CISSP PRACTICE QUESTIONS – 20211215

Effective CISSP Questions

Which of the following roles determines the purposes and means of the processing of personal data? (Wentz QOTD)
A. Data owner
B. Data principal
C. Data controller
D. Data steward

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Data controller.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

ISO Security and Privacy Standards
ISO Security and Privacy Standards

Personal Data

When it comes to personal data or personally identifiable information (PII), there are three roles: subject/principal, controller, and processor. The term controller is more commonly used than “owner” as the ownership of personal data belongs to the data subject or principal. Organizations that collect and process personal data tend not to use the term “owner” to avoid claiming ownership.

According to GDPR, ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, while ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Privacy

Privacy is a concept that applies to data subjects, while confidentiality applies to data. That said, privacy is the right of a party to maintain control over and confidentiality of information about itself. (NISTIR 4734)

Privacy Principles
Privacy Principles

Proprietary Data

Data Governance
Data Governance
Electronic Discovery Reference Model
Electronic Discovery Reference Model

Reference


以下哪個角色決定了個人資料的處理目的和方式? (Wentz QOTD)
A. 數據所有者(Data owner)
B. 數據主體(Data principal)
C. 數據控制者(Data controller)
D. 數據管家(Data steward)



Leave a Reply