Your company outsourced software development to an offshore software company that requests customer data for software testing. You may need to support testing and debugging the software by tracing test data to actual data. To achieve the best testing result, which of the following data should you provide? (Wentz QOTD)
A. Anonymized customer data
B. Randomly-generated data
C. Real customer data
D. Pseudonymized customer data
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Pseudonymized customer data.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Pseudonymized data can be restored to its original state with the addition of information which then allows individuals to be re-identified, while anonymized data can never be restored to its original state.
- Hash or Token/Pseudonym can be attached to the original data for re-identification.
- Scrambling is one form of anonymization.
- Deprivacy digesting is a distractor.
Reference
- Pseudonymization
- Pseudonymization vs. Anonymization and How They Help With GDPR
- CHALLENGES WITH CLONING, SCRAMBLING AND ANONYMIZING EMPLOYEE DATA IN SAP-HR – PART 2
- CISSP PRACTICE QUESTIONS – 20200317
- CISSP PRACTICE QUESTIONS – 20201220
- CISSP PRACTICE QUESTIONS – 20210122
您的公司將軟件開發外包給離岸軟件公司,該公司要求取得客戶數據進行軟件測試。 您可能需要通過追溯測試數據到實際數據來支持測試和調試軟件。 為了獲得最佳測試結果,您應該提供以下哪些數據? (Wentz QOTD)
A. 匿名客戶數據
B. 隨機生成的數據
C. 真實客戶數據
D. 假名(Pseudonymized)客戶數據
My suggested answer is – D. Pseudonymized customer data