CIPT - Certified Information Privacy
Technologist questions and answers
Release Planning
Definition
Development
Validation
Deployment - correct answer ✔✔ Development Lifecycle
1. Preventative - These work by keeping something from happening in the
first place. Examples of this include: security awareness training, firewall,
anti-virus, security guard and IPS.
2. Reactive - Reactive countermeasures come into effect only after an event
has already occurred.
3. Detective - Examples of detective counter measures include: system
monitoring, IDS, anti-virus, motion detectors and IPS.
4. Administrative - These controls are the process of developing and
ensuring compliance with policy and procedures. These use policy to
protect an asset. - correct answer ✔✔ There are four basic types of countermeasures
Collecting and Storing - This involves the secure collection and tamper-proof storage
of log data so that it is available for analysis.
Reporting - This is the ability to prove compliance should an audit arise. The
organization should also show evidence that data protection controls are in place.
Monitoring and Alerting - This involves implementing systems to enable
, administrators to monitor access and usage of data. There should also be evidence that
log data is being collected and stored. - correct answer ✔✔ PCI DSS has three main stages of
compliance
re-identification refers to using data from a single entity holding the data. - correct answer ✔✔
Re-Identification
Symmetric key cryptography refers to using the same key for encrypting as well as
decrypting. It is also referred to as shared secret, secret-key or private key. This key is
not distributed, rather is kept secret by the sending and receiving parties - correct answer ✔✔
Symmetric Encryption
Asymmetric cryptography is also referred to as public-key cryptography. Public key
depends on a key pair for the processes of encryption and decryption. Unlike private
keys, public keys are distributed freely and publicly. Data that has been encrypted with a
public key can only be decrypted with a private key. - correct answer ✔✔ Asymmetric
Encryption
Opt-in = requires affirmative consent of individual
Opt-out = requires implicit consent of individual
Mandatory data collection - necessary to complete the immediate transaction (vs.
optional data collection, which will not prevent the transaction from being completed)
Choice and consent are regulated by CAN-SPAM Act of 2003, European Data Directive
(Articles 7 and 8 - correct answer ✔✔ Choice/Consent
Process in which sensitive data is treated in such a way that the individual cannot be
identified. - correct answer ✔✔ De-Identification
Technologist questions and answers
Release Planning
Definition
Development
Validation
Deployment - correct answer ✔✔ Development Lifecycle
1. Preventative - These work by keeping something from happening in the
first place. Examples of this include: security awareness training, firewall,
anti-virus, security guard and IPS.
2. Reactive - Reactive countermeasures come into effect only after an event
has already occurred.
3. Detective - Examples of detective counter measures include: system
monitoring, IDS, anti-virus, motion detectors and IPS.
4. Administrative - These controls are the process of developing and
ensuring compliance with policy and procedures. These use policy to
protect an asset. - correct answer ✔✔ There are four basic types of countermeasures
Collecting and Storing - This involves the secure collection and tamper-proof storage
of log data so that it is available for analysis.
Reporting - This is the ability to prove compliance should an audit arise. The
organization should also show evidence that data protection controls are in place.
Monitoring and Alerting - This involves implementing systems to enable
, administrators to monitor access and usage of data. There should also be evidence that
log data is being collected and stored. - correct answer ✔✔ PCI DSS has three main stages of
compliance
re-identification refers to using data from a single entity holding the data. - correct answer ✔✔
Re-Identification
Symmetric key cryptography refers to using the same key for encrypting as well as
decrypting. It is also referred to as shared secret, secret-key or private key. This key is
not distributed, rather is kept secret by the sending and receiving parties - correct answer ✔✔
Symmetric Encryption
Asymmetric cryptography is also referred to as public-key cryptography. Public key
depends on a key pair for the processes of encryption and decryption. Unlike private
keys, public keys are distributed freely and publicly. Data that has been encrypted with a
public key can only be decrypted with a private key. - correct answer ✔✔ Asymmetric
Encryption
Opt-in = requires affirmative consent of individual
Opt-out = requires implicit consent of individual
Mandatory data collection - necessary to complete the immediate transaction (vs.
optional data collection, which will not prevent the transaction from being completed)
Choice and consent are regulated by CAN-SPAM Act of 2003, European Data Directive
(Articles 7 and 8 - correct answer ✔✔ Choice/Consent
Process in which sensitive data is treated in such a way that the individual cannot be
identified. - correct answer ✔✔ De-Identification
