CIPT 2025 Study Guide Exam
Questions and Answers 100% Pass
Nissenbaum's Contextual Integrity - ✔✔1. Privacy is provided by appropriate flows of
information
2. Appropriate information flows are those that conform with contextual information
norms
3. Contextual informational norms refer to five independent parameters (data subject,
sender, recipient, information type, transmission principle)
4. Conceptions of privacy are based on ethical concerns over time
Objective harm defined in Calo's Harms Dimensions - ✔✔Objective harm is measurable
& observable.
A person's privacy is violated due to forced or unanticipated use of personal
information which can be categorised as economic loss, lost opportunity, lost liberty, or
social detriment.
Calo's Harms Dimensions - ✔✔- the perception of harm is just as likely to have a
significant negative impact on individual privacy as experienced harms
- personal information volunteered for use cannot result in a privacy harm
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 1
,- IT professionals need to rely on privacy notice & privacy control to build & retain trust
Subjective harm defined by Calo in Harms Dimensions - ✔✔Subjective harm is without
a measurable or observable harm, but where an an expectation of harm exists.
The perception of harm is just as likely to have a significantly negative impact on
privacy as experienced harms called psychological or behavioral harms.
Legal Compliance - ✔✔Legal Compliance is the alignment of identification of threats &
vulnerabilities to specific policy requirements and laws.
Organizations view themselves as compliant or non-compliant and do not take the lens
of privacy by design.
8 Fair Information Practice Principles (FIPPs) - ✔✔1. Collection limitation
2. Data quality
3. Purpose specification
4. Use limitation
5. Security safeguards
6. Transparency
7. Individual participation
8. Accountability
Collection Limitation Principle - ✔✔A fair information practices principle, it is the
principle stating:
(1) there should be limits to the collection of personal data
(2) that any such data should be obtained by lawful
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 2
,and (3) fair means and, where appropriate, with the knowledge or consent of the data
subject.
Data Quality Principle - ✔✔Personal data should be relevant to the purposes for which
it is used and should be accurate, complete and up-to-date.
Purpose Specification Principle - ✔✔A fair information practices principle, it is the
principle stating:
(1) that the purposes for which personal data are collected should be specified no later
than at the time of data collection
(2) and the subsequent use limited to the fulfillment of those purposes or such others as
are not incompatible with those purposes and as are specified on each occasion of
change of purpose.
Use Limitation Principle - ✔✔A fair information practices principle, it is the principle
that:
(1) personal data should not be disclosed, made available or otherwise used for
purposes other than those specified in accordance with Paragraph 8 of the Fair
Information Practice Principles except with the consent of the data subject or by the
authority of law.
Security Safeguards Principle - ✔✔A fair information practices principle, it is the
principle that personal data should be protected by reasonable security safeguards
against such risks as loss or unauthorized access, destruction, use, modification or
disclosure of data.
Transparency Principle - ✔✔A fair information practices principle that encourages
organizations to be open about personal information they collect
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 3
, Individual Participation Principle - ✔✔A fair information practices principle, it is the
principle that an individual should have the right to access, edit or delete data
Accountability Principle - ✔✔A fair information practices principle states that
individuals controlling the collection or use of personal information should be
accountable for taking steps to ensure the implementation of these principles (FIPPs)
NIST framework - ✔✔National Institutes of Standards & Technologies; explicitly
addresses vulnerabilities, adverse events and relative likelihoods of impacts of those
events
NICE framework - ✔✔National Initiative for Cybersecurity Education; divides
computer security work into:
- securely provision
- operate & maintain
- protect & defend
- investigate
- analyze
- oversee & govern
- collect & operate
Factors Analysis in Information Risk (FAIR) - ✔✔International standard quantitative
model for security risk;
The purpose is to find factors that can be calculated or reasonably estimated, thus
building up an estimate of the overall risk
Privacy risk - ✔✔The probable frequency and probable magnitude of future privacy
violations
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 4
Questions and Answers 100% Pass
Nissenbaum's Contextual Integrity - ✔✔1. Privacy is provided by appropriate flows of
information
2. Appropriate information flows are those that conform with contextual information
norms
3. Contextual informational norms refer to five independent parameters (data subject,
sender, recipient, information type, transmission principle)
4. Conceptions of privacy are based on ethical concerns over time
Objective harm defined in Calo's Harms Dimensions - ✔✔Objective harm is measurable
& observable.
A person's privacy is violated due to forced or unanticipated use of personal
information which can be categorised as economic loss, lost opportunity, lost liberty, or
social detriment.
Calo's Harms Dimensions - ✔✔- the perception of harm is just as likely to have a
significant negative impact on individual privacy as experienced harms
- personal information volunteered for use cannot result in a privacy harm
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 1
,- IT professionals need to rely on privacy notice & privacy control to build & retain trust
Subjective harm defined by Calo in Harms Dimensions - ✔✔Subjective harm is without
a measurable or observable harm, but where an an expectation of harm exists.
The perception of harm is just as likely to have a significantly negative impact on
privacy as experienced harms called psychological or behavioral harms.
Legal Compliance - ✔✔Legal Compliance is the alignment of identification of threats &
vulnerabilities to specific policy requirements and laws.
Organizations view themselves as compliant or non-compliant and do not take the lens
of privacy by design.
8 Fair Information Practice Principles (FIPPs) - ✔✔1. Collection limitation
2. Data quality
3. Purpose specification
4. Use limitation
5. Security safeguards
6. Transparency
7. Individual participation
8. Accountability
Collection Limitation Principle - ✔✔A fair information practices principle, it is the
principle stating:
(1) there should be limits to the collection of personal data
(2) that any such data should be obtained by lawful
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 2
,and (3) fair means and, where appropriate, with the knowledge or consent of the data
subject.
Data Quality Principle - ✔✔Personal data should be relevant to the purposes for which
it is used and should be accurate, complete and up-to-date.
Purpose Specification Principle - ✔✔A fair information practices principle, it is the
principle stating:
(1) that the purposes for which personal data are collected should be specified no later
than at the time of data collection
(2) and the subsequent use limited to the fulfillment of those purposes or such others as
are not incompatible with those purposes and as are specified on each occasion of
change of purpose.
Use Limitation Principle - ✔✔A fair information practices principle, it is the principle
that:
(1) personal data should not be disclosed, made available or otherwise used for
purposes other than those specified in accordance with Paragraph 8 of the Fair
Information Practice Principles except with the consent of the data subject or by the
authority of law.
Security Safeguards Principle - ✔✔A fair information practices principle, it is the
principle that personal data should be protected by reasonable security safeguards
against such risks as loss or unauthorized access, destruction, use, modification or
disclosure of data.
Transparency Principle - ✔✔A fair information practices principle that encourages
organizations to be open about personal information they collect
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 3
, Individual Participation Principle - ✔✔A fair information practices principle, it is the
principle that an individual should have the right to access, edit or delete data
Accountability Principle - ✔✔A fair information practices principle states that
individuals controlling the collection or use of personal information should be
accountable for taking steps to ensure the implementation of these principles (FIPPs)
NIST framework - ✔✔National Institutes of Standards & Technologies; explicitly
addresses vulnerabilities, adverse events and relative likelihoods of impacts of those
events
NICE framework - ✔✔National Initiative for Cybersecurity Education; divides
computer security work into:
- securely provision
- operate & maintain
- protect & defend
- investigate
- analyze
- oversee & govern
- collect & operate
Factors Analysis in Information Risk (FAIR) - ✔✔International standard quantitative
model for security risk;
The purpose is to find factors that can be calculated or reasonably estimated, thus
building up an estimate of the overall risk
Privacy risk - ✔✔The probable frequency and probable magnitude of future privacy
violations
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 4
