Which is the most recent federal law that addresses computer security or privacy?

Which is not one of the three widely recognized best practice IT-related frameworks mentioned in the chapter?

Jeff is considering insuring against cyberattack that may lead to damage to computer equipment risk. His company is currently valued at $50,000 (estimated wealth). If he suffers damage, he will likely lose $25,000 of his company’s wealth. If he gets insurance, then the insurance will cost (premium) $1000 and a payout in case of damages of $26,000. He knows from his IT Analyst that the expected value of his company’s wealth without insurance can be calculated aswhile with insurance can be calculated aswhere W = wealth, L = loss due to damages, A = insurance payout, b = insurance premium, =likelihood of attack. Given that attack happens with a probability of 0.4, what is the expected value of his company’s wealth with and without insurance?

Which act is the first-ever federal privacy standard to protect patient’s medical records?

 Consider the graph above, that outlines costs of fixing errors in each stage of SDLC. The Y-axis gives the cost of fixing errors while the X axis gives the stages of SDLC. Given this graph, it must be true that:

A department employee creates and maintains a spreadsheet for the employees to enter the hours they worked. Subsequently, the spreadsheets are used to load the employees’ working time into the system. Which of the following is the highest risk associated with using the spreadsheet?

Tools used to identify risks include all of the following except

Which of the following is NOT an advantage of prototyping and RAD?

Which of the following are components of the ERM framework?

Most users are aware about malware attacks (e.g., virus, worms, etc.) but the effect of such attacks remains only a threat until they actually experience a loss. Match each of the following computer malware attacks — virus, worm, mole, hole, Trojan horse, and time bomb — with their appropriate description.