Test Bank of Accounting Information Systems 13th Edition By MarshallB.-Romney

Test Bank of Accounting Information Systems 13th Edition By MarshallB.-Romney

Accounting Information Systems, 13e (Romney/Steinbart)
Chapter 9 Confidentiality and Privacy Controls

9.1 Identify and explain controls designed to protect the confidentiality of sensitive corporate information.

1) Identify the type of information below that is least likely to be considered “sensitive” by an organization.
A) financial statements
B) legal documents
C) strategic plans
D) product cost information
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

2) Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of sensitive information?
A) identification of information to be protected
B) backing up the information
C) controlling access to the information
D) training
Answer: B
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

3) Classification of confidential information is the responsibility of whom, according to COBIT5?
A) external auditor
B) information owner
C) IT security professionals
D) management
Answer: B
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

4) True or False: Encryption is one of the many ways to protect information in transit over the internet.
Answer: FALSE
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

5) Classification of confidential information is the responsibility of whom, according to COBIT5?
A) external auditor
B) information owner
C) IT security professionals
D) management
Answer: B
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

6) Encryption is a necessary part of which information security approach?
A) defense in depth
B) time based defense
C) cloud quarantine
D) synthetic defense
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

7) Information rights management software can do all of the following except
A) limiting access to specific files.
B) limit action privileges to a specific time period.
C) authenticate individuals accessing information.
D) specify the actions individuals granted access to information can perform.
Answer: C
Objective: Learning Objective 1
Difficulty: Difficult
AACSB: Analytic

8) Identify the first step in protecting the confidentiality of intellectual property below.
A) Identifying who has access to the intellectual property
B) Identifying the means necessary to protect the intellectual property
C) Identifying the weaknesses surrounding the creation of the intellectual property
D) Identifying what controls should be placed around the intellectual property
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

9) After the information that needs to be protected has been identified, what step should be completed next?
A) The information needs to be placed in a secure, central area.
B) The information needs to be encrypted.
C) The information needs to be classified in terms of its value to the organization.
D) The information needs to be depreciated.
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
10) Which type of software blocks outgoing messages containing key words or phrases associated with an organization’s sensitive data?
A) anti-virus software
B) data loss prevention software
C) a digital watermark
D) information rights software
Answer: B
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

11) Janus Corporation uses a tool that embeds a code into all of its digital documents. It then scours the internet, searching for codes that it has embedded into its files. When Janus finds an embedded code on the internet, it knows that confidential information has been leaked. Janus then begins identifying how the information was leaked and who was involved with the leak. Janus is using
A) data loss prevention software.
B) a keylogger.
C) a digital watermark.
D) a spybot.
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic