17 - Risk Management and Privacy Flashcards
Questions 3 - 11 have been omitted for brevity. Summarize risk management processes and concepts; and be able to explain privacy and sensitive data concepts in relation to security
Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?
Removed the Vulnerability
You notice a high number of SQL injection attacks against a web application run by your org, so you install a web application firewall (WAF) to block many of these attacks before they reach the server. How have you altered the severity of the risk?
Reduced the Probability
Under the European Union’s GDPR, what term is assigned to the individual who leads an org’s privacy efforts?
Data Protection Officer (DPO)
Helen’s org maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen’s org?
Data Processor
Gene recently conducted an assessment and determined that his org can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?
The Recovery Time Objective (RTO)
Tina works for a hospital system and manages the system’s patient records. What category of personal information best describes the information that is likely to be found in these records?
Protected Health Information (PHI)
Asa believes that her org is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?
Purpose Limitation
What U.S. government classification level requires the highest degree of security control?
Top Secret
What data protection technique is reversible when conducted properly?
Tokenization
What term is given to an individual or organization who determines the reasons for processing personal information?
Data Controllers
Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What terms best describes this risk?
Residual Risk