• This is an open-book individual examination. The questions may require research

beyond the OERs, lecture notes, and conferences. Each answer must include at least

one citation of an authoritative source. A single Reference List should be included at the

end of the exam.

• There are five (5) questions. Each response is worth 20 points. Each response is limited to 300 words. Points may be deducted for exceeding the word limit. The following

criteria will be used for grading: relevance and correctness, completeness, clarity and

logical flow, spelling, grammar, and proper citations/Reference List.

EXAM QUESTIONS:

1. Computer Fraud and Abuse Act (CFAA)

This key cybersecurity law makes it a federal crime to intentionally access a computer without authorization or to exceed authorized access. Explain the issue(s) presented by the CFAA term, “authorization,” using recent example(s), and how it could be improved/corrected.

2. Bring Your Own Device (BYOD) and Acceptable Use

BYOD means that devices employees own are being used for work. Discuss how an organization can/should manage the use of personal devices. What are the most important restrictions the organization can impose on work use? On personal use? Why are these limits important? How can they be established and enforced?

3. The Privacy Act and Data Brokers

The Privacy Act controls the federal government protection of certain data in its systems of records. Explain how or if that Act applies to data the government accesses from commercial data brokers.

4. Ransom Attack

Ransomware presents challenges to data integrity. NIST has drafted a practice guide regarding recovery from ransomware and other data integrity events. But, what could/should an organization do before ransomware attack? Why?

5. Life Style Surveillance

Digitization, technology and applications permit us to monitor our physical activity and

health statistics. Employers are increasingly interested in influencing or controlling the nonwork and non-duty hour activities of their employees. Describe the potential benefits to be

gained from employers’ collecting/using employee non-duty hour lifestyle/health data. For example, do employees exercise regularly? Do they smoke? Document one example of an employer collecting or accessing information about employee non-duty, health-related activities. Identify and explain legal and ethical challenges to the practice of monitoring employee off-duty lifestyle (for example, exercise and eating) activities.