1. What is identity theft? Please give example and describe things-to-do to prevent it.

Also known as identity fraud, is a crime in which an imposter obtains key pieces of
personally identifiable information, such as Social Security or driver's license numbers, in
order to impersonate someone else.

Example :
Tax-related identity theft, where a thief files a false tax return with the Internal
Revenue Service (IRS) using a stolen Social Security number.
Medical identity theft, where a thief steals information, including health
insurance member numbers, to receive medical services. The victim's health
insurance provider may get the fraudulent bills, which will be reflected in the
victim's account as services they received.

2. What is GAPP? Please explain its best practices.

GAPP (Generally Accepted Privacy Principles) is a framework which defines the following
10 internationally recognized best practices for protecting the privacy of customers
personal information.
The example of best practices :
1. Management : organizations need to establish a set of procedures and
policies for protecting the privacy of personal information they collect from
customers, as well as information about their customers obtained from third
parties.
2. Notice : organization should notice about its privacy policies and practices at
or before the time it collects personal information from customers.
3. Choice and concent : organization should explain choices available to
individuals and obtain their consent prior to the collection and use of their
personal information.
4. Collection : organization should collect only the information needed to fulfill
the purposes stated in its privacy policies.
5. Use and retention : organization should use customers personal information
only in the manner described in their stated privacy policies and retain that
information only as long as it is needed.
6. Access : organization should provide individuals with the ability to access,
review, correct, and delete the personal information stored about them.
7. Disclosure to third parties : organization should disclose their customers
personal information to third parties only in the situations and manners
described in the organizations policies and provacy.
8. Security : organization must take reasonable steps to protect its customers
personal information from loss or unauthorized disclosure.
9. Quality : organization should mantain the integrity of their customers
personal information and employ procedures to ensure that it is reasonably
accurate.
10. Monitoring and enforcement : organization should assign one or more
employees to be responsible for ensuring complience with its stated privacy
policies.

Chapter 10 Processing Integrity and Availability Controls

1. a. What are the key components of input controls?
Key components of input controls are :
Form Design : source documents and othe forms should be designed to
minimize the chances for erros and omissions.
 Cancellation and storage of source documents : source documents that
have been entered into system should be canceled so they cannot be
inadvertenly reentered into the system.
Authorizations and segregation of duties control : assign two or more
people for each job
Visual scanning : scanning the source data
Data entry controls : source documents should be scanned for
reasonableness and propierty before being entered into the system.
b. What is Garbage In Garbage Out concept?
the context of information technology, is a slang expression that means regardless of
how accurate a programs logic is, the results will be incorrect is the input is invalid.
Or in other words, GIGO can also be used to refer to any decision-making systems
where failure to make right decisions with precise, accurate data could lead to wrong,
nonsensical results.