(ISC)2(ISC)2
CGRC · Question #225
CGRC Question #225: Real Exam Question with Answer & Explanation
Organizations conduct a Privacy Threshold Analysis (PTA) to determine if a system processes Personally Identifiable Information (PII) and if a detailed Privacy Impact Analysis (PIA) is required.
Scope of the System
Question
An organization conducts one of the following analyses to determine if their system processes personally identifiable information Response:
Options
- ARisk Assessment
- BBusiness Impact Analysis
- CPrivacy Threshold Analyes (PTA)
- DPrivacy Impact Analysis (PIA)
Explanation
Organizations conduct a Privacy Threshold Analysis (PTA) to determine if a system processes Personally Identifiable Information (PII) and if a detailed Privacy Impact Analysis (PIA) is required.
Common mistakes.
- A. A Risk Assessment identifies, analyzes, and evaluates risks to an organization, but it is a broader process not specifically focused on the initial determination of PII processing.
- B. A Business Impact Analysis (BIA) identifies critical business functions and the impact of their disruption, not whether a system handles PII.
- D. A Privacy Impact Analysis (PIA) is a detailed assessment of privacy risks and mitigation strategies for systems already determined to process PII, rather than the initial determination itself.
Concept tested. Privacy Threshold Analysis (PTA) purpose
Reference. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
#Privacy Threshold Analysis (PTA)#Personally Identifiable Information (PII)#Privacy Assessments#System Scoping
Community Discussion
No community discussion yet for this question.