The CIPP Guide provides reliable and accurate information to the privacy professional arena. We hope individuals seeking the Certified Information Privacy Professional designation will find further substance specifically targeted at their CIPP pursuit.
Please review the user agreement for the forums and testing services. CIPP Guide requires registration before use of the testing services. We hope you find this service useful, and good luck on the exam!
|
||||
 |
According to the OPC (Office of the Privacy Commissioner), the concept of identity is defined simply as how a person is known, either by other people, or by an organization. An individual’s identity is a distinguishing set of information that may vary from context to context. For instance, family and friends may identify a person by certain traits; an employer might identify a person by role, skill or position; and a service provider might identify a person by a unique identification number. This article examines identity concepts and identity management systems that citizens come in contact with on a daily basis, as well as the possibility of a national identity [...] Cryptography refers to the science of rendering information unrecognizable and thus useless to those without proper authorization. This field includes mathematics, computer science and engineering. While cryptography was initially applied to protect message confidentiality, it has grown to include issues such as privacy concerns, data integrity, identity authentication, secure computing and more. This article introduces the field of cryptography, defines the basic concepts of encryption and decryption and discusses related concepts. It also explores current uses of cryptography in the information security [...] Access controls determine the authorized activities of legitimate users, while mediating users’ access to system resources. Access controls ensure that data are being used by the appropriate people in the correct roles in particular contexts. For instance, IT infrastructures employ access control systems at a number of levels. Operating systems also rely on access controls to protect directories or files. As a result of regulatory compliance, there has been a noticeable push for controls in the IT industry. This article looks at basic concepts around access [...] Risk management plays a crucial role in helping organizations protect and secure their information assets. Effective risk management programs are a significant component of any IT security program. This article will discuss the role of risk management, including the identification, assessment, prioritization and diffusion of risks. Risks, Threats & Vulnerabilities Risk is often confused with other related terms and concepts. The lines between risks, threats and vulnerabilities are sometimes confused. Further, the terms “risk assessment” and “vulnerability assessment” are frequently used interchangeably, though they have very different applications. The term “risk” is defined as the impact that could result from vulnerability, or the [...] The CIA triad is a well-known model in information security development. It is applied in various situations to identify problems or weaknesses and to establish security solutions. It is an industry standard that information systems professionals should be familiar with. What is the CIA Triad? The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. In order to avoid confusion, the CIA triad is sometimes referred to as the AIC triad, or PAIN, which stands for privacy, availability/authentication, integrity and non-repudiation. The three components [...] In recent years, RFID (radio frequency identification) has caught the attention of privacy watchdogs, civil organizations and the general public. Its ability to identify and track items as well as individuals raises a number of privacy and security concerns, while the potential for integration into numerous contexts has increased with the development of technology. Discussion and integration of RFID in the workplace, retail situations and other environments should be informed by a number of privacy-respecting practices that will be explored in this [...] We’re constantly trying to improve our service offerings. In that vein, we just added the first set of case studies to the site. Gold subscribers may find them under the Premium Services Tab. The introduction of Bills C-46 and C-47 in Canada sparked concern regarding the role of the federal government and other authorities to expand surveillance and increase investigation of the Canadian public. The bills were tabled June 2009 and continue to be met with much concern. This article will elaborate on the significant aspects of each bill, with an eye to some of the potential privacy concerns that may be [...] Electronic authentication is common in this information-driven society, as daily transactions through electronic services and the Internet require remote electronic authentication. Online transactions are increasingly seamless through the connection of multiple devices which offer services to consumers that were previously unattainable. Many authentication systems collect and use the personal information of users in a way that compromises their privacy and security. Authentication systems must be designed to give consumers more control over their personal information, promoting user security and effective privacy [...] The ISO (International Organization for Standards) publishes international standards for the private sector. The ISO 27000 standards series refers to information security matters. Since October 2005, the ISO has published six of these standards, with controls ranging from managing security systems to problem solving methodology to [...] |
|
||
|
Privacy Policy and Usage Agreement |
||||
