Deck 2: Compliance: Law and Ethics

InfraGard began as a cooperative effortbetween the FBI's Cleveland field office and local intelligence ​professionals. ___________

The Secret Service is charged with the detection and arrest of any person committing a U.S.federal offense relating to computer fraud,as well as false identification crimes.

Ethics carry the sanction of a governing authority.

Due diligence requires that an organization make a valid and ongoing effort to protect others.____________

To protect intellectual property and competitive advantage,Congress passed the EntrepreneurEspionage Act (EEA)in 1996. ___________

A signaling lawspecifies a requirement for organizations tonotify affected parties when they have experienced a specified type of loss of information.____________

ISACA is a professional association with a focus on authorization,control,andsecurity.___________

It is the responsibility of InfoSec professionals to understand state laws andstandards.____________

The Gramm-Leach-Bliley (GLB)Act (alsoknown as the Financial Services Modernization Act of 1999)contains a number of provisionsthat affect banks,securities firms,and insurance companies.___________

Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy._________________________

Deterrence is the best method for preventing an illegal or unethical activity.____________

Laws and policies and their associated penalties only deter if three conditions are present.What are these conditions?

The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the information obtained and whether the offense is judged to have been committed for one of three reasons.What are those reasons?

What is the key difference between law an ethics?

The act of attempting to prevent an unwanted action by threatening punishment orretaliation on the instigator if the act takes place is known as ___________.

Ethics are based on ___________________,which are the relatively fixed moral attitudes or customs of a societal group.

The branch of philosophy that considers nature,criteria,sources,logic,and the validity ofmoral judgment is known as ___________.

Describe the Freedom of Information Act.How does its application apply to federal vs.state agencies?

Discuss the three general categories of unethical behavior that organizations should try to control.

___________________ is a subset of civil law that allows individuals to seek redress in the event of personal,physical,or financial injury.

Information ____________ occurs when pieces of non-private data are combined to createinformation that violates privacy.

The Computer Security Act charges the National Bureau of Standards,in cooperation with the National Security Agency (NSA),with the development of five standards and guidelines establishing minimum acceptable security practices.What are three of these principles?

Briefly describe five different types of laws.

An organization increases its _____________ if it refuses to take measures-due care-to make sure that every employee knows what is acceptable and what is not,and the consequences of illegal or unethical actions.

A key difference between policy and law is that ignorance of policy is a viable defense.What steps must be taken to assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear of legal retribution?

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
the study of what makes actions right or wrong,also known as moral theory

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
defines socially acceptable behaviors

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
a collection of statutes that regulates the interception of wire,electronic,and oral communications ​

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
an approach that applies moral codes to actions drawn from realistic situations

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
regulates the structure and administration of government agencies and their relationships with citizens,employees,and other governments

Describe three of the five foundations and frameworks of ethics.

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
addresses violations harmful to society and is actively enforced and prosecuted by the state

​a.criminal law
b.public law
c.ethics
d.Computer Security Act (CSA)
e.Electronic Communications Privacy Act
f.Cybersecurity Act
g.normative ethics
h.applied ethics
focuses on enhancing the security of the critical infrastructure in the United States