Upgrade to remove ads
Drew Exam 4
Terms in this set (50)
What is provided in Article 8 of the European Convention for the Protection of Human Rights and
The right to respect for an individual's privacy and family life.
Which country had opted NOT to join the European Economic Area but passed its own omnibus
Under the US Children's Online Privacy Protection Act (COPPA), which of the following is FALSE?
COPPA provides complete preventive measures against the potential abuse of children's personal information online.
Which of the following is (are) the standard(s) for IS security and controls? (Check all that apply)
Which is a concept provided for in the 1973 Code of Fair Information Practices?
There must be a way for a person access to correct or amend a record of identifiable information.
Which international organization published a set of privacy principles entitled "Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data"?
Organisation for Economic Cooperation and Development.
Which statement is considered a best practice regarding information security governance?
Ultimately, security is about people.
What is the definition of a data controller?
An enitity that holds personal data and determines the purpose of use.
Which was the first Latin American country to grant citizens the right to access their personal
Which model is used for privacy protection in the European Union?
Which is NOT an example of privacy notice?
A spreadsheet containing specific product names and general descriptions.
Two of the four categories of data protection and privacy law and practices are informational privacy
Which jurisdiction limits its privacy protections to those established only by sector-specfic statutes?
Which new data element with new privacy-related issues has emerged in the telecommunications sector?
Data confidentiality, Data Availability, and what other attribute comprise the three key attributes of
information auditing and monitoring?
An internal statement for users of personal information that defines the handling practices of the
personal information is known as:
Most security breeches occur during the ______ of the information life cycle.
What is a first-party cookie?
A cookie that is set and read by the web server hosting the website the user is
What kind of information security control is an incident response procedure?
What are the three main sources of personal information?
Public records, publicly available information and non-public information.
Which of the following requires libraries and schools receiving Federal funds to regulate access by
minors (under 17) to "harmful" speech on the Internet?
Which characteristic completes the following list of the five essential characteristics of cloud
computing: on-demand self-service, broad network access, measured service, rapid elasticity and
In "phishing" which practices are used to collect personal information?
Fake e-mails contain links to websites that only appear to be genuine and request
Use of a smart card would be identified as what type of safeguard?
Which of these elements may be considered personal information?
Information about a company's leads or prospects.
Which measures have been adopted by major search engine firms to address privacy concerns
specific to search technologies?
Searches are anonymized after a defined period of time.
According to the EU Data Protection Directive, what three elements are essential characteristics of
A freely-given, specific and informed indication.
Which statement is NOT true under Personal Information Protection and Electronic Documents Act
The Canadian privacy commissioner only investigates compliants regarding public companies.
What safeguards should be implemented under the Gramm-Leach- Billey Act (GLBA) to protect data?
Monitor and implement test controls internally and with third parties.
Role-based access controls are based on what basic security principle?
Access should be granted to employees on the basis of the lowest possible level.
Which standard web protocol allows for a peer's identity to be authenticated prior to a connection
Secure Sockets Layer.
What is an example of passive data collection on a website?
According to the Asia-Pacific Economic Cooperation privacy principles, individuals must be able to do
all of the following except
access the personal information of the personal information controller.
What types of laws are designed to restrict access to financial information?
Credit monitoring laws.
The two sector-specific privacy regulations enforced in the United States are the Gramm-Leach- Billey
the Health Insurance Portability and Accountability Act.
What is NOT a privacy risk raised by the use of smart grid technology?
Energy use could increase due to continuous monitoring by energy companies.
Safe Harbor violations are enforced by the Federal Trade Commission and what other government
The U.S Department of Transportation.
The use of personal information should follow what primary principle?
Personal information should be limited to the purposes identified in the notice.
What is NOT a best practice for organizations managing a social media page?
Support anonymous positive posts by employees on the organization's social media page to help offset negative posts by customers.
Which is NOT a method used for combating spam?
What is an XML document-formatted, machine-readable method for producing online privacy policies?
Effective security risk management balances the potential for loss with what cost?
The cost of security protection and
Which of the following is (are) considered personal information in the EU? (Check all that apply)
Which threat to online privacy includes malicious code that is unwittingly incorporated into a website's
own source code?
What is the purpose of Transmission Control Protocol?
Enables devices to establish a connection and exchange data.
What must be included in a privacy impact assessment?
The attributes of the data collected.
A privacy notice does NOT relate to which principle of the information lifecycle?
Monitoring and enforcement.
Under Mexico's Federal Data Protection law, what is required for cross-border data transfers?
Receiver assumes the same responsibilities as the transferring person.
Which human resources data element is not generally considered personal data?
An internal statement that governs an organization's handling practices of personal information.
YOU MIGHT ALSO LIKE...
OTHER SETS BY THIS CREATOR
CISA ch 1
Drew Exam 5
OTHER QUIZLET SETS
General Psychology, SBU, Dr DuVall, Exam 2
Semester Test English Composition Examples
French Sentences and Phrases April 2021 Part 3