 1986
b. The Telecommunications Deregulation and Competition Act of 1996
c. National Information Infrastructure Protection Act of 1996
d. Federal Privacy Act of 1974
16. The most complex part of an investigation is usually __________.
a. analysis for potential EM
b. protecting potential EM
c. requesting potential EM
d. preventing the destruction of potential EM
17. This collaborative support group began as a cooperative effort between the FBIโs Cleveland field office and local
technology professionals with a focus of protecting critical national infrastructure.
a. InfraGard
b. Homeland Security
c. CyberWatch
d. CyberGard
18. Sworn testimony that certain facts are in the possession of the investigating officer and that they warrant the
examination of specific items located at a specific place is known as a(n) _________.
a. subpoena
b. forensic finding
c. search warrant
d. affidavit
19. Digital forensics can be used for two key purposes: ________ or _________.
a. e-discovery; to perform root cause analysis
b. to investigate allegations of digital malfeasance; to perform root cause analysis
c. to solicit testimony; to perform root cause analysis
d. to investigate allegations of digital malfeasance; to solicit testimony
20. Also known as โitems of potential evidentiary value,โ any information that could potentially support the
organizationโs legal or policy-based case against a suspect is known as _________.
a. evidentiary material
b. digital forensics
c. evidence
Copyright Cengage Learning. Powered by Cognero.
Page 2
Name:
Class:
Date:
chapter 2
d. e-discovery
21. Which of the following is NOT a requirement for laws and policies to deter illegal or unethical activity?
a. fear of penalty
b. probability of being penalized
c. probability of being caught
d. fear of humiliation
22. Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past?
a. Applied ethics
b. Descriptive ethics
c. Normative ethics
d. Deontological ethics
23. _________ devices often pose special challenges to investigators because they can be configured to use advanced
encryption and they can be wiped by the user even when the user is not present.
a. Portable
b. Desktop computer
c. Expansion
d. Satellite transceiver
24. Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have
earned their certifications? The code includes the canon: Provide diligent and competent service to principals.
a. (ISC)2
b. ACM
c. SANS
d. ISACA
25. Which law extends protection to intellectual property, which includes words published in electronic formats?
a. Freedom of Information Act
b. U.S. Copyright Law
c. Security and Freedom through Encryption Act
d. Sarbanes-Oxley Act
26. The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether
the offense is judged to have been committed for several reasons. Which of the following is NOT one of those reasons?
a. For purposes of commercial advantage
b. For private financial gain
c. For political advantage
d. In furtherance of a criminal act
27. Investigations involving the preservation, identification, extraction, documentation, and interpretation of computer
media for evidentiary and root cause analysis are known as _________.
a. digital forensics
b. criminal investigation
c. crime scene investigation
d. e-discovery
28. Which law requires mandatory periodic training in computer security awareness and accepted computer security
practice for all employees who are involved with the management, use, or operation of a federal computer system?
a. The Telecommunications Deregulation and Competition Act
b. National Information Infrastructure Protection Act
c. Computer Fraud and Abuse Act
Copyright Cengage Learning. Powered by Cognero.
Page 3
Name:
Class:
Date:
chapter 2
d. The Computer Security Act
29. Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the
rightness or wrongness of the consequences (also known as duty- or obligation-based ethics)?
a. Applied ethics
b. Meta-ethics
c. Normative ethics
d. Deontological ethics
30. The coherent application of methodical investigatory techniques to collect, preserve, and present evidence of crimes in
a court or court-like setting is known as _________.
a. evidentiary material
b. forensics
c. crime scene investigation
d. data imaging
31. Permission to search for evidentiary material at a specified location and/or to seize items to return to the investigatorโs
lab for examination is known as a(n) _________.
a. subpoena
b. forensic clue
c. search warrant
d. affidavit
32. A process focused on the identification and location of potential evidence related to a specific legal action after it was
collected through digital forensics is known as _________.
a. e-discovery
b. forensics
c. indexing
d. root cause analysis
33. There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which
of the following is NOT one of them?
a. ignorance
b. malice
c. accident
d. intent
34. In digital forensics, all investigations follow the same basic methodology once permission to search and seize is
received, beginning with _________.
a. identifying relevant items of evidentiary value
b. acquiring (seizing) the evidence without alteration or damage
c. analyzing the data without risking modification or unauthorized access
d. investigating allegations of digital malfeasance
35. Which of the following is NOT used to categorize some types of law?
a. constitutional
b. regulatory
c. statutory
d. international
36. Which of the following is the result of a U.S. led international effort to reduce the impact of copyright, trademark, and
privacy infringement, especially via the removal of technological copyright protection measures?
Copyright Cengage Learning. Powered by Cognero.
Page 4
Name:
Class:
Date:
chapter 2
a. U.S. Copyright Law
b. PCI DSS
c. European Council Cybercrime Convention
d. DMCA
37. Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this
information, as well as policies and procedures to maintain them?
a. ECPA
b. Sarbanes-Oxley
c. HIPAA
d. Gramm-Leach-Bliley
38. A more recently created area of law related to information security specifies a requirement for organizations to notify
affected parties when they have experienced a specified type of information loss. This is commonly known as a
__________ law.
a. notification
b. breach
c. spill
d. compromise
39. Which ethical standard is based on the notion that life in community yields a positive outcome for the individual,
requiring each individual to contribute to that community?
a. utilitarian
b. virtue
c. fairness or justice
d. common good
40. When an incident violates civil or criminal law, it is the organizationโs responsibility to notify the proper authorities;
selecting the appropriate law enforcement agency depends on __________.
a. the type of crime committed
b. how many perpetrators were involved
c. the network provider the hacker used
d. what kind of computer the hacker used
41. Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws,
policies, and technical controls.
a. remediation
b. deterrence
c. persecution
d. rehabilitation
42. Which subset of civil law regulates the relationships among individuals and among individuals and organizations?
a. tort
b. criminal
c. private
d. public
43. Any court can impose its authority over an individual or organization if it can establish which of the following?
a. jurisprudence
b. jurisdiction
c. liability
d. sovereignty
Enter the appropriate word(s) to complete the statement.
44. The act of attempting to prevent an unwanted action by threatening punishment or retaliation on the instigator if the
Copyright Cengage Learning. Powered by Cognero.
Page 5
Name:
Class:
Date:
chapter 2
act takes place is known as ___________.
45. Investigations involving the preservation, identification, extraction, documentation, and interpretation of computer
media for evidentiary and root cause analysis are known as _________.
46. Information ____________ occurs when pieces of nonprivate data are combined to create information that violates
privacy.
47. An organization increases its liability if it refuses to take the measures a prudent organization should; this is known as
the standard of _____________.
48. Sworn testimony that certain facts are in the possession of the investigating officer and that they warrant the
examination of specific items located at a specific place is known as a(n) _________.
49. The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment is known as
___________.
50. _________ devices often pose special challenges to investigators because they can be configured to use advanced
encryption and they can be wiped by the user even when the user is not present.
51. A process focused on the identification and location of potential evidence related to a specific legal action after it was
collected through digital forensics is known as _________.
52. Ethics are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal
group.
53. ___________________ is a subset of civil law that allows individuals to seek redress in the event of personal,
physical, or financial injury.
a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act (ECPA)
f. Cybersecurity Act
g. normative ethics
h. applied ethics
54. One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
55. Focuses on enhancing the security of the critical infrastructure in the United States.
56. An approach that applies moral codes to actions drawn from realistic situations.
57. A collection of statutes that regulates the interception of wire, electronic, and oral communications.
58. Regulates the structure and administration of government agencies and their relationships with citizens, employees,
Copyright Cengage Learning. Powered by Cognero.
Page 6
Name:
Class:
Date:
chapter 2
and other governments.
59. The study of what makes actions right or wrong, also known as moral theory.
60. Addresses violations harmful to society and is actively enforced and prosecuted by the state.
61. Defines socially acceptable behaviors.
62. A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to
assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear
of legal retribution?
63. Discuss the three general categories of unethical behavior that organizations should try to control.
64. What is a key difference between law and ethics?
65. The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the
information obtained and whether the offense is judged to have been committed for one of three reasons. What are those
reasons?
66. Describe the Freedom of Information Act. How does its application apply to federal vs. state agencies?
67. Briefly describe five different types of laws.
68. Describe the foundations and frameworks of ethics.
69. Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions?
70. The Computer Security Act charges the National Bureau of Standards, in cooperation with the National Security
Agency (NSA), with the development of five standards and guidelines establishing minimum acceptable security
practices. What are three of these principles?
Copyright Cengage Learning. Powered by Cognero.
Page 7
Name:
Class:
Date:
chapter 2
Answer Key
1. False
2. True
3. False – regulations
4. True
5. False – aggregation
6. True
7. False – technology
8. False – breach
9. False – Economic
10. False – auditing
11. True
12. c
13. b
14. c
15. a
16. a
17. a
18. d
19. b
20. a
21. d
22. b
23. a
24. a
25. b
Copyright Cengage Learning. Powered by Cognero.
Page 8
Name:
Class:
Date:
chapter 2
26. c
27. a
28. d
29. d
30. b
31. c
32. a
33. b
34. a
35. d
36. d
37. c
38. b
39. d
40. a
41. b
42. c
43. b
44. deterrence
45. digital forensics
46. aggregation
47. due care
48. affidavit
49. ethics
50. Portable
Copyright Cengage Learning. Powered by Cognero.
Page 9
Name:
Class:
Date:
chapter 2
51. e-discovery
ediscovery
52. cultural mores
53. Tort law
54. d
55. f
56. h
57. e
58. b
59. g
60. a
61. c
62. Policies must be:
โข
โข
โข
โข
โข
โข
Effectively written
Distributed to all individuals who are expected to comply with them
Read by all employees
Understood by all employees, with multilingual translations and translations for visually impaired or low-literacy
employees
Acknowledged by the employee, usually by means of a signed consent form
Uniformly enforced, with no special treatment for any group (e.g., executives)
63. Ignorance:
Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is education.
Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must
explicitly agree to abide by them. Reminders, training, and awareness programs support retention, and one hopes,
compliance.
Accident:
Individuals with authorization and privileges to manage information within the organization have the greatest opportunity
to cause harm or damage by accident. The careful placement of controls can help prevent accidental modification to
systems and data.
Intent:
Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be
built upon whether the accused acted out of ignorance, by accident, or with the intent to cause harm or damage. Deterring
those with criminal intent is best done by means of litigation, prosecution, and technical controls. Intent is only one of
several factors to consider when determining whether a computer-related crime has occurred.
Copyright Cengage Learning. Powered by Cognero.
Page 10
Name:
Class:
Date:
chapter 2
64. The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not.
65. For purposes of commercial advantage
For private financial gain
In furtherance of a criminal act
66. All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested in
writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions
contained in the statute. FOIA applies only to federal agencies and does not create a right of access to records held by
Congress, the courts, or by state or local government agencies. Each state has its own public access laws that should be
consulted for access to state and local records.
67. 1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and
organizations.
2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state.
3. Tort law is a subset of civil law that allows individuals to seek recourse against others in the event of personal,
physical, or financial injury.
4. Private law regulates the relationships among individuals and among individuals and organizations, and encompasses
family law, commercial law, and labor law.
5. Public law regulates the structure and administration of government agencies and their relationships with citizens,
employees, and other governments. Public law includes criminal, administrative, and constitutional law.
68. Normative ethicsโThe study of what makes actions right or wrong, also known as moral theoryโthat is, how should
people act?
Meta-ethicsโThe study of the meaning of ethical judgments and propertiesโthat is, what is right?
Descriptive ethicsโThe study of the choices that have been made by individuals in the pastโthat is, what do others think
is right?
Applied ethicsโAn approach that applies moral codes to actions drawn from realistic situations; it seeks to define how
we might use ethics in practice.
Deontological ethicsโThe study of the rightness or wrongness of intentions and motives as opposed to the rightness or
wrongness of the consequences; also known as duty-based or obligation-based ethics. This approach seeks to define a
personโs ethical duty.
69. Fear of penaltyโThreats of informal reprimand or verbal warnings may not have the same impact as the threat of
imprisonment or forfeiture of pay.
Probability of being caughtโThere must be a strong possibility that perpetrators of illegal or unethical acts will be caught.
Probability of penalty being administeredโThe organization must be willing and able to impose the penalty.
70. Standards, guidelines, and associated methods and techniques for computer systems
Uniform standards and guidelines for most federal computer systems
Technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy
of sensitive information in federal computer systems
Guidelines for use by operators of federal computer systems that contain sensitive information
in training their employees in security awareness and accepted security practice
Validation procedures for, and evaluation of the effectiveness of, standards and guidelines
through research and liaison with other government and private agencies
Copyright Cengage Learning. Powered by Cognero.
Page 11
Document Preview (11 of 151 Pages)
User generated content is uploaded by users for the purposes of learning and should be used following SchloarOn's honor code & terms of service.
You are viewing preview pages of the document. Purchase to get full access instantly.
-37%
Test Bank For Management of Information Security, 6th Edition
$18.99 $29.99Save:$11.00(37%)
24/7 Live Chat
Instant Download
100% Confidential
Store
Olivia Smith
0 (0 Reviews)
Best Selling
The World Of Customer Service, 3rd Edition Test Bank
$18.99 $29.99Save:$11.00(37%)
Chemistry: Principles And Reactions, 7th Edition Test Bank
$18.99 $29.99Save:$11.00(37%)
Solution Manual for Designing the User Interface: Strategies for Effective Human-Computer Interaction, 6th Edition
$18.99 $29.99Save:$11.00(37%)
Test Bank for Strategies For Reading Assessment And Instruction: Helping Every Child Succeed, 6th Edition
$18.99 $29.99Save:$11.00(37%)
Data Structures and Other Objects Using C++ 4th Edition Solution Manual
$18.99 $29.99Save:$11.00(37%)
2023-2024 ATI Pediatrics Proctored Exam with Answers (139 Solved Questions)
$18.99 $29.99Save:$11.00(37%)