Deck 2: Compliance: Law and Ethics

​Deterrence is the best method for preventing an illegal or unethical activity.____________

Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy. _________________________

Ethics carry the sanction of a governing authority.

InfraGard began as a cooperative effort between the FBI's Cleveland field office and local intelligence ​professionals.​ ___________

​Due diligence requires that an organization make a valid and ongoing effort to protect others.____________

​It is the responsibility of InfoSec professionals to understand state laws and standards.____________

​The Gramm-Leach-Bliley (GLB)Act (also known as the Financial Services Modernization Act of 1999)contains a number of provisions that affect banks,securities firms,and insurance companies.___________

The Secret Service is charged with the detection and arrest of any person committing a U.S.federal offense relating to computer fraud,as well as false identification crimes.

ISACA is a professional association with a focus on authorization,control,and security.___________

​A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information.____________

An organization increases its _____________ if it refuses to take measures-due care-to make sure that every employee knows what is acceptable and what is not,and the consequences of illegal or unethical actions.

Discuss the three general categories of unethical behavior that organizations should try to control.

Ethics are based on ___________________,which are the relatively fixed moral attitudes or customs of a societal group.

Information ____________ occurs when pieces of non-private data are combined to create information that violates privacy.​

___________________ is a subset of civil law that allows individuals to seek redress in the event of personal,physical,or financial injury.

The branch of philosophy that considers nature,criteria,sources,logic,and the validity of moral judgment is known as ___________.

Briefly describe five different types of laws.

The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the information obtained and whether the offense is judged to have been committed for one of three reasons. What are those reasons?

The Computer Security Act charges the National Bureau of Standards,in cooperation with the National Security Agency (NSA),with the development of five standards and guidelines establishing minimum acceptable security practices. What are three of these principles?

The act of attempting to prevent an unwanted action by threatening punishment or retaliation on the instigator if the act takes place is known as ___________.

Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions?

Describe the Freedom of Information Act. How does its application apply to federal vs.state agencies?

What is the key difference between law an ethics?

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
regulates the structure and administration of government agencies and their relationships with citizens,employees,and other governments

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
a collection of statutes that regulates the interception of wire,electronic,and oral communications​

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices

A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear of legal retribution?

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
focuses on enhancing the security of the critical infrastructure in the United States

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
an approach that applies moral codes to actions drawn from realistic situations

Describe three of the five foundations and frameworks of ethics.

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
defines socially acceptable behaviors

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
addresses violations harmful to society and is actively enforced and prosecuted by the state

​a. criminal law
b. public law
c. ethics
d. Computer Security Act (CSA)
e. Electronic Communications Privacy Act
f. Cybersecurity Actg. normative ethicsh. applied ethics
the study of what makes actions right or wrong,also known as moral theory