CIPM Test Study Section 1. Privacy
Program Governance Ch. 1,2,3 (Strategic
Management, Develop & Implement a
Framework, Performance Measurement)
questions with answers.
What is a business case? ANS -Defines a business need and describes a way to meet that goal
What is a biased sample? ANS -A measurement excluding relevant elements of data or "cherry picking"
to get desired result.
What is intentional deceit? ANS -Purposely excluding and manipulating numbers to mislead
What are requirements of PCI-DSS? ANS -PCI-DSS stands for Payment Card Industry Data Security
Standard. Its requirements include:
Firewall:
-default settings not allowed
-protect cardholder data
-encrypt transmissions
-antivirus
-secure systems and apps
Access Control:
-unique ID's
-physical access restricted
-monitor and track access
-test security system(s)
, -infosec policy
4 reasons an organization or privacy professional should use a Privacy Framework. ANS -1. Reduce risk
2. Avoid data loss
3. Sustain organization's market value
4. Comply with laws, regulations & industry standards
What is a privacy workshop? ANS -A meeting where privacy program stakeholders are informed about
legal and market expectations concerning privacy; Q&A; and setting a baseline for privacy knowledge.
What is APEC and how is it relevant to privacy? ANS -APEC stands for Asia Pacific Economic
Cooperation.
It is a privacy framework to enable safe data transfers meant to benefit consumers, business and
government.
What is the ISTPA? ANS -It stands for the International Security Trust & Privacy Alliance.
It is an industry organization focused on creating actionable frameworks for businesses implementing
data protection policies.
What are the metric taxonomies? Where do these taxonomies originate? ANS --Objective/Subjective
-Qualitative/Quantitative
-IT metrics/Quantitative measurement
-Static/Dynamic (static= doesn't change over time)
-Absolute/Relative (absolute= not dependent on other)
-Direct/Indirect
They originate from NIST IR 7564
Program Governance Ch. 1,2,3 (Strategic
Management, Develop & Implement a
Framework, Performance Measurement)
questions with answers.
What is a business case? ANS -Defines a business need and describes a way to meet that goal
What is a biased sample? ANS -A measurement excluding relevant elements of data or "cherry picking"
to get desired result.
What is intentional deceit? ANS -Purposely excluding and manipulating numbers to mislead
What are requirements of PCI-DSS? ANS -PCI-DSS stands for Payment Card Industry Data Security
Standard. Its requirements include:
Firewall:
-default settings not allowed
-protect cardholder data
-encrypt transmissions
-antivirus
-secure systems and apps
Access Control:
-unique ID's
-physical access restricted
-monitor and track access
-test security system(s)
, -infosec policy
4 reasons an organization or privacy professional should use a Privacy Framework. ANS -1. Reduce risk
2. Avoid data loss
3. Sustain organization's market value
4. Comply with laws, regulations & industry standards
What is a privacy workshop? ANS -A meeting where privacy program stakeholders are informed about
legal and market expectations concerning privacy; Q&A; and setting a baseline for privacy knowledge.
What is APEC and how is it relevant to privacy? ANS -APEC stands for Asia Pacific Economic
Cooperation.
It is a privacy framework to enable safe data transfers meant to benefit consumers, business and
government.
What is the ISTPA? ANS -It stands for the International Security Trust & Privacy Alliance.
It is an industry organization focused on creating actionable frameworks for businesses implementing
data protection policies.
What are the metric taxonomies? Where do these taxonomies originate? ANS --Objective/Subjective
-Qualitative/Quantitative
-IT metrics/Quantitative measurement
-Static/Dynamic (static= doesn't change over time)
-Absolute/Relative (absolute= not dependent on other)
-Direct/Indirect
They originate from NIST IR 7564
