CIPT - Certified Information Privacy Technologist -
BOK(rearranged)
Jeremiah
Practice questions for this set
Terms in this set (232)
BYOD - Bring your own Device, e-Privacy Directive, COPPA -Children's Online Privacy
Evolving Compliance Requirements Protection Act, EU GDPR - EU General Data Protection Act, W3C (Do Not Track
Requirements)
a comprehensive framework that assists enterprises in achieving their objectives for the
governance and management of enterprise IT; helps enterprises create optimal value
COBIT 5
from IT by maintaining a balance between realizing benefits and optimizing risk levels
and resource use
CIPT - Certified Information Privacy Technologist - BOK(rearranged)
1/10
, 9/9/24, 10:29 PM
acronym for the five privacy principles set out by the FTC Fair Information Practice
NCASE
Principles - Notice, Choice, Access, Security, Enforcement
Consumers should be given notice of an entity's information practices before any
personal information is collected from them. Without notice, a consumer cannot make
Notice
an informed decision as to whether and to what extent to disclose personal
information.
means giving consumers options as to how any personal information collected from
Choice them may be used. Specifically, choice relates to secondary uses of information—that is,
uses beyond those necessary to complete the contemplated transaction.
refers to an individual's ability both to access data about him- or herself—that is, to view
Access the data in an entity's files—and to contest that data's accuracy and completeness. Both
are essential to ensuring that data is accurate and complete.
Both managerial and technical measures are needed to protect against loss and the
unauthorized access, destruction, use or disclosure of data. Technical security measures
Security to prevent unauthorized access include encryption in the transmission and storage of
data; limits on access through use of credentials, implementation of role-based access
controls (RBAC) and other techniques; and the storage of data on secure ser
It is generally agreed that the core principles of privacy protection can only be
effective if there is a mechanism in place to enforce them. Absent an enforcement and
Enforcement redress mechanism, a fair information practice code is merely suggestive rather than
prescriptive, and does not ensure compliance with core Fair Information Practice
Principles.
-Computer stolen, personal data saved to a org computer, virus, poor access control
Client side risks
policies
Vulnerabilities in organizational servers, virus, unwanted traffic - mitigated through
Server side risks reducing apps on a serve, screening host at the internet boundary, apply retention,
usage, and de-identification controls
one of the best means to protect data during transmission and storage. The type of
encryption used should be based on how the encryption's performance and
complexity may impact company systems. The National Institute of Standards and
Ecryption
Technology has developed a Cryptographic Toolkit to assist organizations with the
selection of cryptographic security components and functionality for protecting their
data, communications and operations
Different types of software can be used to protect sensitive data from privacy threats.
Antivirus software can detect malicious software that may grab data from an
Software Protection employee's computer. Software can help to ensure that client computers accessing the
network are properly configured. Packet filtering can help ensure that inappropriate
communications packets do not make it onto the company's network.
Most computers, websites and data storage applications provide a programmatic
means for preventing unwanted access to the data they host. This control usually comes
Security Measures - Access Controls
from an access control list. These lists should be continually verified to ensure that they
include only the appropriate people with only the approved type of access.
Protecting sensitive systems from physical access is one of the most important things
an organization can do. Very few security measures can protect against a person who
has physical access to a machine. For that reason all computers should have a minimum
level of physical security to prevent outsiders from getting access. Computers with
Security Measures - Physical Protection
sensitive data should have cameras watching them, a guard in place to restrict access
and strong physical security to prevent unauthorized access. If strong physical security
is cost prohibitive or cannot be achieved because of operational needs, the data stored
on these computers should be encrypted
CIPT - Certified Information Privacy Technologist - BOK(rearranged)
2/10
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Denyss. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.