Exam CISM topic 1 question 83 discussion

How can you conduct a PIA before you know the vulnerability?

How can you conduct a PIA before you know the vulnerability?

Conducting a privacy impact assessment (PIA) is a crucial initial step to identify and assess the potential privacy risks and impacts associated with the processing of personal data on the human resources management system. A PIA helps organizations understand the privacy implications of their data processing activities and ensures that adequate security measures are implemented to protect personal information. While other options such as conducting a vulnerability assessment (Option A), evaluating data encryption technologies (Option D), and considering network segmentation (Option B) are important aspects of securing personal data, conducting a PIA is a fundamental and proactive measure to address privacy concerns and compliance requirements from the outset.

would say c

C. Conduct a privacy impact assessment (PIA). A privacy impact assessment (PIA) is a crucial initial step in understanding the potential risks and privacy implications of processing personal data. It helps identify and assess privacy risks associated with the system, including how personal data is collected, used, stored, and shared. This assessment informs the development of appropriate security measures. After conducting a PIA, you can then proceed with other security measures such as conducting a vulnerability assessment (A), evaluating data encryption technologies (D), and considering network segmentation (B) to enhance the security of the system. However, understanding the privacy risks and requirements through a PIA is essential for making informed decisions about the security measures that need to be implemented.

Answer C: First need to identify what are the PII / Sensitive / Confidential informations captured in HRMS. Assessment is required to do that

PIA is on C now

Conduct a privacy impact assessment (PIA).

PIA first, which gives IS manager the input of the data senstivity level so to determine the assessment methdologies & security controls required.

A. Conduct a vulnerability assessment.