CITP EXAM QUESTIONS AND ANSWERS:
LATEST UPDATE (ALREADY GRADED A+.)
Bastion Server
A server that has 1 purpose and only contains software to support that purpose.
E.g. Printer, email, and database servers are bastion servers.
Using bastion servers reduces the number of applications on a server, which minimizes vulnerability.
Privacy Impact Assessment (PIA)
Checklists or tools to ensure that a personal information system is evaluated for privacy risks and
designed with life cycle principles in mind. An effective PIA evaluates the sufficiency of privacy practices
and policies with respect to legal, regulatory and industry standards, and maintains consistency between
policy and practice.
Should be conducted annually, or additionally upon occurrence of any of the following events:
-Creation of new product/service
-New/updated program for processing data
-Merger/acquisition
-Creation of new data center
-Onboarding of new data
-Movement of data to different country
-Changes in regulations governing data use
Security Policy Principles
All security policies should include these EXTERNAL requirements:
(1) Corporate - data stored from consumers, partners, vendors, and employees needs to be protected in
accordance with contracts or privacy policies; also, need to keep data secure to protect interests.
(2) Regulatory - privacy requirements placed on organizations by government entities (e.g. FTC, Office of
the Information and Privacy Commissioner of Ontario, and the UK Information Commissioner's Office).
(3) Industry - compliance with different industry groups shows commitment to privacy principles of that
industry, which can avoid creation of new legislation / regulatory scrutiny.
Industry Groups
Industry group examples = Better Business Bureau, Interactive Advertising Bureau, TRUSTe, and the
Entertainment Software Rating Board.
Key Security Measures
(1) Encryption - BEST means of protecting data during transmission and storage; type of encryption
should be based on how the encryption's performance and complexity may impact company system.
LATEST UPDATE (ALREADY GRADED A+.)
Bastion Server
A server that has 1 purpose and only contains software to support that purpose.
E.g. Printer, email, and database servers are bastion servers.
Using bastion servers reduces the number of applications on a server, which minimizes vulnerability.
Privacy Impact Assessment (PIA)
Checklists or tools to ensure that a personal information system is evaluated for privacy risks and
designed with life cycle principles in mind. An effective PIA evaluates the sufficiency of privacy practices
and policies with respect to legal, regulatory and industry standards, and maintains consistency between
policy and practice.
Should be conducted annually, or additionally upon occurrence of any of the following events:
-Creation of new product/service
-New/updated program for processing data
-Merger/acquisition
-Creation of new data center
-Onboarding of new data
-Movement of data to different country
-Changes in regulations governing data use
Security Policy Principles
All security policies should include these EXTERNAL requirements:
(1) Corporate - data stored from consumers, partners, vendors, and employees needs to be protected in
accordance with contracts or privacy policies; also, need to keep data secure to protect interests.
(2) Regulatory - privacy requirements placed on organizations by government entities (e.g. FTC, Office of
the Information and Privacy Commissioner of Ontario, and the UK Information Commissioner's Office).
(3) Industry - compliance with different industry groups shows commitment to privacy principles of that
industry, which can avoid creation of new legislation / regulatory scrutiny.
Industry Groups
Industry group examples = Better Business Bureau, Interactive Advertising Bureau, TRUSTe, and the
Entertainment Software Rating Board.
Key Security Measures
(1) Encryption - BEST means of protecting data during transmission and storage; type of encryption
should be based on how the encryption's performance and complexity may impact company system.
