IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

Similar documents
IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection

Security Information & Policies

Security+ SY0-501 Study Guide Table of Contents

OnlineNIC PRIVACY Policy

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

University of Pittsburgh Security Assessment Questionnaire (v1.7)

U.S. Private-sector Privacy Certification

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Mobility Policy Bundle

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Google Cloud & the General Data Protection Regulation (GDPR)

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

The following chart provides the breakdown of exam as to the weight of each section of the exam.

NOTICE OF PERSONAL DATA PROCESSING

GDPR: A technical perspective from Arkivum

Sarri Gilman Privacy Policy

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Information Security in Corporation

EU General Data Protection Regulation (GDPR) Achieving compliance

I. INFORMATION WE COLLECT

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Effective Strategies for Managing Cybersecurity Risks

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Privacy Policy. Optimizely, Inc. 1. Information We Collect

Checklist: Credit Union Information Security and Privacy Policies

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

GUESTBOOK REWARDS, INC. Privacy Policy

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Data Security: Public Contracts and the Cloud

Baseline Information Security and Privacy Requirements for Suppliers

GRANDSTREAM PRIVACY STATEMENT

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Just-Property Ltd GDPR Client Data Register

Tips for Passing an Audit or Assessment

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

COMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1

Cyber Due Diligence: Understanding the New Normal in Corporate Risk

Privacy Policy Effective May 25 th 2018

Chapter 12. Information Security Management

SCALARR PRIVACY POLICY

Projectplace: A Secure Project Collaboration Solution

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

716 West Ave Austin, TX USA

CCISO Blueprint v1. EC-Council

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Putting It All Together:

01.0 Policy Responsibilities and Oversight

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY

Information Security Policy

1.2 Participant means a third party who interacts with the Services as a result of that party s relationship with or connection to you.

Organization information. When you create an organization on icentrex, we collect your address (as the Organization Owner), your

Knowing and Implementing the GDPR Part 3

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

VETDATA PRIVACY POLICY

CIO IT Infrastructure Policy Bundle

Magento GDPR Frequently Asked Questions

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

TRACKVIA SECURITY OVERVIEW

Risk Management in Electronic Banking: Concepts and Best Practices

The Common Controls Framework BY ADOBE

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Oracle Data Cloud ( ODC ) Inbound Security Policies

Privacy Policy of

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Information technology Security techniques Code of practice for personally identifiable information protection

OUR PRIVACY POLICY. 1. Our Privacy Principles. 2. Information that We Collect from You. Last Updated: May 25, 2018

Certification Exam Outline Effective Date: August 1, 2019

ecare Vault, Inc. Privacy Policy

CHANGES TO THIS POLICY

Information Classification & Protection Policy

Emsi Privacy Shield Policy

Cybersecurity The Evolving Landscape

COBIT 5 With COSO 2013

QuickBooks Online Security White Paper July 2017

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

DROPBOX.COM - PRIVACY POLICY

KantanMT.com. Security & Infra-Structure Overview

OPTIMAL BLUE, LLC PRIVACY POLICY

This document is a preview generated by EVS

Conjure Network LLC Privacy Policy

Privacy Policy Mobiliya Technologies. All Rights Reserved. Last Modified: June, 2016

PayThankYou LLC Privacy Policy

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Our Privacy Policy. Last modified: December 12th Summary of changes can be consulted at the bottom of this Privacy Policy.

2015 Online Trust Audit & Honor Roll Methodology

Transcription:

Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving compliance requirements a. GDPR considerations B. IT risks a. Client-side b. Server-side c. Security policy and personnel d. Application e. Network f. Storage C. Stakeholders expectations for privacy D. Mistakes organizations make a. Recent security incidents and enforcement actions E. Privacy vs. security what s alike and what s different F. IT governance vs. data governance G. The role of the IT professional, and those of other players, in preserving privacy II. Core privacy concepts A. Foundational elements for embedding privacy in IT a. Organization privacy notice b. Organization internal privacy policies c. Organization security policies, including data classification policies, data retention and data deletion d. Other commitments made by the organization (contracts, agreements) e. Common IT Frameworks (COBIT, ITIL, etc.) f. Data inventory g. Incident response security and privacy perspectives h. Security and privacy in the systems development life cycle (SDLC) process i. Enterprise architecture and data flows, including cross border transfers +1 603.427.9200 certification@privacyassociation.org 1

Page 2 of 6 j. Privacy impact assessments (PIAs) k. Privacy and security regulations with specific IT requirements l. Common standards and framework of relevance B. The information life cycle: an introduction a. Collection b. Use c. Disclosure d. Retention e. Destruction C. Common privacy principles a. Collection limitation b. Data quality c. Purpose specification d. Use limitation e. Security safeguards f. Openness g. Individual participation h. Accountability III. Privacy considerations in the information life cycle A. Collection a. Notice b. Choice/consent c. Collection limitations d. Secure transfer e. Reliable sources/collection from third parties f. Collection of information from individuals other than the data subject B. Use a. Compliance to regulations and commitments b. Data minimization c. Secondary uses d. User authentication, access control, audit trails e. Secure when in use and not in use f. Using personally identifiable information (PII) in testing g. Limitations on use when sources of data are unclear C. Disclosure a. According to notice b. Anonymize, minimize c. Define limitations d. Vendor management programs e. Inventory and secure transfers, secure remote access, review data protection capabilities prior to engaging f. Using intermediaries for the processing of sensitive information D. Retention a. Working with records management +1 603.427.9200 certification@privacyassociation.org 2

Page 3 of 6 b. Regulatory limitations, legal restrictions, limit retention of sensitive data if not necessary c. Provide data subject access i. Legal requirements ii. Business rationale iii. Access mechanisms iv. Handling requests d. Secure transfer to archiving, secure storage of information and meta data e. Considerations for business continuity and disaster recovery f. Portable media challenges E. Destruction a. Digital content, portable media, hard copy b. Identify appropriate time c. Secure transfer and disposal of information and media, return information from third parties d. Regulatory requirements defining destruction standards IV. Privacy in systems and applications A. The enterprise IT environment common challenges a. Architecture considerations b. IT involvement through mergers and acquisitions c. Industry and function specific systems B. Identity and access management a. Limitations of access management as a privacy tool b. Principle of least-privilege required c. Role-based access control (RBAC) d. User-based access controls e. Context of authority f. Cross-enterprise authentication and authorization models C. Credit card information and processing a. Cardholder data types b. Application of Payment Card Industry Data Security Standard (PCI DSS) c. Implementation of Payment Application Data Security Standard (PCI PA DSS) D. Remote access, telecommuting, and bring your own devices to work a. Privacy considerations b. Security considerations c. Access to computers d. Device controls e. Network controls f. Architecture controls E. Data encryption a. Crypto design and implementation considerations b. Application or field encryption c. File encryption d. Disk encryption e. Encryption regulation +1 603.427.9200 certification@privacyassociation.org 3

Page 4 of 6 f. Encryption standards F. Other privacy enhancing technologies (PET) in the enterprise environment a. Automated data retrieval b. Automated system audits c. Data masking and data obfuscation d. Data loss prevention (DLP) implementation and maintenance G. Specific considerations for customer-facing applications a. Software-based notice and consent b. Agreements i. End-user license agreement (EULA) ii. Terms of service iii. Terms of use for nonlicensed products iv. Mechanisms V. Privacy techniques A. Authentication techniques and degrees of strength a. User name and password b. Single/multi factor authentication c. Biometrics d. Portable media supporting authentication B. Identifiability a. Labels that point to individuals b. Strong and weak identifiers c. Pseudonymous and anonymous data d. Degrees of Identifiability i. Definition under the GDPR ii. U.S. regulations (HIPAA, FACTA, FERPA, etc.) iii. Other regulations addressing identity in data iv. Privacy stages and system characteristics v. Identifiable versus identified vi. Linkable versus linked e. Data aggregation C. Privacy by Design overview of principles D. Privacy by ReDesign review of framework VI. Online privacy issues A. Specific requirements for the online environment a. Organizational privacy strategy b. Regulatory requirements specific to the online environment c. Consumer expectations d. Children s online privacy B. Social media and websites that present a higher level of privacy challenges a. Personal information shared b. Personal information collected +1 603.427.9200 certification@privacyassociation.org 4

Page 5 of 6 c. No clear owner of content published or data collected d. Chatbots C. Online threats a. Phishing, whaling, etc. b. SQL injection c. Cross-site scripting (XSS) d. Spam e. Ransomware f. Common safeguards against threats (DMARC, Unified Threat Management systems, etc.) D. E-commerce personalization a. End user benefits b. End user privacy concerns E. Online advertising a. Understanding the common models of online advertising b. Key considerations when working with third parties to post ads on your company s website F. Understanding cookies, beacons and other tracking technologies a. Common types b. Privacy considerations c. Responsible practices G. Machine-readable privacy policy languages a. Platform for Privacy Preferences Project (P3P) b. Application Preference Exchange Language (APPEL) c. Enterprise Privacy Authorization Language (EPAL) d. Security Assertion Markup Language (SAML) e. extensible Access Control Markup Language (XACML) H. Web browser privacy and security features a. Private browsing b. Tracking protection c. Do not track I. Web security protocols VII. a. Secure sockets layer / transport security layer (SSL / TLS) b. Hypertext transfer protocol secure (HTTPS) c. Limiting or preventing automated data capture d. Combating threats and exploits e. Anonymity tools Technologies with privacy considerations A. Cloud computing a. Types of cloud b. Common privacy concerns c. Common security concerns d. Associations and standards +1 603.427.9200 certification@privacyassociation.org 5

Page 6 of 6 B. Wireless IDs a. Radio frequency identification b. Bluetooth devices c. Wi-Fi d. Cellular telephones and tablet computers C. Location-based services a. Evolution of location based services on mobile phones and personal digital assistants (PDAs) b. Global positioning systems (GPS) c. Geographic information systems (GIS) D. Smart technologies a. Data analytics b. Deep learning c. Internet of Things (IoT) d. Vehicular automation E. Video/data/audio surveillance a. Drones F. Biometric recognition +1 603.427.9200 certification@privacyassociation.org 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback