Privacy Operational Lifecycle - Section III.B. - Protect Your Organization Flashcards
Data life cycle management elemements
- Enterprise Objectives
- Minimalism
- Simplicity
- Adequacy of infrastructure
- Informatin Security
- Authenticity
- Retrievability
- Distribution controls
- Auditability
- Consistancy
- Enforcement
Data life cycle management is a policy-based approach to managing the flow of information through a life cycle from creation to final disposition. DLM provides a holistic approach to the processes, roles, controls and measures necessary to organize and maintain data. Many of the elements are similar to Fair Information Practices. Notice and consent are borth common examples of priciples contained in iterations of FIPs, but they are related more closely with data subject rights, not data governance.
Solove’s Privacy Risks identify what four activities that can lead to risks to privacy?
(1) Information collection;
(2) Information processing;
(3) Information Dissemination (Datenweitergabe); and
(4) Invasions.
What is a security control?
A process, policy, device, practice, or other action that attempts to modify risk.
What does STRIDE stand for?
It is a security framework for the acronym:
Spoofing,
Tampering,
Repudiation,
Information disclosure;
Denial of service, and
Elevation of privilege.
What are the three primary principles set forth in ISO Standard 31700-1:2023 for implementing privacy by design into consumer goods and services?
(1) Empowerment and Transparency;
(2) Institutionalization and Responsibility; and
(3) Ecosystem and Lifecycle.
What are the two primary types of software design processes?
Plan-driven development and agile development.
The Software Development Life Cycle (SDLC) is a framework that defines the steps involved in the software development process. Software process models build off the SDLC. They are intended to separate development into distinct stages and define under what conditions development may proceed to the next stage. Some models also define other aspects of software development, such as potential artifacts (i.e., by-products produced during development) at each stage and individual roles. There are two primary types of software design processes: plan-driven development and agile development. Plan-Driven Development is a model that attempts to plan and develop all of the features a user might want in the final product and determines how all those features are to be developed. Examples of plan-driven development methods include the spiral and waterfall models. Agile Development is a type of model that anticipates the need to remain flexible and is a lighter-weight, more pragmatic approach to development that “incorporates new system requirements during the actual creation of the system.” Agile development focuses on specific portions of a project to develop one at a time. Examples of agile development models include the Scrum and Extreme Programming models.
What is the primary concern of the “integrity” prong of the CIA Triad?
Information should be kept in a form that is authentic, accurate, and complete.
True or False: Both information security and information privacy rely heavily upon the principle of accountability.
True
What is linkability?
The amount of effort required to link data to a specific individual.
What is a technical security control?
A type of security control that consists of procedures and mechanisms designed to limit and monitor access to information.
True or False: Implementation of data destruction practices is one of the most powerful ways to protect personal data.
True.
What is collision resistance?
The principle in hashing that it should be computationally infeasible to find any two distinct inputs that map to the same output.
What is a privacy engineer?
An area specialist in systems engineering that is focused on creating systems that adequately protect the processing of personal data.
A privacy engineer is effectively a domain expert on one aspect of software development.
What is the principle of least privilege?
The notion that any user should only have the bare minimum privileges necessary to perform his or her function.
What is a common best practice for implementing administrative security controls?
Limiting information access to roles within an organization based upon need-to-know status.
What two components make up an access control system?
Authorization and authentication.
True or False: Identity can be abstracted away and validated by third parties.
True
What are the two necessary requirements to perform encryption?
An encryption algorithm and an encryption key.
What does the design phase of the SDLC entail?
Designing software and architecture for the project, including an explanation of how the system operates, how specific aspects function, and how data moves through the system.
What are some best practices for implementing an access control system?
(1) Use unique user access IDs;
(2) Use credentials for IDs;
(3) Provide access based upon business purpose;
(4) Use a formal access process to add or remove privileges;
(5) Use a password management system; and
(6) Implement a “clean desk” policy.
What are Privacy-Enhancing Technologies?
Privacy technology standards developed solely to be used for the transmission,
storage and
use of privacy data
True or False: A Privacy by Design can be modular, in that it can be “bolted onto” an engineering project after the fact.
False. The third principle of PbD states that PbD is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact.
What type of encryption is sometimes referred to as “public key encryption”?
Asymmetric encryption.
Between information privacy and information security, which is focused on ensuring data access and which is focused on ensuring data availability?
Information privacy seeks to provide data access, while
information security seeks to maintain data availability.
Information privacy is more concerned with the policy behind data management practices, when and how users should have access to their data is a key concern.
Information security focuses on making data available i.e. usable as needed.
Data life cycle management involves the element of “enforcement.” What is this a reference to?
There must be a means to enforce data management practices, including through automated means.
Does Privacy by Design seek to prevent privacy incidents from occurring or resolve them once they have occurred?
The first principle of Privacy by Design is that it is “proactive, not reactive; preventative, not remedial.”
True or False: All personal information is confidential.
False. Not all personal information is confidential, such as publicly available information in court documents.
What are the three considerations organizations should attempt to balance in developing and implementing an information security program?
Confidentiality, integrity, and availability.
What are the three techniques used to anonymize data?
Suppression,
Generalization, and
Noise Addition.
What are the six core elements of the NIST Cybersecurity Framework 2.0?
(1) Govern;
(2) Identify;
(3) Protect;
(4) Detect;
(5) Respond; and
(6) Recover.
What are the six steps in the SDLC?
System Development Life Cycle
(1) Requirements engineering;
(2) Design;
(3) Implementation;
(4) Testing;
(5) Deployment; and
(6) Maintenance.
What is anonymization?
The process of taking an identifiable data set and stripping it of its identifying information.
How is “authorization” defined in the context of an access control system?
The process of determining if the end user is permitted to have access to the desired resource such as the information asset or the information system containing the asset.
What is the primary concern of the “availability” prong of the CIA Triad?
Information should be maintained in such a way that those who have authorization, and a need to do so, can adequately access it.
What are some common ways to destroy personal data held in physical form?
Shredding, melting, and burning.
Data life cycle management policies cover data from when to when?
From collection to destruction or from cradle to grave.
What are some potential risks that a development team faces when adopting an agile development model?
Risks include scope creep,
communication challenges,
and a lack of predictability.
What are the two component parts of authorization?
A mechanism (i.e., technical means of allowing or denying access) and the policy (i.e., specification of who is allowed access).
What is Privacy by Design?
An approach to systems engineering that “builds in” privacy to products and services throughout its entire life cycle or, put differently, data protection through technology design.
True or False: Information security professionals, but not information privacy professionals, have a vested interest in protecting against a data breach.
False. Both information security and information privacy professionals have a vested interest in protecting against a data breach.
Under Calo’s Harms Dimensions, which type of harm is most likely to have the greatest impact on individual privacy: measurable and objective harm, or perceived and subjective harm?
The Calo model holds that the perception of harm is just as likely to have a negative impact on individual privacy as measurable and objective harm.
What are the three factors that support an authentication mechanism?
(1) User-supplied authentication information;
(2) Complementation information; and
(3) An authentication function.
What is third party data collection?
When data is acquired from a source other than directly from the data subject.
True or False: Information privacy is focused on mitigating and protecting against risk.
False. Information security is primarily focused on protecting against and mitigating risk, while information privacy is focused primarily on the policies behind handling personal information.
