CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide
448
CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide
448eBook
Available on Compatible NOOK devices, the free NOOK App and in My Digital Library.
Related collections and offers
Overview
This resource offers complete, up-to-date coverage of all the material included on the current release of the Certified Data Privacy Solutions Engineer exam. Written by an IT security and privacy expert, CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide covers the exam domains and associated job practices developed by ISACA®. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CDPSE exam, this comprehensive guide also serves as an essential on-the-job reference for new and established privacy and security professionals.
COVERS ALL EXAM TOPICS, INCLUDING:
- Privacy Governance
- Governance
- Management
- Risk Management
- Privacy Architecture
- Infrastructure
- Applications and Software
- Technical Privacy Controls
- Data Cycle
- Data Purpose
- Data Persistence
- 300 practice exam questions
- Test engine that provides full-length practice exams and customizable quizzes by exam topic
Product Details
| ISBN-13: | 9781260474831 |
|---|---|
| Publisher: | McGraw Hill LLC |
| Publication date: | 03/19/2021 |
| Sold by: | Barnes & Noble |
| Format: | eBook |
| Pages: | 448 |
| File size: | 6 MB |
About the Author
Table of Contents
Acknowledgments xv
Introduction xvii
Part I Privacy Governance
Chapter 1 Governance 3
Introduction to Privacy Governance 3
Privacy Governance Influencers 7
Reasons for Privacy Governance 17
Privacy and Security Governance Activities and Results 18
Business Alignment 19
Monitoring Privacy Responsibilities 21
Privacy Governance Metrics 21
Privacy Strategy Development 25
Strategy Objectives 25
Control Frameworks 26
Risk Objectives 32
Strategy Resources 32
Privacy Program Strategy Development 38
Strategy Constraints 46
Chapter Review 48
Quick Review 51
Questions 53
Answers 55
Chapter 2 Management 59
Privacy Roles and Responsibilities 59
Board of Directors 62
Executive Management 64
Privacy and Security Steering Committees 65
Business Process and Business System Owners 65
Custodial Responsibilities 66
Chief Privacy Officer 67
Chief Information Security Officer 68
Software Development 69
Data Management 71
Network Management 71
Systems Management 72
Operations 72
Privacy Operations 73
Security Operations 73
Privacy Audit 74
Security Audit 74
Service Desk 74
Quality Assurance 74
Other Roles 75
General Staff 75
Building a Privacy Operation 75
Identifying Privacy Requirements 76
Developing Privacy Policies 77
Developing and Running Data Protection Operations 80
Developing and Running Data Monitoring Operations 81
Working with Data Subjects 82
Working with Authorities 84
Privacy Training and Awareness 85
Training Objectives 85
Creating or Selecting Content 86
Audiences 86
New Hires 89
Annual Training 89
Communication Techniques 89
Third-Party Risk Management 90
Cloud Service Providers 90
Privacy Regulation Requirements 92
TPRM Life Cycle 92
Auditing Privacy Operations 96
Privacy Audit Scope 96
Privacy Audit Objectives 97
Types of Privacy Audits 97
Privacy Audit Planning 98
Privacy Audit Evidence 100
Auditing Specific Privacy Practices 102
Audit Standards 106
Privacy Incident Management 106
Phases of Incident Response 107
Privacy Incident Response Plan Development 109
Privacy Continuous Improvement 110
Chapter Review 111
Quick Review 113
Questions 114
Answers 116
Chapter 3 Risk Management 119
The Risk Management Life Cycle 120
The Risk Management Process 120
Risk Management Methodologies 123
Asset Identification 132
Asset Classification 133
Asset Valuation 135
Threat Identification 136
Vulnerability Identification 143
Risk Identification 145
Risk, Likelihood, and Impact 146
Risk Analysis Techniques and Considerations 149
Privacy Impact Assessments 159
PIA Procedure 159
Engaging Data Subjects in a PIA 160
The Necessity of a PIA 160
Integrating into Existing Processes 161
Recordkeeping and Reporting 161
Risks Specific to Privacy 162
Privacy Threats 163
Privacy Countermeasures 164
Chapter Review 165
Quick Review 166
Questions 167
Answers 170
Part II Privacy Architecture
Chapter 4 Infrastructure 175
Technology Stacks 175
Hardware 176
Operating Systems 178
Database Management Systems 182
Application Servers 185
Cloud Services 185
Infrastructure as a Service 186
Platform as a Service 187
Software as a Service 187
Serverless Computing 187
Mobile Backend as a Service 188
Shadow IT and Citizen IT 188
Endpoints 189
Laptop and Desktop Computers 189
Virtual Desktop Infrastructure 191
Mobile Devices 191
Bring-Your-Own 192
Zero Trust Architecture 192
Connected Devices and Operational Technology 193
Remote Access 195
Client VPN 196
Clientless (SSL) VPN 196
Split Tunneling 197
System Hardening 197
Hardening Principles 197
Hardening Standards 198
Security and Privacy by Design 199
Chapter Review 199
Quick Review 202
Questions 203
Answers 205
Chapter 5 Applications and Software 209
Privacy and Security by Design 209
Systems Development Life Cycle 211
SDLC Phases 211
Software Development Risks 234
Alternative Software Development Approaches and Techniques 235
System Development Tools 237
Acquiring Cloud-based Infrastructure and Applications 238
Applications and Software Hardening 240
Application Hardening Principles 240
Testing Applications 242
APIs and Services 243
Online Tracking and Behavioral Profiling 244
Tracking Techniques and Technologies 245
Tracking in the Workplace 251
Tracking Prevention 253
Chapter Review 255
Quick Review 258
Questions 258
Answers 261
Chapter 6 Technical Privacy Controls 263
Controls 263
Control Objectives 264
Privacy Control Objectives 265
Control Frameworks 265
Communication and Transport Protocols 269
Network Media 269
Network Protocols 270
Network Architecture 272
Encryption, Hashing, and De-identification 273
Encryption 273
Key Management 282
De-identification 284
Monitoring and Logging 285
Event Monitoring 285
Identity and Access Management 289
Access Controls 290
Chapter Review 301
Quick Review 303
Questions 304
Answers 306
Part III Data Cycle
Chapter 7 Data Purpose 311
Data Governance 311
Policies and Standards 312
Roles and Responsibilities 312
Control Objectives and Controls 312
Assessments 313
Reporting 313
Data Inventory 313
Data Classification 314
Data Classification Levels 315
Data Handling Standards 316
Data Loss Prevention Automation 318
System and Site Classification 321
Data Quality and Accuracy 322
Data Flow and Usage Diagrams 323
Data Use Limitation 324
Data Use Governance 325
External Privacy Policy 325
Data Analytics 326
Chapter Review 328
Quick Review 329
Questions 329
Answers 332
Chapter 8 Data Persistence 335
Data Minimization 335
Collecting Only Required Fields 336
Collecting Only Required Records 337
Discarding Data When No Longer Needed 337
Minimizing Access 338
Minimizing Storage 338
Minimizing Availability 339
Minimizing Retention 339
Minimization Through De-identification 341
Data Migration 342
Data Storage 344
Data Warehousing 345
Data Retention and Archiving 345
Industry Data Retention Laws 345
Right to Be Forgotten 346
Data Archival 346
Data Destruction 347
Chapter Review 347
Quick Review 348
Questions 349
Answers 352
Part IV Appendix and Glossary
Appendix About the Online Content 357
System Requirements 357
Your Total Seminars Training Hub Account 357
Privacy Notice 357
Single User License Terms and Conditions 357
Total Tester Online 359
Technical Support 359
Glossary 361
Index 397
Figure Credits
Figure 1-2 Courtesy Xhienne: SWOT pt.svg, CC BY-SA2.5, https://commons.wikimedia.org/w/index.php?curid=2838770.
Figure 1-3 Courtesy Hi-Tech Security Solutions magazine.
Figure 3-2 Source: US National Institute for Standards and Technology (NIST).
Figure 5-1 Courtesy of Oxford University Press, Inc. From Christopher Alexander, et al., The Oregon Experiment, 1975, p. 44. Used by Permission of Oxford University Press, Inc.