IAPP Privacy Certification



Similar documents
I. Introduction to Privacy: Common Principles and Approaches

IT Privacy Certification

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

Cloud Security Trust Cisco to Protect Your Data

Maximum Global Business Online Privacy Statement

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Office 365 Data Processing Agreement with Model Clauses

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

PII Compliance Guidelines

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

05.0 Application Development

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Copyright 2014 Nymity Inc. All Rights Reserved.

PRIVACY MANAGEMENT ACTIVITIES

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

IBX Business Network Platform Information Security Controls Document Classification [Public]

Information security controls. Briefing for clients on Experian information security controls

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

External Supplier Control Requirements

DentalTek Privacy Statement

Security Information & Policies

Privacy Statement. What Personal Information We Collect. Australia

FINRA Publishes its 2015 Report on Cybersecurity Practices

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

Critical Controls for Cyber Security.

RezScore SM Privacy Policy

INCIDENT RESPONSE CHECKLIST

The Protection Mission a constant endeavor

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Certified Information Systems Auditor (CISA)

The Anti-Corruption Compliance Platform

tell you about products and services and provide information to our third party marketing partners, subject to this policy;

Data Processing Agreement for Oracle Cloud Services

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Website Privacy Policy Statement

ESTRO PRIVACY AND DATA SECURITY NOTICE

(Instructor-led; 3 Days)

Passing PCI Compliance How to Address the Application Security Mandates

Accountability in Cloud Computing An Introduction to the Issues, Approaches, and Tools

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

Security Controls What Works. Southside Virginia Community College: Security Awareness

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

Chapter 1 The Principles of Auditing 1

The Next Generation of Security Leaders

ISO 27002:2013 Version Change Summary

Privacy + Security + Integrity

M&T BANK CANADIAN PRIVACY POLICY

SERENA SOFTWARE Serena Service Manager Security

Administrative Improvements. Administrative Improvements. Scoping Guidance. Clarifications for Segmentation

Intel Enhanced Data Security Assessment Form

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Protecting Your Organisation from Targeted Cyber Intrusion

Using AWS in the context of Australian Privacy Considerations October 2015

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Citrix Solutions for Complying with PCI-DSS ENSURING PROTECTION OF WEB APPLICATIONS AND PRIVACY OF CARDHOLDER INFORMATION

Online Lead Generation: Data Security Best Practices

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

Information Security Basic Concepts

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

FormFire Application and IT Security. White Paper

THE BLUENOSE SECURITY FRAMEWORK

Security Overview. BlackBerry Corporate Infrastructure

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Cloud Computing: Legal Risks and Best Practices

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Clever Security Overview

CyberEdge Insurance Proposal Form

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Newcastle University Information Security Procedures Version 3

MyNextConsultant.com Privacy Policy. Last updated: October 01, 2013

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Acquia Comments on EU Recommendations for Data Processing in the Cloud

ISO 27001: Information Security and the Road to Certification

Copyright Telerad Tech RADSpa. HIPAA Compliance

WebEx Security Overview Security Documentation

Security + Certification (ITSY 1076) Syllabus

Security Considerations

Critical Privacy Questions to Ask an HCM/CRM SaaS Provider

CTS2134 Introduction to Networking. Module Network Security

Iowa Student Loan Online Privacy Statement

Transcription:

IAPP Privacy Certification Program Introduction to the Certification Foundation copyright 2011, IAPP Overview Each candidate who seeks an IAPP privacy certification for the very first time must complete the Certification Foundation, an elective course and mandatory exam that cover elementary concepts of privacy and data protection from a global perspective. Certification Foundation describes the fundamental definitions and standards frameworks for privacy and data protection and takes an international view in outlining all of the different data protection models in force today. Detailed coverage of national privacy and data protection laws and regulations is provided separately under the individual certification programs (CIPP, CIPP/G, CIPP/C and CIPP/IT). These individual programs may be selected by each student based upon professional objective. The Certification Foundation program also addresses two general practice concentrations: (1) Information security; and, (2) Online privacy. These subject matter areas have no geographic boundaries and thus are relevant to all privacy professionals irrespective of jurisdiction, practice or industry. Existing IAPP-certified professionals (CIPP, CIPP/G, CIPP/C or CIPP/IT credential holders) are not required to complete the Certification Foundation examination; however, if they seek an additional IAPP certification over time, they must successfully complete the corresponding examination for that certification of choice. It is important to note that Certification Foundation is not itself an IAPP credential; rather, it is the necessary first step in the path toward an IAPP credential. It consists of a course of instruction and a timed examination: Certification Foundation Training Workshop (five hours) is optional for all certification candidates, open to all certification candidates and held as a single class at select events; Certification Foundation Examination (two hours) is required of all certification candidates and is held as a single class at select events. It is the first of two requirements that candidates must satisfy in order to achieve any IAPP certification (the second requirement being successful completion of a single certification examination of the candidate s choosing). 1

Who Should Apply copyright 2011, IAPP ALL first-time candidates seeking an IAPP certification for the very first time Please note that existing IAPP-certified professionals (CIPP, CIPP/G, CIPP/C or CIPP/IT credential holders) need not apply for Certification Foundation as they are grandfathered in to the course requirements by virtue of their current designation. Course Format The Certification Foundation course is designed to provide the basis for a multi-faceted approach to privacy and data protection and to allow for the specific application of IAPP privacy certifications (presently CIPP, CIPP/G, CIPP/C and CIPP/IT) to build upon this foundation with minimal repetition. The Certification Foundation course components are: I. Introduction to Privacy: Common Principles and Approaches II. Information Security: Safeguarding Personal Information III. Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies All first-time candidates for IAPP certification must complete and pass the Certification Foundation Examination: a two-hour, three-part, 120-item objective test offered by the IAPP. This examination covers each of the three course components that are identified above and described in further detail on the following pages. Successful completion of the Foundation Exam is defined as an individual, aggregate score of 84 points (70%) or greater. Candidates for IAPP certification may take the Foundation Examination in sequence with the certification examination of their choice or, at separate testing dates and locations according to the testing schedule published regularly by the IAPP and available for review at www.privacyassociation.org. Course References The following publications (with specific chapters and page numbers identified) are highly recommended for Certification Foundation course and exam preparation: Chapters I, II (pages 28-50 and 81-105 only), IV, V and VI of Information Privacy: Official Reference for the Certified Information Privacy Professional ( CIPP ) by Peter P. Swire, CIPP and Sol Bermann, CIPP (IAPP, 2007). ISBN #978-0-9795901-0-8. Available through the IAPP Certification Reference Library. Chapters I, VIII and IX from The IAPP Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk by Margaret P. Eisenhauer, Esq., CIPP (IAPP, 2008). ISBN #978-0-9795901-2-2. Available through the IAPP Certification Reference Library. Training workshops for students of Certification Foundation are provided by the IAPP in both live classroom settings and as DVD courseware packages. More information on scheduling and purchasing is available at www.privacyassociation.org/certification. 2

IAPP Privacy Certification copyright 2011, IAPP Outline for the Certification Foundation Course and Examination I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal ii. General and organizational 1. Financial 2. Human resources 3. Operational 4. Intellectual property ( IP ) 5. Information products and services d. Elements of personal information i. Data subjects ii. Personal data (E.U.) iii. Personally identifiable information (U.S.) iv. Sensitive personal information e. Processing of personal data i. Data controller ii. Data processor iii. Data protection authority ( DPA ) f. Privacy policy and notice i. Consent and choice 3

copyright 2011, IAPP B. Information Risk Management a. Privacy s impact on organizational risk i. Main drivers and challenges ii. Common processes iii. Potential outcomes b. Information lifecycle principles i. Collection ii. Use and retention iii. Disclosure iv. Management and administration v. Monitoring and enforcement c. Privacy impact assessments ( PIA ) C. Modern Privacy Principles a. Foundational principles i. U.S. fair information practices ii. The Organization of Economic Cooperation and Development ( OECD ) Guidelines Governing the Protection of Privacy and Trans-border Data Flows of Personal Data (1980) iii. The Asia Pacific Economic Cooperation ( APEC ) privacy principles b. Historical timeline of principles frameworks c. Common themes among principles frameworks D. Privacy and Data Protection Regulation a. Global perspectives i. Countries with national data protection laws in force ii. Countries with emerging privacy or data protection laws iii. Sector-based and contextual privacy laws iv. Contrast in regulatory approaches: E.U. and U.S. b. United States i. Federal privacy laws ii. State privacy laws c. Europe i. The European Union ( EU ) Data Protection Directive (95/46/EC) 1. Applicability 2. Core principles 3. Data processing 4. Data transfers a. Adequacy b. Binding corporate rules ( BCRS ) c. Model contracts ii. The E.U. eprivacy Directive (2002/58/EC) iii. The Article 29 Working Party iv. Employment data v. E.U.-U.S. safe harbor agreement 1. Program components 2. Privacy principles 3. Compliance and enforcement 4

copyright 2011, IAPP d. Other national data protection regimes i. Canada 1. The Privacy Act of 1983 2. The Personal Information Protection and Electronic Documents Act of 2000 ( PIPEDA ) ii. Asia Pacific region 1. Japan a. Law Concerning the Protection of Personal Information (2003) b. Data transfer requirements 2. Australia a. The Privacy Act of 2001 iii. Latin America 1. Habeas data II. Information Security: Safeguarding Personal Information A. Introduction to Information Security a. Privacy and information security in context i. Definitions ii. Confidentiality, integrity and availability iii. Common issues and challenges b. Information security needs and principles i. Segregation of duties ii. Access privileges c. Information security standards i. ISO 27001 ii. ISO 27002 1. Security clauses d. Information security threats and vulnerabilities i. Threat agents and origins ii. SysAdmin Audit and Network Security (SANS) Top 20 Security Risks iii. Malware iv. Phishing v. Social engineering B. Information Security Management a. Building an infosecurity framework i. Process components ii. Industry standards iii. Organizational policy b. Infosecurity compliance i. Legal requirements c. Common information security controls i. Access control policy and responsibility ii. Access control types 1. Preventative 2. Detective 3. Corrective 5

copyright 2011, IAPP iii. Access control placement 1. Network 2. Operating system 3. Application layer 4. Mobile computing and teleworking iv. Cryptography 1. General concepts of shared and public key cryptography a. Public key infrastructure ( PKI ) 2. Encryption 3. Decryption 4. Non-repudiation 5. Other uses a. Digital signatures b. Certifications v. Identity and access management ( IAM ) 1. Authentication 2. Authorization vi. Other controls 1. Networks a. Firewalls b. Intrusion detection systems ( IDS ) c. Intrusion prevention systems ( IPS ) d. Data loss and data leakage protection 2. Financial transactions a. Payment Card Industry ( PCI ) Data Security Standard ( DSS ) d. Information security governance i. Internal to organization ii. External parties iii. Asset management 1. Inventory of assets 2. Information classification iv. Human resources security 1. Pre-employment 2. Change of employment v. Physical and environmental security 1. Securing facilities 2. Equipment safety vi. Communications and operations management 1. Management of third party service delivery 2. System monitoring a. System and end user 3. Back up media a. Handling b. Transfer of information 4. Online security and monitoring vii. Incident management 1. Reporting events and weaknesses 2. Managing incidents and improvements 3. Business continuity 6

viii. ix. The information security program 1. The information security management system ( ISMS ) 2. Program improvement 3. Management review 4. Program assessments a. Internal audits b. External / third-party audits Vendor management 1. Due diligence and qualification 2. Contract management copyright 2011, IAPP III. Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies A. The Web as a Platform a. Standard Web protocols i. Internet Protocol ( IP ) ii. Hypertext Transfer Protocol ( HTTP ) and secure-http iii. Hypertext Transfer Protocol-Secure ( HTTPS ) iv. Internet proxies and caches v. Web server logs vi. Transport layer security ( TLS ) vii. Secure Sockets Layer ( SSL ) B. Privacy Considerations for Sensitive Online Information a. Threats to online privacy i. Cross-site scripting ( XSS ) b. Online privacy notices and methods for communication i. Web site privacy statement 1. Location at / link from all points of data collection 2. Sample language 3. Machine-readable policy formats a. Platform for Privacy Preferences Project ( P3P ) c. Data subject access and redress d. Online security e. Web site user authentication f. Children s online privacy g. Active versus passive data collection i. Web forms h. Online identification mechanisms i. Cookies 1. First party and third party 2. Common use cases 3. Industry best practices ii. Web beacons i. Privacy and electronic mail i. Commercial email 1. Best practices and standards for privacy protection 2. Unsolicited commercial email ( spam ) 7

copyright 2011, IAPP j. Online marketing and advertising i. Search engine marketing ( SEM ) ii. Online behavioral marketing ( OBM ) k. Online social media i. Social networking services ii. Instant messaging l. Online assurance i. Trust seal and dispute resolution programs ii. Self-regulatory frameworks 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information