PrepAway - Latest Free Exam Questions & Answers

Which of the following is an example of self-regulation?

There are different types of approaches to regulations. Which of the following is an example of self-regulation?

PrepAway - Latest Free Exam Questions & Answers

A.
The Health Insurance Portability and Accountability Act

B.
The Sarbanes-Oxley Act

C.
The Computer Fraud and Abuse Act

D.
PCI Data Security Standard

Explanation:
D: Privacy is becoming more threatened as the world relies more and more on technology. There are several approaches to addressing privacy,
including regulations created and enforced by the government and self-regulatory regulations. The Payment Card Industry Data Security Standard (PCI
DSS) is an example of a self-regulatory approach. It is mandated by the credit card companies and applies to any entity that processes, transmits, stores,
or accepts credit card data. Varying levels of compliance and penalties exist and depend on the size of the customer and the volume of transactions.
However, credit cards are used by millions and accepted almost anywhere, which means just about every business in the world must comply with the PCI
DSS. PCI DSS is not a government-created and enforced regulation. While the CISSP exam does not require you to know specific regulations, you must
understand the different approaches to regulations.
A is incorrect because the Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal regulation that applies to any organization that is
in possession of personal medical information and healthcare data. This regulation provides a framework and guidelines to ensure security, integrity, and
privacy when handling confidential medical information. HIPAA outlines how security should be managed for any facility that creates, accesses, shares, or
destroys medical information.
B is incorrect because the Sarbanes-Oxley Act (SOX) was created by the U.S. government in the wake of corporate scandals and fraud which cost
investors billions of dollars and threatened to undermine the economy. The regulation applies to any company that is publicly traded on U.S. markets. Much
of the law governs accounting practices and the methods used by companies to report on their financial status. However, some parts, Section 404 in
particular, apply directly to information technology.
C is incorrect because the Computer Fraud and Abuse Act is the primary U.S. federal antihacking statute. It prohibits seven forms of computer activity
and makes them federal crimes. These acts range from felonies to misdemeanors with corresponding small to large fines and jail sentences. One example
is the knowing access of a protected computer without authorization or in excess of authorization with the intent to defraud. While the CISSP exam does
not require you to know specific laws and regulations, you do need to understand why various laws and regulations are put into place and why they are
used.

One Comment on “Which of the following is an example of self-regulation?


Leave a Reply