CIPT Exam Practice Questions with Correct Answers 2024

CIPT Exam Practice Questions with Correct Answers 2024 Active collection - answerData directly from subject Passive collection - answerData without the participant Knowing First Party - answerProviding information directly to collector Surveillance - answerCollecting data through observed behaviors like online searches or websites Repurposing - answerPreviously collected data used for a different purpose Third Party - answerPreviously collected data is transferred to a third party Explicit Consent - answerUser takes an action Implicit Consent - answerDoes not require user permission Privacy by design - answer1. Proactive not reactive, 2. Privacy by Default, 3. Privacy Embedded in Design, 4. Full Functionality (Positive Sum, not zero sum, 5. End to End Securty, 6. Visibility and Transparency, 7. Respect for privacy Fair Information Principles (FIPPS) - answerA privacy risk model that restricts collection of data to only what is needed or for its intended purpose. Do not collect additional data that is not needed for intended purpose. Calo's Subjective/Objective Dichotomy - answerA privacy risk model that focuses on privacy harms based on two categories: Subjective Harm (perceives a harm that may not be observable or measure and can cause fear and anxiety) and Objective Harm (privacy has been violated or direct harm is known and is measurable and observable). interrogation - answerActively questioning an individual or otherwise probing for information Aggregation - answercombining multiple pieces of information about an individual to produce a whole that is greater than the sum of its parts. Contextual Integrity - answerA risk model that states that privacy problems arise out of disruption of informational norms. More specifically, personal information should be in alignment with informational norms that apply to the particular context. Solove's Taxanomy - answerModel that attempts to order different harms that may arise from infringements in privacy. The taxonomy is split into four categories: 1) Information Collection, 2) Information processing, 3) Information dissemination and 4) Invasion. NIST Privacy Risk Model - answerA risk model that is embedded in its Privacy Risk Assessment Methodology (PRAM) and explicitly addrssees vulnerabilities, adverse events and the relative likelihoods and impacts of those events. NICE Framework - answerDivides computer security into the following categories: Securely provision (Tasks to develop software to be secure), Operate and Maintain, Protect and Defend and Investigate (plan for investigating an attack). Factors Analysis in Information Risk (FAIR) - answerModel that breaks down risk by its constituent parts and then breaks it down further to estimate risk. The model asks how often a violation occurs and over what time period and what impact will that violation have? Design Thinking Process - answerFive stages: Empathize (Research user's needs), Define (state users needs and problems, Ideate (challenge assumptions and create ideas), prototype (create solutions) and Test (try out solution). Value-Sensitive Design - answerDesign approach that accounts for ethical values, such as privacy, in addition to usability-oriented design goals. Here are the steps for Value-sensitive design: 1) Clarify project values, 2) Identify the direct and Indirect stakeholders, 3) Identify the benefits and hams for stakeholders, 4) Identify and elicit potential values 5) Develop working definistions of key values, 6) Identify potential value tensions and 7) Value-oriented design and development. Privacy Notices - answerExternal documents that informs users of an organizations practices, values and commitments concerning their personal data. Privacy Policies - answerInternal documents that inform employees on how to protect consumer data. Security Policies - answerDocument that spells out the rules, expectations and overall approach to how an organization will maintain contidentiality, integrity and availability of its data. This will include Data Classification (granting and revoking access to assets and information based on their classification), Data Schema (Contraints on data to seperate customer data), Data Retention (Policies that align with laws and regulation concerning storage) and Data Deletion (Disposal of data and methods for removal and recovery).