CITP EXAM QUESTIONS AND ANSWERS:
LATEST UPDATE (ALREADY GRADED A+.)
Completeness Arguments
Used as a means of assuring compliance with privacy rules and policies in the design of new software
systems. Completeness arguments take privacy rules and compare them to the system requirements
that have been used to design a new software system. By pairing privacy rules with specific system
requirements, necessary technical safeguards can be accounted for, preventing the software from being
designed in such a way that would violate privacy policies and regulations.
Computer Forensics
The discipline of assessing and examining an information system for relevant clues even after it has been
compromised by an exploit.
Concept of Operations
Used in Plan-driven Development Models, a Concept of Operations is a detailed outline of how a
software product or system will work once it is fully operational. This is used to shape how a product or
system will be designed and implemented.
Confidentiality
The obligation of an individual, organization or business to protect personal information and not misuse
or wrongfully disclose that information.
Consent
This privacy requirement is one of the fair information practices. Individuals must be able to prevent the
collection of their personal data, unless the disclosure is required by law. If an individual has choice (see
Choice) about the use or disclosure of his or her information, consent is the individuals' way of giving
permission for the use or disclosure. Consent may be affirmative; i.e., opt-in; or implied; i.e., the
individual didn't opt out. (1) Explicit Consent: A requirement that an individual "signifies" his or her
agreement with a data controller by some active communication between the parties. According to the
EU Data Protection Directive, explicit consent is required for processing of sensitive information.
Further, data controllers cannot infer consent from non-response to a communication. (2) Implicit
Consent: Implied consent arises where consent may reasonably be inferred from the action or inaction
of the individual.
Content Delivery Network
The servers that contain most or all of the visible elements of a web page and that are contacted to
provide those elements. In the realm of advertising, a general ad server is contacted after a webpage is
requested, that ad server looks up any known information on the user requesting to access the
webpage.
Contextual Advertising
, The most used form of targeted advertising on the internet. The content of the ad relies on the content
of the webpage or the query entered by a user.
Contextual Integrity
A concept developed by Helen Nissenbaum, contextual integrity is a way to think about and quantify
potential privacy risks in software systems and products. Contextual Integrity focuses on what consumer
expectations are in a given situation and how the product or system differs from that expectation. The
more a product or system deviates from those expectations, the more likely a consumer will perceive a
privacy harm.
Cookie
A small text file stored on a client machine that may later be retrieved by a web server from the
machine. Cookies allow web servers to keep track of the end user's browser activities, and connect
individual web requests into a session. Cookies can also be used to prevent users from having to be
authorized for every password protected page they access during a session by recording that they have
successfully supplied their user name and password already. Cookies may be referred to as "first-party"
(if they are placed by the website that is visited) or "third-party" (if they are placed by a party other than
the visited website). Additionally, they may be referred to as "session cookies" if they are deleted when
a session ends, or "persistent cookies" if they remain longer.
Cross-site Scripting
Code injected by malicious web users into web pages viewed by other users.
Cryptography
The science or practice of hiding information, usually through its transformation. Common cryptographic
functions include: encryption, decryption, digital signature and non-repudiation.
Cryptosystem
The materials necessary to encrypt and decrypt a given message, usually consisting of the encryption
algorithm and the security key.
Customer Access
A customer's ability to access the personal information collected on them as well as review, correct or
delete any incorrect information.
Customer Data Integration
The consolidation and managing of customer information in all forms and from all sources allowable.
CDI is a vital component of customer relationship management.
Customer Information
In contrast to employee information, customer information includes data relating to the clients of
private-sector organizations, patients within the healthcare sector and the general public within the
context of public-sector agencies that provide services.
LATEST UPDATE (ALREADY GRADED A+.)
Completeness Arguments
Used as a means of assuring compliance with privacy rules and policies in the design of new software
systems. Completeness arguments take privacy rules and compare them to the system requirements
that have been used to design a new software system. By pairing privacy rules with specific system
requirements, necessary technical safeguards can be accounted for, preventing the software from being
designed in such a way that would violate privacy policies and regulations.
Computer Forensics
The discipline of assessing and examining an information system for relevant clues even after it has been
compromised by an exploit.
Concept of Operations
Used in Plan-driven Development Models, a Concept of Operations is a detailed outline of how a
software product or system will work once it is fully operational. This is used to shape how a product or
system will be designed and implemented.
Confidentiality
The obligation of an individual, organization or business to protect personal information and not misuse
or wrongfully disclose that information.
Consent
This privacy requirement is one of the fair information practices. Individuals must be able to prevent the
collection of their personal data, unless the disclosure is required by law. If an individual has choice (see
Choice) about the use or disclosure of his or her information, consent is the individuals' way of giving
permission for the use or disclosure. Consent may be affirmative; i.e., opt-in; or implied; i.e., the
individual didn't opt out. (1) Explicit Consent: A requirement that an individual "signifies" his or her
agreement with a data controller by some active communication between the parties. According to the
EU Data Protection Directive, explicit consent is required for processing of sensitive information.
Further, data controllers cannot infer consent from non-response to a communication. (2) Implicit
Consent: Implied consent arises where consent may reasonably be inferred from the action or inaction
of the individual.
Content Delivery Network
The servers that contain most or all of the visible elements of a web page and that are contacted to
provide those elements. In the realm of advertising, a general ad server is contacted after a webpage is
requested, that ad server looks up any known information on the user requesting to access the
webpage.
Contextual Advertising
, The most used form of targeted advertising on the internet. The content of the ad relies on the content
of the webpage or the query entered by a user.
Contextual Integrity
A concept developed by Helen Nissenbaum, contextual integrity is a way to think about and quantify
potential privacy risks in software systems and products. Contextual Integrity focuses on what consumer
expectations are in a given situation and how the product or system differs from that expectation. The
more a product or system deviates from those expectations, the more likely a consumer will perceive a
privacy harm.
Cookie
A small text file stored on a client machine that may later be retrieved by a web server from the
machine. Cookies allow web servers to keep track of the end user's browser activities, and connect
individual web requests into a session. Cookies can also be used to prevent users from having to be
authorized for every password protected page they access during a session by recording that they have
successfully supplied their user name and password already. Cookies may be referred to as "first-party"
(if they are placed by the website that is visited) or "third-party" (if they are placed by a party other than
the visited website). Additionally, they may be referred to as "session cookies" if they are deleted when
a session ends, or "persistent cookies" if they remain longer.
Cross-site Scripting
Code injected by malicious web users into web pages viewed by other users.
Cryptography
The science or practice of hiding information, usually through its transformation. Common cryptographic
functions include: encryption, decryption, digital signature and non-repudiation.
Cryptosystem
The materials necessary to encrypt and decrypt a given message, usually consisting of the encryption
algorithm and the security key.
Customer Access
A customer's ability to access the personal information collected on them as well as review, correct or
delete any incorrect information.
Customer Data Integration
The consolidation and managing of customer information in all forms and from all sources allowable.
CDI is a vital component of customer relationship management.
Customer Information
In contrast to employee information, customer information includes data relating to the clients of
private-sector organizations, patients within the healthcare sector and the general public within the
context of public-sector agencies that provide services.
