CSL CSL Legal, Regulatory & Ethical Frameworks

Question 1

Under the US Health Insurance Portability and Accountability Act (HIPAA), what is a covered entity's obligation following a breach of unsecured PHI?

Accepted Answer

Notify affected individuals, HHS, and potentially media within 60 days of discovery

Answer

HIPAA's Breach Notification Rule requires covered entities to notify affected individuals and HHS within 60 days, and media outlets if the breach affects more than 500 residents of a state.

Question 2

Which US federal law governs cybersecurity requirements for financial institutions and requires a Safeguards Rule?

Accepted Answer

GLBA (Gramm-Leach-Bliley Act)

Answer

The GLBA Safeguards Rule requires financial institutions to implement comprehensive security programs to protect customer financial information.

Question 3

What does the SEC's cybersecurity disclosure rule (effective 2023) require of publicly traded companies?

Accepted Answer

Disclosure of material cybersecurity incidents within 4 business days and annual disclosure of cybersecurity risk management programs

Answer

The SEC's 2023 rule requires public companies to disclose material cybersecurity incidents on Form 8-K within 4 business days and to describe their cybersecurity risk management annually on Form 10-K.

Question 4

Under the Computer Fraud and Abuse Act (CFAA), which activity can create criminal liability for security professionals?

Accepted Answer

Accessing computer systems without authorization, even for research purposes

Answer

The CFAA criminalizes unauthorized computer access — security professionals must have explicit written authorization before testing any systems they do not own.

Question 5

Which principle from the GDPR gives individuals the right to request deletion of their personal data?

Accepted Answer

Right to erasure (right to be forgotten)

Answer

GDPR Article 17 grants individuals the right to request that organizations delete their personal data under specific circumstances.

(CSL) Cybersecurity Leadership Certification Practice Test

(CSL) Cybersecurity Leadership Certification Practice Test

CSL CSL Legal, Regulatory & Ethical Frameworks