Exam CIPM All QuestionsBrowse all questions from this exam
Go to Exam
Question 86

SCENARIO -

Please use the following to answer the next question:

Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the Society’s store had been hacked. The thefts could have been employee-related.

Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the “misunderstanding” has not occurred again.

As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters, however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of revenue are essential.

Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”

You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.

After conducting research, you discover a primary data protection issue with cloud computing. Which of the following should be your biggest concern?

    Correct Answer: B

    One of the primary concerns with cloud computing is the level of security and privacy controls implemented by the cloud provider. If the vendor is unwilling to provide detailed information about their security practices, it raises a significant red flag. Understanding how data will be protected, what measures are in place to prevent unauthorized access, and how the vendor will handle potential breaches is crucial. Transparency in security measures is fundamental to ensuring that customer data is properly protected. Without this information, it is difficult to assess whether the provider meets your organization's security and privacy requirements.

Discussion
emily0922Option: A

I suggest A, it is most linked to the CIA triad

MaritzTeeOption: B

In cloud computing, the level of security and privacy controls implemented by the cloud provider is crucial. If the vendor is unwilling to provide detailed information about their security practices, it raises a significant red flag. You need to understand how your data will be protected, what measures are in place to prevent unauthorized access, and how the vendor will handle potential breaches. Transparency from the cloud provider is essential to ensure they meet your organization's security and privacy requirements. The other options, while relevant, do not address the core issue of needing clear and reliable information about the vendor's security practices, which is fundamental to protecting customer data.

DPRamoneOption: D

D makes sense since I have no idea what an open programming model (A) is and neither does Google. Your average cloud provider lists an entire page of security and other certifications, and although they generally won't consent to an audit, they are quite forthcoming with their security measures.

katizetiOption: A

In my opinion A. Cloud computing involves the sharing of resources and data across multiple users and systems, which can create security vulnerabilities if not properly secured. An open programming model can make it easier for attackers to exploit these vulnerabilities and gain unauthorized access to sensitive data. The primary data protection issue with cloud computing that should be of biggest concern is an open programming model that results in easy access.

CockOption: D

D,Moving customer data to a data cloud introduces the risk of data loss if the data structures used by the cloud service provider are not resilient enough. Data loss can occur due to various reasons such as hardware failure, software bugs, natural disasters, or human errors. If the data structures in the cloud are not designed to handle such scenarios effectively, it could lead to the loss of critical customer data.

SsouravOption: B

B. An unwillingness of cloud vendor to provide security information. This is because if the cloud vendor is unwilling to provide security information, it raises concerns about the measures they have in place to protect the data and the organization's ability to assess and ensure the security of its customers' data.