Which of the following actions is NOT required during a data privacy diligence process for Merger & Acquisition (M&A) deals?
Which of the following information must be provided by the data controller when complying with GDPR ''right to be informed'' requirements?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
The first step to mitigate further risks when a systems audit uncovers a shared drive folder containing sensitive employee data with no access controls is to restrict access to the folder. This can be done by implementing appropriate access controls, such as user authentication, role-based access, and permissions, to ensure that only authorized individuals can view and access the sensitive data.
https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492158151.pdf
https://www.itgovernance.co.uk/blog/5-reasons-why-employees-dont-report-data-breaches/
Which of the following is NOT a type of privacy program metric?
Types of privacy program metrics include business enablement metrics, data enhancement metrics, and commercial metrics. Business enablement metrics measure the effectiveness of the privacy program in enabling the business to function without compromising privacy. Data enhancement metrics measure the effectiveness of the privacy program in enhancing data protection, such as through data minimization, access controls, and data security. Commercial metrics measure the effectiveness of the privacy program in creating value, such as through the development of new products, services, and customer experiences.
Privacy program metrics are used to assess the effectiveness of a privacy program and measure its progress. These metrics can include business enablement metrics, data enhancement metrics, and commercial metrics. Value creation metrics, however, are not typically used as privacy program metrics.
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
The first step to mitigate further risks when a systems audit uncovers a shared drive folder containing sensitive employee data with no access controls is to restrict access to the folder. This can be done by implementing appropriate access controls, such as user authentication, role-based access, and permissions, to ensure that only authorized individuals can view and access the sensitive data.
https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492158151.pdf
https://www.itgovernance.co.uk/blog/5-reasons-why-employees-dont-report-data-breaches/
Submit Cancel