Deck 9: Confidentiality and Privacy Controls

A)Identifying who has access to the intellectual property.
B)Identifying the means necessary to protect the intellectual property.
C)Identifying the weaknesses surrounding the creation of the intellectual property.
D)Identifying what controls should be placed around the intellectual property.

A)Audited financial statements.
B)Legal documents.
C)Top executives' salaries.
D)New product development plans.

A)Anti-virus software.
B)Data loss prevention software.
C)A digital watermark.
D)Information rights software.

A)External auditor.
B)Information owner.
C)IT security professionals.
D)Management.

A)Internet e-mail communications can be intercepted.
B)Internet photographs can be intercepted.
C)Internet video can be intercepted.
D)Internet voice conversations can be intercepted.

A)Encrypt the information.
B)Control access to the information.
C)Train employees to properly handle the information.
D)Identify and classify the information to be protected.

A)The information needs to be placed in a secure, central area.
B)The information needs to be encrypted.
C)The information needs to be classified in terms of its value to the organization.
D)The information needs to be depreciated.

A)an information rights management software.
B)a data loss prevention software.
C)a digital watermark.
D)a stop leak software.

A)what sensitive information is possessed by the organization.
B)where sensitive information is stored.
C)who has access to sensitive information.
D)All of the above are first steps in protecting privacy.

A)Defense in depth.
B)Time based defense.
C)Continuous monitoring.
D)Synthetic based defense.

A)Provide free credit report monitoring for customers.
B)Inform customers of the option to opt-out of data collection and use of their personal information.
C)Allow customers' browsers to decline to accept cookies.
D)Utilize controls to prevent unauthorized access to, and disclosure of, customers' information.

A)a data masking program."
B)a virtual private network."
C)a private cloud environment."
D)an encryption system with digital signatures."

A)Identification of information to be protected.
B)Backing up the information.
C)Controlling access to the information.
D)Training.

A)Anti-virus software.
B)Data loss prevention software.
C)A digital watermark.
D)Information rights software.

A)data encryptioning.
B)data masking.
C)data wiping.
D)data redacting.

A)speed.
B)private keys.
C)public keys.
D)no need for key exchange.

A)Management.
B)Notice.
C)Choice and consent.
D)Use and retention.

A)Management.
B)Notice.
C)Choice and consent.
D)Use and retention.

A)Shred all documents that contain your personal information.
B)Only print your initial and last name on your personal checks.
C)Monitor your credit reports regularly.
D)Refuse to disclose your social security number to anyone or any organization.

A)Collection.
B)Access.
C)Security.
D)Quality.

A)encryption.
B)tokenization.
C)captcha.
D)cookies.

A)Collection.
B)Access.
C)Security.
D)Choice and consent.

A)telemarketing.
B)spam.
C)direct mail.
D)MLM.

A)Management.
B)Notice.
C)Choice and consent.
D)Use and retention.

A)Management.
B)Notice.
C)Choice and consent.
D)Use and retention.

A)The Health Insurance Portability and Accountability Act (HIPAA).
B)The Health Information Technology for Economic and Clinical Health Act (HITECH).
C)The Gramm--Leach--Bliley Act.
D)The Dodd-Frank Act.

A)2
B)5
C)7
D)10

A)Collection.
B)Access.
C)Security.
D)Quality.

A)Collection.
B)Access.
C)Security.
D)Monitoring and enforcement.

A)VPNs provide the functionality of a privately owned network using the Internet.
B)Using VPN software to encrypt information while it is in transit over the Internet in effect creates private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys.
C)It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network.
D)The cost of the VPN software is much less than the cost of leasing or buying the infrastructure (telephone lines, satellite links, communications equipment, etc.)needed to create a privately owned secure communications network.

A)Encrypted packets cannot be examined by a firewall.
B)Encryption provides for both authentication and non-repudiation.
C)Encryption protects the privacy of information during transmission.
D)Encryption protects the confidentiality of information while in storage.

A)a hashing algorithm.
B)asymmetric key encryption.
C)symmetric key encryption.
D)public key encryption.

A)plaintext.
B)ciphertext.
C)encryption text.
D)private text.

A)a digital certificate.
B)digital authority.
C)encryption.
D)cryptography.

A)the computer was insured against theft.
B)the computer was protected by a password.
C)the data stored on the computer was encrypted.
D)it was unlikely that the thief would know how to access the company data stored on the computer.

A)the public key had been compromised.
B)the private key had been compromised.
C)the symmetric encryption key had been compromised.
D)the asymmetric encryption key had been compromised.

A)asymmetric encryption.
B)encryption.
C)hashing.
D)symmetric encryption.

A)Asymmetric encryption.
B)Symmetric encryption.
C)Hashing encryption.
D)Public key encryption

A)Asymmetric encryption.
B)Digital certificate.
C)Digital signature.
D)Public key.

A)Key length.
B)Policies for managing cryptographic keys.
C)Encryption algorithm.
D)Storage of digital signatures.

A)the user of encrypted data.
B)the provider of encrypted data.
C)both the user and the provider of encrypted data.
D)either the user or the provider of encrypted data.

A)A shared secret key.
B)Faster encryption.
C)Lack of authentication.
D)Separate keys for each communication party.

A)asymmetric encryption.
B)digital certificate.
C)digital signature.
D)public key.

A)Asymmetric encryption and hashing
B)Hashing and packet filtering
C)Packet filtering and encryption
D)Symmetric encryption and hashing

A)different keys; the same key
B)a decrypting algorithm; an encrypting algorithm
C)the same key; two separate keys
D)an encrypting algorithm; a decrypting algorithm

A)a hashing algorithm.
B)symmetric key encryption.
C)asymmetric key encryption.
D)a public key.

A)asymmetric encryption.
B)certificate authority.
C)digital signature.
D)public key infrastructure.

A)A virtual private network connection.
B)A multifactor authentication network connection.
C)A private cloud network connection.
D)An asymmetric encryption system with digital signatures connection.