C961 WGU Ethics in Technology quiz with solutions

which systems gather data about individuals? Tracking systems in videos, cookies, google location, facebook tags which action have the courts ruled in favor for (4th amendment) without a reasonable expectation to privacy, there is no privacy right how does customer data impact personal life? job offer, scholarship offer, loan approval information privacy the right to determine when, and to what extent, information about you can be gathered and/or communicated to others data privacy limit access to ones personal data by others communications privacy Ability to communicate with others without those communications being monitored by other persons or organizations concerns about financial data? personal data aren't protected by business, data is shared with other people without consent what are government requirements according to FPA search warrant, authorization signed by customer, subpoena HIPPA requires _____ to function electronic transactions, codes & identifiers HIPPA requires ______ from patients written consent rights included in FERPA? amend educational records, file complaints against school, access educational records, educational records only be disclosed with student consent Penalty for FERPA violations? federal funding cut off COPPA (Children's Online Privacy Protection Act) Requires websites to protect information of children under 13 years of age FERPA Family Educational Rights and Privacy Act GLBA (Gramm-Leach-Bliley Act) Data security in the financial industry FCRA (Fair Credit Reporting Act) an individual who has been denied credit is entitled to a free credit report to determine reason for denial RFPA Right to Financial Privacy Act FACTA - Fair & Accurate Credit Transactions Act Amendment to FCRA. Provides help with identity theft and credit fraud, employee misconduct investigations by third parties. American Recovery and Reinvestment Act (ARRA) privacy provisions to electronic health records Omnibus Crime Control and Safe Streets Act (OCCSSA) to set limits to state & federal law officials who use wiretapping FISA (Foreign Intelligence Surveillance Act) describes procedures for electronic surveillance ECPA (Electronic Communications Privacy Act) protection of communications CALEA (Communications Assistance for Law Enforcement Act) required telecommunications industry to build tools into its products that federal investigators could use What was amended by CALEA? ECPA (electronic communications privacy act USA Patriot Act Antiterrorism law that allowed the government certain rights to help chase and capture terrorists Foreign Intelligence Surveillance Act FISA is a federal statute governing domestic spying. USA Freedom Act (2015) replaced patriot act, banned bulk collection of data, new reporting requirements, extended the expiration of roving wiretaps and lone wolf surveillance authority Wiretap Act regulates the interception of wire (telephone) and oral communications; it allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping, but only under strict limitations PATRIOT Sunsets Extension Act of 2011 4 year extension Fair Information Practices data accuracy OECD (Organization for Economic Cooperation and Development) what is used to compare data to industrialized nations (ethical treatment) European union data protection directive law that requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information us companies that are allowed to process data of EU safe harbor FOIA (Freedom of Information Act) Enables public access to most government records GDPR (General Data Protection Regulation) New European Union law on data protection and privacy for individuals. what information is withheld in FOIA wide ranging searches for records Privacy Act of 1974 regulates the release of personal information about federal employees by federal agencies Security Safeguards focused on unauthorized access, modifications, or disclosure of personal data Purpose Specification focused on specified purpose of data collection tracking software (cookies) used to provide targeted ads offline sources to create personal profiles loyalty shopping card use, frequent flyer points, vehicle registration breach of privacy Unauthorized disclosure of personal information Cyberloafing using the internet at work for personal use Katz v. United States Electronic surveillance; the court held that they must have a warrant to tap your phone or video record you Workers' Privacy 4th amendment provides some privacy to gov. workers BYOD (bring your own device) The practice of allowing users to use their own personal devices to connect to an organizational network. EDR (Event Data Recorder) event data recorder records vehicle and occupant data stalking app Cell phone spy software that can be loaded onto someone's phone to perform location tracking, record calls, view every text message or picture sent or received, and record the URL of any Web site visited. zero-day exploit A cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability. Ransomware Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker computer virus A program code hidden in a system that can later do damage to software or stored data. Computer Worm Self-replicating program designed to carry out some unauthorized activity on a victim's computer. Worms can spread themselves from one computer to another without any assistance from victims. Computer Trojan Horse seemingly harmless program with malicious code hidden (tricked into opening it) logic bomb Computer virus triggered by the appearance or disappearance of specified data/file blended threat is a security threat that combines the characteristics of computer viruses, worms, and other malicious codes with vulnerabilities found on public and private networks. Spam unsolicited email CAN-SPAM Act A federal law that placed guidelines on mass commercial emails. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) A test that uses a word-verification graphic designed to differentiate humans from automated senders during online transactions. DDoS Attack Hacker floods a server with numerous bogus requests through numerous zombies so that legitimate users can no longer access the server Botnet a group of compromised computers or mobile devices connected to a network Computer zombie a computer that is part of a botnet, controlled by a master, and used to launch various types of attacks Rootkit A set of software tools used by an attacker to hide the actions or presence of other types of malicious software. Advanced Persistent Threat (APT) An organized group of attackers who are highly motivated, skilled, and patient. They are often sponsored by a government, are focused on a specific target, and will continue attacking for a very long time until they achieve their goal. Phishing a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail Spear Phishing attacks targeted to specific individuals Smishing Phishing attacks committed using text messages (SMS). Vishing a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information Cyberespionage The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.