exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 480 discussion

Actual exam question from ISC's CISSP
Question #: 480
Topic #: 1
[All CISSP Questions]

An organization is establishing a privacy program to ensure that personally identifiable information (PII) is properly protected. What is the FIRST action the organization should take to establish the program?

  • A. Appoint a senior official to oversee the privacy program.
  • B. Allocate sufficient resources to implement the privacy program.
  • C. Develop a strategic organizational privacy plan.
  • D. Monitor privacy laws and policy changes.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
user009
Highly Voted 1 year, 10 months ago
The FIRST action an organization should take to establish a privacy program to ensure that personally identifiable information (PII) is properly protected is to appoint a senior official to oversee the privacy program (Option A). The senior official should have the authority to implement and manage the privacy program across the organization. This person should have a clear understanding of the importance of privacy and the relevant laws and regulations that apply to the organization's operations. Appointing a senior official to oversee the privacy program demonstrates the organization's commitment to protecting personal information, and provides clear leadership and accountability for the privacy program.
upvoted 8 times
jackdryan
1 year, 7 months ago
A is correct
upvoted 2 times
...
...
JBAnalyst
Most Recent 6 months ago
Selected Answer: C
C, Developing a cohesive strategic plan will also encompass appointing a leader.
upvoted 1 times
...
CCNPWILL
6 months, 3 weeks ago
Selected Answer: A
Going with A. Thats more inline with senior management buy-in. Which is a MUST.
upvoted 1 times
...
GuardianAngel
10 months, 3 weeks ago
ANSWER: C. Develop a strategic organizational privacy plan. This link also has first step as develop a plan - no mention of appointing a CPO https://www.linkedin.com/pulse/six-steps-developing-robust-privacy-program/
upvoted 1 times
...
GuardianAngel
10 months, 3 weeks ago
ANSWER: C. Develop a strategic organizational privacy plan. There is no mention of appointing a senior official in the NIST publication; it only talks about creating a privacy plan and the safeguards for privacy. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-122.pdf#page=24&zoom=100,92,96 It does make sense to appoint someone to be the privacy officer, but if I can't find that in the documentation, I"m not using that answer on the test.
upvoted 1 times
...
YesPlease
1 year ago
Selected Answer: A
Answer A) Appoint a senior official to oversee the privacy program. my reasoning is based on "which came first, the chicken or egg" You need someone to lead and develop the program....if not, how are you going to come up with a strategy
upvoted 1 times
viewfirst01
9 months, 2 weeks ago
'someone' can't lead -C is correct - when strategically planned the best person gets that job
upvoted 2 times
...
...
Soleandheel
1 year ago
A. Appoint a senior official to oversee the privacy program. The first action an organization should take when establishing a privacy program is to appoint a senior official, such as a Chief Privacy Officer (CPO) or Data Protection Officer (DPO), to oversee the program. This individual will be responsible for ensuring that privacy policies and procedures are developed, implemented, and enforced throughout the organization. They play a crucial role in championing privacy initiatives, monitoring compliance with privacy laws and regulations, and acting as a point of contact for privacy-related matters. Once this senior official is in place, they can then proceed with allocating resources, developing a strategic plan, and monitoring privacy laws and policy changes as part of the broader privacy program.
upvoted 1 times
...
isaac592
1 year, 2 months ago
Selected Answer: C
This is what I found in NIST 800-122: To establish a comprehensive privacy program that addresses the range of privacy issues that organizations may face, organizations should take steps to establish policies and procedures that address all of the Fair Information Practices. Nothing mentioned about opt. A. Going with C.
upvoted 2 times
...
Meowson
1 year, 6 months ago
Why the answer is not C but A?
upvoted 1 times
...
emrys
1 year, 9 months ago
Selected Answer: A
Determining the session timeout requirement for an application based on its specific requirements is the best approach because it ensures that the timeout setting will be appropriate for the application's particular security and usability needs.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago