A healthcare organization is developing a new patient portal system. The CISO has instructed the project team to follow a proactive rather than reactive approach to data protection throughout the development lifecycle. Which approach best demonstrates the principle the CISO is emphasizing?
Adding detailed audit logging capabilities to track user activities once the system goes live
Conducting a comprehensive data flow assessment during the requirements phase to identify potential risks before architecture decisions are made
Implementing strong encryption protocols after the system architecture has been finalized
Creating detailed compliance documentation that will be reviewed by legal counsel before system deployment
The CISO is emphasizing the Privacy by Design principle, which was developed by Dr. Ann Cavoukian and is now considered a global standard for protection. It advocates for incorporating data protection measures into the design and architecture of systems from the beginning, rather than adding them later as a reaction to problems.
The correct answer involves conducting a data flow assessment during the requirements phase, which allows the team to systematically analyze how personal information will be collected, used, shared, and maintained before any technical decisions are made. This proactive approach helps identify and mitigate risks early, embedding protection into the system architecture itself.
The other options represent reactive approaches that address concerns after design decisions have been made, focus only on compliance documentation without addressing architectural considerations, or implement technical controls without considering broader implications of data handling throughout the entire system lifecycle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Privacy by Design?
Open an interactive chat with Bash
What is a data flow assessment?
Open an interactive chat with Bash
What are the advantages of a proactive approach to data protection?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access