ch9p2

Questions and Answers

What is the main purpose of the GLBA Safeguards Rule?

• To protect the security, confidentiality, and integrity of customer information (correct)
• To enforce tax compliance
• To establish standards for employee training
• To regulate the financial market

Which of the following is NOT considered a component of the 'information security program' required by the GLBA Safeguards Rule?

• Marketing strategies (correct)
• Physical safeguards
• Administrative safeguards
• Technical safeguards

What is a key requirement for financial institutions under the GLBA Safeguards Rule regarding their information security program?

• Creating physical barriers in the workplace
• Having an audit system to determine risk (correct)
• Implementing social media marketing strategies
• Employing only IT specialists

In the context of the GLBA Safeguards Rule, what does 'security, confidentiality, and integrity' collectively refer to?

Aspects integral to a complete understanding of security (D)

Which of the following is NOT one of the three levels of security required by the GLBA Safeguards Rule for consumer information?

Privacy policies (A)

Which of the following is NOT one of the three main types of safeguards required by the GLBA Safeguards Rule?

Reputational security (B)

What is the primary purpose of the administrative safeguards required by the GLBA Safeguards Rule?

To define security policies, train employees, and manage workforce risks (C)

Which of the following is NOT a requirement for the safeguards to be implemented under the GLBA Safeguards Rule?

Ensure the safeguards are compliant with industry-specific standards, regardless of the institution's size or complexity (C)

Which of the following is included in the technical safeguards required by the GLBA Safeguards Rule?

Access controls and encryption (B)

According to the GLBA Safeguards Rule, what is the primary objective of maintaining the security of customer information?

Protecting the confidentiality and integrity of information, and restricting access to it (A)

What did the Gramm-Leach-Bliley Act (GLBA) lead to the promulgation of?

Privacy Rule and Safeguards Rule (C)

What are some examples of red flags of possible identity theft mentioned by the Federal Trade Commission (FTC)?

Warnings from a consumer reporting agency and suspicious identification documents (A)

Which type of financial institutions began to merge, leading to concerns addressed by the Gramm-Leach-Bliley Act (GLBA)?

Banking, securities, and insurance institutions (D)

What data sharing practices sparked the privacy provisions of the Gramm-Leach-Bliley Act (GLBA)?

Sharing detailed customer information with telemarketing firms (A)

Which of the following is a key component that organizations are required to develop under the GLBA Safeguards Rule?

List of red flags for identity theft (A)

According to the GLBA Safeguards Rule, which of the following is NOT a required component of an information security program?

Outsource all security responsibilities to third-party providers (C)

Which of the following is NOT considered an administrative safeguard under the GLBA Safeguards Rule?

Implementing encryption protocols (B)

What is the primary purpose of regularly monitoring and testing an information security program?

All of the above (D)

Which of the following is NOT mentioned as a necessary step for addressing security and privacy concerns in online banking?

Implementing biometric authentication (D)

Which state's financial privacy law is mentioned in the text as expanding upon the protections afforded by GLBA?

California (C)

Flashcards are hidden until you start studying