國際註冊數據隱私安全專家認證(CDPSE):考試復習手冊

國際信息系統審計協會(ISACA)

  • 出版商: 電子工業
  • 出版日期: 2022-03-01
  • 定價: $588
  • 售價: 8.5$500
  • 語言: 簡體中文
  • 頁數: 184
  • ISBN: 7121429497
  • ISBN-13: 9787121429491
  • 下單後立即進貨 (約4週~6週)

商品描述

CDPSE 認證全稱為Certified Data Privacy Solutions Engineer,旨在評估技術專業人員通過設計實現隱私的能力,以使組織能夠增強隱私技術平臺和產品,從而為消費者帶來利益,建立信任,以及促進數據隱私。ISACA協會發現在眾多企業中,負責隱私政策落地和實施的IT人員缺乏相應的專業知識和培訓。大部分現有的隱私保護相關認證主要是很對企業法務,這會增加法務和隱私保護落地實施的IT人員溝通成本。因此,ISACA 新推出了數據隱私保護工程師認證(CDPSE)。該認證不僅涉及隱私治理,更關註隱私技術控制。同時也成功搭建起法務和技術部門之間的橋梁。本書幫助參加CDPSE考試人員完整全面復習考試涉及內容, 積極備考。

目錄大綱

目錄

關於本手冊 .............................................................................................................................13 概述........................................................................................................................................................................................................13 本手冊的編排........................................................................................................................................................................................13 準備 CDPSE 考試.................................................................................................................................................................................14 開始準備................................................................................................................................................................................................14 使用《CDPSE? 考試復習手冊》......................................................................................................................................................14 考試復習手冊中的模塊 ..............................................................................................................................................................14
CDPSE 考試中的題目類型..................................................................................................................................................................15

第 1 章:
隱私治理 ..................................................................................................................................17

概述............................................................................................................................................................18 領域 1:考試內容大綱.........................................................................................................................................................................18 學習目標/任務說明...............................................................................................................................................................................18 深造學習參考資料................................................................................................................................................................................19 自我評估問題........................................................................................................................................................................................21
A 部分:治理 ............................................................................................................................................23
1.1 個人數據和信息 ..................................................................................................................................................................24
1.1.1 定義個人數據和個人信息 ......................................................................................................................................25
1.2 不同司法管轄區的隱私法律和標準 ..................................................................................................................................26
1.2.1 隱私法律和法規的應用 ..........................................................................................................................................26
1.2.2 隱私保護法律模式 ..................................................................................................................................................26
1.2.3 隱私法律和法規 ......................................................................................................................................................28
1.2.4 隱私標準 ..................................................................................................................................................................29
1.2.5 隱私原則和框架 ......................................................................................................................................................30
1.2.6 隱私自我監管標準 ..................................................................................................................................................31
1.3 隱私記錄 ..............................................................................................................................................................................32
1.3.1 文檔類型 ..................................................................................................................................................................33
隱私告知....................................................................................................................................................................33
同意書........................................................................................................................................................................34
隱私政策....................................................................................................................................................................34
隱私程序....................................................................................................................................................................34
處理記錄....................................................................................................................................................................35
糾正行動計劃............................................................................................................................................................35
數據保護影響評估....................................................................................................................................................36
備案通知制度............................................................................................................................................................36
個人信息清單............................................................................................................................................................36
其他類型的文檔........................................................................................................................................................37
1.4 法律目的、同意和合法權益 ..............................................................................................................................................38
1.4.1 法律目的 ..................................................................................................................................................................38
1.4.2 同意 ..........................................................................................................................................................................38
1.4.3 合法權益 ..................................................................................................................................................................39
1.5 數據主體的權利 ..................................................................................................................................................................40
B 部分:管理 ............................................................................................................................................42
1.6 與數據有關的角色和職責 ..................................................................................................................................................42
1.7 隱私培訓和意識 ..................................................................................................................................................................46
1.7.1 內容與交付 ..............................................................................................................................................................46
1.7.2 培訓頻次 ..................................................................................................................................................................47

1.7.3 衡量培訓和意識 ......................................................................................................................................................48
1.8 供應商和第三方管理 ..........................................................................................................................................................48
1.8.1 法律要求 ..................................................................................................................................................................48
1.8.2 管理程序 ..................................................................................................................................................................49
1.9 審計流程 ..............................................................................................................................................................................51
1.10 隱私事件管理 ....................................................................................................................................................................52
C 部分:風險管理....................................................................................................................................55
1.11 風險管理流程.....................................................................................................................................................................55
1.12 影響隱私的存在問題的數據操作 ....................................................................................................................................56
1.12.1 漏洞 ........................................................................................................................................................................56
1.12.2 存在問題的數據操作 ............................................................................................................................................57
利用漏洞的方法........................................................................................................................................................58
1.12.3 隱私危害和問題 ....................................................................................................................................................60
常見隱私危害的示例................................................................................................................................................60
與數據處理有關的存在問題的數據操作示例........................................................................................................60
1.13 隱私影響評估 ....................................................................................................................................................................61
1.13.1 已建立的 PIA 方法 ................................................................................................................................................62
美國政府 PIA ............................................................................................................................................................62
加拿大政府 PIA ........................................................................................................................................................63
新加坡政府 DPIA .....................................................................................................................................................64
菲律賓政府 PIA ........................................................................................................................................................64
英國政府 DPIA .........................................................................................................................................................65
1.13.2 NIST 隱私風險評估方法 ......................................................................................................................................65
1.13.3 歐盟 GDPR DPIA 方法 .........................................................................................................................................66

第 2 章:
隱私架構 .................................................................................................................................69

概述............................................................................................................................................................70 領域 2:考試內容大綱.........................................................................................................................................................................70 學習目標/任務說明...............................................................................................................................................................................71 深造學習參考資料................................................................................................................................................................................71
A 部分:基礎設施 ....................................................................................................................................75
2.1 自主管理型基礎設施,包括技術棧 .................................................................................................................................76
2.1.1 本地中心的非雲替代方案 ......................................................................................................................................77
托管服務數據中心....................................................................................................................................................77
主機托管數據中心....................................................................................................................................................77
2.1.2 自主管理型基礎設施的優勢 ..................................................................................................................................78
控制............................................................................................................................................................................78
開發............................................................................................................................................................................78
安全............................................................................................................................................................................78
治理............................................................................................................................................................................78
2.1.3 自主管理型基礎設施的局限性 ..............................................................................................................................79
成本............................................................................................................................................................................79
系統管理....................................................................................................................................................................79
可擴展性....................................................................................................................................................................79
系統可用性................................................................................................................................................................79
2.1.4 關鍵隱私問題 ..........................................................................................................................................................80
系統權限和訪問........................................................................................................................................................80
日誌記錄....................................................................................................................................................................80
監控和警報................................................................................................................................................................81
隱私法律審查............................................................................................................................................................81

2.2 雲計算 ..................................................................................................................................................................................82
2.2.1 雲數據中心 ..............................................................................................................................................................82
2.2.2 雲計算的基本特徵 .................................................................................................................................................83
2.2.3 雲服務模型 ..............................................................................................................................................................83
2.2.4 責任共擔模型 ..........................................................................................................................................................84
2.2.5 雲計算的優勢 ..........................................................................................................................................................86
成本............................................................................................................................................................................86
安全............................................................................................................................................................................86
可擴展性....................................................................................................................................................................86
向上/下擴展(縱向擴展) .............................................................................................................................86
向外/內擴展(橫向擴展) .............................................................................................................................87
擴展方法 ..........................................................................................................................................................87
數據可訪問性............................................................................................................................................................87
2.2.6 雲計算的局限性 ......................................................................................................................................................87
失去控制....................................................................................................................................................................87
成本............................................................................................................................................................................88
因特網依賴/停機時間...............................................................................................................................................88
安全與隱私................................................................................................................................................................88
2.3 終端 ......................................................................................................................................................................................88
2.3.1 實現終端安全性的方法 ..........................................................................................................................................89
2.4 遠程訪問 ..............................................................................................................................................................................90
2.4.1 虛擬私有網絡 ..........................................................................................................................................................90
問題............................................................................................................................................................................90
風險............................................................................................................................................................................90
用戶憑證風險 ..................................................................................................................................................90
惡意軟件和病毒 ..............................................................................................................................................90
拆分隧道 ..........................................................................................................................................................90
2.4.2 桌面共享 ..................................................................................................................................................................91
問題和風險................................................................................................................................................................91
2.4.3 特權訪問管理 ..........................................................................................................................................................91
2.5 系統加固 ..............................................................................................................................................................................92
B 部分:應用程序和軟件 ........................................................................................................................94
2.6 安全開發生命周期 ..............................................................................................................................................................94
2.6.1 隱私與安全開發生命周期的階段 ..........................................................................................................................94
需求收集....................................................................................................................................................................95
設計和編碼................................................................................................................................................................95
測試和發布................................................................................................................................................................95
維護............................................................................................................................................................................96
2.6.2 隱私設計 ..................................................................................................................................................................96
2.7 應用程序和軟件加固 ..........................................................................................................................................................97
2.7.1 加固最佳實踐 ..........................................................................................................................................................98
2.8 API 和服務 ..........................................................................................................................................................................99
2.8.1 API............................................................................................................................................................................99
2.8.2 Web 服務 ................................................................................................................................................................100
2.9 跟蹤技術 ............................................................................................................................................................................100
2.9.1 跟蹤技術的類型 ....................................................................................................................................................101
Cookie ......................................................................................................................................................................101 跟蹤像素..................................................................................................................................................................102 數字指紋識別/瀏覽器指紋識別.............................................................................................................................103
GPS 跟蹤 .................................................................................................................................................................103
射頻識別..................................................................................................................................................................103

C 部分:技術隱私控制..........................................................................................................................104
2.10 通信和傳輸協議 ..............................................................................................................................................................104
2.10.1 通信協議的類型 ..................................................................................................................................................105
2.10.2 局域網 ..................................................................................................................................................................105
LAN 拓撲結構與協議 ............................................................................................................................................105
LAN 組件 ................................................................................................................................................................106
2.10.3 TCP/IP 及其與 OSI 參考模型的關系.................................................................................................................107
TCP/IP 因特網萬維網服務 .....................................................................................................................................107
無線局域網 ..............................................................................................................................................................110
2.10.4 傳輸層安全協議 ..................................................................................................................................................110
2.10.5 安全外殼 ..............................................................................................................................................................112
2.11 加密、哈希運算和去身份識別 .......................................................................................................................................112
2.11.1 加密 ......................................................................................................................................................................112
對稱算法 ..................................................................................................................................................................113
非對稱算法 ..............................................................................................................................................................114
量子密碼學 ..............................................................................................................................................................115
2.11.2 去身份識別 ..........................................................................................................................................................115
2.11.3 哈希運算 ..............................................................................................................................................................115
消息的完整性和哈希運算算法 ..............................................................................................................................115
數字簽名 ..................................................................................................................................................................116
數字信封 ..................................................................................................................................................................117
2.11.4 加密系統的應用 ..................................................................................................................................................117
IP 安全協議 .............................................................................................................................................................118
安全多功能因特網郵件擴展協議 ..........................................................................................................................118
2.12 密鑰管理...........................................................................................................................................................................118
2.12.1 證書 ......................................................................................................................................................................118
2.12.2 公鑰基礎設施 ......................................................................................................................................................119
PKI 加密 ..................................................................................................................................................................119
2.13 監控和日誌記錄...............................................................................................................................................................119
2.13.1 監控 ......................................................................................................................................................................120
2.13.2 日誌記錄 ..............................................................................................................................................................120
2.13.3 隱私和安全日誌記錄 ..........................................................................................................................................121
2.14 身份和訪問管理 ..............................................................................................................................................................122
2.14.1 系統訪問權限 ......................................................................................................................................................122
2.14.2 強制和自主訪問控制 ..........................................................................................................................................123
2.14.3 信息安全和外部相關方 ......................................................................................................................................124
識別與外部各方相關的風險..................................................................................................................................124
滿足與客戶相關的安全要求..................................................................................................................................125
滿足第三方協議中的安全要求..............................................................................................................................125
人力資源安全和第三方 ................................................................................................................................127
篩選 ................................................................................................................................................................128
訪問權限的取消 ............................................................................................................................................128

第 3 章:
數據生命周期 .......................................................................................................................131

概述..........................................................................................................................................................132 領域 3:考試內容大綱.......................................................................................................................................................................132 學習目標/任務說明.............................................................................................................................................................................132 深造學習參考資料..............................................................................................................................................................................133

A 部分:數據目的 ..................................................................................................................................137
3.1 數據清單和分類 ................................................................................................................................................................140
3.1.1 數據清單 ................................................................................................................................................................140
創建數據清單..........................................................................................................................................................141
計劃 ................................................................................................................................................................141
決定 ................................................................................................................................................................141
填充 ................................................................................................................................................................142
發布 ................................................................................................................................................................142
3.1.2 數據分類 ................................................................................................................................................................142
3.2 數據質量 ............................................................................................................................................................................143
3.2.1 數據質量維度 ........................................................................................................................................................143
3.3 數據流和使用圖 ................................................................................................................................................................145
3.3.1 數據血緣 ................................................................................................................................................................147
3.4 數據使用限制 ....................................................................................................................................................................147
3.5 數據分析 ............................................................................................................................................................................148
3.5.1 用戶行為分析 ........................................................................................................................................................149
B 部分:數據持久化 ..............................................................................................................................150
3.6 數據最小化 ........................................................................................................................................................................151
3.7 數據遷移 ............................................................................................................................................................................152
3.7.1 數據轉換 ................................................................................................................................................................152
3.7.2 完善遷移方案 ........................................................................................................................................................153
回退(回滾)方案..................................................................................................................................................154
3.7.3 數據遷移後 ............................................................................................................................................................154
3.8 數據存儲 ............................................................................................................................................................................155
3.9 數據倉庫 ............................................................................................................................................................................156
3.9.1 提取、轉換、加載 ................................................................................................................................................156
分級層......................................................................................................................................................................157
表示層......................................................................................................................................................................157
3.9.2 其他註意事項 ........................................................................................................................................................157
3.10 數據保留和歸檔 ..............................................................................................................................................................157
3.11 數據銷毀...........................................................................................................................................................................158
3.11.1 數據匿名化 ..........................................................................................................................................................159
3.11.2 刪除 ......................................................................................................................................................................159
3.11.3 加密粉碎 ..............................................................................................................................................................159
3.11.4 消磁 ......................................................................................................................................................................159
3.11.5 銷毀 ......................................................................................................................................................................159

附錄 A:CDPSE 考試常規信息 ...................................................................................161 認證要求..............................................................................................................................................................................................161 成功完成 CDPSE 考試.......................................................................................................................................................................161 數據隱私經驗......................................................................................................................................................................................161 考試介紹..............................................................................................................................................................................................161 報名參加 CDPSE 考試.......................................................................................................................................................................161
CDPSE 計劃再次通過 ISO/IEC 17024:2012 認證 ..........................................................................................................................162
預約安排考試日期..............................................................................................................................................................................162
考試入場..............................................................................................................................................................................................162
安排時間 ....................................................................................................................................................................................163
考試評分 ....................................................................................................................................................................................163
附錄 B:CDPSE 工作實務 ...........................................................................................165
詞匯表 ...................................................................................................................................169