Secure Computing Chapter 15
Terms in this set (31)
Information regulated under the Sarbanes-Oxley Act is ________.
corporate financial information
Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________.
Tier C violations under the HITECH Act are ________.
violations due to willful neglect that the organization ultimately corrected
The ________________,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology.
Which regulating agency has oversight for the Children's Internet Protection Act?
____________ is a person's right to control the use and disclosure of his or her own personal information.
Social Security numbers, financial account numbers, credit card numbers, and date of birth are examples of __________ as stipulated under GLBA.
FERPA allows a special category of personally identifiable information to be disclosed without student consent. A school can do this so long as it has given notice to the student that it will disclose this information. This category of information is called _____________.
The ____________________ is responsible for FISMA compliance.
Office of Management and Budget (OMB)
The HITECH Act defined a tiered system for assessing the level of each HIPAA privacy violation and, therefore, its penalty. Tier B includes ________.
violations due to reasonable cause, but not "willful neglect"
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations.
The regulating agency for the Federal Information Systems Management Act is the ________.
Office of Management and Budget
FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________.
FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________.
security awareness training
What name is given to patient health information that is computer based?
electronic protected health information (EPHI)
What is meant by protected health information (PHI)?
Any individually identifiable information about the past, present, or future health of a person. It includes mental and physical health data.
An addressable implementation specification under HIPPA must be used if it's _______________
reasonable and appropriate
What elements must a written GLBA information security program include?
Technical safeguards, Physical safeguards, Administrative safeguards, and a designated employee to run the program.
What tyopes of companies must follow all Sarbanes-Oxley Act provisions?
CIPA requires a library to be able to disable the TPM for some situations.
What law governs the release of student information?
What is the maximum yearly fine for a violation of the HIPPA privacy or Security rule?
The U.S. has one comprehensive data protection law.
What must an educational institution get prior to releasing student personal information to a third party?
Who is considered a "minor" under CIPA?
Anyone under the age of 17
What is personally identifiable information?
Data that can be used to individually identify a person. It includes Social Security numbers, driver's license, financial account data, and health data.
FISMA requires federal agencies to test their information security controls every six months.
What is the main goal of the Sarbanes-Oxley Act?
To protect shareholders and investors from financial fraud. SOX also was designed to restore investor faith in American stock markets
What option must be included in a GLBA privacy practices notice
A HIPAA breach is a breach of ________________ PHI.
How many steps are there in the NIST Risk Management Framework?
YOU MIGHT ALSO LIKE...
Auditing & Attestation (AUD) | CPA Exam
Records Mgmt - Chapter 2
OTHER SETS BY THIS CREATOR
Secure Computing Chapter 12
Secure Computing Chapter 14
Secure Computing Chapter 13