Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?
The principle of least privilege is the most important principle to apply when granting access to an ERP system that contains a significant amount of personal dat
a. The principle of least privilege states that users should only have the minimum level of access and permissions necessary to perform their legitimate tasks and functions, and no more. Applying the principle of least privilege helps to protect the privacy and security of the personal data in the ERP system, as it reduces the risk of unauthorized or inappropriate access, disclosure, modification, or deletion of the data. It also helps to comply with the privacy laws and regulations, such as the GDPR, that require data controllers and processors to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Which of the following MOST significantly impacts an organization's ability to respond to data subject access requests?
The availability of application data flow diagrams is the most significant factor that impacts an organization's ability to respond to data subject access requests. Data subject access requests are requests made by data subjects to exercise their rights under privacy laws or regulations, such as the right to access, rectify, erase, or port their personal data. To respond to these requests effectively and efficiently, the organization needs to have a clear and accurate understanding of how personal data is collected, processed, stored, shared, and disposed of within its applications and systems. Application data flow diagrams are graphical representations of the data lifecycle that show the sources, destinations, transformations, and dependencies of the data. Having these diagrams readily available helps the organization to locate, retrieve, modify, or delete the personal data in response to the data subject access requests. The other options are less significant or relevant than the availability of application data flow diagrams, as they do not directly affect the organization's ability to identify and access the personal data.
Which of the following has the GREATEST impact on the treatment of data within the scope of an organization's privacy policy?
Data classification is the process of categorizing data according to its sensitivity, value, and criticality for the organization and the data subjects. Data classification has the greatest impact on the treatment of data within the scope of an organization's privacy policy, as it determines the appropriate level of protection, access, retention, and disposal for each type of dat
a. Data classification also helps to comply with the privacy principles and regulations, such as data minimization, purpose limitation, accuracy, security, and accountability.
Transport Layer Security (TLS) provides data integrity through:
Transport Layer Security (TLS) is a protocol that provides secure communication over the internet by encrypting and authenticating data. TLS provides data integrity through the calculation of message digests, which are cryptographic hashes that summarize the content and structure of a message. The sender and the receiver of a message can compare the message digests to verify that the message has not been altered or corrupted during transmission. TLS also uses digital certificates, asymmetric encryption, and symmetric encryption to provide confidentiality and authentication, but these are not directly related to data integrity.
Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?
Currently there are no comments in this discussion, be the first to comment!