57. Exposing employee and customer personal data to an untrusted environment is an example of:
a. data spam.
b. data phishing.
c. data adware.
d. data breach.
ANS: D
RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. Data breaches expose the employee and/or customer personal data.
58. Data breaches lead to:
a. the physical damage of a personal computer.
b. the loss of business opportunity.
c. the decreased customer support cost for information hotlines.
d. the decreased customer support cost for credit monitoring services.
ANS: B
RATIONALE: Data breaches involving large databases of personal information are all too common. The cost to an organization that suffers a data breach can be quite high, including lost business opportunity associated with customers whose patronage has been lost due to the incident, public relations–related costs to manage the firm’s reputation, and increased customer support costs for information hotlines and credit monitoring services for victims.
59. Which of the following requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the chief executive officer and the chief financial officer attesting the accuracy of the information provided in the reports?
a. Smooth adoption of information technology
b. Smooth introduction of information technology
c. Diffusion of innovation Act
d. Section 404 of the Sarbanes-Oxley Act
ANS: D
RATIONALE: Section 404 of the Sarbanes-Oxley Act requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the chief executive officer and the chief financial officer attesting that the information contained in the reports is accurate. The company also must submit to an audit to prove that it has controls in place to ensure accurate information.
60. An organization has to submit an audit to prove that it has accurate information on their assets. This is done to be in accordance to the:
a. Section 906 of the Sarbanes-Oxley Act.
b. Section 404 of the Sarbanes-Oxley Act.
c. Section 802 of the Sarbanes-Oxley Act.
d. Section 301 of the Sarbanes-Oxley Act.
ANS: B
RATIONALE: Section 404 of the Sarbanes-Oxley Act requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the CEO and CFO attesting that the information contained in the reports is accurate. The company also must submit to an audit to prove that it has controls in place to ensure accurate information.
61. Hackers carry out a denial-of-service attack on an organization’s Web site. This leads to the:
a. violation of legally mandated procedures for controlling information technology assets.
b. violation of generally accepted accounting principles.
c. inability to continue operations due to a deliberate attack on the information technology assets.
d. theft of computers from a corporate training facility.
ANS: C
RATIONALE: Hackers carry out a denial-of-service attack on an organization’s Web site. This leads to the inability to continue the information technology (IT) operations due to a deliberate attack on the IT assets.
62. Which of the following scenarios best describes the violation of legally mandated procedures for controlling the information technology (IT) assets?
a. IT system controls are inadequate to meet specific federal Sarbanes-Oxley guidelines that require companies to maintain the integrity of financial data.
b. IT system controls are violated so that the same person can both initiate a purchase order and approve the invoice for that purchase order.
c. Employees waste time at work visiting Web sites unrelated to their work.
d. Hackers access and download customer data, including account numbers, and carry out a denial-of-service attack on an organization’s Web site.
ANS: A
RATIONALE: Information technology (IT) system controls are inadequate to meet specific federal Sarbanes-Oxley guidelines that require companies to maintain the integrity of financial data. This is an example of violating legally mandated procedures for controlling IT assets.
63. Employees of Jackshay Corp. misuse their time by viewing online shopping Web sites that is unrelated to their job. This leads to:
a. violation of generally accepted accounting principles.
b. violation of the organization’s defined procedures and/or accounting practices.
c. compromise of confidential data regarding organizational plans, products, or services.
d. inappropriate use of information technology resources that reduces worker productivity.