17 - Risk Management and Privacy Flashcards

Questions 3 - 11 have been omitted for brevity. Summarize risk management processes and concepts; and be able to explain privacy and sensitive data concepts in relation to security

1
Q

Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?

A

Removed the Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You notice a high number of SQL injection attacks against a web application run by your org, so you install a web application firewall (WAF) to block many of these attacks before they reach the server. How have you altered the severity of the risk?

A

Reduced the Probability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Under the European Union’s GDPR, what term is assigned to the individual who leads an org’s privacy efforts?

A

Data Protection Officer (DPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Helen’s org maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen’s org?

A

Data Processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Gene recently conducted an assessment and determined that his org can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?

A

The Recovery Time Objective (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tina works for a hospital system and manages the system’s patient records. What category of personal information best describes the information that is likely to be found in these records?

A

Protected Health Information (PHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Asa believes that her org is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?

A

Purpose Limitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What U.S. government classification level requires the highest degree of security control?

A

Top Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What data protection technique is reversible when conducted properly?

A

Tokenization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What term is given to an individual or organization who determines the reasons for processing personal information?

A

Data Controllers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What terms best describes this risk?

A

Residual Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly