Sep 16 in πββοΈ Practice Questions
Confused by this study question
I can't logically see how Chris' organization is a data processor though. Am i missing something?
******
Chris has recently been hired into a new organization. The organization that Chris belongs to uses the following classification process.
- Criteria are set for classifying data.
- Data owners are established for each type of data.
- Data is classified.
- Required controls are selected for each classification.
- Baseline security standards are selected for the organization.
- Controls are scoped and tailored.
- Controls are applied and enforced.
- Access is granted and managed.
If Chris's company operates in the European Union and has been contracted to handle the data for a third party, what role is his company operating in when it uses this process to classify and handle data?
Business owners
A
Mission owners
B
Data processors
C
Data administrators
D
That wasn't the right answer. You selected "D", but the correct answer is "C"
Explanation:
Third-party organizations that process personal data on behalf of a data controller are known as data processors. The organization that they are contracting with would act in the role of the business or mission owners, and others within Chris's organization would have the role of data administrators, granting access as needed to the data based on their operational procedures and data classification.
0
3 comments
Confused by this study question
skool.com/cissp
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+78
2
+45
3
+40
4
+39
5
+32
powered by