Prelim Flashcards
refers to any information, whether recorded in a
material form or not, from which the identity of an individual is
apparent or can be directly ascertained by the entity holding the
information
Personal data
concerns the collection and use of data about individuals
Privacy
part of the data protection area that deals with
the proper handling of data, with the focus on compliance
with data protection regulations.
Data privacy
includes a set of standards and different
safeguards and measures that an organization is taking to
prevent any third party from unauthorized access to digital data
or any intentional or unintentional alteration, deletion, or data
disclosure
Data security
an unauthorized or unintentional
disclosure of confidential information.
Data breach
the stealing of data or confidential
information by electronic means, including ransomware
and hacking.
Cyberattack
is a model designed to guide an organization’s
policies on information security.
CIA Triad
ensures that data is accessed only by
authorized individuals.
Confidentiality
ensures that information is reliable as well as
accurate
Integrity
ensures that data is both available and
accessible to satisfy business needs.
Availability
particularly
sensitive, as it may easily use to commit online and/or
offline fraud.
Financial privacy
the process of ingesting, storing,
organizing, and maintaining the data created and collected by an
organization
Data management –
are subject to
stringent laws that address user access privileges. By
law, security and authentication systems are often
required for individuals
Medical privacy
websites
publish a privacy policy that details the website’s
intended use of collected online and/or offline collected
data.
Internet privacy
information that can be used to distinguish or trace an
individual’s identity
personally identifiable information
take privacy requirements into
account throughout the system development process, from the
conception of a new IT system through detailed system design,
implementation, and operation.
Privacy by Design
These are system requirements
that have privacy relevance. System privacy
requirements define the protection capabilities provided
by the system, the performance and behavioral
characteristics exhibited by the system,
Privacy requirements
This principle requires an organization
to ensure that it only processes the data that is necessary to
achieve its specific purpose and that PII is protected during
collection, storage, use, and transmission
Privacy as the default:
g focuses on implementing techniques that
decrease privacy risks and enables organizations to make
purposeful decisions about resource allocation and effective
implementation of controls in information
Privacy Engineering
involves taking account of privacy during the
entire life cycle of ICT
Privacy Engineering
t is an expectation of loss expressed
as the probability that a particular threat will exploit a particular
vulnerability with a particular harmful result.
Security risk assessment i
includes a disciplined, structured, and
flexible process for organizational asset valuation; security and
privacy control selection, implementation, and assessment;
system and control authorizations
Risk management
are system requirements that have
privacy relevance. System privacy requirements define the
protection capabilities provided by the system, the performance
and behavioral characteristics exhibited by the system
Privacy requirements
is an analysis of how
information is handled: to ensure handling conforms to
applicable legal, regulatory, and policy requirements regarding
privacy; to determine the risks and effects of collecting,
Privacy impact assessment
