ExamGecko
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search

Related questions











Question 73 - CIPM discussion

Report
Export

SCENARIO

Please use the following to answer the next QUESTION:

Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand event. It fills one of the large downtown conference hotels and overflows into the others, with several thousand attendees enjoying three days of presentations, panel discussions and networking. The convention is the centerpiece of the company's product rollout schedule and a great training opportunity for current users. The sales force also encourages prospective clients to attend to get a better sense of the ways in which the system can be customized to meet diverse needs and understand that when they buy into this system, they are joining a community that feels like family.

This year's conference is only three weeks away, and you have just heard news of a new initiative supporting it: a smartphone app for attendees. The app will support late registration, highlight the featured presentations and provide a mobile version of the conference program. It also links to a restaurant reservation system with the best cuisine in the areas featured. 'It's going to be great,' the developer, Deidre Hoffman, tells you, 'if, that is, we actually get it working!' She laughs nervously but explains that because of the tight time frame she'd been given to build the app, she outsourced the job to a local firm. 'It's just three young people,' she says, 'but they do great work.' She describes some of the other apps they have built. When asked how they were selected for this job, Deidre shrugs. 'They do good work, so I chose them.'

Deidre is a terrific employee with a strong track record. That's why she's been charged to deliver this rushed project. You're sure she has the best interests of the company at heart, and you don't doubt that she's under pressure to meet a deadline that cannot be pushed back. However, you have concerns about the app's handling of personal data and its security safeguards. Over lunch in the break room, you start to talk to her about it, but she quickly tries to reassure you, 'I'm sure with your help we can fix any security issues if we have to, but I doubt there'll be any. These people build apps for a living, and they know what they're doing. You worry too much, but that's why you're so good at your job!'

Since it is too late to restructure the contract with the vendor or prevent the app from being deployed, what is the best step for you to take next?

A.

Implement a more comprehensive suite of information security controls than the one used by the vendor.

Answers
A.

Implement a more comprehensive suite of information security controls than the one used by the vendor.

B.

Ask the vendor for verifiable information about their privacy protections so weaknesses can be identified.

Answers
B.

Ask the vendor for verifiable information about their privacy protections so weaknesses can be identified.

C.

Develop security protocols for the vendor and mandate that they be deployed.

Answers
C.

Develop security protocols for the vendor and mandate that they be deployed.

D.

Insist on an audit of the vendor's privacy procedures and safeguards.

Answers
D.

Insist on an audit of the vendor's privacy procedures and safeguards.

Suggested answer: B

Explanation:

This answer is the best step to take next, as it can help you to assess the current state of the vendor's privacy practices and determine if they meet the organization's standards and expectations, as well as the applicable laws and regulations. Asking the vendor for verifiable information about their privacy protections can include requesting documentation, evidence or demonstration of how they collect, use, store, protect, share and dispose of personal data, what policies and procedures they have in place, what technical and organizational measures they implement, what certifications or audits they have obtained or undergone, and how they handle any privacy incidents or breaches. Based on this information, you can identify any weaknesses or gaps in the vendor's privacy protections and recommend or require any improvements or corrections before the app is deployed.Reference: IAPP CIPM Study Guide, page 82; ISO/IEC 27002:2013, section 15.1.2

asked 22/11/2024
Michael Madamba
34 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first