關(guān)于我們
書(shū)單推薦
新書(shū)推薦
|
國(guó)際注冊(cè)數(shù)據(jù)隱私安全專(zhuān)家認(rèn)證(CDPSE):考試復(fù)習(xí)手冊(cè) 讀者對(duì)象:CDPSE考生;負(fù)責(zé)評(píng)估和確保法務(wù)和合規(guī)的專(zhuān)業(yè)人員;負(fù)責(zé)隱私保護(hù)政策和流程的開(kāi)發(fā)、實(shí)施和運(yùn)維的專(zhuān)業(yè)人員;與信息技術(shù)和數(shù)據(jù)治理流程打交道的人員
CDPSE 認(rèn)證全稱(chēng)為Certified Data Privacy Solutions Engineer,旨在評(píng)估技術(shù)專(zhuān)業(yè)人員通過(guò)設(shè)計(jì)實(shí)現(xiàn)隱私的能力,以使組織能夠增強(qiáng)隱私技術(shù)平臺(tái)和產(chǎn)品,從而為消費(fèi)者帶來(lái)利益,建立信任,以及促進(jìn)數(shù)據(jù)隱私。ISACA協(xié)會(huì)發(fā)現(xiàn)在眾多企業(yè)中,負(fù)責(zé)隱私政策落地和實(shí)施的IT人員缺乏相應(yīng)的專(zhuān)業(yè)知識(shí)和培訓(xùn)。大部分現(xiàn)有的隱私保護(hù)相關(guān)認(rèn)證主要是很對(duì)企業(yè)法務(wù),這會(huì)增加法務(wù)和隱私保護(hù)落地實(shí)施的IT人員溝通成本。因此,ISACA 新推出了數(shù)據(jù)隱私保護(hù)工程師認(rèn)證(CDPSE)。該認(rèn)證不僅涉及隱私治理,更關(guān)注隱私技術(shù)控制。同時(shí)也成功搭建起法務(wù)和技術(shù)部門(mén)之間的橋梁。本書(shū)幫助參加CDPSE考試人員完整全面復(fù)習(xí)考試涉及內(nèi)容, 積極備考。
ISACA(國(guó)際信息系統(tǒng)審計(jì)協(xié)會(huì))是一家成立于1969年的非營(yíng)利組織,總部設(shè)在美國(guó)芝加哥。 ISACA是享譽(yù)全球的提供信息系統(tǒng)鑒證及安全,企業(yè)IT治理與管理,IT風(fēng)險(xiǎn)及合規(guī)性知識(shí)、認(rèn)證、社區(qū),倡導(dǎo)教育的領(lǐng)導(dǎo)組織。 ISACA在其近50年歷史中,致力于幫助專(zhuān)業(yè)人員和企業(yè)實(shí)現(xiàn)技術(shù)的最大潛力。當(dāng)今世界為技術(shù)所驅(qū)動(dòng),ISACA為全球?qū)I(yè)人員提供知識(shí)、職業(yè)認(rèn)證并打造社群網(wǎng)絡(luò),助力其職業(yè)進(jìn)階,推動(dòng)他們所在的機(jī)構(gòu)轉(zhuǎn)型,通過(guò)技術(shù)實(shí)現(xiàn)創(chuàng)新。ISACA希望與全球的專(zhuān)業(yè)人士一起,不斷完善信息安全與IT風(fēng)險(xiǎn)的行業(yè)規(guī)范,持續(xù)提升信息安全技術(shù)水平,為政府、企業(yè)、組織構(gòu)建堅(jiān)實(shí)的信息安全屏障。ISACA全球社區(qū)中有50多萬(wàn)名從事信息與網(wǎng)絡(luò)安全、治理、審計(jì)與鑒證、風(fēng)險(xiǎn)與創(chuàng)新工作的人員。ISACA旗下的CMMI則專(zhuān)注于企業(yè)能力成熟度的評(píng)估與改進(jìn)。ISACA在全球80個(gè)國(guó)家設(shè)有200個(gè)分會(huì),并在中國(guó)開(kāi)設(shè)辦公室。
ISACA(國(guó)際信息系統(tǒng)審計(jì)協(xié)會(huì))是一家成立于1969年的非營(yíng)利組織,總部設(shè)在美國(guó)芝加哥。 ISACA是享譽(yù)全球的提供信息系統(tǒng)鑒證及安全,企業(yè)IT治理與管理,IT風(fēng)險(xiǎn)及合規(guī)性知識(shí)、認(rèn)證、社區(qū),倡導(dǎo)教育的領(lǐng)導(dǎo)組織。?ISACA?在其近50年歷史中,致力于幫助專(zhuān)業(yè)人員和企業(yè)實(shí)現(xiàn)技術(shù)的最大潛力。當(dāng)今世界為技術(shù)所驅(qū)動(dòng),ISACA為全球?qū)I(yè)人員提供知識(shí)、職業(yè)認(rèn)證并打造社群網(wǎng)絡(luò),助力其職業(yè)進(jìn)階,推動(dòng)他們所在的機(jī)構(gòu)轉(zhuǎn)型,通過(guò)技術(shù)實(shí)現(xiàn)創(chuàng)新。ISACA希望與全球的專(zhuān)業(yè)人士一起,不斷完善信息安全與IT風(fēng)險(xiǎn)的行業(yè)規(guī)范,持續(xù)提升信息安全技術(shù)水平,為政府、企業(yè)、組織構(gòu)建堅(jiān)實(shí)的信息安全屏障。ISACA全球社區(qū)中有50多萬(wàn)名從事信息與網(wǎng)絡(luò)安全、治理、審計(jì)與鑒證、風(fēng)險(xiǎn)與創(chuàng)新工作的人員。ISACA旗下的CMMI則專(zhuān)注于企業(yè)能力成熟度的評(píng)估與改進(jìn)。ISACA在全球80個(gè)國(guó)家設(shè)有200個(gè)分會(huì),并在中國(guó)開(kāi)設(shè)辦公室。今天,ISACA在全球有140,000名成員,他們的組成非常具有多元性。這些成員在188個(gè)國(guó)家內(nèi)生活和工作,并涵蓋眾多專(zhuān)業(yè)信息技術(shù)的相關(guān)職業(yè),比如信息系統(tǒng)審計(jì)師、顧問(wèn)、教導(dǎo)員、信息系統(tǒng)安全專(zhuān)家、管理者、首席信息官和內(nèi)部審計(jì)師等。有些職業(yè)是本領(lǐng)域內(nèi)新興的,其他為中級(jí)管理人員,另外還有許多人擔(dān)任最高級(jí)的職位。他們幾乎遍及所有行業(yè),包括財(cái)政金融、公共會(huì)計(jì)、政府與公共部門(mén)、公用事業(yè)和制造業(yè)。這種多元性使眾多成員能夠相互學(xué)習(xí),并在許多專(zhuān)業(yè)問(wèn)題上廣泛交流彼此的觀點(diǎn)。該特點(diǎn)一直被認(rèn)為是ISACA的強(qiáng)勢(shì)之一。
目錄
關(guān)于本手冊(cè) .............................................................................................................................13 概述........................................................................................................................................................................................................13 本手冊(cè)的編排........................................................................................................................................................................................13 準(zhǔn)備 CDPSE 考試.................................................................................................................................................................................14 開(kāi)始準(zhǔn)備................................................................................................................................................................................................14 使用《CDPSE? 考試復(fù)習(xí)手冊(cè)》......................................................................................................................................................14 考試復(fù)習(xí)手冊(cè)中的模塊 ..............................................................................................................................................................14 CDPSE 考試中的題目類(lèi)型..................................................................................................................................................................15 第 1 章: 隱私治理 ..................................................................................................................................17 概述............................................................................................................................................................18 領(lǐng)域 1:考試內(nèi)容大綱.........................................................................................................................................................................18 學(xué)習(xí)目標(biāo)/任務(wù)說(shuō)明...............................................................................................................................................................................18 深造學(xué)習(xí)參考資料................................................................................................................................................................................19 自我評(píng)估問(wèn)題........................................................................................................................................................................................21 A 部分:治理 ............................................................................................................................................23 1.1 個(gè)人數(shù)據(jù)和信息 ..................................................................................................................................................................24 1.1.1 定義個(gè)人數(shù)據(jù)和個(gè)人信息 ......................................................................................................................................25 1.2 不同司法管轄區(qū)的隱私法律和標(biāo)準(zhǔn) ..................................................................................................................................26 1.2.1 隱私法律和法規(guī)的應(yīng)用 ..........................................................................................................................................26 1.2.2 隱私保護(hù)法律模式 ..................................................................................................................................................26 1.2.3 隱私法律和法規(guī) ......................................................................................................................................................28 1.2.4 隱私標(biāo)準(zhǔn) ..................................................................................................................................................................29 1.2.5 隱私原則和框架 ......................................................................................................................................................30 1.2.6 隱私自我監(jiān)管標(biāo)準(zhǔn) ..................................................................................................................................................31 1.3 隱私記錄 ..............................................................................................................................................................................32 1.3.1 文檔類(lèi)型 ..................................................................................................................................................................33 隱私告知....................................................................................................................................................................33 同意書(shū)........................................................................................................................................................................34 隱私政策....................................................................................................................................................................34 隱私程序....................................................................................................................................................................34 處理記錄....................................................................................................................................................................35 糾正行動(dòng)計(jì)劃............................................................................................................................................................35 數(shù)據(jù)保護(hù)影響評(píng)估....................................................................................................................................................36 備案通知制度............................................................................................................................................................36 個(gè)人信息清單............................................................................................................................................................36 其他類(lèi)型的文檔........................................................................................................................................................37 1.4 法律目的、同意和合法權(quán)益 ..............................................................................................................................................38 1.4.1 法律目的 ..................................................................................................................................................................38 1.4.2 同意 ..........................................................................................................................................................................38 1.4.3 合法權(quán)益 ..................................................................................................................................................................39 1.5 數(shù)據(jù)主體的權(quán)利 ..................................................................................................................................................................40 B 部分:管理 ............................................................................................................................................42 1.6 與數(shù)據(jù)有關(guān)的角色和職責(zé) ..................................................................................................................................................42 1.7 隱私培訓(xùn)和意識(shí) ..................................................................................................................................................................46 1.7.1 內(nèi)容與交付 ..............................................................................................................................................................46 1.7.2 培訓(xùn)頻次 ..................................................................................................................................................................47 1.7.3 衡量培訓(xùn)和意識(shí) ......................................................................................................................................................48 1.8 供應(yīng)商和第三方管理 ..........................................................................................................................................................48 1.8.1 法律要求 ..................................................................................................................................................................48 1.8.2 管理程序 ..................................................................................................................................................................49 1.9 審計(jì)流程 ..............................................................................................................................................................................51 1.10 隱私事件管理 ....................................................................................................................................................................52 C 部分:風(fēng)險(xiǎn)管理....................................................................................................................................55 1.11 風(fēng)險(xiǎn)管理流程.....................................................................................................................................................................55 1.12 影響隱私的存在問(wèn)題的數(shù)據(jù)操作 ....................................................................................................................................56 1.12.1 漏洞 ........................................................................................................................................................................56 1.12.2 存在問(wèn)題的數(shù)據(jù)操作 ............................................................................................................................................57 利用漏洞的方法........................................................................................................................................................58 1.12.3 隱私危害和問(wèn)題 ....................................................................................................................................................60 常見(jiàn)隱私危害的示例................................................................................................................................................60 與數(shù)據(jù)處理有關(guān)的存在問(wèn)題的數(shù)據(jù)操作示例........................................................................................................60 1.13 隱私影響評(píng)估 ....................................................................................................................................................................61 1.13.1 已建立的 PIA 方法 ................................................................................................................................................62 美國(guó)政府 PIA ............................................................................................................................................................62 加拿大政府 PIA ........................................................................................................................................................63 新加坡政府 DPIA .....................................................................................................................................................64 菲律賓政府 PIA ........................................................................................................................................................64 英國(guó)政府 DPIA .........................................................................................................................................................65 1.13.2 NIST 隱私風(fēng)險(xiǎn)評(píng)估方法 ......................................................................................................................................65 1.13.3 歐盟 GDPR DPIA 方法 .........................................................................................................................................66 第 2 章: 隱私架構(gòu) .................................................................................................................................69 概述............................................................................................................................................................70 領(lǐng)域 2:考試內(nèi)容大綱.........................................................................................................................................................................70 學(xué)習(xí)目標(biāo)/任務(wù)說(shuō)明...............................................................................................................................................................................71 深造學(xué)習(xí)參考資料................................................................................................................................................................................71 A 部分:基礎(chǔ)設(shè)施 ....................................................................................................................................75 2.1 自主管理型基礎(chǔ)設(shè)施,包括技術(shù)棧 .................................................................................................................................76 2.1.1 本地中心的非云替代方案 ......................................................................................................................................77 托管服務(wù)數(shù)據(jù)中心....................................................................................................................................................77 主機(jī)托管數(shù)據(jù)中心....................................................................................................................................................77 2.1.2 自主管理型基礎(chǔ)設(shè)施的優(yōu)勢(shì) ..................................................................................................................................78 控制............................................................................................................................................................................78 開(kāi)發(fā)............................................................................................................................................................................78 安全............................................................................................................................................................................78 治理............................................................................................................................................................................78 2.1.3 自主管理型基礎(chǔ)設(shè)施的局限性 ..............................................................................................................................79 成本............................................................................................................................................................................79 系統(tǒng)管理....................................................................................................................................................................79 可擴(kuò)展性....................................................................................................................................................................79 系統(tǒng)可用性................................................................................................................................................................79 2.1.4 關(guān)鍵隱私問(wèn)題 ..........................................................................................................................................................80 系統(tǒng)權(quán)限和訪問(wèn)........................................................................................................................................................80 日志記錄....................................................................................................................................................................80 監(jiān)控和警報(bào)................................................................................................................................................................81 隱私法律審查............................................................................................................................................................81 2.2 云計(jì)算 ..................................................................................................................................................................................82 2.2.1 云數(shù)據(jù)中心 ..............................................................................................................................................................82 2.2.2 云計(jì)算的基本特征 .................................................................................................................................................83 2.2.3 云服務(wù)模型 ..............................................................................................................................................................83 2.2.4 責(zé)任共擔(dān)模型 ..........................................................................................................................................................84 2.2.5 云計(jì)算的優(yōu)勢(shì) ..........................................................................................................................................................86 成本............................................................................................................................................................................86 安全............................................................................................................................................................................86 可擴(kuò)展性....................................................................................................................................................................86 向上/下擴(kuò)展(縱向擴(kuò)展) .............................................................................................................................86 向外/內(nèi)擴(kuò)展(橫向擴(kuò)展) .............................................................................................................................87 擴(kuò)展方法 ..........................................................................................................................................................87 數(shù)據(jù)可訪問(wèn)性............................................................................................................................................................87 2.2.6 云計(jì)算的局限性 ......................................................................................................................................................87 失去控制....................................................................................................................................................................87 成本............................................................................................................................................................................88 互聯(lián)網(wǎng)依賴(lài)/停機(jī)時(shí)間...............................................................................................................................................88 安全與隱私................................................................................................................................................................88 2.3 終端 ......................................................................................................................................................................................88 2.3.1 實(shí)現(xiàn)終端安全性的方法 ..........................................................................................................................................89 2.4 遠(yuǎn)程訪問(wèn) ..............................................................................................................................................................................90 2.4.1 虛擬私有網(wǎng)絡(luò) ..........................................................................................................................................................90 問(wèn)題............................................................................................................................................................................90 風(fēng)險(xiǎn)............................................................................................................................................................................90 用戶(hù)憑證風(fēng)險(xiǎn) ..................................................................................................................................................90 惡意軟件和病毒 ..............................................................................................................................................90 拆分隧道 ..........................................................................................................................................................90 2.4.2 桌面共享 ..................................................................................................................................................................91 問(wèn)題和風(fēng)險(xiǎn)................................................................................................................................................................91 2.4.3 特權(quán)訪問(wèn)管理 ..........................................................................................................................................................91 2.5 系統(tǒng)加固 ..............................................................................................................................................................................92 B 部分:應(yīng)用程序和軟件 ........................................................................................................................94 2.6 安全開(kāi)發(fā)生命周期 ..............................................................................................................................................................94 2.6.1 隱私與安全開(kāi)發(fā)生命周期的階段 ..........................................................................................................................94 需求收集....................................................................................................................................................................95 設(shè)計(jì)和編碼................................................................................................................................................................95 測(cè)試和發(fā)布................................................................................................................................................................95 維護(hù)............................................................................................................................................................................96 2.6.2 隱私設(shè)計(jì) ..................................................................................................................................................................96 2.7 應(yīng)用程序和軟件加固 ..........................................................................................................................................................97 2.7.1 加固最佳實(shí)踐 ..........................................................................................................................................................98 2.8 API 和服務(wù) ..........................................................................................................................................................................99 2.8.1 API............................................................................................................................................................................99 2.8.2 Web 服務(wù) ................................................................................................................................................................100 2.9 跟蹤技術(shù) ............................................................................................................................................................................100 2.9.1 跟蹤技術(shù)的類(lèi)型 ....................................................................................................................................................101 Cookie ......................................................................................................................................................................101 跟蹤像素..................................................................................................................................................................102 數(shù)字指紋識(shí)別/瀏覽器指紋識(shí)別.............................................................................................................................103 GPS 跟蹤 .................................................................................................................................................................103 射頻識(shí)別..................................................................................................................................................................103 C 部分:技術(shù)隱私控制..........................................................................................................................104 2.10 通信和傳輸協(xié)議 ..............................................................................................................................................................104 2.10.1 通信協(xié)議的類(lèi)型 ..................................................................................................................................................105 2.10.2 局域網(wǎng) ..................................................................................................................................................................105 LAN 拓?fù)浣Y(jié)構(gòu)與協(xié)議 ............................................................................................................................................105 LAN 組件 ................................................................................................................................................................106 2.10.3 TCP/IP 及其與 OSI 參考模型的關(guān)系.................................................................................................................107 TCP/IP 互聯(lián)網(wǎng)萬(wàn)維網(wǎng)服務(wù) .....................................................................................................................................107 無(wú)線(xiàn)局域網(wǎng) ..............................................................................................................................................................110 2.10.4 傳輸層安全協(xié)議 ..................................................................................................................................................110 2.10.5 安全外殼 ..............................................................................................................................................................112 2.11 加密、哈希運(yùn)算和去身份識(shí)別 .......................................................................................................................................112 2.11.1 加密 ......................................................................................................................................................................112 對(duì)稱(chēng)算法 ..................................................................................................................................................................113 非對(duì)稱(chēng)算法 ..............................................................................................................................................................114 量子密碼學(xué) ..............................................................................................................................................................115 2.11.2 去身份識(shí)別 ..........................................................................................................................................................115 2.11.3 哈希運(yùn)算 ..............................................................................................................................................................115 消息的完整性和哈希運(yùn)算算法 ..............................................................................................................................115 數(shù)字簽名 ..................................................................................................................................................................116 數(shù)字信封 ..................................................................................................................................................................117 2.11.4 加密系統(tǒng)的應(yīng)用 ..................................................................................................................................................117 IP 安全協(xié)議 .............................................................................................................................................................118 安全多功能互聯(lián)網(wǎng)郵件擴(kuò)展協(xié)議 ..........................................................................................................................118 2.12 密鑰管理...........................................................................................................................................................................118 2.12.1 證書(shū) ......................................................................................................................................................................118 2.12.2 公鑰基礎(chǔ)設(shè)施 ......................................................................................................................................................119 PKI 加密 ..................................................................................................................................................................119 2.13 監(jiān)控和日志記錄...............................................................................................................................................................119 2.13.1 監(jiān)控 ......................................................................................................................................................................120 2.13.2 日志記錄 ..............................................................................................................................................................120 2.13.3 隱私和安全日志記錄 ..........................................................................................................................................121 2.14 身份和訪問(wèn)管理 ..............................................................................................................................................................122 2.14.1 系統(tǒng)訪問(wèn)權(quán)限 ......................................................................................................................................................122 2.14.2 強(qiáng)制和自主訪問(wèn)控制 ..........................................................................................................................................123 2.14.3 信息安全和外部相關(guān)方 ......................................................................................................................................124 識(shí)別與外部各方相關(guān)的風(fēng)險(xiǎn)..................................................................................................................................124 滿(mǎn)足與客戶(hù)相關(guān)的安全要求..................................................................................................................................125 滿(mǎn)足第三方協(xié)議中的安全要求..............................................................................................................................125 人力資源安全和第三方 ................................................................................................................................127 篩選 ................................................................................................................................................................128 訪問(wèn)權(quán)限的取消 ............................................................................................................................................128 第 3 章: 數(shù)據(jù)生命周期 .......................................................................................................................131 概述..........................................................................................................................................................132 領(lǐng)域 3:考試內(nèi)容大綱.......................................................................................................................................................................132 學(xué)習(xí)目標(biāo)/任務(wù)說(shuō)明.............................................................................................................................................................................132 深造學(xué)習(xí)參考資料..............................................................................................................................................................................133 A 部分:數(shù)據(jù)目的 ..................................................................................................................................137 3.1 數(shù)據(jù)清單和分類(lèi) ................................................................................................................................................................140 3.1.1 數(shù)據(jù)清單 ................................................................................................................................................................140 創(chuàng)建數(shù)據(jù)清單..........................................................................................................................................................141 計(jì)劃 ................................................................................................................................................................141 決定 ................................................................................................................................................................141 填充 ................................................................................................................................................................142 發(fā)布 ................................................................................................................................................................142 3.1.2 數(shù)據(jù)分類(lèi) ................................................................................................................................................................142 3.2 數(shù)據(jù)質(zhì)量 ............................................................................................................................................................................143 3.2.1 數(shù)據(jù)質(zhì)量維度 ........................................................................................................................................................143 3.3 數(shù)據(jù)流和使用圖 ................................................................................................................................................................145 3.3.1 數(shù)據(jù)血緣 ................................................................................................................................................................147 3.4 數(shù)據(jù)使用限制 ....................................................................................................................................................................147 3.5 數(shù)據(jù)分析 ............................................................................................................................................................................148 3.5.1 用戶(hù)行為分析 ........................................................................................................................................................149 B 部分:數(shù)據(jù)持久化 ..............................................................................................................................150 3.6 數(shù)據(jù)最小化 ........................................................................................................................................................................151 3.7 數(shù)據(jù)遷移 ............................................................................................................................................................................152 3.7.1 數(shù)據(jù)轉(zhuǎn)換 ................................................................................................................................................................152 3.7.2 完善遷移方案 ........................................................................................................................................................153 回退(回滾)方案..................................................................................................................................................154 3.7.3 數(shù)據(jù)遷移后 ............................................................................................................................................................154 3.8 數(shù)據(jù)存儲(chǔ) ............................................................................................................................................................................155 3.9 數(shù)據(jù)倉(cāng)庫(kù) ............................................................................................................................................................................156 3.9.1 提取、轉(zhuǎn)換、加載 ................................................................................................................................................156 分級(jí)層......................................................................................................................................................................157 表示層......................................................................................................................................................................157 3.9.2 其他注意事項(xiàng) ........................................................................................................................................................157 3.10 數(shù)據(jù)保留和歸檔 ..............................................................................................................................................................157 3.11 數(shù)據(jù)銷(xiāo)毀...........................................................................................................................................................................158 3.11.1 數(shù)據(jù)匿名化 ..........................................................................................................................................................159 3.11.2 刪除 ......................................................................................................................................................................159 3.11.3 加密粉碎 ..............................................................................................................................................................159 3.11.4 消磁 ......................................................................................................................................................................159 3.11.5 銷(xiāo)毀 ......................................................................................................................................................................159 附錄 A:CDPSE 考試常規(guī)信息 ...................................................................................161 認(rèn)證要求..............................................................................................................................................................................................161 成功完成 CDPSE 考試.......................................................................................................................................................................161 數(shù)據(jù)隱私經(jīng)驗(yàn)......................................................................................................................................................................................161 考試介紹..............................................................................................................................................................................................161 報(bào)名參加 CDPSE 考試.......................................................................................................................................................................161 CDPSE 計(jì)劃再次通過(guò) ISO/IEC 17024:2012 認(rèn)證 ..........................................................................................................................162 預(yù)約安排考試日期..............................................................................................................................................................................162 考試入場(chǎng)..............................................................................................................................................................................................162 安排時(shí)間 ....................................................................................................................................................................................163 考試評(píng)分 ....................................................................................................................................................................................163 附錄 B:CDPSE 工作實(shí)務(wù) ...........................................................................................165 詞匯表 ...................................................................................................................................169
你還可能感興趣
我要評(píng)論
|