Module 2: The role of the technology professional in privacy Flashcards

1
Q

Privacy policies

A

Inform employees about privacy, security, data management, and loss prevention
Must be documented, accessible, current, endorsed, and enforced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Policies

A

Data classification policies, data schema, data retention, data deletion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Inventories

A

Assets: Information, Physical, Intellectual
Classifications: Confidential, Internal use, public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Contracts and agreements

A

Expectations, Obligations, Audits, Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privacy technologists:

A

Risk analysis, Data separation, Data schemas, Require term acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Privacy Impact Assessments

A

Ensure compliance, assess privacy risk, recommend methods for risk mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Transactions for confidential data

A

Client-server architecture
Service-oriented architecture
Plug-in-based architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Breach Incident Response:

Discovery

A

Active monitoring of system activity or suspicious changes, detect tampering
Users can report suspicious activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Breach Incident Response:

Containment

A
Terminate the ongoing incident and preserve evidence
Ensure containment
Do not wipe system logs
Remove affected systems 
Fully document your investigation 
Have a contingency plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Breach Incident Response:

Analyze and notify

A

Know data breach notification obligations
Consult legal counsel to advise the response team
Notify individuals and/or public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Breach Incident Response:

Repercussions

A

Media coverage results in decrease in business and loss of consumer trust
Security analyst must report to senior management
Technology person must diagnose the incident, mitigate the issue, and provide information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Breach Incident Response:

Prevention

A

Learning tool: address holes in procedures, review privacy policies to identify weaknesses, train employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Breach Incident Response:

Third parties

A

Set responsibility of org and expectations/obligations of the vendor regarding personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security and privacy in SLDC

A

Securely provision, operate and maintain, protect and defend, investigate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Privacy responsibilities

A

Risk forecasting, Process support, privacy support, compliance, risk mitigation, maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Information governance framework

ITIL

A

Governed and owned by AXELOS. Provides an overall measurable view of a technology system, service and functionality. ITIL reports on services provided by the technology system and helps organizations use technology to support change and growth. It has limited view of risk management.

17
Q

Information governance framework COBIT

A

A more comprehensive program that helps with management of technology system that allows for tech governance. Tech governance focuses on the systems, application and support personnel that manage data in a company.