CIPM IAPP-Final Practice Questions
Acceptable Use Policy
a policy that a user must agree to follow in order to be provided access to a network or to the internet.
It also stipulates rules and constraints for people within and outside of the organization who access the
network or internet connection.
Business Continuity Management
What integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery
(technology continuity) and Business Continuity (organizational/operational relocation)?
5 Sanity-Saving Tips for Arguing on the Internet
Control Objectives for Information and Related Technology
This helps organisations meet business challenges in regulatory compliance, risk management and
aligning IT strategy with organisational goals.
European Telecommunications Standards Institute
This nonprofit enterprise whose mission is to produce the telecommunications standards that will be
used throughout Europe. Standards developed by this organization may be adopted by the European
Commission as the technical base for directives or regulations.
Fair Information Practices (FIPs)
(1) The Collection Limitation Principle.
(2) The Data Quality Principle.
(3) The Purpose Specification Principle.
,(4) The Use Limitation Principle.
(5) The Security Safeguards Principle.
(6) The Openness Principle.
(7) The Individual Participation Principle.
(8) The Accountability Principle.
GDPR (General Data Protection Regulation)
replaced the Data Protection Directive in 2018. The aim of the this is to provide one set of data
protection rules for all EU member states and the European Economic Area (EEA). The document
comprises 173 recitals and 99 articles.
HIPAA (Health Insurance Portability and Accountability Act)
A U.S. law passed to create national standards for electronic healthcare transactions, among other
purposes. This law required the U.S. Department of Health and Human Services to promulgate
regulations to protect the privacy and security of personal health information. The basic rule is that
patients have to opt in before their information can be shared with other organizations—although there
are important exceptions such as for treatment, payment and healthcare operations.
Hybrid Governance Model
This privacy governance model allows for a combination of centralized and local governance. Typically
seen when a large organization assigns a main individual responsibility for privacy-related affairs, and
the local entities then fulfill and support the policies and directives from the central governing body.
International Electrotechnical Commission (IEC)
The predominant organization for developing and publishing international standards for technologies
related to electrical and electronic devices and processes
,International Organization for Standardization (ISO)
A non-governmental global organization whose principal activity is the development of technical
standards through consensus.
ISACA (Information Systems Audit and Control Association)
a set of guidelines/supporting tools for IT governance accepted worldwide
Localized Governance Model
this governance model involves the delegation of decision-making authority down to the lower levels in
an organization, away from and lower than a central authority. There are fewer tiers in the
organizational structure, wider span of control and bottom-to-top flow of decision-making and ideas.
Decentralized Governance Model
this governance model involves the delegation of decision-making authority down to the lower levels in
an organization, away from and lower than a central authority. There are fewer tiers in the
organizational structure, wider span of control and bottom-to-top flow of decision-making and ideas
National Institute of Standards and Technology
An agency within the Department of Commerce. This agency has the lead responsibility for the
development and issuance of security standards and guidelines for the federal government, contractors,
and the United States critical information infrastructure.
This agency has published a series of publications in support of its risk management framework (RMF).
The RMF is a multi-tiered and structured methodology for creating a unified information security
framework for the federal government in order to meet the vast array of requirements set forth in
FISMA.
Organization for Economic Cooperation and Development
, An international organization that promotes policies designed to achieve the highest sustainable
economic growth, employment and a rising standard of living in both member and non-member
countries, while contributing to the world economy.
SOC 1
SOC 2
Accountability
The implementation of appropriate technical and organisational measures to ensure and be able to
demonstrate that the handling of personal data is performed in accordance with relevant law, an idea
codified in the EU General Data Protection Regulation and other frameworks, including APEC's Cross
Border Privacy Rules. Traditionally, it has been a fair information practices principle, that due diligence
and reasonable steps will be undertaken to ensure that personal information will be protected and
handled consistently with relevant law and other fair use principles.
Active Scanning Tools
DLP network, storage, scans and privacy tools can be used to identify security and privacy risks to
personal information. They can also be used to monitor for compliance with internal policies and
procedures, and block e-mail or file transfers based on the data category and definitions.
American Institute of Certified Public Accountants
A U.S. professional organization of certified public accountants and co-creator of the WebTrust seal
program.
Anonymization
Acceptable Use Policy
a policy that a user must agree to follow in order to be provided access to a network or to the internet.
It also stipulates rules and constraints for people within and outside of the organization who access the
network or internet connection.
Business Continuity Management
What integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery
(technology continuity) and Business Continuity (organizational/operational relocation)?
5 Sanity-Saving Tips for Arguing on the Internet
Control Objectives for Information and Related Technology
This helps organisations meet business challenges in regulatory compliance, risk management and
aligning IT strategy with organisational goals.
European Telecommunications Standards Institute
This nonprofit enterprise whose mission is to produce the telecommunications standards that will be
used throughout Europe. Standards developed by this organization may be adopted by the European
Commission as the technical base for directives or regulations.
Fair Information Practices (FIPs)
(1) The Collection Limitation Principle.
(2) The Data Quality Principle.
(3) The Purpose Specification Principle.
,(4) The Use Limitation Principle.
(5) The Security Safeguards Principle.
(6) The Openness Principle.
(7) The Individual Participation Principle.
(8) The Accountability Principle.
GDPR (General Data Protection Regulation)
replaced the Data Protection Directive in 2018. The aim of the this is to provide one set of data
protection rules for all EU member states and the European Economic Area (EEA). The document
comprises 173 recitals and 99 articles.
HIPAA (Health Insurance Portability and Accountability Act)
A U.S. law passed to create national standards for electronic healthcare transactions, among other
purposes. This law required the U.S. Department of Health and Human Services to promulgate
regulations to protect the privacy and security of personal health information. The basic rule is that
patients have to opt in before their information can be shared with other organizations—although there
are important exceptions such as for treatment, payment and healthcare operations.
Hybrid Governance Model
This privacy governance model allows for a combination of centralized and local governance. Typically
seen when a large organization assigns a main individual responsibility for privacy-related affairs, and
the local entities then fulfill and support the policies and directives from the central governing body.
International Electrotechnical Commission (IEC)
The predominant organization for developing and publishing international standards for technologies
related to electrical and electronic devices and processes
,International Organization for Standardization (ISO)
A non-governmental global organization whose principal activity is the development of technical
standards through consensus.
ISACA (Information Systems Audit and Control Association)
a set of guidelines/supporting tools for IT governance accepted worldwide
Localized Governance Model
this governance model involves the delegation of decision-making authority down to the lower levels in
an organization, away from and lower than a central authority. There are fewer tiers in the
organizational structure, wider span of control and bottom-to-top flow of decision-making and ideas.
Decentralized Governance Model
this governance model involves the delegation of decision-making authority down to the lower levels in
an organization, away from and lower than a central authority. There are fewer tiers in the
organizational structure, wider span of control and bottom-to-top flow of decision-making and ideas
National Institute of Standards and Technology
An agency within the Department of Commerce. This agency has the lead responsibility for the
development and issuance of security standards and guidelines for the federal government, contractors,
and the United States critical information infrastructure.
This agency has published a series of publications in support of its risk management framework (RMF).
The RMF is a multi-tiered and structured methodology for creating a unified information security
framework for the federal government in order to meet the vast array of requirements set forth in
FISMA.
Organization for Economic Cooperation and Development
, An international organization that promotes policies designed to achieve the highest sustainable
economic growth, employment and a rising standard of living in both member and non-member
countries, while contributing to the world economy.
SOC 1
SOC 2
Accountability
The implementation of appropriate technical and organisational measures to ensure and be able to
demonstrate that the handling of personal data is performed in accordance with relevant law, an idea
codified in the EU General Data Protection Regulation and other frameworks, including APEC's Cross
Border Privacy Rules. Traditionally, it has been a fair information practices principle, that due diligence
and reasonable steps will be undertaken to ensure that personal information will be protected and
handled consistently with relevant law and other fair use principles.
Active Scanning Tools
DLP network, storage, scans and privacy tools can be used to identify security and privacy risks to
personal information. They can also be used to monitor for compliance with internal policies and
procedures, and block e-mail or file transfers based on the data category and definitions.
American Institute of Certified Public Accountants
A U.S. professional organization of certified public accountants and co-creator of the WebTrust seal
program.
Anonymization
