Автор: Mike Chapple, Joe Shelley
Издательство: Sybex
Год: 2021
Страниц: 307
Язык: английский
Формат: pdf (true), epub
Размер: 14.9 MB
Your ultimate guide to preparing for the CIPP/US exam.
The IAPP CIPP / US Certified Information Privacy Professional Study Guide is your one-stop resource for complete coverage of the challenging CIPP/US exam. This Study Guide covers 100% of the CIPP/US domain competencies. You'll prepare for the exam smarter and faster with Sybex thanks to authoritative and accurate content including practice tests that validate and measure exam readiness. Including an assessment exam, end of chapter review questions, and the two complete practice exams, you get more than 350 questions to hone your test taking skills. You'll be ready to tackle the rigorous demands of work in the privacy field as you reinforce and retain what you've learned with the Sybex online learning environment and test bank, accessible across multiple devices. Get prepared for the CIPP/US exam, and a job in the privacy sector.
When most people think of cybersecurity, they imagine hackers trying to break into an organization's system and steal sensitive information, ranging from Social Security numbers and credit cards to top‐secret military information. Although protecting sensitive information from unauthorized disclosure is certainly one element of a cybersecurity program, it is important to understand that cybersecurity actually has three complementary objectives. The three key objectives of cybersecurity programs are confidentiality, integrity, and availability.
1) Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive information. Cybersecurity professionals develop and implement security controls, including firewalls, access control lists, and encryption, to prevent unauthorized access to information. Attackers may seek to undermine confidentiality controls to achieve one of their goals: the unauthorized disclosure of sensitive information.
2) Integrity ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally. Integrity controls, such as hashing and integrity monitoring solutions, seek to enforce this requirement. Integrity threats may come from attackers seeking the alteration of information without authorization or nonmalicious sources, such as a power spike causing the corruption of information.
3) Availability ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them. Availability controls, such as fault tolerance, clustering, and backups, seek to ensure that legitimate users may gain access as needed. Similar to integrity threats, availability threats may come either from attackers seeking the disruption of access or nonmalicious sources, such as a fire destroying a datacenter that contains valuable information or services.
Cybersecurity analysts often refer to these three goals, known as the CIA Triad, when performing their work. They often characterize risks, attacks, and security controls as meeting one or more of the three CIA Triad goals when describing them.
Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:
• The US privacy environment, including the structure and enforcement of US law
• Legal limits on private-sector collection and use of data
• Government and court access to private-sector information
• Workplace privacy
• State privacy laws
Скачать IAPP CIPP / US Certified Information Privacy Professional Study Guide