What is usually the primary objective of risk management?
Correct Answer: B
Explanation:
The most common objective of a risk management program is to reduce the number and severity of
privacy and security incidents.
Question 2
Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?
Correct Answer: D
Explanation:
[Reference: https://www.isaca.org/privacy-policy, The most important thing to ensure when developing a business case for the procurement of a new IT system that will process and store personal information is that data protection requirements are included. This means that the organization should identify and analyze the privacy risks and impacts of the new IT system, and determine the appropriate measures to mitigate or eliminate them. The data protection requirements should cover aspects such as data minimization, consent, access, rectification, erasure, portability, security, breach notification, etc. The data protection requirements should also align with the organization’s privacy policies and applicable privacy regulations. References: : CDPSE Review Manual (Digital Version), page 63]
Question 3
Which of the following approaches to incorporating privacy by design principles BEST ensures the privacy of personal information?
Correct Answer: A
Explanation:
Privacy by design requires proactive, default, and continuous integration of privacy controls across the entire data life cycle (collection through disposal). Limiting to breach response (B) or remediation (C) is reactive , and focusing only on final product development (D) misses earlier phases where most risk originates. “Embed privacy from the outset and across the full life cycle of processing activities.” [References: ISACA CDPSE Review Manual – Domain 2: Privacy by Design (End-to-End Security; Proactive not Reactive; Privacy Embedded into Design)., , ]
Demo Practice Mode
You are viewing only the questions marked as Demo.