SSCP DOMAIN 1: SECURITY OPERATIONS
AND ADMINISTRATION EXAM
Code of Ethics Canon 1 - Correct Answers -protect society, the infrastructure, and the
common good
Code of Ethics Canon 2 - Correct Answers -actions must be legal and ethical, no lying
Code of Ethics Canon 3 - Correct Answers -diligence and competence
Code of Ethics Canon 4 - Correct Answers -Actions must protect the profession, no
cheating on exams, helping others with exam questions, lying on letters of
recommendation etc.
GAPP - Generally Accepted Privacy Principles - Correct Answers -outline 10
components of data privacy
GAPP Component - Management - Correct Answers -organizations handling private
information should have policies, procedures and governance structures in place to
protect privacy
GAPP Component - Notice - Correct Answers -Data subjects should receive notice that
their information is being collected and used
GAPP Component - Consent - Correct Answers -Data subjects must be informed of
their options regarding the data they own
GAPP Component - Collection - Correct Answers -Collected data can only be used for
purposes outlined in privacy notices.
GAPP Component - Use, Retention and Disposal - Correct Answers -Data should be
disposed of as soon as it is not needed
SIEM - Correct Answers -processes technical data including logs generated by network
equipment
Process data - Correct Answers -electronic and paper data supporting security
processes put in place to ensure CIA of a system. Includes things like audit data from
compliance checks or vulnerability scans
, Request for Change (RFC) - Correct Answers -document filled out for when a change
needs to be temporarily implemented, for example when an application administrator
needs to temporarily override a security control
GAPP Component - Access - Correct Answers -Subjects must be able to access and
update their own data
GAPP Component - Disclosure to Third Parties - Correct Answers -Data can only be
shared with third parties outlined in privacy agreements
GAPP Component - Security - Correct Answers -Organization must secure data
GAPP Component - Quality - Correct Answers -Org must maintain data, keep it
accurate
GAPP Component - Monitoring and Enforcement - Correct Answers -Org must have
program in place to maintain compliance with privacy policies, and provide dispute
resolution mechanisms
Privilege Aggregation - Correct Answers -synonymous with privilege creep
Data Controller - Correct Answers -GDPR term for data owner, senior-most role in data
governance
Data Steward - Correct Answers -handles day to day data decision making and
governance. Delegated by data controller
Data Custodian - Correct Answers -store and process information and are often IT staff
members. Ensure that data protection policies are in place
Data Users - Correct Answers -those who work with data and information on a regular
basis. Must work within the rules set by data custodians and data stewards
Data Subjects - Correct Answers -individuals referred to in collected data
Data Lifecycle Step - Create - Correct Answers -new data is created, includes data
modification
Data Lifecycle Step - Store - Correct Answers -Data is stored and cataloged
Data Lifecycle Step - Use - Correct Answers -Data is viewed or processed by
individuals and systems
Data Lifecycle Step - Share - Correct Answers -Permissions assigned to files, users
granted permissions
AND ADMINISTRATION EXAM
Code of Ethics Canon 1 - Correct Answers -protect society, the infrastructure, and the
common good
Code of Ethics Canon 2 - Correct Answers -actions must be legal and ethical, no lying
Code of Ethics Canon 3 - Correct Answers -diligence and competence
Code of Ethics Canon 4 - Correct Answers -Actions must protect the profession, no
cheating on exams, helping others with exam questions, lying on letters of
recommendation etc.
GAPP - Generally Accepted Privacy Principles - Correct Answers -outline 10
components of data privacy
GAPP Component - Management - Correct Answers -organizations handling private
information should have policies, procedures and governance structures in place to
protect privacy
GAPP Component - Notice - Correct Answers -Data subjects should receive notice that
their information is being collected and used
GAPP Component - Consent - Correct Answers -Data subjects must be informed of
their options regarding the data they own
GAPP Component - Collection - Correct Answers -Collected data can only be used for
purposes outlined in privacy notices.
GAPP Component - Use, Retention and Disposal - Correct Answers -Data should be
disposed of as soon as it is not needed
SIEM - Correct Answers -processes technical data including logs generated by network
equipment
Process data - Correct Answers -electronic and paper data supporting security
processes put in place to ensure CIA of a system. Includes things like audit data from
compliance checks or vulnerability scans
, Request for Change (RFC) - Correct Answers -document filled out for when a change
needs to be temporarily implemented, for example when an application administrator
needs to temporarily override a security control
GAPP Component - Access - Correct Answers -Subjects must be able to access and
update their own data
GAPP Component - Disclosure to Third Parties - Correct Answers -Data can only be
shared with third parties outlined in privacy agreements
GAPP Component - Security - Correct Answers -Organization must secure data
GAPP Component - Quality - Correct Answers -Org must maintain data, keep it
accurate
GAPP Component - Monitoring and Enforcement - Correct Answers -Org must have
program in place to maintain compliance with privacy policies, and provide dispute
resolution mechanisms
Privilege Aggregation - Correct Answers -synonymous with privilege creep
Data Controller - Correct Answers -GDPR term for data owner, senior-most role in data
governance
Data Steward - Correct Answers -handles day to day data decision making and
governance. Delegated by data controller
Data Custodian - Correct Answers -store and process information and are often IT staff
members. Ensure that data protection policies are in place
Data Users - Correct Answers -those who work with data and information on a regular
basis. Must work within the rules set by data custodians and data stewards
Data Subjects - Correct Answers -individuals referred to in collected data
Data Lifecycle Step - Create - Correct Answers -new data is created, includes data
modification
Data Lifecycle Step - Store - Correct Answers -Data is stored and cataloged
Data Lifecycle Step - Use - Correct Answers -Data is viewed or processed by
individuals and systems
Data Lifecycle Step - Share - Correct Answers -Permissions assigned to files, users
granted permissions
