A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?
I understand why you may think it should be NIST and not GDPR, however, I need to point out the fact that many seem to focus on the wrong keyword. I believe the right keyword here is "Data privacy and sharing" NOT "International"
NIST: is responsible for developing cybersecurity standards across U.S. Federal Government
GDPR is concerned MAINLY with data and its privacy, sharing, processing and everything that has to do with sensitive data.
This is my reasoning. Best of luck to you all. In stoneface we trust
The General Data Protection Regulation (GDPR) is a comprehensive data privacy regulation enacted by the European Union (EU) to protect the personal data and privacy of EU citizens. It sets strict standards for the collection, processing, and sharing of personal data, and applies to organizations that handle the data of EU residents, regardless of where the organization is located.
As a CISO creating a policy set that meets international standards for data privacy and sharing, understanding GDPR is essential, especially if the organization handles data of EU residents or has a global presence. GDPR's requirements and principles should inform the policies to ensure compliance with data protection laws and best practices related to data privacy and security.
I don't understand how European regulatory framework became the standard for Intertional framework ? The question mentioned nothing about Europe.
I will go with NIST which the true International Security Framework
National Institute of Standards and Technology - NIST Cybersecurity Framework: NIST provides a framework that organizations can use to manage and improve their cybersecurity posture. It includes guidelines and best practices for managing and protecting sensitive information
If an European company wants to transfer data to any other country, that country must abide by GDPR, even if GDPR doesn't apply to that country. So GDPR is enforcing a set of rules re data processing, ownership, sharing, types of data, how long they must be kept, etc.
The key here is "Which of the following should the CISO read and understand before writing the policies?"
If the CISO reads and understands GDPR which is a stringent European standard related to protecting personal data and privacy, it will provide the CISO useful information to write international policies.
ISO 31000: The ISO 31000 is an international standard for risk management. It provides a framework for organizations to identify, assess, and manage risks.
General Data Protection Regulation (GDPR) is a set of rules in the European Union. These rules specify that if data is collected on EU citizens, the data must be stored in the European Union.
Going with B here.
It is the only standard for data protection and privacy
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
david124
Highly Voted 1 year, 5 months agoApplebeesWaiter1122
Highly Voted 1 year, 11 months agocannon
Most Recent 1 year, 3 months agoLuckyAro
1 year, 6 months agoPaula77
1 year, 4 months agoTonying
1 year, 6 months agoJT4
1 year, 9 months agorline63
1 year, 9 months agodiscord42069
1 year, 9 months agosujon_london
1 year, 9 months agodiscord42069
1 year, 9 months agoccnaexam28
1 year, 11 months agoGamsje
1 year, 11 months agomtnews
1 year, 11 months ago