This is an open-book individual examination. The questions may require research
beyond the OERs, lecture notes, and conferences. Each answer must include at least
one citation of an authoritative source. A single Reference List should be included at the
end of the exam.
There are five (5) questions. Each response is worth 20 points. Each response is limited to 300 words. Points may be deducted for exceeding the word limit. The following
criteria will be used for grading: relevance and correctness, completeness, clarity and
logical flow, spelling, grammar, and proper citations/Reference List.
Be sure to sign and include the Certification statement.
If you have a question about the exam, contact your instructor.
EXAM QUESTIONS:
1. Computer Fraud and Abuse Act (CFAA)
This key cybersecurity law makes it a federal crime to intentionally access a computer
without authorization or to exceed authorized access. Explain the issue(s) presented by the
CFAA term, authorization, using recent example(s), and how it could be
improved/corrected.
2. Bring Your Own Device (BYOD) and Acceptable Use
BYOD means that devices employees own are being used for work. Discuss how an
organization can/should manage the use of personal devices. What are the most important
restrictions the organization can impose on work use? On personal use? Why are these
limits important? How can they be established and enforced?
3. The Privacy Act and Data Brokers
The Privacy Act controls the federal government protection of certain data in its systems of
records. Explain how or if that Act applies to data the government accesses from
commercial data brokers.
4. Ransom Attack
Ransomware presents challenges to data integrity. NIST has drafted a practice guide
regarding recovery from ransomware and other data integrity events. But, what
could/should an organization do before ransomware attack? Why?
5. Life Style Surveillance
Digitization, technology and applications permit us to monitor our physical activity and
health statistics. Employers are increasingly interested in influencing or controlling the nonwork
and non-duty hour activities of their employees. Describe the potential benefits to be
gained from employers collecting/using employee non-duty hour lifestyle/health data. For
example, do employees exercise regularly? Do they smoke? Document one example of an
employer collecting or accessing information about employee non-duty, health-related
activities. Identify and explain legal and ethical challenges to the practice of monitoring
employee off-duty lifestyle (for example, exercise and eating) activities.
