nerdexam
Isaca

CDPSE · Question #387

Which of the following is the MOST important course of action to establish an effective process for identifying and managing privacy risk across an organization?

The correct answer is D. Implement a risk management framework.. Implementing a risk management framework provides the overarching governance structure and methodology that makes all other privacy risk management activities effective and coordinated.

Privacy Governance

Question

Which of the following is the MOST important course of action to establish an effective process for identifying and managing privacy risk across an organization?

Options

  • ADocument risk management procedures.
  • BRaise privacy risk awareness within the organization.
  • CDevelop a privacy risk register.
  • DImplement a risk management framework.

How the community answered

(66 responses)
  • A
    5% (3)
  • B
    12% (8)
  • C
    17% (11)
  • D
    67% (44)

Why each option

Implementing a risk management framework provides the overarching governance structure and methodology that makes all other privacy risk management activities effective and coordinated.

ADocument risk management procedures.

Documenting risk management procedures is a component of a framework, not the framework itself, and alone does not provide the governance structure needed to manage risk effectively across the organization.

BRaise privacy risk awareness within the organization.

Raising awareness is an important supporting activity but is insufficient on its own without the governance, processes, and accountability structures that a framework provides.

CDevelop a privacy risk register.

A risk register is a useful tool for tracking identified risks, but it is an artifact produced within a framework, not the foundational process for managing risk.

DImplement a risk management framework.Correct

A risk management framework establishes the systematic processes, governance structures, roles, responsibilities, and criteria needed to identify, assess, and respond to privacy risks consistently across an organization. Without a framework, activities like maintaining a risk register or conducting awareness programs are ad hoc and disconnected from organizational strategy. The framework provides the foundation upon which all other privacy risk management tools and activities operate effectively.

Concept tested: Risk management framework as foundation for privacy governance

Source: https://www.nist.gov/privacy-framework

Topics

#Privacy risk management#Risk management framework#Privacy program establishment#Privacy governance

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice