Course Hero Logo

Test yourself 421 what best describes a social

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 30 - 32 out of 37 pages.

Test Yourself 4.21What best describes a social engineering attack?Unauthorized users gain access to an organization's computer equipmentThis is false.Message traffic is illicitly captured and modified, perhaps by physically tapping into a networkThis is false.Users are convinced to release information that will enable fraudulent activityThis is true.Pieces of code installed in a system, usually as a result of exploits, that allow remote users orsystems to control that system's actionsThis is false.Social engineering—These attacks convince users to release information that will enable fraudulentactivity as well as other attacks. The best countermeasure is user education, though some browsers(such as Firefox) can warn users of pages and email containing suspicious IP addresses.Privacy RegulationsThere has been a history serious of privacy breaches, even prior to the ChoicePoint incident, and these haveresulted in various government regulations, including the following:HIPAA(Health Insurance Portability and Accountability Act), passed in 1996, requires secure storage andtransmittal of individuals’ health and insurance information, with fines of up to $25,000 for each disclosure,and with criminal prosecution and fines up to $250,000 if the disclosure is intentional. It often seems likeHIPAA training and compliance are overbearing, intrusive, and not enforced or with little or noconsequence. This is not the case inThe Tale of The $1.7 Million Dollar Flash Drive for Alaska DHSS,which goes like this:As the Resolution Agreement from the Office of Civil Rights (OCR) reads the tale of the $1.7 million flashdrive, it all started on October 30, 2009, when the Alaska DHSS reported a HIPAA security breach due toan unencrypted flash drive containing electronic protected health information (ePHI) that was stolen froman employee’s vehicle on or about October 12, 2009. On January 8, 2010, the OCR decided it might be agood idea to conduct an investigation into the security policies of the Alaska DHSS. Not wanting to appear
uncooperative, the DHSS, over the next 15 months, sent the OCR documentation that included writtenresponses, policies, procedures, information regarding training activities, and documentation related tocompliance with the Privacy and Security Rules. The OCR was so impressed by the responses they werereceiving from DHSS, they decided to pay a site visit from June 17 to June 18, 2010 [notice they decidedto visit in June, right in the middle of the two weeks of summer]. In the continued spirit of cooperation,OCR received additional information from DHSS via emails and telephone conversations throughout theirinvestigation.Once the OCR had completed its investigation, it determined that DHSS was out of HIPAA compliance bynot taking the following actions to protect the citizen’s PHI/ePHI:completed a risk analysis (See 45 C.F.R. § 164.308(a)(1)(ii)(A))implemented sufficient risk management measures (See 45 C.F.R. § 164.308(a)(1)(ii)(B))completed security training for DHSS workforce members (See 45 C.F.R. § 164.308(a)(1)(ii)(A)(5)(i))implemented device and media controls (See 45 C.F.R. § 164.310 (d)(1))addressed device and media encryption (See 45 C.F.R. § 164.312(a)(2)(iv)By looking at the position of the Alaska DHSS relative to the violations cited, it becomes apparent that theDHSS had not executed the necessary steps to protect the PHI/ePHI of the citizens—that is, they reallydropped the ball on this one. The violations cited do not represent an inadequate or flawed system that

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 37 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
N/A
Tags
Business, Management, Sales,

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture