CIPT - Certified Information Privacy Technologist Questions and answers 100% VERIFIED

Development Lifecycle - ANSWERRelease Planning Definition Development Validation Deployment There are four basic types of countermeasures - ANSWER1. Preventative - These work by keeping something from happening in the first place. Examples of this include: security awareness training, firewall, anti-virus, security guard and IPS. 2. Reactive - Reactive countermeasures come into effect only after an event has already occurred. 3. Detective - Examples of detective counter measures include: system monitoring, IDS, anti-virus, motion detectors and IPS. 4. Administrative - These controls are the process of developing and ensuring compliance with policy and procedures. These use policy to protect an asset. PCI DSS has three main stages of compliance - ANSWERCollecting and Storing - This involves the secure collection and tamper-proof storage of log data so that it is available for analysis. Reporting - This is the ability to prove compliance should an audit arise. The organization should also show evidence that data protection controls are in place. Monitoring and Alerting - This involves implementing systems to enable administrators to monitor access and usage of data. There should also be evidence that log data is being collected and stored. Re-Identification - ANSWERre-identification refers to using data from a single entity holding the data. Symmetric Encryption - ANSWERSymmetric key cryptography refers to using the same key for encrypting as well as decrypting. It is also referred to as shared secret, secret-key or private key. This key is not distributed, rather is kept secret by the sending and receiving parties Asymmetric Encryption - ANSWERAsymmetric cryptography is also referred to as public-key cryptography. Public key depends on a key pair for the processes of encryption and decryption. Unlike private keys, public keys are distributed freely and publicly. Data that has been encrypted with a public key can only be decrypted with a private key. Choice/Consent - ANSWEROpt-in = requires affirmative consent of individual Opt-out = requires implicit consent of individual Mandatory data collection - necessary to complete the immediate transaction (vs. optional data collection, which will not prevent the transaction from being completed) Choice and consent are regulated by CAN-SPAM Act of 2003, European Data Directive (Articles 7 and 8 De-Identification - ANSWERProcess in which sensitive data is treated in such a way that the individual cannot be identified. EULA - ANSWEREnd-user license agreement (AKA software license agreement) EULA = contract between licensor and purchaser; establishes purchaser's right to use the software Cookies - ANSWERSimple text file that contains name-value pairs. Types of cookies include persistent cookies and session cookies. Cookies can be used for: o Personalization o Session OBA/OBM - ANSWEROnline behavioral advertising/online behavioral marketing Via third-party tracking (e.g. web cookie) to collect and compile user information LBS - ANSWERLocation-based services Computer program-level services that include controls for location and time data E.g. social networking, entertainment, many via mobile devices Issues: data collection, consent, data sharing P3P Privacy Policies - ANSWERP3P = Platform for Privacy Preferences Project, designed by the World W