A healthcare organization is developing a new patient portal system. The CISO has instructed the project team to follow a proactive rather than reactive approach to data protection throughout the development lifecycle. Which approach best demonstrates the principle the CISO is emphasizing?
Conducting a comprehensive data flow assessment during the requirements phase to identify potential risks before architecture decisions are made
Implementing strong encryption protocols after the system architecture has been finalized
Creating detailed compliance documentation that will be reviewed by legal counsel before system deployment
Adding detailed audit logging capabilities to track user activities once the system goes live
The CISO is emphasizing the Privacy by Design principle, which was developed by Dr. Ann Cavoukian and is now considered a global standard for protection. It advocates for incorporating data protection measures into the design and architecture of systems from the beginning, rather than adding them later as a reaction to problems.
The correct answer involves conducting a data flow assessment during the requirements phase, which allows the team to systematically analyze how personal information will be collected, used, shared, and maintained before any technical decisions are made. This proactive approach helps identify and mitigate risks early, embedding protection into the system architecture itself.
The other options represent reactive approaches that address concerns after design decisions have been made, focus only on compliance documentation without addressing architectural considerations, or implement technical controls without considering broader implications of data handling throughout the entire system lifecycle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Privacy by Design (PbD)?
Open an interactive chat with Bash
What is a data flow assessment, and why is it important?
Open an interactive chat with Bash
How does proactive data protection differ from reactive approaches?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .