Domain 6 Flashcards
What occurs when a customer is dissuaded from leaving a provider even when it’s the best decision?
Vendor lock-in
What’s an industry standard that provides guidance for eDiscovery programs?
ISO 27050
What provides industry standard guidance for information privacy programs?
ISO 27701
Who is the entity that uses the data on behalf of the owner/controller?
Data processor
Who is the person the PII describes?
Data subject
Who is the entity that creates the PII?
Data owner/controller
Who are entities that regulate the use of PII?
Regulators
Is it proper to script a testimony in court?
No, but coaching is okay
Is deploying a firewall a risk mitigation strategy?
Yes
________ is a strategy where an organization decides to accept the potential risks and associated outcomes of a particular security threat rather than avoiding or mitigating it
Risk acceptance
What is a metric that indicates the degree to which your organization requires its information to be protected against confidentiality leaks or compromised data integrity?
Risk tolerance - how much risk you can tolerate
What is when an org completely avoids the activity that carries the potential risk.
Risk avoidance
This is when you transfer the risk to another party when accepting or avoiding the risk yourself is not feasible
Risk transfer
If the risk then happens, the responsibility or loss will not fall solely on one party.
Risk sharing
What is the act of adding extra resources, time, or personnel to mitigate the potential impact of a risk.
Risk buffering
Involves creating a contingency plan or “Plan B” for certain risks.
Risk strategizing
This is the performance of tests (usually many tests) to verify that a project is secure and functions as intended.
Risk testing
This allows an organization to determine the potential financial implications of a risk event.
Risk quantification
This is the implementation of risk controls to mitigate potential hazards or bad outcomes that may arise during a project or with an enterprise.
Risk reduction
This uses digital tools and technologies to transform how businesses recognize, evaluate, control, and reduce risks.
Risk digitization
What function tests the effectiveness of controls?
Audit
This is when you communicate a change in privacy practices to customers.
Notice
This is when you offer customers an opportunity to opt out of use of their data.
Choice and consent
This principle says individuals should be able to review and update their personal information.
Access