CIPT - Certified Information Privacy Technologist Exam 2024 Correctly Solved

Development Lifecycle - Release Planning Definition Development Validation Deployment There are four basic types of countermeasures - 1. Preventative - These work by keeping something from happening in the first place. Examples of this include: security awareness training, firewall, anti-virus, security guard and IPS. 2. Reactive - Reactive countermeasures come into effect only after an event has already occurred. 3. Detective - Examples of detective counter measures include: system monitoring, IDS, anti-virus, motion detectors and IPS. 4. Administrative - These controls are the process of developing and ensuring compliance with policy and procedures. These use policy to protect an asset. PCI DSS has three main stages of compliance - Collecting and Storing - This involves the secure collection and tamper-proof storage of log data so that it is available for analysis. Reporting - This is the ability to prove compliance should an audit arise. The organization should also show evidence that data protection controls are in place. Monitoring and Alerting - This involves implementing systems to enable administrators to monitor access and usage of data. There should also be evidence that log data is being collected and stored. Re-Identification - re-identification refers to using data from a single entity holding the data. Symmetric Encryption - Symmetric key cryptography refers to using the same key for encrypting as well as decrypting. It is also referred to as shared secret, secret-key or private key. This key is not distributed, rather is kept secret by the sending and receiving parties Asymmetric Encryption - Asymmetric cryptography is also referred to as public-key cryptography. Public key depends on a key pair for the processes of encryption and decryption. Unlike private keys, public keys are distributed freely and publicly. Data that has been encrypted with a public key can only be decrypted with a private key. Choice/Consent - Opt-in = requires affirmative consent of individual Opt-out = requires implicit consent of individual Mandatory data collection - necessary to complete the immediate transaction (vs. optional data collection, which will not prevent the transaction from being completed) Choice and consent are regulated by CAN-SPAM Act of 2003, European Data Directive (Articles 7 and 8 De-Identification - Process in which sensitive data is treated in such a way that the individual cannot be identified. EULA - End-user license agreement (AKA software license agreement) EULA = contract between licensor and purchaser; establishes purchaser's right to use the software Cookies - Simple text file that contains name-value pairs. Types of cookies include persistent cookies and session cookies. Cookies can be used for: o Personalization o Session OBA/OBM - Online behavioral advertising/online behavioral marketing Via third-party tracking (e.g. web cookie) to collect and compile user information LBS - Location-based services