CIPT - Certified Information Privacy Technologist
Jeremiah
Practice questions for this set
Learn 1/7 Study with Learn
1. Preventative - These work by keeping something from happening in the
first place. Examples of this include: security awareness training, firewall,
anti-virus, security guard and IPS.
2. Reactive - Reactive countermeasures come into effect only after an event
has already occurred.
3. Detective - Examples of detective counter measures include: system
monitoring, IDS, anti-virus, motion detectors and IPS.
4. Administrative - These controls are the process of developing and
ensuring compliance with policy and procedures. These use policy to
protect an asset.
Choose matching term
There are four basic types of PCI DSS has three main stages of
1 2
countermeasures compliance
3 Site blockers 4 Anonymity-based techniques
Don't know?
Terms in this set (57)
1/5
, 9/5/24, 2:30 AM
Release Planning
Definition
Development Lifecycle Development
Validation
Deployment
1. Preventative - These work by keeping something from happening in the
first place. Examples of this include: security awareness training, firewall,
anti-virus, security guard and IPS.
2. Reactive - Reactive countermeasures come into effect only after an event
There are four basic types of has already occurred.
countermeasures 3. Detective - Examples of detective counter measures include: system
monitoring, IDS, anti-virus, motion detectors and IPS.
4. Administrative - These controls are the process of developing and
ensuring compliance with policy and procedures. These use policy to
protect an asset.
Collecting and Storing - This involves the secure collection and tamper-proof storage
of log data so that it is available for analysis.
Reporting - This is the ability to prove compliance should an audit arise. The
PCI DSS has three main stages of
organization should also show evidence that data protection controls are in place.
compliance
Monitoring and Alerting - This involves implementing systems to enable
administrators to monitor access and usage of data. There should also be evidence that
log data is being collected and stored.
Re-Identification re-identification refers to using data from a single entity holding the data.
Symmetric key cryptography refers to using the same key for encrypting as well as
Symmetric Encryption decrypting. It is also referred to as shared secret, secret-key or private key. This key is
not distributed, rather is kept secret by the sending and receiving parties
Asymmetric cryptography is also referred to as public-key cryptography. Public key
depends on a key pair for the processes of encryption and decryption. Unlike private
Asymmetric Encryption keys, public keys are distributed freely and publicly. Data that has been encrypted with
a
public key can only be decrypted with a private key.
Opt-in = requires affirmative consent of individual
Opt-out = requires implicit consent of individual
Mandatory data collection - necessary to complete the immediate transaction (vs.
Choice/Consent
optional data collection, which will not prevent the transaction from being completed)
Choice and consent are regulated by CAN-SPAM Act of 2003, European Data Directive
(Articles 7 and 8
Process in which sensitive data is treated in such a way that the individual cannot be
De-Identification
identified.
End-user license agreement (AKA software license agreement)
EULA EULA = contract between licensor and purchaser; establishes purchaser's right to use
the software
Simple text file that contains name-value pairs. Types of cookies include persistent
cookies and session cookies. Cookies can be used for:
Cookies
o Personalization
o Session
Online behavioral advertising/online behavioral marketing
OBA/OBM
Via third-party tracking (e.g. web cookie) to collect and compile user information
CIPT - Certified Information Privacy Technologist
2/5
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Denyss. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.