CIPT 試験問題 116
チャットボットに関する重大なプライバシー上の懸念として特定されたものは何ですか?
CIPT 試験問題 117
SCENARIO
Carol was a U.S.-based glassmaker who sold her work at art festivals. She kept things simple by only accepting cash and personal checks.
As business grew, Carol couldn't keep up with demand, and traveling to festivals became burdensome. Carol opened a small boutique and hired Sam to run it while she worked in the studio. Sam was a natural salesperson, and business doubled. Carol told Sam, "I don't know what you are doing, but keep doing it!" But months later, the gift shop was in chaos. Carol realized that Sam needed help so she hired Jane, who had business expertise and could handle the back-office tasks. Sam would continue to focus on sales. Carol gave Jane a few weeks to get acquainted with the artisan craft business, and then scheduled a meeting for the three of them to discuss Jane's first impressions.
At the meeting, Carol could not wait to hear Jane's thoughts, but she was unprepared for what Jane had to say. "Carol, I know that he doesn't realize it, but some of Sam's efforts to increase sales have put you in a vulnerable position. You are not protecting customers' personal information like you should." Sam said, "I am protecting our information. I keep it in the safe with our bank deposit. It's only a list of customers' names, addresses and phone numbers that I get from their checks before I deposit them. I contact them when you finish a piece that I think they would like. That's the only information I have! The only other thing I do is post photos and information about your work on the photo sharing site that I use with family and friends. I provide my email address and people send me their information if they want to see more of your work. Posting online really helps sales, Carol. In fact, the only complaint I hear is about having to come into the shop to make a purchase." Carol replied, "Jane, that doesn't sound so bad. Could you just fix things and help us to post even more online?"
'I can," said Jane. "But it's not quite that simple. I need to set up a new program to make sure that we follow the best practices in data management. And I am concerned for our customers. They should be able to manage how we use their personal information. We also should develop a social media strategy." Sam and Jane worked hard during the following year. One of the decisions they made was to contract with an outside vendor to manage online sales. At the end of the year, Carol shared some exciting news. "Sam and Jane, you have done such a great job that one of the biggest names in the glass business wants to buy us out! And Jane, they want to talk to you about merging all of our customer and vendor information with theirs beforehand." When initially collecting personal information from customers, what should Jane be guided by?
Carol was a U.S.-based glassmaker who sold her work at art festivals. She kept things simple by only accepting cash and personal checks.
As business grew, Carol couldn't keep up with demand, and traveling to festivals became burdensome. Carol opened a small boutique and hired Sam to run it while she worked in the studio. Sam was a natural salesperson, and business doubled. Carol told Sam, "I don't know what you are doing, but keep doing it!" But months later, the gift shop was in chaos. Carol realized that Sam needed help so she hired Jane, who had business expertise and could handle the back-office tasks. Sam would continue to focus on sales. Carol gave Jane a few weeks to get acquainted with the artisan craft business, and then scheduled a meeting for the three of them to discuss Jane's first impressions.
At the meeting, Carol could not wait to hear Jane's thoughts, but she was unprepared for what Jane had to say. "Carol, I know that he doesn't realize it, but some of Sam's efforts to increase sales have put you in a vulnerable position. You are not protecting customers' personal information like you should." Sam said, "I am protecting our information. I keep it in the safe with our bank deposit. It's only a list of customers' names, addresses and phone numbers that I get from their checks before I deposit them. I contact them when you finish a piece that I think they would like. That's the only information I have! The only other thing I do is post photos and information about your work on the photo sharing site that I use with family and friends. I provide my email address and people send me their information if they want to see more of your work. Posting online really helps sales, Carol. In fact, the only complaint I hear is about having to come into the shop to make a purchase." Carol replied, "Jane, that doesn't sound so bad. Could you just fix things and help us to post even more online?"
'I can," said Jane. "But it's not quite that simple. I need to set up a new program to make sure that we follow the best practices in data management. And I am concerned for our customers. They should be able to manage how we use their personal information. We also should develop a social media strategy." Sam and Jane worked hard during the following year. One of the decisions they made was to contract with an outside vendor to manage online sales. At the end of the year, Carol shared some exciting news. "Sam and Jane, you have done such a great job that one of the biggest names in the glass business wants to buy us out! And Jane, they want to talk to you about merging all of our customer and vendor information with theirs beforehand." When initially collecting personal information from customers, what should Jane be guided by?
CIPT 試験問題 118
Which is NOT a suitable action to apply to data when the retention period ends?
CIPT 試験問題 119
What would be an example of an organization transferring the risks associated with a data breach?
CIPT 試験問題 120
シナリオ
Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. "The old man hired and fired IT people like he was changing his necktie," one of Wilson's seasoned lieutenants tells you, as you identify the traces of initiatives left half complete.
たとえば、一部の専有データと顧客と従業員の個人情報は暗号化されていますが、従業員の有毒物質への曝露に関する監視検査からの健康情報など、他の機密情報は、特に機密性の低いデータを含む長い記録に含まれる場合、暗号化されないままです。また、一見するとほぼランダムに見える方法で、データがアプリケーション、サーバー、施設に分散していることもわかります。
Lancelot のデータの状態に関する予備的な調査結果には次のようなものがあります。
クラウド テクノロジーは、聞いたことのない企業も含め、世界中のベンダーによって提供されています。元 Lancelot 従業員から、これらのベンダーは異なるセキュリティ要件とプロトコルで運用されていると聞きました。
同社独自のシェールオイル回収プロセスは、機密性の低いさまざまな情報とともにサーバーに保存されており、科学者だけでなく、ほとんどの企業拠点のあらゆる職種の担当者がアクセスできます。
DES は、現在あらゆるファイルに使用されている最も強力な暗号化アルゴリズムです。
いくつかの企業施設には、訪問者のチェックイン以外の物理的なセキュリティ管理が欠如しており、よく知られたベンダーがそれを回避していることがよくあります。
これらすべてを修正するには時間がかかりますが、まず混乱の範囲を把握し、それに対処するための行動計画を策定する必要があります。
Wesley Energy が保有するデータの種類と場所を特定するには、どの手順を使用する必要がありますか?
Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. "The old man hired and fired IT people like he was changing his necktie," one of Wilson's seasoned lieutenants tells you, as you identify the traces of initiatives left half complete.
たとえば、一部の専有データと顧客と従業員の個人情報は暗号化されていますが、従業員の有毒物質への曝露に関する監視検査からの健康情報など、他の機密情報は、特に機密性の低いデータを含む長い記録に含まれる場合、暗号化されないままです。また、一見するとほぼランダムに見える方法で、データがアプリケーション、サーバー、施設に分散していることもわかります。
Lancelot のデータの状態に関する予備的な調査結果には次のようなものがあります。
クラウド テクノロジーは、聞いたことのない企業も含め、世界中のベンダーによって提供されています。元 Lancelot 従業員から、これらのベンダーは異なるセキュリティ要件とプロトコルで運用されていると聞きました。
同社独自のシェールオイル回収プロセスは、機密性の低いさまざまな情報とともにサーバーに保存されており、科学者だけでなく、ほとんどの企業拠点のあらゆる職種の担当者がアクセスできます。
DES は、現在あらゆるファイルに使用されている最も強力な暗号化アルゴリズムです。
いくつかの企業施設には、訪問者のチェックイン以外の物理的なセキュリティ管理が欠如しており、よく知られたベンダーがそれを回避していることがよくあります。
これらすべてを修正するには時間がかかりますが、まず混乱の範囲を把握し、それに対処するための行動計画を策定する必要があります。
Wesley Energy が保有するデータの種類と場所を特定するには、どの手順を使用する必要がありますか?