This website uses cookies to ensure you have the best experience. Learn more

Principles Of Information Security Chapter 3 Review

1301 words - 6 pages

Chapter 3 Review
1. What is the difference between law and ethics?
The difference between law and ethics is that law is a set of rules and regulations that are universal and should be accepted and followed by society and organizations. Ethics on the other hand was derived from the latin word mores and Greek word Ethos means the beliefs and customs that help shape the character of individuals and how people interact with one another
2. What is civil law, and what does it accomplish?
A wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organisational and entities and people.
3. What are the primary examples of public law?
...view middle of the document...

The act requires organisations that retain health-care information to use information security information security mechanisms to protect information, as well as policies and procedures to maintain this security. HIPPAA provides guidelines for the use of electronic signatures based on security standards that ensure message integrity, user authentication and nonrepudiation.
8. If you work for a financial service organisation such as bank or credit union, which 1999 law affects your use of customer data? What other affects does it have?
The law from 1999 that affects the use of customer data by financial institutions is the Financial Services Modernisation Act or Gramm-Leah-Bliley Act of 1999. Specifically, this act requires all financial institutions to disclose their privacy policies on the sharing of non-public personal information. It also requires due notice to customers, so that they can request that their information not be shared with third parties. In addition, the act ensures that the privacy policies effect in an organisation are both fully disclosed when a customer initiates a business relationship, and distributed at least annually for the duration of the professional association.
9. What is the primary purpose of the USA PATRIOT ACT?
The purpose of the USA Patriot Act is to deter and punish terrorist acts in the united States and around the world, and to enhance law enforcement investigatory tools.
10. Which 1997 law provides guidance on the use of encryption?
The Security and Freedom through Encryption Act of 1997
11. What is intellectual property? Is it afforded the same protection in every country of the world? What laws currently protect it in the United States and Europe?
Intellectual property is recognised as a protected asset in the United States. The U.S Copyright laws extend this privilege to the published word, including electronic formats. Fair use of copyrighted materials includes their use to support news reporting, teaching, scholarship, and a number of other related activities, so long as the use if for educational or library purposes, not for profit, and is not excessive. As long as proper acknowledgement is provided to the original author of such works, including a proper description of the location of source materials(citation) and the work is not represented as one’s own, it is entirely permissible to include portions of someone else’s work as reference.

The laws that currently protect it in the United States and Europe are the; Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) and Digital Millennium Copyright Act (DMCA).
12. How does the Sarbanes-Oxley Act of 2002 affect information security managers?
Executives working in firms covered by this law will seek assurance on the reliability and quality of information systems from senior information technology managers. In turn, IT managers will likely ask information security managers to verify the...

Other Papers Like Principles of Information Security Chapter 3 Review

Principles Of Information Security Essay

3291 words - 14 pages suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Implementing Information Security 467 3. What categories of constraints to project plan implementation are noted in the chapter? Explain each of them. 4

Principles Of Information Security Essay

307 words - 2 pages 1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. Each of the three elements in the C.I.A. triangle, introduced in Chapter 1, is an

Principles of Security 5th Edition Chapter 1 Review Questions

844 words - 4 pages make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security? If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both to hardware and software. The infrastructure must be protected to allow only authorized user to have access to the network. 4. What type of

Principles of Information-Systems Security

923 words - 4 pages objectives of the information security plan. For instance, technologies can be used to monitor and track who is accessing specific documents and content, and how frequently. Some machine-readable security labels can be applied in a manner that they are unrecognizable to the human eye. Giving account for all items to be secured is just one of the many levels of having a strong security system. To conclude I wish to remind you that there isn’t a

Information Security Chap 4 Review

3080 words - 13 pages use this information to create a list of threats, each one ranked according to the importance of the information assets that it threatens. 3. Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? Each community of interest has a role to play in managing the risks that an organization encounters. Because the members of the information security

Chapter 3 Ghatt Chart Review Questions

697 words - 3 pages Review Questions - Chapter 3 Page 77 1. Contrast the following terms: a) Critical path scheduling, Gantt network diagramming, slack time Network diagramming is a critical path scheduling technique whose sequence of task activities directly affect the completion date of a project. A major strength for network diagramming is its ability to represent how completion dates can vary for activates or task and is more used that Gantt Charts

Itt Is3550 Legal Issues in Information Security Lab 3

660 words - 3 pages privacy data for credit card transaction processing. Assuming the auditor did indeed perform a PCI DSS security compliance assessment, what is your assessment of the auditor’s findings If compliant they would have implemented proper IP stateful firewalls or maintained their anti-virus program definitions. Also they were required to encrypt all stored sensitive privacy data for research 3. Can CardSystems sue the auditor for not performing his

Chapter 1-3 Computer Structure And Logic Review

2681 words - 11 pages Chapter 1 review questions 1. Which of the following is an example of a PC? The 8088 processor marked the start of the home and office based PC’s given that it had a 1mb address limit making a more efficient machine. 2. Who is credited with the patent of the first computer? John V. Atanasoff was the first person accredited for the invention of the computer due to his use of modern digital switching techniques. 3. In the Von Neumann

Chapter 3 Principle of Marketing

1369 words - 6 pages CHAPTER 3 Jerica Robison Discussing the Concepts 1. Describe the elements of a company’s marketing environment and why marketers play a critical role in tracking environmental trends and spotting opportunities. a. A company’s marketing environment consists of the actors and forces outside marketing that affect marketing management’s ability to build and maintain successful relationships with target customers. Like Xerox, companies

: Ab #1 Fundamentals of Information Systems Security

661 words - 3 pages Assessment Worksheet 15 1 Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Using Zenmap GUI (Nmap) LAb #1 – ASSESSMENT WORKSHEET Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: Fundamentals of Information Security Lab due date: Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the

The Six Principles of Breakthrough Learning (Introduction and Chapter 1)

969 words - 4 pages and documenting improvements as an indicator of the effectiveness of the training. This information could then be used to determine if the training was cost effective based on the returns. 3 -23 The Sixe Principles of Breakthrough Learning    D1-Define will be useful to me because it points out that fact that companies should ensure that trainees understand why they are being trained and that they are provided with

Related Essays

Pricinples Of Information Security, Chapter 3 Review Questions

1536 words - 7 pages Week 2, Chapter 3 Name: ------------------------------------------------- Review Questions p. 114 Assignment 3          1. What is the difference between law and ethics? Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws carry the authority of a governing body, and ethics do not. Ethics in turn are based on

Principles Of Information Security Chapter 1

4922 words - 20 pages Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful

Chapter 1 Introduction To Information Security: Principles Of Information Security

979 words - 4 pages Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability: is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or

Principles Of Information Security Essay

3241 words - 13 pages eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Preface xxi discussion of the key principles of information security, some of which were introduced in Chapter 1: confidentiality, integrity, availability, authentication and