CIPM Protect

Question 1

Data life cycle management

Answer 1

information flow management from creation to disposal; mitigation aimed at lowering risks of breaches by decreasing volume and type of data stored

Question 2

Paul & Copple 11 element DLM model (to reduce “save everything” plan)

Answer 2

1. enterprise objectives: prioritize information
2. minimalism - discard unless need = Zubuluke standard
3. Simple procedures and training
4. Adequacy of information to support task requirements
5. IS personnel should be included in development of DLM FW
6. authenticity and accuracy of records needed for court procedures
7. easy retrievability
8. distribution (access) controls and encryption
9. auditability - hash, digital signatures, etc.
10. Consistency of policy throughout organization
11. Enforcement (internal) throughout organization

Question 3

IS practices: CIA Triad

Answer 3

• confidentiality (prevent unauthorised disclosure)
• integrity (prevent unauthorised modification, deletion)
• availability (accessibility to authorised users)
• accountability (entity ownership traceable)
• assurance (4 other objectives met)

Question 4

IS risk management practices : ISO 27000

Answer 4

1. ID risk
2. select and implement measures to mitigate risk
3. track and evaluate risk

Question 5

3 high level security roles

Answer 5

1. executive: CIO, ISO, etc.
2. functional: security engineers and security professionals
3. corollary: support (physical security, privacy professional, supply chain)

Question 6

US CERT essential body of knowledge 14 generic competency IS practice areas

Answer 6

1. data security
2. digital forensics (for security incidents)
3. enterprise continuity (BCP)
4. IRP
5. IS training and awareness
6. Operations and maintenance of IT systems
7. network & telecoms security
8. personnel security
9. physical/environmental security (computer rooms)
10. procurement
11. regulatory standards/compliance
12. security risk management
13. strategic security management (IS in line with mission)
14. system and app security

Question 7

PTA (privacy threshold analysis)

Answer 7

methodology used to determine whether PIA needed

Question 8

PIA (privacy impact analysis)

Answer 8

methodology for assessing privacy related risks associated with business activities involving personal data processing: -assess existing controls;
-suggest remedial actions/mitigation needed to decrease risks

Question 9

Governance

Answer 9

decision rights + accountability ;

processes + standards + roles

Question 10

Malware

Answer 10

Malware is a malicious software, such as virus, worm or Trojan horse

Question 11

Virus

Answer 11

A virus is a program that attaches itself to a file or another program, often sent via e-mail. A virus needs the presence of a host to work

Question 12

Ransomware

Answer 12

A type of virus that locks a target system until a ransom is paid