CHAPTER SUMMARY

In this chapter, you read about several scenarios in which access control is mandated by law and others in which controlling access to information is critical to achieving basic business goals. You learned about best practices, standards, policies, and procedures for implementing an access control policy. Finally, you explored several case studies that illustrate the concepts discussed in this chapter.

Key Concepts and Terms

21 CFR Part 11

Americans with Disabilities Act (ADA)

Best practice

Children’s Internet Protection Act (CIPA)

Communications Assistance for Law Enforcement Act (CALEA)

Directory information

Electronic protected health information (EPHI)

Family Educational Rights and Privacy Act (FERPA)

Gramm-Leach-Bliley Act (GLBA)

Health Information Technology for Economic and Clinical Health (HITECH) Act

Health Insurance Portability and Accountability Act (HIPAA)

Homeland Security Presidential Directive 12 (HSPD 12)

Human machine interface (HMI)

North American Electric Reliability Council (NERC)

Programmable logic controller (PLC)

Protected health information (PHI)

Remote terminal unit (RTU)

Sarbanes-Oxley (SOX) Act

Supervisory control and data acquisition (SCADA)

CHAPTER 14 ASSESSMENT

  1. In IT, it is imperative that you keep up to date with regulatory compliance laws.
    1. True
    2. False
  2. The Gramm-Leach-Bliley Act regulates which industry?
    1. Health Care
    2. Energy
    3. Financial services
    4. Automobile
    5. Education
  3. A company regulated by GLBA is only required to protect against proven security threats, not perceived threats.
    1. True
    2. False
  4. HIPAA regulates which industry?
    1. Health care
    2. Energy
    3. Financials
    4. Automobile
    5. Education
  5. Protected health information is interpreted very broadly and includes all of an individual’s medical records and payment history.
    1. True
    2. False
  6. The HIPAA Security Rule requires a set of _________, technical, and physical safeguards to electronic protected health information (EPHI).
  7. The Sarbanes-Oxley Act regulates all _________ companies.
  8. The Family Educational Rights and Privacy Act establishes a student’s right to know the information, location, and purpose of an educational record.
    1. True
    2. False
  9. Which regulation defines a standard for electronic records and signatures?
    1. Children’s Internet Protection Act
    2. 21 CFR Part 11
    3. HIPAA
    4. Sarbanes-Oxley
    5. HSPD 12
  10. A(n) __________ policy describes the actions that users may and may not take using the organization’s IT resources.
  11. _________ are a collection of suggestions and best practices.

Endnote

1. Federal Register, 16 CFR Part 314, 67 (100): 36488.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.127.141