PDF CDPSE Study Guide

Asymmetric encryption is a method of encrypting and decrypting data using two different keys: a public key and a private key. The public key can be shared with anyone, while the private key is kept secret by the owner. Data encrypted with the public key can only be decrypted with the private key, and vice versa. Asymmetric encryption ensures the security of encryption keys when transferring data containing personal information between cloud applications, by providing the following benefits:

• It can prevent unauthorized access or use of the data, as only the intended recipient who has the matching private key can decrypt the data sent by the sender who has the public key.
• It can prevent man-in-the-middle attacks, where an attacker intercepts and modifies the data or keys in transit, as any tampering with the data or keys will result in decryption failure or error.
• It can enable digital signatures, where the sender encrypts a message digest of the data with their private key, and the recipient verifies it with the sender’s public key. Digital signatures can ensure the authenticity and integrity of the data and the sender.

The other options are less effective or irrelevant for ensuring the security of encryption keys when transferring data containing personal information between cloud applications. Whole disk encryption is a method of encrypting all the data on a disk or device, such as a laptop or a smartphone. It does not protect the data when they are transferred over a network or stored on a cloud server. Symmetric encryption is a method of encrypting and decrypting data using the same key. It requires both parties to securely exchange and store the key, which may be difficult or risky in a cloud environment. Digital signature is not a method of encryption, but an application of asymmetric encryption that can provide additional security features for data transmission.

Input validation controls are the best way to ensure consumer credit card numbers are accurately captured. Input validation controls are methods that check the format, type, range, and length of the input data before accepting, processing, or storing it. Input validation controls can help prevent errors, fraud, or data loss by rejecting invalid, incomplete, or malicious input. For example, input validation controls can verify that a credit card number follows the Luhn algorithm1, has the correct number of digits2, and matches the card issuer’s prefix3. Input validation controls can also prevent SQL injection attacks4 or cross-site scripting attacks5 that may compromise the security and privacy of the data.

Input reference controls, access controls, and reconciliation controls are also important for data quality and security, but they do not directly ensure the accuracy of consumer credit card numbers. Input reference controls are methods that compare the input data with a predefined list of values or a reference table to ensure consistency and validity. For example, input reference controls can check if a country name or a postal code is valid by looking up a database of valid values. Access controls are methods that restrict who can access, modify, or delete the data based on their roles, permissions, or credentials. For example, access controls can prevent unauthorized users from accessing or tampering with consumer credit card numbers. Reconciliation controls are methods that compare the data from different sources or systems to ensure completeness and accuracy. For example, reconciliation controls can check if the transactions recorded in the accounting system match the transactions processed by the payment gateway.

References: Luhn algorithm, Credit card number, Bank card number, SQL injection, Cross-site scripting

A third-party privacy control assessment is an independent and objective evaluation of the design and effectiveness of the privacy controls implemented by an organization to protect personal data and comply with privacy laws and regulations. A third-party privacy control assessment can help senior management to verify the success of its commitment to privacy by design, by providing the following benefits:

• It can measure the extent to which the organization has adopted and integrated the principles and practices of privacy by design throughout its products, services, processes and systems.
• It can identify the strengths and weaknesses of the organization’s privacy governance, policies, procedures, standards and guidelines, and provide recommendations for improvement.
• It can validate the organization’s compliance with the applicable privacy requirements and expectations of its customers, stakeholders, regulators and auditors.
• It can enhance the organization’s reputation and trustworthiness as a responsible and transparent data controller and processor.

The other options are less effective or irrelevant for verifying the success of the commitment to privacy by design. Reviewing the findings of an industry benchmarking assessment may provide some insights into how the organization compares with its peers or competitors in terms of privacy performance, but it may not reflect the specific privacy goals, risks and challenges of the organization. Identifying trends in the organization’s amount of compromised personal data or number of privacy incidents may indicate some aspects of the organization’s privacy maturity, but they are reactive and lagging indicators that do not capture the proactive and preventive nature of privacy by design. Moreover, these metrics may not account for other factors that may influence the occurrence or impact of data breaches or privacy violations, such as external threats, human errors or environmental changes.

References:

• Privacy by Design: How Far Have We Come? - ISACA, section 1: “Privacy by design challenges conventional system thinking. It mandates that any system, process or infrastructure that uses personal data consider privacy throughout its development life cycle.”
• Privacy Control Assessment - ISACA, section 1: “A Privacy Control Assessment (PCA) is an independent evaluation performed by a qualified assessor to determine whether an entity’s controls are suitably designed and operating effectively to meet its objectives related to protecting personal information.”
• Privacy by Design: The New Competitive Advantage - ISACA, section 2: “Privacy by design is a proactive approach to embedding privacy into the design specifications of various technologies, business practices and networked infrastructure.”

The need-to-know basis principle is a security principle that states that access to personal data should be limited to those who have a legitimate purpose for accessing it. The need-to-know basis principle helps to protect data privacy by minimizing the exposure of personal data to unauthorized or unnecessary parties, reducing the risk of data breaches, leaks, or misuse. The need-to-know basis principle should be applied when designing a role-based user access model for a new application, by defining clear roles and responsibilities for different users, granting access rights based on their roles and functions, and enforcing access controls and audits to monitor and verify data access. References: : CDPSE Review Manual (Digital Version), page 105