ch9p2

Questions and Answers

What is the main purpose of the GLBA Safeguards Rule?

To protect the security, confidentiality, and integrity of customer information (correct)

To enforce tax compliance

To establish standards for employee training

To regulate the financial market

Which of the following is NOT considered a component of the 'information security program' required by the GLBA Safeguards Rule?

Marketing strategies (correct)

Physical safeguards

Administrative safeguards

Technical safeguards

What is a key requirement for financial institutions under the GLBA Safeguards Rule regarding their information security program?

Creating physical barriers in the workplace

Having an audit system to determine risk (correct)

Implementing social media marketing strategies

Employing only IT specialists

In the context of the GLBA Safeguards Rule, what does 'security, confidentiality, and integrity' collectively refer to?

Aspects integral to a complete understanding of security

Which of the following is NOT one of the three levels of security required by the GLBA Safeguards Rule for consumer information?

Privacy policies

Which of the following is NOT one of the three main types of safeguards required by the GLBA Safeguards Rule?

Reputational security

What is the primary purpose of the administrative safeguards required by the GLBA Safeguards Rule?

To define security policies, train employees, and manage workforce risks

Which of the following is NOT a requirement for the safeguards to be implemented under the GLBA Safeguards Rule?

Ensure the safeguards are compliant with industry-specific standards, regardless of the institution's size or complexity

Which of the following is included in the technical safeguards required by the GLBA Safeguards Rule?

Access controls and encryption

According to the GLBA Safeguards Rule, what is the primary objective of maintaining the security of customer information?

Protecting the confidentiality and integrity of information, and restricting access to it

What did the Gramm-Leach-Bliley Act (GLBA) lead to the promulgation of?

Privacy Rule and Safeguards Rule

What are some examples of red flags of possible identity theft mentioned by the Federal Trade Commission (FTC)?

Warnings from a consumer reporting agency and suspicious identification documents

Which type of financial institutions began to merge, leading to concerns addressed by the Gramm-Leach-Bliley Act (GLBA)?

Banking, securities, and insurance institutions

What data sharing practices sparked the privacy provisions of the Gramm-Leach-Bliley Act (GLBA)?

Sharing detailed customer information with telemarketing firms

Which of the following is a key component that organizations are required to develop under the GLBA Safeguards Rule?

List of red flags for identity theft

According to the GLBA Safeguards Rule, which of the following is NOT a required component of an information security program?

Outsource all security responsibilities to third-party providers

Which of the following is NOT considered an administrative safeguard under the GLBA Safeguards Rule?

Implementing encryption protocols

What is the primary purpose of regularly monitoring and testing an information security program?

All of the above

Which of the following is NOT mentioned as a necessary step for addressing security and privacy concerns in online banking?

Implementing biometric authentication

Which state's financial privacy law is mentioned in the text as expanding upon the protections afforded by GLBA?

California