ExamGecko
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search

Related questions











Question 40 - CIPM discussion

Report
Export

SCENARIO

Please use the following to answer the next QUESTION:

Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production -- not data processing -- and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information.

To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth -- his uncle's vice president and longtime confidante -- wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access.

Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded subsidiary data still in Anton's possession can be destroyed within the next few years.

After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe.

Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check.

Documentation of this analysis will show auditors due diligence.

Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.

Which important principle of Data Lifecycle Management (DLM) will most likely be compromised if Anton executes his plan to limit data access to himself and Kenneth?

A.

Practicing data minimalism.

Answers
A.

Practicing data minimalism.

B.

Ensuring data retrievability.

Answers
B.

Ensuring data retrievability.

C.

Implementing clear policies.

Answers
C.

Implementing clear policies.

D.

Ensuring adequacy of infrastructure.

Answers
D.

Ensuring adequacy of infrastructure.

Suggested answer: A

Explanation:

The important principle of Data Lifecycle Management (DLM) that will most likely be compromised if Anton executes his plan to limit data access to himself and Kenneth is ensuring data retrievability.Data retrievability refers to the ability to access and use data when needed for business purposes or legal obligations1It involves maintaining the availability, integrity, and usability of data throughout its lifecycle2However, if Anton restricts data access to only himself and Kenneth, he will create a single point of failure and a bottleneck for data retrieval. This could pose several risks and challenges for the company, such as:

Losing data if Anton or Kenneth forgets the password or leaves the company without sharing it with others.

Delaying data retrieval if Anton or Kenneth is unavailable or unresponsive when someone else needs the data urgently.

Violating data protection laws or regulations that require data access by certain parties or authorities under certain circumstances.

Reducing data quality or accuracy if Anton or Kenneth fails to update or maintain the data properly.

Missing business opportunities or insights if Anton or Kenneth does not share the data with other relevant stakeholders or departments.

Therefore, Anton should reconsider his plan and adopt a more balanced and secure approach to data access management that follows the principle of least privilege.This means granting data access only to those who need it for their specific roles and responsibilities and revoking it when no longer needed3He should also implement proper authentication, authorization, encryption, backup, and audit mechanisms to protect the data from unauthorized or unlawful access, use, disclosure, alteration, or destruction4Reference:1:Data Retrievability: What Is It?;2:Data Lifecycle Management | IBM;3:What is Least Privilege? Definition & Examples;4:Technical Security Controls: Encryption, Firewalls & More

asked 22/11/2024
Azahar Basri
21 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first