Management of Information Security 4th Edition Free Pdf. MANAGEMENT OF INFORMATION SECURITY, Fourth Edition gives students an overview of. Management of Information Security, 5th + Security Awareness: Applying Practical Security. Ebooks Management Of Information Security 4th Edition Free Download Pdf, Free Pdf Books Management Of. Download Pdf, Free Pdf Management Of Information Security 5th Edition Download Guideline For Roles & Responsibilities In Information. Title roles in information asset management document id isms/gl/003 date status. Dec 16, 2017 - Book title: Management Of Information Security, 5th Edition. Feel free to challenge other students and the instructor, but do it in a respectful. Download Pdf, Free Pdf Management Of Information Security 5th Edition Download Management Of Information Security, 4security, 4 Edition management of information security, 4security, 4th edition chapter 12chapter 12 law and ethics. Download Management Information Systems Laudon 5th Edition free pdf, Download Management Information Systems Laudon 5th Edition Pdf, Read Online Management. At a university: a case study in information security Not For Sale Or Distribution 2011 Jones & Bartlett. Jones & bartlett learning, llc not for sale or distribution jones. The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Students will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management.
Description
Chapter 12: Law and Ethics
TRUE/FALSE
1. Ethics carry the sanction of a governing authority.
ANS: F PTS: 1 REF: 447
2. The current law regarding nationwide search warrants for e-mail requires the government to use a search warrant to compel a provider to disclose unopened e-mail that is more than six months old.
ANS: F PTS: 1 REF: 453
3. The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes.
ANS: T PTS: 1 REF: 478
4. An item does not become evidence until it is formally admitted to evidence by a judge or other ruling official.
ANS: T PTS: 1 REF: 479
5. Using standard digital forensics methodology, the first step is to analyze the EM data without risking modification or unauthorized access.
ANS: F PTS: 1 REF: 480
MULTIPLE CHOICE
1. Which type of law regulates the relationships among individuals and among individuals
and organizations?
a. tort c. private
b. criminal d. public
and organizations?
a. tort c. private
b. criminal d. public
ANS: C PTS: 1 REF: 447
2. Which law addresses privacy and security concerns associated with the electronic transmission of PHI?
a. USA Patriot Act of 2001
b. American Recovery and Reinvestment Act
c. Health Information Technology for Economic and Clinical Health Act
d. National Information Infrastructure Protection Act of 1996
a. USA Patriot Act of 2001
b. American Recovery and Reinvestment Act
c. Health Information Technology for Economic and Clinical Health Act
d. National Information Infrastructure Protection Act of 1996
ANS: C PTS: 1 REF: 449
3. The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following?
a. For purposes of commercial advantage
b. For private financial gain
c. For political advantage
d. In furtherance of a criminal act
a. For purposes of commercial advantage
b. For private financial gain
c. For political advantage
d. In furtherance of a criminal act
ANS: C PTS: 1 REF: 450
4. Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federal computer system?
a. The Telecommunications Deregulation and Competition Act
b. National Information Infrastructure Protection Act
c. Computer Fraud and Abuse Act
d. The Computer Security Act
a. The Telecommunications Deregulation and Competition Act
b. National Information Infrastructure Protection Act
c. Computer Fraud and Abuse Act
d. The Computer Security Act
ANS: D PTS: 1 REF: 455
5. Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications?
a. The Electronic Communications Privacy Act of 1986
b. The Telecommunications Deregulation and Competition Act of 1996
c. National Information Infrastructure Protection Act of 1996
d. Federal Privacy Act of 1974
a. The Electronic Communications Privacy Act of 1986
b. The Telecommunications Deregulation and Competition Act of 1996
c. National Information Infrastructure Protection Act of 1996
d. Federal Privacy Act of 1974
ANS: A PTS: 1 REF: 456
6. Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them?
a. ECPA
b. Sarbanes-Oxley
c. HIPAA
d. Gramm-Leach-Bliley
a. ECPA
b. Sarbanes-Oxley
c. HIPAA
d. Gramm-Leach-Bliley
Management Of Information Security 5th Edition Pdf Free Download For Pc
ANS: C PTS: 1 REF: 457
7. In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation?
a. Report the findings to the proper authority
b. Acquire (seize) the evidence without alteration or damage
c. Identify relevant items of evidentiary value (EM)
d. Analyze the data without risking modification or unauthorized access
a. Report the findings to the proper authority
b. Acquire (seize) the evidence without alteration or damage
c. Identify relevant items of evidentiary value (EM)
d. Analyze the data without risking modification or unauthorized access
ANS: C PTS: 1 REF: 480
8. Which law extends protection to intellectual property, which includes words published in electronic formats?
a. Freedom of Information Act c. Security and Freedom through Encryption Act
b. U.S. Copyright Law d. Sarbanes-Oxley Act
a. Freedom of Information Act c. Security and Freedom through Encryption Act
b. U.S. Copyright Law d. Sarbanes-Oxley Act
ANS: B PTS: 1 REF: 459
9. Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics?
a. Applied ethics c. Normative ethics
b. Meta-ethics d. Deontological ethics
a. Applied ethics c. Normative ethics
b. Meta-ethics d. Deontological ethics
ANS: D PTS: 1 REF: 467
10. Which of the following is an international effort to reduce the impact of copyright, trademark,
and privacy infringement, especially via the removal of technological copyright protection measures?
a. U.S. Copyright Law
b. PCI DSS
c. European Council Cybercrime Convention
d. DMCA
and privacy infringement, especially via the removal of technological copyright protection measures?
a. U.S. Copyright Law
b. PCI DSS
c. European Council Cybercrime Convention
d. DMCA
ANS: D PTS: 1 REF: 463
11. Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right?
a. Applied ethics c. Normative ethics
b. Descriptive ethics d. Deontological ethics
a. Applied ethics c. Normative ethics
b. Descriptive ethics d. Deontological ethics
ANS: B PTS: 1 REF: 467
'Queen Sugar' tells the story of the estranged Bordelon siblings in Louisiana. At the center of the family are Nova, a journalist and activist; Charley, the wife. TV Show Queen of the South (season 1, 2, 3) download full episodes and watch in HD (480p, 720p, 1080p.mp4,.mkv,.avi) quality free, without registration. Critic Consensus: With an authenticity of culture and place and strong performances throughout, Queen Sugar rises above melodrama in this alluring, unhurried. Queen sugar 1 temporada download torrent. Episode - 1: A Rock; A River; A Tree. Download 720p Download 480p. Charley's opening celebration for the Queen Sugar Mill suffers a setback, and Nova. The contemporary drama Queen Sugar, set in Louisiana, chronicles the lives and loves of the estranged Bordelon siblings.
12. Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community?
a. utilitarian c. fairness or justice
b. virtue d. common good
a. utilitarian c. fairness or justice
b. virtue d. common good
ANS: D PTS: 1 REF: 469
13. There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them?
a. ignorance c. accident
b. malice d. intent
a. ignorance c. accident
b. malice d. intent
ANS: B PTS: 1 REF: 472
14. Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls.
a. remediation c. persecution
b. deterrence d. rehabilitation
a. remediation c. persecution
b. deterrence d. rehabilitation
ANS: B PTS: 1 REF: 472
15. Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals.
a. (ISC)2 c. SANS
b. ACM d. ISACA
a. (ISC)2 c. SANS
b. ACM d. ISACA
ANS: A PTS: 1 REF: 473
16. Which of the following is compensation for a wrong committed by an employee acting with
or without authorization?
a. liability c. due diligence
b. restitution d. jurisdiction
or without authorization?
a. liability c. due diligence
b. restitution d. jurisdiction
ANS: B PTS: 1 REF: 476
17. Which of the following allows investigators to determine what happened by examining the results of an event—criminal, natural, intentional, or accidental?
a. root cause analysis c. forensics
b. e-discovery d. evidentiary procedures
a. root cause analysis c. forensics
b. e-discovery d. evidentiary procedures
ANS: C PTS: 1 REF: 478
18. Any court can impose its authority over an individual or organization if it can establish which of the following?
a. jurisprudence c. liability
b. jurisdiction d. sovereignty
a. jurisprudence c. liability
b. jurisdiction d. sovereignty
ANS: B PTS: 1 REF: 476
19. Which two approaches are available to an organization when employing digital forensics?
a. Protect and forget; Apprehend and prosecute
b. Protect and defend; Apprehend and pursue
c. Patch and proceed; Protect and forget
d. Pursue and prosecute; Identify and apprehend
a. Protect and forget; Apprehend and prosecute
b. Protect and defend; Apprehend and pursue
c. Patch and proceed; Protect and forget
d. Pursue and prosecute; Identify and apprehend
ANS: A PTS: 1 REF: 479
20. Which type of document grants formal permission for an investigation to occur?
a. affidavit c. evidentiary report
b. search warrant d. forensic concurrence
a. affidavit c. evidentiary report
b. search warrant d. forensic concurrence
ANS: B PTS: 1 REF: 480
21. Which Amendment to the U.S. Constitution starts with: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated?
a. First c. Third
b. Second d. Fourth
a. First c. Third
b. Second d. Fourth
ANS: D PTS: 1 REF: 455
22. Which document must be changed when evidence changes hands or is stored?
a. chain of custody c. affidavit
b. search warrant d. evidentiary material
a. chain of custody c. affidavit
b. search warrant d. evidentiary material
ANS: A PTS: 1 REF: 482
COMPLETION
1. ___________________ is a subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury.
ANS: tort law
PTS: 1 REF: 447
2. Ethics,are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal group.
ANS: cultural mores
PTS: 1 REF: 447
3. An organization increases its _____________ if it refuses to take measures—due care—to make sure that every employee knows what is acceptable and what is not, and the consequences of illegal or unethical actions.
ANS: liability
PTS: 1 REF: 476
4. The first component of the analysis phase is ___________, which allows the investigator to quickly and easily search for a specific type of file.
ANS: indexing
PTS: 1 REF: 482
5. In InfoSec, most operations focus on __________, which are those documents that provide managerial guidance for ongoing implementation and operations.
ANS: policies
PTS: 1 REF: 483
MATCHING
a. criminal law f. Cybersecurity Act
b. public law g. normative ethics
c. ethics h. applied ethics
d. Computer Security Act (CSA) i. e-discovery
e. Electronic Communications Privacy Act j. digital forensics
b. public law g. normative ethics
c. ethics h. applied ethics
d. Computer Security Act (CSA) i. e-discovery
e. Electronic Communications Privacy Act j. digital forensics
1. one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices
2. focused on enhancing the security of the critical infrastructure in the United States
3. an approach that applies moral codes to actions drawn from realistic situations
4. used prior to the initiation of legal proceedings, falls under the umbrella of incident response
5. a collection of statutes that regulates the interception of wire, electronic, and oral communications
6. regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments
7. the identification and preservation of EM related to a specific legal action
8. the study of what makes actions right or wrong, also known as moral theory
9. addresses violations harmful to society and is actively enforced and prosecuted by the state
10. define socially acceptable behaviors
1. ANS: D PTS: 1 REF: 454
2. ANS: F PTS: 1 REF: 462
3. ANS: H PTS: 1 REF: 467
4. ANS: J PTS: 1 REF: 479
5. ANS: E PTS: 1 REF: 456
6. ANS: B PTS: 1 REF: 447
7. ANS: I PTS: 1 REF: 479
8. ANS: G PTS: 1 REF: 467
9. ANS: A PTS: 1 REF: 447
10. ANS: C PTS: 1 REF: 447
SHORT ANSWER
1. Briefly describe five different types of laws.
ANS:
1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations.
2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state.
3. Tort law is a subset of civil law which allows individuals to seek recourse against others in the event of personal, physical, or financial injury.
4. Private law regulates the relationships among individuals and among individuals and organizations, and encompasses family law, commercial law, and labor law.
5. Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law.
1. Civil law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations.
2. Criminal law addresses violations harmful to society and is actively enforced and prosecuted by the state.
3. Tort law is a subset of civil law which allows individuals to seek recourse against others in the event of personal, physical, or financial injury.
4. Private law regulates the relationships among individuals and among individuals and organizations, and encompasses family law, commercial law, and labor law.
5. Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law.
PTS: 1 REF: 447
2. Describe the 5 stage methodology an organization should follow in an investigation.
ANS:
In digital forensics, all investigations follow the same basic methodology:
1. Identify relevant items of evidentiary value (EM)
2. Acquire (seize) the evidence without alteration or damage
3. Take steps to assure that the evidence is at every step verifiably authentic at every step and is unchanged from the time it was seized
4. Analyze the data without risking modification or unauthorized access
5. Report the findings to the proper authority
In digital forensics, all investigations follow the same basic methodology:
1. Identify relevant items of evidentiary value (EM)
2. Acquire (seize) the evidence without alteration or damage
3. Take steps to assure that the evidence is at every step verifiably authentic at every step and is unchanged from the time it was seized
4. Analyze the data without risking modification or unauthorized access
5. Report the findings to the proper authority
PTS: 1 REF: 480
3. Discuss the three general categories of unethical behavior that organizations should try to control.
ANS:
Ignorance:
Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is education. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them. Reminders, training, and awareness programs support retention, and one hopes, compliance.
Ignorance:
Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is education. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them. Reminders, training, and awareness programs support retention, and one hopes, compliance.
Accident:
Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. The careful placement of controls can help prevent accidental modification to systems and data.
Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. The careful placement of controls can help prevent accidental modification to systems and data.
Intent:
Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built upon whether or not the accused acted out of ignorance, by accident, or with the intent to cause harm or damage. Deterring those with criminal intent is best done by means of litigation, prosecution, and technical controls. Intent is only one of several factors to consider when determining whether a computer-related crime has occurred.
Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built upon whether or not the accused acted out of ignorance, by accident, or with the intent to cause harm or damage. Deterring those with criminal intent is best done by means of litigation, prosecution, and technical controls. Intent is only one of several factors to consider when determining whether a computer-related crime has occurred.
PTS: 1 REF: 472
4. Laws and policies and their associated penalties only deter if three conditions are present. What are these conditions?
ANS:
Fear of penalty—Threats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay.
Probability of being caught—There must be a strong possibility that perpetrators of illegal or unethical acts will be caught.
Probability of penalty being administered—The organization must be willing and able to impose the penalty.
Fear of penalty—Threats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay.
Probability of being caught—There must be a strong possibility that perpetrators of illegal or unethical acts will be caught.
Probability of penalty being administered—The organization must be willing and able to impose the penalty.
PTS: 1 REF: 472
5. What is the key difference between law an ethics?
ANS:
The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not.
The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not.
PTS: 1 REF: 447
6. The penalty for violating the National Information Infrastructure Protection Act of 1996 depends on the value of the information obtained and whether the offense is judged to have been committed for one of three reasons. What are those reasons?
ANS:
For purposes of commercial advantage
For private financial gain
In furtherance of a criminal act
For purposes of commercial advantage
For private financial gain
In furtherance of a criminal act
PTS: 1 REF: 450
7. The CSA charges the National Bureau of Standards, in cooperation with the National Security Agency (NSA), with the development of five standards and guidelines establishing minimum acceptable security practices. What are three of these principles?
ANS:
Standards, guidelines, and associated methods and techniques for computer systems
Standards, guidelines, and associated methods and techniques for computer systems
Uniform standards and guidelines for most federal computer systems
Technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in federal computer systems
Guidelines for use by operators of federal computer systems that contain sensitive information
in training their employees in security awareness and accepted security practice
in training their employees in security awareness and accepted security practice
Validation procedures for, and evaluation of the effectiveness of, standards and guidelines
through research and liaison with other government and private agencies
through research and liaison with other government and private agencies
PTS: 1 REF: 454-455
8. Describe the Freedom of Information Act. How does its application apply to federal vs. state agencies?
ANS:
All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute. FOIA applies only to federal agencies and does not create a right of access to records held by Congress, the courts, or by state or local government agencies. Each state has its own public access laws that should be consulted for access to state and local records.
All federal agencies are required under the Freedom of Information Act (FOIA) to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute. FOIA applies only to federal agencies and does not create a right of access to records held by Congress, the courts, or by state or local government agencies. Each state has its own public access laws that should be consulted for access to state and local records.
PTS: 1 REF: 459
9. A key difference between policy and law is that ignorance of policy is a viable defense. What steps must be taken to assure that an organization has a reasonable expectation that policy violations can be appropriately penalized without fear of legal retribution?
ANS:
Policies must be:
Distributed to all individuals who are expected to comply with them
Readily available for employee reference
Easily understood, with multilingual translations and translations for visually impaired or low-literacy employees
Acknowledged by the employee, usually by means of a signed consent form
Uniformly enforced for all employees
Policies must be:
Distributed to all individuals who are expected to comply with them
Readily available for employee reference
Easily understood, with multilingual translations and translations for visually impaired or low-literacy employees
Acknowledged by the employee, usually by means of a signed consent form
Uniformly enforced for all employees
PTS: 1 REF: 466
10. Describe three of the five foundations and frameworks of ethics.
ANS:
Normative ethics—The study of what makes actions right or wrong, also known as moral theory—that is, how should people act?
Meta-ethics—The study of the meaning of ethical judgments and properties—that is, what is right?
Descriptive ethics—The study of the choices that have been made by individuals in the past—that is, what do others think is right?
Applied ethics—An approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice.
Deontological ethics—The study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as dutybased or obligation-based ethics. This approach seeks to define a person’s ethical duty.
Normative ethics—The study of what makes actions right or wrong, also known as moral theory—that is, how should people act?
Meta-ethics—The study of the meaning of ethical judgments and properties—that is, what is right?
Descriptive ethics—The study of the choices that have been made by individuals in the past—that is, what do others think is right?
Applied ethics—An approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice.
Deontological ethics—The study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as dutybased or obligation-based ethics. This approach seeks to define a person’s ethical duty.
PTS: 1 REF: 467
- JavaScript Not DetectedJavaScript is required to view textbook solutions.
- Step 1 of 2Information security management:It is defined as the system which controls and implements thesecurity of confidential and sensitive information. Protects theassets and information from threats and vulnerability. It includesthe systems and different hardware's to secure the information.
- Step 2 of 2Thethree other things that C could recommend to I are asfollows:• Differentiate between information security managers andprofessionals, IT managers and professionals, and non-technicalprofessionals.• The Information Security (InfoSec) Community: Itprotects all the valuable information of an organization fromserious threats which they face. It includes IT professionals andmanagers whose prime responsibility is to secure theinformation.• The Information Technology (IT) Community: ThisCommunity supports the objectives of a business by providing ITsupport and supply to the business needs. It includes ITprofessional who provide information technologies and supply otherresources.The above three things are recommended by CH to I to hire aproject manager who has security skills in order to achieve adesired objective with the help of various activities and it helpsin accomplishing of tasks easily.