Isaca CDPSE Certified Data Privacy Solutions Engineer Exam Practice Test

The first consideration for ensuring that endpoints are protected in line with the privacy policy is hardening the operating systems of endpoint devices. Hardening is a process of applying security configurations and controls to reduce the attack surface and vulnerabilities of an operating system. Hardening can include disabling unnecessary services and features, applying security patches and updates, enforcing strong passwords and encryption, configuring firewall and antivirus settings, and implementing least privilege principles. Hardening the operating systems of endpoint devices can help prevent unauthorized access, data leakage, malware infection, or other threats that may compromise the privacy of personal data stored or processed on those devices.

Detecting malicious access through endpoints, implementing network traffic filtering on endpoint devices, and managing remote access and control are also important aspects of endpoint security, but they are not the first consideration. Rather, they are dependent on or complementary to hardening the operating systems of endpoint devices. For example, detecting malicious access requires having a baseline of normal activity and behavior on the endpoint device, which can be established by hardening. Implementing network traffic filtering requires having a firewall or other network security tool installed and configured on the endpoint device, which is part of hardening. Managing remote access and control requires having authentication and authorization mechanisms in place on the endpoint device, which is also part of hardening.

References: Manage endpoint security policies in Microsoft Intune, ENDPOINT SECURITY POLICY, How To Build An Effective Endpoint Security Policy And Prevent Cyberattacks

The role primarily assigned to an internal data owner is authorizing access rights. A data owner is a person or a role within the organization who has the authority and responsibility for the data assets under their control. A data owner is responsible for defining the data classification, data quality, data retention, and data security requirements for their data assets. A data owner is also responsible for granting, revoking, and reviewing the access rights to their data assets based on the principle of least privilege and the business needs. A data owner is accountable for ensuring that the data assets are used in compliance with the organizational policies and the applicable laws and regulations. References:

• [ISACA Glossary of Terms]
• [ISACA CDPSE Review Manual, Chapter 3, Section 3.2.1]
• [ISACA CDPSE Review Manual, Chapter 3, Section 3.2.2]
• [ISACA CDPSE Review Manual, Chapter 3, Section 3.2.3]

Biometric records are personal information that can be used to identify an individual based on their physical or behavioral characteristics, such as fingerprints, facial recognition, iris scans, voice patterns, etc. Biometric records are considered sensitive personal information that require special protection and consent from the data subject. Biometric records can be used for various purposes, such as authentication, identification, security, etc., but they also pose privacy risks, such as unauthorized access, use, disclosure, or transfer of biometric data. References: : CDPSE Review Manual (Digital Version), page 25

A privacy impact assessment (PIA) is a process of analyzing the potential privacy risks and impacts of collecting, using, and disclosing personal data. A PIA should be conducted when there is a change in the data processing activities that may affect the privacy of individuals or the compliance with data protection laws and regulations. One of the scenarios that should trigger the completion of a PIA is when there are new inter-organizational data flows, which means that personal data is shared or transferred between different entities or jurisdictions. This may introduce new privacy risks, such as unauthorized access, misuse, or breach of data, as well as new legal obligations, such as obtaining consent, ensuring adequate safeguards, or notifying authorities.

References:

• PIA Triggers - International Association of Privacy Professionals
• Privacy Impact Assessment - International Association of Privacy Professionals
• GDPR Privacy Impact Assessment
• Data Protection Impact Assessment triggers: Clarity or confusion?

Pseudonymization is a technique that replaces direct identifiers in a data set with pseudonyms or artificial identifiers that do not reveal the identity of the data subjects. Pseudonymization reduces the linkability of the data set with the original identity of the data subjects and thus enhances the privacy and security of the data. However, pseudonymization is not irreversible and the original identity can be re-established if the pseudonym or key is compromised. Therefore, it is important to keep the identifier separate and distinct from the data it protects and to apply additional security measures to safeguard the identifier. The other options are not relevant to pseudonymization1, p. 74-75 References: 1: CDPSE Review Manual (Digital Version)

The best answer is D. Mutual certificate authentication.

A comprehensive explanation is:

Mutual certificate authentication is a method of mutual authentication that uses public key certificates to verify the identities of both parties in a two-way communication. A public key certificate is a digital document that contains information about the identity of the certificate holder, such as their name, organization, domain name, etc., as well as their public key, which is used for encryption and digital signature. A public key certificate is issued and signed by a trusted authority, called a certificate authority (CA), that vouches for the validity of the certificate.

Mutual certificate authentication works as follows:

• Both parties have a public key certificate issued by a CA that they trust.
• When they initiate a communication, they exchange their certificates with each other.
• They verify the signatures on the certificates using the CA’s public key, which they already have or can obtain from a trusted source.
• They check that the certificates are not expired, revoked, or tampered with.
• They extract the public keys from the certificates and use them to encrypt and decrypt messages or to generate and verify digital signatures.
• They confirm that the identities in the certificates match their expectations and intentions.

By using mutual certificate authentication, both parties can be confident that they are communicating with the intended and legitimate party, and that their communication is secure and confidential.

Mutual certificate authentication is often used in conjunction with Transport Layer Security (TLS), a protocol that provides encryption and authentication for network communications. TLS supports both one-way and two-way authentication. In one-way authentication, only the server presents a certificate to the client, and the client verifies it. In two-way authentication, also known as mutual TLS or mTLS, both the server and the client present certificates to each other, and they both verify them. Mutual TLS is commonly used for secure web services, such as APIs or webhooks, that require both parties to authenticate each other.

Virtual private network (VPN), Secure Shell (SSH), and Transport Layer Security (TLS) are all technologies that can help to ensure the identities of individuals in a two-way communication are verified, but they are not methods of mutual authentication by themselves. They can use mutual certificate authentication as one of their options, but they can also use other methods, such as username and password, pre-shared keys, or tokens. Therefore, they are not as specific or accurate as mutual certificate authentication.

References:

• What is mutual authentication? | Two-way authentication1
• How to prove and verify someone’s identity2
• Identity verification - Information Security & Policy3

A primary objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system is to identify controls to mitigate data privacy risks, such as data breaches, unauthorized access, misuse or loss of data. A PIA would help to evaluate the potential privacy impacts of using a new SaaS provider for CRM data processing activities, such as collecting, storing, analyzing or transferring customer data, and to implement appropriate controls to mitigate those impacts, such as encryption, access control, backup, audit trail or contractual clauses. A PIA would also help to ensure compliance with privacy principles, laws and regulations, and alignment with customer expectations and preferences. The other options are not primary objectives of performing a PIA prior to onboarding a new SaaS provider for CRM data processing activities. Classifying personal data according to the data classification scheme is an activity that may be part of a PIA process, but it is not an objective in itself. Assessing the risk associated with personal data usage is an activity that may be part of a PIA process, but it is not an objective in itself. Determining the service provider’s ability to maintain data protection controls is an activity that may be part of a PIA process, but it is not an objective in itself1, p. 67 References: 1: CDPSE Review Manual (Digital Version)

The best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records is that it can improve data integrity and reduce effort for privacy audits. Desktop virtualization is a technology that allows users to access a virtual desktop environment that is hosted on a remote server, rather than on their local device. Desktop virtualization can enhance data privacy by providing stronger access control to systems containing patient records, such as requiring authentication, authorization, encryption, logging, etc. Desktop virtualization can also improve data integrity by ensuring that patient records are stored and processed in a centralized and secure location, rather than on multiple devices that may be vulnerable to loss, theft, damage, or corruption. Desktop virtualization can also reduce effort for privacy audits by simplifying the management and monitoring of data privacy compliance across different devices and locations. References: : CDPSE Review Manual (Digital Version), page 153

Privacy by design is an approach that embeds privacy principles and considerations into the design and development of products, services, systems, and processes that involve personal data. Privacy by design aims to protect the privacy and security of the data subjects, as well as to comply with the applicable privacy laws and regulations. One of the key principles of privacy by design is to obtain the consent and choice of the data subjects regarding the collection, use, and disclosure of their personal data. Therefore, the best example of privacy by design in the development of a consumer mobile application is to require consent before sharing locations, as this gives the data subjects control and transparency over their personal data. The other options are not as effective or sufficient as requiring consent before sharing locations, as they do not address the principle of consent and choice, or they may violate other privacy principles or requirements.

References: CDPSE Review Manual, 2021, p. 35

User behavior analytics is a technology that uses data analysis and machine learning to monitor, detect and respond to anomalous or malicious user activities, such as accessing sensitive personal customer information to use for unauthorized purposes. User behavior analytics is the best choice to mitigate this risk, as it would help to identify and prevent insider threats, data breaches, fraud or misuse of data by authorized individuals. User behavior analytics can also help to enforce policies and controls, such as access control, audit trail or data loss prevention. The other options are not as effective as user behavior analytics in mitigating this risk. Email filtering system is a technology that scans and blocks incoming or outgoing emails that contain spam, malware or phishing attempts, but it does not address the issue of authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Intrusion monitoring is a technology that monitors and alerts on unauthorized or malicious attempts to access a system or network, but it does not address the issue of authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Mobile device management (MDM) is a technology that manages and secures mobile devices that are used to access or store organizational data, but it does not address the issue of authorized individuals accessing sensitive personal customer information to use for unauthorized purposes1, p. 92 References: 1: CDPSE Review Manual (Digital Version)

Reviewing proposed privacy rules that govern the processing of personal data is the most useful action to help define the scope of the project because it helps identify the legal and regulatory requirements, the data protection principles and the privacy objectives that the information security controls need to support. Reviewing recent audit reports, identifying databases that contain personal data or do not have encryption in place are helpful actions to assess the current state of privacy and security, but they do not provide a clear direction for the project scope.

References:

• CDPSE Review Manual (Digital Version), Domain 2: Privacy Architecture, Task 2.1: Identify and/or define privacy requirements1
• CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 3: Privacy Architecture, Section: Privacy Requirements2

 Transparency is the most important attribute of a privacy policy because it informs the users about how their personal data is collected, used, shared, and protected by the organization. Transparency also helps to build trust and confidence with the users, and to comply with legal and ethical obligations regarding data privacy.

References:

• ISACA Certified Data Privacy Solutions Engineer Study Guide, Domain 2: Privacy Governance, Task 2.1: Develop and implement privacy policies and procedures, p. 49-50.
• What is a Privacy Policy? | Privacy Policies

The best way to ensure an effective data privacy policy is implemented is to align regulatory requirements with business needs, because this will help achieve compliance while also supporting the organization’s objectives, values, and strategies. A data privacy policy should reflect the legal obligations and expectations of the organization, as well as the needs and preferences of its stakeholders, such as customers, employees, partners, and regulators. A data privacy policy should also be flexible and adaptable to changing circumstances and environments12.

References:

• CDPSE Exam Content Outline, Domain 1 – Privacy Governance (Governance, Management & Risk Management), Task 3: Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and/or industry best practices3.
• CDPSE Review Manual, Chapter 1 – Privacy Governance, Section 1.2 – Privacy Policy4.

Data sanitization is a process of permanently erasing or destroying data from a storage device or media to prevent unauthorized access or recovery of the data. Data sanitization methods can include physical destruction, degaussing, overwriting, encryption or cryptographic erasure. The most important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable is the type of media on which the data is stored, as different media types may require different methods or techniques to achieve effective sanitization. For example, physical destruction may be suitable for optical disks or tapes, but not for solid state drives (SSDs) or flash memory devices. Degaussing may be effective for magnetic disks or tapes, but not for optical disks or SSDs. Overwriting may work for hard disk drives (HDDs) or SSDs, but not for tapes or optical disks. Encryption or cryptographic erasure may be applicable for any media type, but may require additional security measures to protect the encryption keys or certificates. The other options are not as important as the type of media when using advanced data sanitization methods. Subject matter expertise may be helpful, but not essential, as long as the appropriate method is selected and applied correctly. Regulatory compliance requirements may influence the choice of method, but not necessarily determine it, as different methods may meet different standards or criteria. Location of data may affect the feasibility or cost of applying a method, but not its effectiveness or suitability., p. 93-94 References: : CDPSE Review Manual (Digital Version)

Data anonymization is a method of protecting personal data by modifying or removing any information that can be used to identify an individual, either directly or indirectly, in a data set. Data anonymization aims to prevent the re-identification of the data subjects, even by the data controller or processor, or by using additional data sources or techniques. Data anonymization also helps to comply with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require data controllers and processors to respect the privacy rights and preferences of the data subjects.

The data is transformed such that re-identification is impossible is an example of data anonymization, as it involves applying irreversible techniques, such as aggregation, generalization, perturbation, or synthesis, to alter the original data in a way that preserves their utility and meaning, but eliminates their identifiability. For example, a database of customer transactions can be anonymized by replacing the names and addresses of the customers with random codes, and by adding noise or rounding to the amounts and dates of the transactions.

The other options are not examples of data anonymization, but of other methods of protecting personal data that do not guarantee the impossibility of re-identification. The data is encrypted and a key is required to re-identify the data is an example of data pseudonymization, which is a method of replacing direct identifiers with pseudonyms, such as codes or tokens, that can be linked back to the original data with a key or algorithm. Data pseudonymization does not prevent re-identification by authorized parties who have access to the key or algorithm, or by unauthorized parties who can break or bypass the encryption. Key fields are hidden and unmasking is required to access to the data is an example of data masking, which is a method of concealing or obscuring sensitive data elements, such as names or credit card numbers, with characters, symbols or blanks. Data masking does not prevent re-identification by authorized parties who have permission to unmask the data, or by unauthorized parties who can infer or guess the hidden data from other sources or clues. Names and addresses are removed but the rest of the data is left untouched is an example of data deletion, which is a method of removing direct identifiers from a data set. Data deletion does not prevent re-identification by using indirect identifiers, such as age, gender, occupation or location, that can be combined or matched with other data sources to re-establish the identity of the data subjects.

References:

• Big Data Deidentification, Reidentification and Anonymization - ISACA, section 2: “Anonymization is the ability for the data controller to anonymize the data in a way that it is impossible for anyone to establish the identity of the data.”
• Data Anonymization - Overview, Techniques, Advantages, section 1: “Data anonymization is a method of ensuring that the company understands and enforces its duty to secure sensitive, personal, and confidential data in a world of highly complex data protection mandates that can vary depending on where the business and the customers are based.”

Authentication is a process of verifying the identity of a user or device that requests access to a system or resource. Authentication can be based on one or more factors, such as something the user knows (e.g., password), something the user has (e.g., token), something the user is (e.g., fingerprint) or something the user does (e.g., signature). When an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase, it is using possession factor authentication, which relies on something the user has as proof of identity. The other options are not applicable in this scenario1, p. 81 References: 1: CDPSE Review Manual (Digital Version)

Code review is a primary element of application and software hardening. Code review is a process of examining the source code of an application or software to identify and fix errors, vulnerabilities, or inefficiencies that may compromise its functionality, security, or performance. Code review can help prevent common security risks such as buffer overflows, SQL injections, cross-site scripting, or logic flaws. Code review can also help improve the quality, readability, maintainability, and usability of the code. Code review can be done manually by developers or peers, or automatically by tools such as static code analyzers or code quality checkers.

Vulnerability analysis, database configuration, and software repository are also important for application and software hardening, but they are not primary elements. Vulnerability analysis is a process of identifying and assessing the weaknesses or flaws in an application or software that may expose it to attacks or exploitation. Vulnerability analysis can be done by tools such as vulnerability scanners or penetration testers. Database configuration is a process of setting up and managing the parameters, options, or features of a database system that stores or processes data for an application or software. Database configuration can include aspects such as access control, encryption, backup, recovery, performance tuning, or replication. Software repository is a location where the source code, binaries, or documentation of an application or software are stored and managed. Software repository can facilitate version control, collaboration, distribution, or deployment of the application or software.

References: What is Application Hardening ? - GeeksforGeeks, What is OS Hardening and How Can Developers Implement it, System Hardening: An Easy-to-Understand Overview - Trenton Systems

The first thing to do when a data collection process is deemed to be a high-level risk is to conduct a privacy impact assessment (PIA). A PIA is a systematic process that identifies and evaluates the potential effects of personal data processing operations on the privacy of individuals and the organization. A PIA helps to identify privacy risks and mitigation strategies at an early stage of the data collection process and ensures compliance with legal and regulatory requirements. A PIA also helps to demonstrate accountability and transparency to stakeholders and data subjects regarding how their personal data are collected, used, shared, stored, or deleted.

Performing a business impact analysis (BIA), implementing remediation actions to mitigate privacy risk, or creating a system of records notice (SORN) are also important steps for managing privacy risk, but they are not the first thing to do. Performing a BIA is a process of analyzing the potential impacts of disruptive events on the organization’s critical functions, processes, resources, or objectives. A BIA helps to determine the recovery priorities, strategies, and objectives for the organization in case of a disaster or crisis. Implementing remediation actions is a process of applying corrective or preventive measures to reduce or eliminate the privacy risks identified by the PIA or other methods. Remediation actions may include technical, organizational, or legal solutions, such as encryption, access control, consent management, or contractual clauses. Creating a SORN is a process of publishing a public notice that describes the existence and purpose of a system of records that contains personal data under the control of a federal agency. A SORN helps to inform the public about how their personal data are collected and maintained by the agency and what rights they have regarding their data.

References: Privacy Impact Assessment (PIA) - European Commission, Privacy Impact Assessment (PIA) | ICO, Privacy Impact Assessments | HHS.gov

A data processor that handles personal data for multiple customers has decided to migrate its data warehouse to a third-party provider. The processor is obligated to seek approval from all in-scope data controllers prior to implementation. A data controller is an entity that determines the purposes and means of processing personal data. A data processor is an entity that processes personal data on behalf of a data controller. A third-party provider is an entity that provides services or resources to another entity, such as a cloud service provider or a hosting provider.

According to various privacy laws and regulations, such as the GDPR or the CCPA, a data processor must obtain explicit consent from the data controller before engaging another processor or transferring personal data to a third country or an international organization. The consent must specify the identity of the other processor or the third country or international organization, as well as the safeguards and guarantees for the protection of personal data. The consent must also be documented in a written contract or other legal act that binds the processor to respect the same obligations as the controller.

Seeking approval from all in-scope data controllers can help ensure that the processor complies with its contractual and legal obligations, respects the rights and preferences of the data subjects, and maintains transparency and accountability for its processing activities.

Obtaining assurance that data subject requests will continue to be handled appropriately, implementing comparable industry-standard data encryption in the new data warehouse, or ensuring data retention periods are documented are also good practices for a data processor that migrates its data warehouse to a third-party provider, but they are not obligations prior to implementation. Rather, they are requirements or recommendations during or after implementation.

Obtaining assurance that data subject requests will continue to be handled appropriately is a requirement for a data processor that processes personal data on behalf of a data controller. Data subject requests are requests made by individuals to exercise their rights regarding their personal data, such as access, rectification, erasure, restriction, portability, or objection. A data processor must assist the data controller in fulfilling these requests within a reasonable time frame and without undue delay.

Implementing comparable industry-standard data encryption in the new data warehouse is a recommendation for a data processor that transfers personal data to another system or location. Data encryption is a process of transforming data into an unreadable form using a secret key or algorithm. Data encryption can help protect the confidentiality, integrity, and availability of personal data by preventing unauthorized access, disclosure, or modification.

Ensuring data retention periods are documented is a requirement for a data processor that stores personal data on behalf of a data controller. Data retention periods are the durations for which personal data are kept before they are deleted or anonymized. Data retention periods must be determined by the purpose and necessity of processing personal data and must comply with legal and regulatory obligations.

References: Data warehouse migration tips: preparation and discovery - Google Cloud, Plan a data warehouse migration - Cloud Adoption Framework, Migrating your traditional data warehouse platform to BigQuery …

Critical data elements are the data elements that are essential for the organization to achieve its business objectives, comply with legal and regulatory requirements, and protect the privacy and security of the data subjects. Critical data elements should be mapped to the data process flow, which is a graphical representation of how data is collected, processed, stored, shared, and disposed of within the organization. Mapping critical data elements to the data process flow helps to identify the sources, destinations, transformations, and dependencies of the data, as well as the potential risks and controls associated with each step of the data lifecycle.

References: CDPSE Review Manual, 2021, p. 83

A peer-to-peer (P2P) system architecture is a network model where each node (peer) can act as both a client and a server, and communicate directly with other peers without relying on a centralized authority or intermediary. A P2P system architecture best supports anonymity for data transmission, by providing the following advantages:

• It can hide the identity and location of the peers, by using encryption, pseudonyms, proxies, or onion routing techniques, such as Tor1 or I2P2. These techniques can prevent eavesdropping, tracking, or censorship by third parties, such as Internet service providers, governments, or hackers.
• It can distribute the data across multiple peers, by using hashing, replication, or fragmentation techniques, such as BitTorrent3 or IPFS4. These techniques can reduce the risk of data loss, corruption, or tampering by malicious peers, and increase the availability and resilience of the data.
• It can enable the peers to control their own data, by using consensus, validation, or incentive mechanisms, such as blockchain5 or smart contracts. These mechanisms can ensure the integrity and authenticity of the data transactions, and enforce the privacy policies and preferences of the data owners.

A multinational organization that operates across different countries and regions should perform an annual review of changes to privacy regulations in all jurisdictions where its corporate data is processed. This is because different jurisdictions may have different privacy laws and requirements that apply to the collection, use, storage, transfer, and disposal of personal data. For example, the EU General Data Protection Regulation (GDPR) applies to any organization that processes personal data of individuals in the EU, regardless of where the organization is located or where the data is processed. Therefore, the organization should keep track of the changes to privacy regulations in all relevant jurisdictions and update its data privacy policy accordingly to ensure compliance and avoid penalties or lawsuits.

Prioritizing privacy-related risk scenarios as part of ERM processes is the best way to ensure that the risk responses meet the organizational objectives, because it helps to align the privacy risk management with the overall strategic goals, values, and culture of the organization. ERM is a holistic approach to identify, assess, and manage risks across the organization, taking into account the interdependencies and trade-offs among different types of risks. By integrating privacy-related risk scenarios into the ERM processes, the organization can evaluate the potential impact and likelihood of privacy risks on its mission, vision, and performance, and prioritize the most significant ones for mitigation or acceptance. This can also help to allocate appropriate resources, assign clear roles and responsibilities, and monitor and report on the effectiveness of the risk responses.

References:

• Privacy Risk Management, ISACA Journal
• Enterprise Risk Assessment, Deloitte

After a privacy risk has been accepted, the next step is to monitor the risk landscape for material changes. This means that the organization should keep track of any internal or external factors that may affect the likelihood or impact of the risk, such as new threats, vulnerabilities, regulations, technologies, or business processes. Monitoring the risk landscape can help the organization identify if the risk acceptance decision is still valid, or if it needs to be revisited or revised. Monitoring can also help the organization prepare for potential incidents or consequences that may arise from the accepted risk.

The most important consideration for developing data retention requirements is the applicable regulations that govern the data. Different types of data may be subject to different legal and regulatory obligations, such as how long the data must be kept, how it must be protected, and how it can be accessed or disposed of. Failing to comply with these obligations can result in fines, penalties, lawsuits, or reputational damage for the organization. Therefore, it is essential to identify and follow the applicable regulations for each data category.

References:

• Data Retention Policy 101: Best Practices, Examples & More - Intradyn
• Data retention - Wikipedia

A data inventory is a comprehensive list of the data that an organization collects, processes, stores, transfers, and disposes of. It includes information such as the type, source, location, owner, purpose, and retention period of the data. A data inventory is essential for understanding where personal data is coming from and how it is used within the organization, as well as for complying with data privacy laws and regulations. A data inventory also helps to identify and mitigate data privacy risks and gaps.

References:

• ISACA, CDPSE Review Manual 2021, Chapter 2: Privacy Governance, Section 2.2: Data Inventory and Data Mapping, p. 40-41.
• ISACA, Data Privacy Audit/Assurance Program, Control Objective 3: Data Inventory and Classification, p. 7-81

The best way to ensure an organization’s enterprise risk management (ERM) framework can protect the organization from privacy harms is to complete a privacy risk assessment. A privacy risk assessment is a systematic process of identifying, analyzing, evaluating, and treating the privacy risks that may affect the organization’s objectives, operations, stakeholders, and reputation. A privacy risk assessment helps to align the ERM framework with the privacy requirements, expectations, and obligations of the organization, as well as to prioritize and mitigate the privacy risks that may cause privacy harms. Privacy harms are the adverse consequences or impacts that may result from the unauthorized or inappropriate use, disclosure, or loss of personal data, such as financial loss, identity theft, discrimination, reputational damage, emotional distress, or physical harm.

References: CDPSE Review Manual, 2021, p. 84

Any organization collecting information about EU residents is required to operate with transparency in collecting and using their personal information. Chapter III of the GDPR defines eight data subject rights that have become foundational for other privacy regulations around the world:

Right to access personal data. Data subjects can access the data collected on them.

One of the privacy requirements related to the rights of data subjects is the right to access, which means that individuals have the right to obtain a copy of their personal data, as well as information about how their data is processed, by whom, for what purposes, and for how long. To meet this requirement, an organization’s technology stack should incorporate features that allow individuals to have direct access to their data, such as self-service portals, dashboards, or applications. This way, individuals can exercise their right to access without relying on intermediaries or manual processes, which can be inefficient, error-prone, or insecure. References: : CDPSE Review Manual (Digital Version), page 137

Ensuring appropriate data classification should be done next after a migration of personal data involving a data source with outdated documentation has been approved by senior management, as it helps to identify the types, locations, and owners of the data, and to apply the appropriate privacy controls and measures based on the data classification level. Data classification also facilitates the data discovery, data minimization, data retention, and data disposal processes15. References: 1 Domain 3, Task 2; 5 Page 9

Privacy threat modeling is a methodology for identifying and mitigating privacy threats in a software architecture. It helps to ensure that privacy is considered in the design and development of software systems, and that privacy risks are minimized or eliminated. Privacy threat modeling typically involves the following steps: defining the scope and context of the system, identifying the data flows and data elements, identifying the privacy threats and their sources, assessing the impact and likelihood of the threats, and applying appropriate countermeasures to mitigate the threats. References: : CDPSE Review Manual (Digital Version), page 97

Software hardening is a technique that mitigates design flaws in the application development process that may contribute to potential leakage of personal data. Software hardening is a process of modifying or configuring software to make it more secure and resilient against attacks or exploitation. Software hardening can involve various methods, such as removing unnecessary features or functions, disabling debugging or testing modes, applying patches or updates, implementing secure coding practices, etc. Software hardening helps to protect personal data by preventing or reducing the vulnerabilities that can allow unauthorized access, use, disclosure, or transfer of personal data. References: : CDPSE Review Manual (Digital Version), page 151

The most important thing to consider when managing changes to the provision of services by a third party that processes personal data is the business impact due to the changes. Changes to the provision of services by a third party can affect the organization’s ability to meet its business objectives and legal obligations related to data processing activities. For example, changes to the service level agreement (SLA), the scope of services, the security measures, the location of servers, etc., can have implications for the quality, availability, confidentiality, integrity, and compliance of personal data processing. Therefore, an IT privacy practitioner should assess and evaluate the business impact due to the changes, and ensure that they are aligned with the organization’s privacy policies and applicable privacy regulations and standards. References: : CDPSE Review Manual (Digital Version), page 41

One of the key principles of data protection is transparency, which means that individuals have the right to be informed about the collection and use of their personal data. This applies to video surveillance as well, especially in high security areas where the impact on privacy may be significant. Therefore, it is important to inform those affected by video surveillance about the purpose, scope, retention and access policies of the data collected.

References:

• ISACA Certified Data Privacy Solutions Engineer (CDPSE) Exam Content Outline, Domain 2: Privacy Architecture, Task 2.1: Design privacy controls based on privacy principles and legal requirements, Subtask 2.1.1: Identify applicable privacy principles and legal requirements.
• How can we comply with the data protection principles when using surveillance systems? | ICO

 Including privacy requirements in vendor contracts is the best way to ensure privacy considerations are included when working with vendors because it establishes the obligations, expectations and responsibilities of both parties regarding the protection of personal data. It also provides a legal basis for enforcing compliance and resolving disputes. Including privacy requirements in the request for proposal (RFP) process, monitoring privacy-related service level agreements (SLAs) and requiring vendors to complete privacy awareness training are helpful measures, but they do not guarantee that vendors will adhere to the privacy requirements or that they will be held accountable for any violations.

References:

• CDPSE Review Manual (Digital Version), Domain 1: Privacy Governance, Task 1.7: Participate in the management and evaluation of contracts, service levels and practices of vendors and other external parties1
• CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 2: Privacy Governance, Section: Vendor Management2

The strategic goals of the organization should be established first before a privacy office starts to develop a data protection and privacy awareness campaign, because they provide the direction, purpose, and scope of the campaign. The strategic goals of the organization reflect its vision, mission, values, and objectives, as well as its alignment with the relevant privacy laws and regulations, stakeholder expectations, and industry best practices. The privacy office should design and implement the awareness campaign in a way that supports and promotes the strategic goals of the organization, as well as measures and evaluates its effectiveness and impact.

References:

• CDPSE Review Manual, 2023 Edition, Domain 1: Privacy Governance, Section 1.1.2: Privacy Strategy Implementation, p. 19
• CDPSE Review Manual, 2023 Edition, Domain 1: Privacy Governance, Section 1.3.2: Privacy Awareness and Training Program, p. 38-39
• ICO launches data awareness campaign1

The primary means by which an organization communicates customer rights as it relates to the use of their personal information is publishing a privacy notice. A privacy notice is a document that informs the customers about how their personal information is collected, used, shared, stored, and protected by the organization, as well as what rights they have regarding their personal information, such as access, rectification, erasure, portability, objection, etc. A privacy notice should be clear, concise, transparent, and easily accessible to the customers, and should comply with the applicable privacy regulations and standards. A privacy notice helps to establish trust and transparency between the organization and the customers, and enables the customers to exercise their rights and choices over their personal information. References: : CDPSE Review Manual (Digital Version), page 39

The value proposition of a PIA is not understood by management is the greatest obstacle to conducting a PIA, as it may result in lack of support, funding, resources or commitment for the PIA process and outcomes. Management may not appreciate or recognize the benefits of a PIA, such as enhancing privacy protection, reducing privacy risks and costs, increasing customer trust and satisfaction, and complying with privacy laws and regulations. Management may also perceive a PIA as a burden, a delay or a hindrance to the system or project development and delivery. The other options are not as significant as the value proposition of a PIA is not understood by management as obstacles to conducting a PIA. Conducting a PIA requires significant funding and resources is an obstacle to conducting a PIA, but it may be overcome by demonstrating the return on investment or the cost-benefit analysis of a PIA. PIAs need to be performed many times in a year is an obstacle to conducting a PIA, but it may be mitigated by adopting a scalable or modular approach to PIAs that can be tailored to different types or levels of systems or projects. The organization lacks knowledge of PIA methodology is an obstacle to conducting a PIA, but it may be resolved by acquiring or developing the necessary skills, tools or guidance for performing PIAs1, p. 67-68 References: 1: CDPSE Review Manual (Digital Version)

Application hardening measures are the most important action to protect a mobile banking app and its data against manipulation and disclosure because they prevent attackers from reverse engineering, tampering, or injecting malicious code into the app. Application hardening measures include techniques such as code obfuscation, encryption, integrity checks, anti-debugging, and anti-tampering mechanisms. These measures make the app more resilient and secure against various types of cyberattacks.

References:

• ISACA Certified Data Privacy Solutions Engineer Study Guide, Domain 3: Privacy Engineering, Task 3.4: Implement privacy engineering techniques to protect data in applications and systems, p. 104-105.
• What is Application Hardening? | Glossary | Digital.ai

The greatest benefit of adopting data minimization practices is that the associated threat surface is reduced. Data minimization is a privacy principle that states that personal data should be adequate, relevant, and limited to what is necessary for the purposes for which they are processed. Data minimization helps to protect data privacy by reducing the amount and type of personal data that are collected, stored, processed, or shared by an organization. This in turn reduces the exposure of personal data to potential threats, such as unauthorized access, use, disclosure, modification, or loss. References: : CDPSE Review Manual (Digital Version), page 29

Some organizations, typically those that manage large amounts of personal information related to employees, customers, or constituents, will employ a chief privacy officer (CPO). Some organizations have a CPO because applicable regulations such as the Gramm-Leach-Bliley Act (GLBA) require it. Other regulations such as the Health Information Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), and the GLBA place a slate of responsibilities upon an organization that compels them to hire an executive responsible for overseeing compliance.

The chief privacy officer (CPO) is the senior executive who is responsible for establishing and maintaining the organization’s privacy vision, strategy, and program. The CPO oversees the development and implementation of privacy policies, procedures, standards, and controls, and ensures that they align with the organization’s business objectives and legal obligations. The CPO also leads the privacy governance structure, such as the privacy steering committee, and coordinates with other stakeholders, such as the chief data officer (CDO), the information security steering committee, and the legal counsel, to ensure that privacy is integrated into all aspects of the organization’s operations. References: : CDPSE Review Manual (Digital Version), page 21

Sectoral is a privacy protection reference model that refers to a system of laws and regulations that apply to specific sectors or industries within a jurisdiction, such as health, finance, education or telecommunications. Sectoral privacy protection is typically characterized by having different rules and standards for different types of personal data or data processing activities, depending on the sensitivity and value of the data or the impact and risk of the processing. When a government’s health division established the complete privacy regulation for only the health market, it is using a sectoral privacy protection reference model, as it is addressing the specific needs and challenges of the health sector in terms of privacy protection. The other options are not applicable in this scenario. Co-regulatory is a privacy protection reference model that refers to a system of laws and regulations that are supplemented by self-regulation mechanisms, such as codes of conduct, standards or certification schemes, developed by industry associations or professional bodies with oversight from government agencies or regulators. Comprehensive is a privacy protection reference model that refers to a system of laws and regulations that apply to all sectors and industries within a jurisdiction, regardless of the type or nature of personal data or data processing activities. Self-regulatory is a privacy protection reference model that refers to a system of laws and regulations that rely on voluntary compliance by organizations with their own policies and procedures, without any external oversight or enforcement from government agencies or regulators1, p. 63-64 References: 1: CDPSE Review Manual (Digital Version)

An analysis of known threats is the best way for an organization to gain visibility into its exposure to privacy-related vulnerabilities because it helps identify the sources, methods and impacts of potential privacy breaches and assess the effectiveness of existing controls. A data loss prevention (DLP) solution, a review of historical privacy incidents and a monitoring of inbound and outbound communications are useful tools for detecting and preventing privacy violations, but they do not provide a comprehensive view of the organization’s privacy risk posture.

References:

• CDPSE Review Manual (Digital Version), Domain 1: Privacy Governance, Task 1.4: Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments1
• CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 2: Privacy Governance, Section: Privacy Risk Assessment2

The practice that best indicates an organization follows the data minimization principle is that data is regularly reviewed for its relevance. The data minimization principle is one of the core principles of data protection under various laws and regulations, such as the GDPR or the CCPA. It states that personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. By regularly reviewing the data they hold, organizations can ensure that they do not collect or retain excessive or unnecessary data that may pose privacy risks or violate data subject rights.

Data is pseudonymized when being backed up, data is encrypted before storage, or data is only accessible on a need-to-know basis are also good practices for data protection, but they do not directly indicate that the organization follows the data minimization principle. Pseudonymization is a process of replacing identifying information in data with artificial identifiers or pseudonyms. Pseudonymization can help enhance the privacy of data by reducing the linkability between data and data subjects, but it does not prevent re-identification or inference attacks. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm. Encryption can help protect the confidentiality, integrity, and availability of data by preventing unauthorized access, disclosure, or modification. Access control is a process of restricting who can access, modify, or delete data based on their roles, permissions, or credentials. Access control can help prevent unauthorized or inappropriate use of data by limiting the scope of access.

References: Data Minimization | Washington Technology Solutions, What Is Data Minimization? The Principles According to GDPR | 2BAdvice, Data Protection Principles: Core Principles of the GDPR - Cloudian

National data privacy legislative and regulatory requirements in each relevant jurisdiction are the most important data protection consideration for a global organization that is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries, as they would determine the legal obligations and responsibilities of the organization with respect to the collection, use, disclosure and transfer of customer personal data across different jurisdictions. National data privacy legislative and regulatory requirements may vary significantly from country to country, depending on the type or nature of personal data or data processing activities, and may impose different rules and standards for obtaining consent, providing notice, ensuring security, enforcing rights, reporting breaches, appointing representatives or transferring data. The organization would need to comply with the national data privacy legislative and regulatory requirements in each relevant jurisdiction where it operates or where its customers are located, and to implement appropriate measures and safeguards to ensure compliance. The other options are not as important as national data privacy legislative and regulatory requirements in each relevant jurisdiction as data protection considerations for a global organization that is planning to implement a CRM system to be used in offices based in multiple countries. Industry best practice related to information security standards in each relevant jurisdiction may provide some guidance or benchmarks for ensuring security of customer personal data, but they may not reflect the specific context or needs of the organization or the customers, or comply with the legal obligations and responsibilities of the organization. Identity and access management mechanisms to restrict access based on need to know may help to protect customer personal data from unauthorized access, modification or disclosure by internal or external parties, but they may not address other aspects of data protection, such as consent, notice, rights, breaches, representatives or transfers. Encryption algorithms for securing customer personal data at rest and in transit may help to protect customer personal data from unauthorized access, modification or disclosure by internal or external parties, but they may not address other aspects of data protection, such as consent, notice, rights, breaches, representatives or transfers1, p. 63-64 References: 1: CDPSE Review Manual (Digital Version)

Implementing multi-factor authentication is the best way to reduce the risk of compromised credentials when an organization allows employees to have remote access, as it adds an extra layer of security and verification to the authentication process. Multi-factor authentication requires the user to provide two or more pieces of evidence to prove their identity, such as something they know (e.g., password, PIN), something they have (e.g., token, smart card), or something they are (e.g., fingerprint, face scan)135. References: 1 Domain 2, Task 8;

The best way for an organization to maintain the effectiveness of its privacy breach incident response plan is to conduct annual data privacy tabletop exercises. A tabletop exercise is a simulated scenario that tests the organization’s ability to respond to a privacy breach incident in a realistic and interactive way. A tabletop exercise can help the organization to evaluate the roles and responsibilities of the incident response team, identify the gaps and weaknesses in the plan, improve the communication and coordination among the stakeholders, and update the plan based on the lessons learned and best practices12. A tabletop exercise can also enhance the awareness and readiness of the organization to handle privacy breach incidents in a timely and effective manner3. References:

• ISACA CDPSE Review Manual, Chapter 4, Section 4.3.2
• ISACA Journal, Volume 4, 2019, “Tabletop Exercises: Three Sample Scenarios”
• ISACA Journal, Volume 6, 2017, “Privacy Breach Response: Preparing for the Inevitable”

User consent to share personal data is the most important factor when designing APIs that enable mobile device applications to access personal data, as it ensures that the user is informed and agrees to the purpose, scope, and duration of the data sharing. User consent also helps to comply with the data protection principles and regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), that require user consent for certain types of data processing and sharing134. References: 1 Domain 2, Task 7

Using hash values with stored personal data best enables an organization to detect changes to the data, because hash values are unique and fixed outputs that are generated from the data using a mathematical algorithm. If the data is altered in any way, even by a single bit, the hash value will change dramatically. Therefore, by comparing the current hash value of the data with the original or expected hash value, the organization can verify the integrity and authenticity of the data. If the hash values match, it means that the data has not been tampered with. If the hash values differ, it means that the data has been corrupted or modified.

References:

• Ensuring Data Integrity with Hash Codes, Microsoft Learn
• What is ‘hashing,’ and does it help avoid the obligations imposed by the new privacy regulations?, Data Privacy Dish

The most effective way to support organizational privacy awareness objectives is D. Customizing awareness training by business unit function.

A comprehensive explanation is:

Organizational privacy awareness objectives are the goals and expectations that an organization sets for its employees and stakeholders regarding the protection and management of personal data. Privacy awareness objectives may vary depending on the nature, scope, and purpose of the organization’s data processing activities, as well as the legal, regulatory, contractual, and ethical obligations and implications that apply to them.

One of the best practices to support organizational privacy awareness objectives is to customize awareness training by business unit function. This means that the organization should design and deliver privacy awareness training programs that are tailored to the specific roles, responsibilities, and needs of each business unit or department within the organization. Customizing awareness training by business unit function can have several benefits, such as:

• Enhancing the relevance and effectiveness of the training content and methods for each audience group, by addressing their specific privacy challenges, risks, and opportunities.
• Increasing the engagement and motivation of the trainees, by showing them how privacy relates to their daily tasks, goals, and performance.
• Improving the retention and application of the training knowledge and skills, by providing practical examples, scenarios, and exercises that reflect the real-world situations and problems that the trainees may encounter.
• Fostering a culture of privacy across the organization, by creating a common language and understanding of privacy concepts, principles, and practices among different business units or departments.

Some examples of how to customize awareness training by business unit function are:

• Providing different levels or modules of training based on the degree of access or exposure to personal data that each business unit or department has. For example, a basic level of training for all employees, an intermediate level of training for employees who handle personal data occasionally or incidentally, and an advanced level of training for employees who handle personal data regularly or extensively.
• Providing different topics or themes of training based on the type or category of personal data that each business unit or department processes. For example, a general topic of training for employees who process non-sensitive or non-personal data, a specific topic of training for employees who process sensitive or special data categories (such as health, biometric, financial, or political data), and a specialized topic of training for employees who process high-risk or high-value data (such as intellectual property, trade secrets, or customer loyalty data).
• Providing different formats or modes of training based on the preferences or constraints of each business unit or department. For example, a face-to-face format of training for employees who work in the same location or office, an online format of training for employees who work remotely or across different time zones, and a blended format of training for employees who work in a hybrid mode or have flexible schedules.

The other options are not as effective as option D.

Funding in-depth training and awareness education for data privacy staff (A) may improve the competence and confidence of the data privacy staff who are responsible for designing and implementing the privacy policies and practices of the organization, but it does not necessarily support the organizational privacy awareness objectives for the rest of the employees and stakeholders.

Implementing an annual training certification process (B) may ensure that the employees and stakeholders are updated and refreshed on the privacy policies and practices of the organization on a regular basis, but it does not necessarily address their specific privacy needs and challenges based on their business unit function.

Including mandatory awareness training as part of performance evaluations © may incentivize the employees and stakeholders to participate in and complete the privacy awareness training programs offered by the organization, but it does not necessarily enhance their understanding and application of privacy concepts and principles based on their business unit function.

References:

• The Benefits of Information Security and Privacy Awareness Training Programs1
• What Is Your Privacy and Data Protection Strategy?2
• What is Data Privacy Awareness?3

Anonymization is a technique that removes or modifies all identifiers in a data set to prevent or limit the identification of the data subjects. Anonymization is the IT privacy practitioner’s best recommendation for an organization that uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings, as it would protect the privacy of the customers by reducing the linkability of the data set with their original identity, and also comply with the data minimization principle that requires limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes. Anonymization would also preserve some characteristics or patterns of the original data that can be used for analysis or customization purposes, without compromising the accuracy or quality of the results. The other options are not as effective as anonymization in this situation. Discontinuing the creation of profiles is not a feasible or desirable option, as it would prevent the organization from achieving its business objectives and providing value to its customers. Implementing strong access controls is a security measure that restricts who can access, view or modify the data, but it does not address the issue of collecting or retaining more personal data than necessary or relevant. Encrypting data at rest is a security measure that transforms plain text data into cipher text using an algorithm and a key, making it unreadable by unauthorized parties, but it does not address the issue of collecting or retaining more personal data than necessary or relevant, and may require additional security measures to protect the encryption keys or certificates1, p. 75-76 References: 1: CDPSE Review Manual (Digital Version)

Transport Layer Security (TLS) is a protocol that provides secure communication over the internet by encrypting and authenticating data. TLS provides data integrity through the calculation of message digests, which are cryptographic hashes that summarize the content and structure of a message. The sender and the receiver of a message can compare the message digests to verify that the message has not been altered or corrupted during transmission. TLS also uses digital certificates, asymmetric encryption, and symmetric encryption to provide confidentiality and authentication, but these are not directly related to data integrity.

References: CDPSE Review Manual, 2021, p. 117

The best way to address the concern that data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice is to validate contract compliance. This means that the organization should verify that the third-party vendor is adhering to the terms and conditions of the contract, which should include clauses on data protection, privacy, and security. The contract should also specify the obligations and responsibilities of both parties regarding data collection, processing, storage, transfer, retention, and disposal. By validating contract compliance, the organization can ensure that the third-party vendor is following the same privacy standards and practices as the organization.

References:

• ISACA, CDPSE Review Manual 2021, Chapter 2: Privacy Governance, Section 2.3: Third-Party Management, p. 51-52.
• ISACA, Data Privacy Audit/Assurance Program, Control Objective 8: Third-Party Management, p. 14-151

De-identification is a technique that removes or modifies direct and indirect identifiers in a data set to prevent or limit the identification of the data subjects. De-identification reduces the risk of re-identification and thus limits the organization’s potential exposure in the event of consumer data loss. De-identification also maintains the traceability of the data by preserving some characteristics or patterns of the original data that can be used for analysis or research purposes. The other options are not effective ways to limit exposure and maintain traceability1, p. 75-76 References: 1: CDPSE Review Manual (Digital Version)

A privacy impact assessment (PIA) is a systematic process to identify and evaluate the potential privacy impacts of a system, project, program or initiative that involves the collection, use, disclosure or retention of personal data. A PIA should be done first when planning a new implementation for tracking consumer web browser activity, as it would help to ensure that privacy risks are identified and mitigated before the implementation is executed. A PIA would also help to ensure compliance with privacy principles, laws and regulations, and alignment with consumer expectations and preferences. The other options are not as important as conducting a PIA when planning a new implementation for tracking consumer web browser activity. Seeking approval from regulatory authorities may be required or advisable for some types of personal data or data processing activities, but it may not be necessary or sufficient for tracking consumer web browser activity, depending on the context and jurisdiction. Obtaining consent from the organization’s clients may be required or advisable for some types of personal data or data processing activities, but it may not be necessary or sufficient for tracking consumer web browser activity, depending on the context and jurisdiction. Reviewing and updating the cookie policy may be required or advisable for some types of personal data or data processing activities, but it may not be necessary or sufficient for tracking consumer web browser activity, depending on the context and jurisdiction1, p. 67 References: 1: CDPSE Review Manual (Digital Version)

A legal review is the most important thing to ensure before executive leadership approves a new data privacy policy, as it would help to verify and validate the accuracy, completeness and compliance of the policy with the applicable laws and regulations that govern the collection, use, disclosure and transfer of personal data. A legal review would also help to identify and address any gaps, inconsistencies or conflicts in the policy, and to provide legal advice or guidance on the implementation and enforcement of the policy. The other options are not as important as a legal review in ensuring before executive leadership approves a new data privacy policy. A training program is a method of educating and informing the employees and stakeholders about the new data privacy policy, its objectives, requirements and implications, but it does not ensure the quality or compliance of the policy itself. A privacy committee is a group of individuals who are responsible for overseeing, monitoring and evaluating the organization’s data privacy program, policies and practices, but it does not ensure the quality or compliance of the policy itself. A distribution methodology is a method of disseminating and communicating the new data privacy policy to the employees and stakeholders, such as email, intranet, website or newsletter, but it does not ensure the quality or compliance of the policy itself1, p. 98 References: 1: CDPSE Review Manual (Digital Version)

The primary reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication, is that it minimizes the risk if the cryptographic key is compromised. A cryptographic key is a piece of information that is used to perform cryptographic operations, such as encryption or authentication. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm. Authentication is a process of verifying the identity or integrity of a user or data using a secret key or algorithm. If a single cryptographic key is used for multiple purposes, such as encryption and authentication, it increases the risk if the cryptographic key is compromised. For example, if an attacker obtains the cryptographic key that is used for both encryption and authentication, they can decrypt and access personal data, as well as impersonate or modify legitimate users or data. Therefore, a single cryptographic key should be used for only one purpose, and different keys should be used for different purposes. References: : CDPSE Review Manual (Digital Version), page 107

Extended detection and response (XDR) is a security solution that collects and analyzes data from multiple sources, such as endpoints, networks, servers, cloud, and applications, to detect and respond to threats in real time. XDR should be installed to address the increase in threats originating from endpoints, as it provides a holistic and integrated view of the threat landscape, as well as automated and coordinated actions to contain and remediate the threats. XDR also helps to improve the visibility, efficiency, and effectiveness of the security operations, as well as to reduce the complexity and costs of managing multiple security tools.

References: CDPSE Review Manual, 2021, p. 149