Management of Information Security 4th Edition by Michael E. Whitman Herbert J. Mattord Test Bank

<< Living in a Microbial World by bruce hofkin test bank LPN to RN Transitions 3rd Edition by Lora Claywell Test Bank >>
Product Code: 222
Availability: In Stock
Price: $24.99
Qty:     - OR -   Add to Wish List
Add to Compare

Management of Information Security 4th Edition by Michael E. Whitman Herbert J. Mattord Test Bank

Description

Chapter 12: Law and Ethics

TRUE/FALSE

1. Ethics carry the sanction of a governing authority.

ANS: F PTS: 1 REF: 447

2. The current law regarding nationwide search warrants for e-mail requires the government to use a search warrant to compel a provider to disclose unopened e-mail that is more than six months old.

ANS: F PTS: 1 REF: 453

3. The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes.

ANS: T PTS: 1 REF: 478

4. An item does not become evidence until it is formally admitted to evidence by a judge or other ruling official.

ANS: T PTS: 1 REF: 479

5. Using standard digital forensics methodology, the first step is to analyze the EM data without risking modification or unauthorized access.

ANS: F PTS: 1 REF: 480

MULTIPLE CHOICE

1. Which type of law regulates the relationships among individuals and among individuals
and organizations?
a. tort c. private
b. criminal d. public

ANS: C PTS: 1 REF: 447

2. Which law addresses privacy and security concerns associated with the electronic transmission of PHI?
a. USA Patriot Act of 2001
b. American Recovery and Reinvestment Act
c. Health Information Technology for Economic and Clinical Health Act
d. National Information Infrastructure Protection Act of 1996

ANS: C PTS: 1 REF: 449

3. The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following?
a. For purposes of commercial advantage
b. For private financial gain
c. For political advantage
d. In furtherance of a criminal act

ANS: C PTS: 1 REF: 450

4. Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federal computer system?
a. The Telecommunications Deregulation and Competition Act
b. National Information Infrastructure Protection Act
c. Computer Fraud and Abuse Act
d. The Computer Security Act

ANS: D PTS: 1 REF: 455

5. Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications?
a. The Electronic Communications Privacy Act of 1986
b. The Telecommunications Deregulation and Competition Act of 1996
c. National Information Infrastructure Protection Act of 1996
d. Federal Privacy Act of 1974

ANS: A PTS: 1 REF: 456

6. Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them?
a. ECPA
b. Sarbanes-Oxley
c. HIPAA
d. Gramm-Leach-Bliley

ANS: C PTS: 1 REF: 457

7. In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation?
a. Report the findings to the proper authority
b. Acquire (seize) the evidence without alteration or damage
c. Identify relevant items of evidentiary value (EM)
d. Analyze the data without risking modification or unauthorized access

ANS: C PTS: 1 REF: 480

8. Which law extends protection to intellectual property, which includes words published in electronic formats?
a. Freedom of Information Act c. Security and Freedom through Encryption Act
b. U.S. Copyright Law d. Sarbanes-Oxley Act

ANS: B PTS: 1 REF: 459

9. Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics?
a. Applied ethics c. Normative ethics
b. Meta-ethics d. Deontological ethics

ANS: D PTS: 1 REF: 467

10. Which of the following is an international effort to reduce the impact of copyright, trademark,
and privacy infringement, especially via the removal of technological copyright protection measures?
a. U.S. Copyright Law
b. PCI DSS
c. European Council Cybercrime Convention
d. DMCA

ANS: D PTS: 1 REF: 463

11. Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right?
a. Applied ethics c. Normative ethics
b. Descriptive ethics d. Deontological ethics

ANS: B PTS: 1 REF: 467

12. Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community?
a. utilitarian c. fairness or justice
b. virtue d. common good

ANS: D PTS: 1 REF: 469

13. There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them?
a. ignorance c. accident
b. malice d. intent

ANS: B PTS: 1 REF: 472

14. Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls.
a. remediation c. persecution
b. deterrence d. rehabilitation

ANS: B PTS: 1 REF: 472

15. Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals.
a. (ISC)2 c. SANS
b. ACM d. ISACA

ANS: A PTS: 1 REF: 473

16. Which of the following is compensation for a wrong committed by an employee acting with
or without authorization?
a. liability c. due diligence
b. restitution d. jurisdiction

ANS: B PTS: 1 REF: 476

17. Which of the following allows investigators to determine what happened by examining the results of an eventcriminal, natural, intentional, or accidental?
a. root cause analysis c. forensics
b. e-discovery d. evidentiary procedures

ANS: C PTS: 1 REF: 478

18. Any court can impose its authority over an individual or organization if it can establish which of the following?
a. jurisprudence c. liability
b. jurisdiction d. sovereignty

ANS: B PTS: 1 REF: 476

19. Which two approaches are available to an organization when employing digital forensics?
a. Protect and forget; Apprehend and prosecute
b. Protect and defend; Apprehend and pursue
c. Patch and proceed; Protect and forget
d. Pursue and prosecute; Identify and apprehend

ANS: A PTS: 1 REF: 479

20. Which type of document grants formal permission for an investigation to occur?
a. affidavit c. evidentiary report
b. search warrant d. forensic concurrence

ANS: B PTS: 1 REF: 480

21. Which Amendment to the U.S. Constitution starts with: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated?
a. First c. Third
b. Second d. Fourth

ANS: D PTS: 1 REF: 455

22. Which document must be changed when evidence changes hands or is stored?
a. chain of custody c. affidavit
b. search warrant d. evidentiary material

ANS: A PTS: 1 REF: 482

COMPLETION

1. ___________________ is a subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury.

ANS: tort law

PTS: 1 REF: 447

2. Ethics,are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal group.

ANS: cultural mores

PTS: 1 REF: 447

3. An organization increases its _____________ if it refuses to take measuresdue careto make sure that every employee knows what is acceptable and what is not, and the consequences of illegal or unethical actions.

ANS: liability

PTS: 1 REF: 476

4. The first component of the analysis phase is ___________, which allows the investigator to quickly and easily search for a specific type of file.

ANS: indexing

PTS: 1 REF: 482

5. In InfoSec, most operations focus on __________, which are those documents that provide managerial guidance for ongoing implementation and operations.

ANS: policies

PTS: 1 REF: 483

MATCHING

a. criminal law f. Cybersecurity Act
b. public law g. normative ethics
c. ethics h. applied ethics
d. Computer Security Act (CSA) i. e-discovery
e. Electronic Communications Privacy Act j. digital forensics

1. one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices

2. focused on enhancing the security of the critical infrastructure in the United States

3. an approach that applies moral codes to actions drawn from realistic situations

4. used prior to the initiation of legal proceedings, falls under the umbrella of incident response

5. a collection of statutes that regulates the interception of wire, electronic, and oral communications

6. regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments

7. the identification and preservation of EM related to a specific legal action

8. the study of what makes actions right or wrong, also known as moral theory

9. addresses violations harmful to society and is actively enforced and prosecuted by the state

10. define socially acceptable behaviors

1. ANS: D PTS: 1 REF: 454

2. ANS: F PTS: 1 REF: 462

3. ANS: H PTS: 1 REF: 467

4. ANS: J PTS: 1 REF: 479

5. ANS: E PTS: 1 REF: 456

6. ANS: B PTS: 1 REF: 447

7. ANS: I PTS: 1 REF: 479

8. ANS: G PTS: 1 REF: 467

9. ANS: A PTS: 1 REF: 447

10. ANS: C PTS: 1 REF: 447

SHORT ANSWER

1. Briefly describe five different types of laws.

ANS:
1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations.
2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state.
3. Tort law is a subset of civil law which allows individuals to seek recourse against others in the event of personal, physical, or financial injury.
4. Private law regulates the relationships among individuals and among individuals and organizations, and encompasses family law, commercial law, and labor law.
5. Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law.

PTS: 1 REF: 447

2. Describe the 5 stage methodology an organization should follow in an investigation.

ANS:
In digital forensics, all investigations follow the same basic methodology:
1. Identify relevant items of evidentiary value (EM)
2. Acquire (seize) the evidence without alteration or damage
3. Take steps to assure that the evidence is at every step verifiably authentic at every step and is unchanged from the time it was seized
4. Analyze the data without risking modification or unauthorized access
5. Report the findings to the proper authority

PTS: 1 REF: 480

3. Discuss the three general categories of unethical behavior that organizations should try to control.

ANS:
Ignorance:
Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is education. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them. Reminders, training, and awareness programs support retention, and one hopes, compliance.

Accident:
Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. The careful placement of controls can help prevent accidental modification to systems and data.

Intent:
Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built upon whether or not the accused acted out of ignorance, by accident, or with the intent to cause harm or damage. Deterring those with criminal intent is best done by means of litigation, prosecution, and technical controls. Intent is only one of several factors to consider when determining whether a computer-related crime has occurred.

PTS: 1 REF: 472

4. Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions?

ANS:
Fear of penaltyThreats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay.
Probability of being caughtThere must be a strong possibility that perpetrators of illegal or unethical acts will be caught.
Probability of penalty being administeredThe organization must be willing and able to impose the penalty.

PTS: 1 REF: 472

5. What is the key difference between law an ethics?

ANS:
The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not.

PTS: 1 REF: 447

6. The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the information obtained and whether the offense is judged to have been committed for one of three reasons. What are those reasons?

ANS:
For purposes of commercial advantage
For private financial gain
In furtherance of a criminal act

PTS: 1 REF: 450

7. The CSA charges the National Bureau of Standards, in cooperation with the National Security Agency (NSA), with the development of five standards and guidelines establishing minimum acceptable security practices. What are three of these principles?

ANS:
Standards, guidelines, and associated methods and techniques for computer systems

Uniform standards and guidelines for most federal computer systems

Technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in federal computer systems

Guidelines for use by operators of federal computer systems that contain sensitive information
in training their employees in security awareness and accepted security practice

Validation procedures for, and evaluation of the effectiveness of, standards and guidelines
through research and liaison with other government and private agencies

PTS: 1 REF: 454-455

8. Describe the Freedom of Information Act. How does its application apply to federal vs. state agencies?

ANS:
All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute. FOIA applies only to federal agencies and does not create a right of access to records held by Congress, the courts, or by state or local government agencies. Each state has its own public access laws that should be consulted for access to state and local records.

PTS: 1 REF: 459

9. A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear of legal retribution?

ANS:
Policies must be:
Distributed to all individuals who are expected to comply with them
Readily available for employee reference
Easily understood, with multilingual translations and translations for visually impaired or low-literacy employees
Acknowledged by the employee, usually by means of a signed consent form
Uniformly enforced for all employees

PTS: 1 REF: 466

10. Describe three of the five foundations and frameworks of ethics.

ANS:
Normative ethicsThe study of what makes actions right or wrong, also known as moral theorythat is, how should people act?
Meta-ethicsThe study of the meaning of ethical judgments and propertiesthat is, what is right?
Descriptive ethicsThe study of the choices that have been made by individuals in the pastthat is, what do others think is right?
Applied ethicsAn approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice.
Deontological ethicsThe study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as dutybased or obligation-based ethics. This approach seeks to define a persons ethical duty.

PTS: 1 REF: 467

Write a review

Your Name:


Your Review: Note: HTML is not translated!

Rating: Bad           Good

Enter the code in the box below:



 

Once the order is placed, the order will be delivered to your email less than 24 hours, mostly within 4 hours. 

If you have questions, you can contact us here