Term
The VP of IS wants to monitor user actions on the company’s intranet. What is the best method of obtaining the proper permissions?
A. A consent banner displayed upon login
B. Written permission from a company officer
C. Nothing, because the system belongs to the company
D. Written permission from the user |
|
Definition
A.
A consent banner consenting to monitoring resolves issues of monitoring with respect to the Electronic Communications Privacy Act (ECPA) of 1986. |
|
|
Term
Your Social Security number and other associated facts kept by your bank are protected by what law against disclosure?
A. The Social Security Act of 1934
B. The Patriot Act of 2001
C. The Gramm-Leach-Bliley Act
D. HIPAA |
|
Definition
C.
The Gramm-Leach-Bliley Act governs the sharing of privacy information with respect to financial institutions. |
|
|
Term
Breaking into another computer system in the United States, even if you do not cause any damage, is regulated by what laws?
A. State law, as the damage is minimal
B. Federal law under the Identity Theft and Assumption Deterrence Act
C. Federal law under Electronic Communications Privacy Act (ECPA) of 1986
D. Federal law under the Patriot Act of 2001 |
|
Definition
D.
The Patriot Act of 2001 made computer trespass a felony. |
|
|
Term
Export of encryption programs is regulated by the
A. U.S. State Department
B. U.S. Commerce Department
C. U.S. Department of Defense
D. National Security Agency |
|
Definition
B.
Export controls on commercial encryption products are administered by the Bureau of Industry and Security (BIS) in the U.S. Department of Commerce. |
|
|
Term
For the FBI to install and operate Carnivore on an ISP’s network, what is required?
A. A court order specifying items being searched for
B. An official request from the FBI
C. An impact statement to assess recoverable costs to the ISP
D. A written request from an ISP to investigate a computer trespass incident |
|
Definition
B,
An official request from the FBI. The Patriot Act of 2001 mandated ISP compliance with the FBI Carnivore program. |
|
|
Term
True or false: Digital signatures are equivalent to notarized signatures for all transactions in the United States.
A. True for all transactions in which both parties agree to use digital signatures
B. True only for non-real property transactions
C. True only where governed by specific state statute
D. False, as the necessary laws have not yet passed |
|
Definition
A.
Electronic digital signatures are considered valid for transactions in the United States since the passing of the Electronic Signatures in Global and National Commerce Act (E-Sign) in 2001. |
|
|
Term
The primary factor(s) behind data sharing compliance between U.S. and European companies is/are
A. Safe Harbor Provision
B. European Data Privacy Laws
C. U.S. FTC enforcement actions
D. All of the above |
|
Definition
D.
All of the above. The primary driver is European data protection laws as enforced on U.S. firms by the FTC through the Safe Harbor provision mechanism. |
|
|
Term
True or false: Writing viruses and releasing them across the Internet is a violation of law.
A. Always true. All countries have reciprocal agreements under international law.
B. Partially true. Depends on laws in country of origin.
C. False. Computer security laws do not cross international boundaries.
D. Partially true. Depends on the specific countries involved, the author of the virus, and the recipient. |
|
Definition
D.
This is partially true, for not all countries share reciprocal laws. Some common laws and reciprocity issues exist in certain international communities—for example, the European Union—so some cross-border legal issues have been resolved. |
|
|
Term
Publication of flaws in encryption used for copy protection is a potential violation of
A. HIPAA
B. U.S. Commerce Department regulations
C. DMCA
D. National Security Agency regulations |
|
Definition
C.
This is a potential violation of the Digital Millennium Copyright Act of 1998 unless an exemption provision is met. |
|
|
Term
Violation of DMCA can result in
A. Civil fine
B. Jail time
C. Activity subject to legal injunctions
D. All of the above |
|
Definition
D.
All of the above have been attributed to DMCA, including the jailing of a Russian programmer who came to the United States to speak at a security conference. |
|
|
Term
| What are the 3 types of laws that are commonly associated with cybercrime? |
|
Definition
1. Statutory law
2. Administrative law
3. Common law |
|
|
Term
| List all of the common cyber/internet crimes... |
|
Definition
- Auction Fraud
- Auction Fraud -- Romania
- Counterfeit Cashier's Check
- Credit Card Fraud
- Debt Elimination
- Parcel Courier E-mail Scheme
- Employment/Business Opportunities
- Escrow Services Fraud
- Identity Theft
- Internet Extortion
- Investment Fraud
- Lotteries
- Nigerian Letter or "419"
- Phishing/Spoofing
- Ponzi/Pyramid Scheme
- Reshipping
- Spam
- Third Party Receiver of Funds
|
|
|
Term
| What is a "Computer Trespass?" |
|
Definition
| Computer trespass is the unauthorized entry into a computer system via any means possible. |
|
|
Term
| What is the Computer Fraud and Abuse Act? |
|
Definition
| The CFAA is the foundation for criminalizing unauthorized access to computer systems. |
|
|
Term
| What is the Carnivore pogram? |
|
Definition
| A program of the Patriot Act that permits governmental eavesdropping on the internet. |
|
|
Term
|
Definition
1) Its another check and ballance in laws related to privacy in the United States
2) It extends the tap and trace provissions of existing wiretap statutes to the Internet and mandates certain technological modification at the ISPs to facilitate electronic wiretaps on the Internet.
3) Mandates that ISPs cooperate and facilitate monitoring.
4) Permits federal law enforcement personnel to investigate computer trespass (intrusions) and enact civil penalties for trespassers |
|
|
Term
| What is the Gramm-Leach-Bliley Act (GLB)? |
|
Definition
| Requires all financial institutions to protect the privacy of customers' and their information and not share it with other third parties. |
|
|
Term
| What is Sarbanes-Oxley (SOX)? |
|
Definition
| Specifies that all processes associated with the financial reporting of a firm must be controlled and audited on a regular basis. |
|
|
Term
| What is the "Payment Card Insudustry Data Security Standards (PCI DSS)"? |
|
Definition
It's a series of standards that provide an actionable framework for developing a robust payment card data security process-- including prevention, detection and appropriate reaction to security incidents.
Visa and Mastercard both agreed to these security standards. |
|
|
Term
|
Definition
"Privacy can be defined as the power to control what others know about you and what they can do with this information."
"In the computer age, personal information forms the basis for many decisions, from credit card transactions to purchase goods, to the ability to buy an airplane ticket and fly domestically."
"Although it is theoretically possible to live an almost anonymous existence today, the price for doing so is high..." |
|
|
Term
| What is Health Insurance Portability & Accountability Act (HIPPA)? |
|
Definition
- Calls for changes in the way health and medical data is stored, exchanged and used.
- Addresses the security and privacy of health data:
- Restrictions of data transfers ensure privacy.
- Electronic signatures are required.
- Mandates safeguards for physical storage, maintenance, transmission, and access to individuals' health information. |
|
|
Term
|
Definition
| It's the study of an appropriate code of conduct on the internet on a global scale. |
|
|
