CIPT - Body of Knowledge Exam Questions with 100% Correct Answers 2024

CIPT - Body of Knowledge Exam Questions with 100% Correct Answers 2024 IT Risks: Security Policy and Personnel - answerEncryption, Software Protection, Access Controls, Physical Protection, Social Engineering, Auditing. IT Risks: Application - answerPrivileged Access, Software Policy, Privacy Links, Application Research, IT Involvement (IT Controlled, IT Monitored, Employee Controlled). IT Risks: Network - answerMalware, BYOD, Validate Devices/Apps, Network Monitoring, Network Encryption, Authentication IT Risks: Storage - answerCloud, Apps, Web, DB, Tapes, Files, Hardware IT Risks: Common Mistakes by Organizations - answerPoor Policies and Training, Disjointed Practices, 3rd Party Contracts, Complacency Role of IT Professionals: Privacy Professionals - answerResponsible for the company's overall privacy program. Define policies, standards, guidelines, auditing, Controls, training and internal/external relationships. Role of IT Professionals: Company Executives - answerResponsible for supporting privacy programs through words and actions. Role of IT Professionals: Lawyers - answerResponsible for creating privacy statements, writing contracts, ensuring compliance with laws and regulations and addressing formal inquiries from regulators. Role of IT Professionals: Marketers - answerMust follow company's privacy practices in their exchanges Role of IT Professionals: All Employees - answerEmployees are ambassadors to privacy and must ensure compliance with company policies. Outline of a Privacy Notice - answerInformation Lifecycle + Common Privacy Principles, Marketing Contact, Use of Cookies, Resolving Privacy Issues, Release Date of Privacy Notice, Changes to Privacy Notice Multilayered Privacy Notice - answerProvide an abbreviated form of an organizations privacy notice while providing links to more detailed information. Internal Privacy Policy Considerations - answerData Classification, Data Collection, Data Protection, Retention, Treatment of Sensitive Data, Sharing Data, Privacy Policy Review, Responding to Privacy Inquiries and Data Requests. Data Classification - answerClassification is based on the level of sensitivity of the data Data Retention - answerAn agreed upon maximum period of time should be established. Regulatory requirements may influence retention periods if applicable. Data Deletion - answerDeletion can be triggered by: Termination of a contract, acquisitions, completion of a transaction, regulatory requirements, deletion request by data subjects. Organization Security Policy Requirements - answerAccess Control, Encryption, Password Control, Machine Access Restriction, Intrusion Detection Access Control: Discretionary Access Control - answerThe use has complete control over the resources he owns. Access Control: Mandatory Access Control - answerOnly the administrator can assign access rights to a resource. Access Control: Role-Based Access Control (RBAC) - answerAccess is based on organizational roles Access Control: Attribute-based Access Control (ABAC) - answerRBAC + the addition of attributes to gain access. Attributes could be time, location, nationality, age, etc. Encryption: TLS vs SSL - answerTLS (Transport Layer Security): Protects emails between email servers. SSL (Secure Socket Layer): Protects Communications between browser and server. Incident Response Program - answerIRP should consist of: IR Center, web form, email address, phone number, and representatives from PR, Legal and Privacy. Security and Privacy in the SDLC - answerPrivacy by Design should be considered to save time in the long run. Privacy Impact Assessments - answerHelps to identify privacy risks and measure the critical of each risk. Privacy review statistics should be included in a PIA. Triggers for a Privacy Impact Assessment - answer1) Creation of a new service. 2) New or Updated program for processing data. 3) Merger or acquisition. 4) Creation of a new data center. 5) Onboarding new data. 6) Movement of data to a different country. 7) Changes in regulations covering data use. Four Ways to Address Risk - answerAvoid, Mitigate, Accept, Transfer Notable Regulations - answer-PIPEDA: PI Protection and Electronics Documents Act (Canada). -EU Data Protection Directive -Hong Kong Personal Data Ordinance -Law on the Protection of Personal Data Held by Private Parties (Hong Kong) -COPPA: Children's Online Privacy Protection Act (US) FIPS - answerFair Information Practices - first IT Framework for processing personal data. Common Privacy Principles - answer1) Collection Limitation 2) Data Quality 3) Purpose Specification 4) Use Limitation 5) Security Safeguards 6) Openness 7) Individual Participation 8) Accessibility Information Life Cycle Phases - answer1) Collection 2) Use 3) Disclosure 4) Retention 5) Deletion Information Life Cycle: Collection - answerChoice/Consent, Collection Limitation, Secure Transfer, Reliable Sources, Collection of Information Other than the Data Subject.