focusNode Show
Didn't know it? Knew it? Embed Code - If you would like this activity on your web page, copy the script below and paste it into
your web page. Principles of Information security
Tristie JonesLP3 Assignment: Chapter 3 Review QuestionsIntro to Computer Security1.The key difference between laws and ethics is that laws carry the authorityof a governing body and ethics do not. Ethics, in turn are based on culturalmores.2.Civil law comprises a wide variety of laws that govern a nation or state anddeal with the relationships and conflicts between organizational entities andpeople.3.Criminal, administrative, and constitutional law.4.The National Information Infrastructure Protection Act of 1996 amendedthe Computer Fraud and Abuse Act of 1986. It modified several sections ofthe CFAA and increased the penalties for selected crimes.5.The Security and Freedom Through Encryption Act of 1999 clarifies use ofencryption for people in the US, and permits all persons in the U.S. to buy orsell any encryption product.6.Privacy is not absolute freedom from observation, but rather it is a moreprecise "state of being free from unsanctioned intrusion."7.Another name is the The Health Insurance Portability and AccountabilityAct of 1996 (HIPAA) protects the confidentiality and security of health-caredata by establishing and, enforcing standards and by standardizing electronicdata interchange. It impacts all health-care organizations including doctors'practices, health clinics, life insurers, and universities, as well as someorganizations which have self-insured employee health programs or managedata related to health-care.Beyond the basic privacy guidelines, the act requires organizations thatretain health-care information to use information security mechanisms toprotect this information, as well as policies and procedures to maintain thissecurity. It also requires a comprehensive assessment of the organization'sinformation security systems, policies, and procedures. HIPAA providesguidelines for the use of electronic signatures based on security standardsthat ensure message integrity, user authentication, and nonrepudiation. What is it called when an organization makes sure every employee knows what is acceptable and unacceptable behavior?Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort. Due care has been taken when an organization makes sure that every employee knows what is acceptable or unacceptable behavior, and knows the consequences of illegal or unethical actions.
How does the Sarbanes Oxley Act of 2002 affect information security managers quizlet?How does the Sarbanes-Oxley Act of 2002 affect information security managers? Security managers will look for reliability of the information that they acquire from technology managers while these managers will want the information security managers to verify that the information is confidential and integrity is good.
Is the best method for preventing an illegal or unethical activity?Deterrence is the best method for preventing an illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents.
What is one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices?Another key law is the Computer Security Act of 1987. It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security prac- tices.
|