Isaca Exam CDPSE Topic 3 Question 38 Discussion

Actual exam question for Isaca's Certified Data Privacy Solutions Engineer exam

Question #: 38
Topic #: 3

[All Certified Data Privacy Solutions Engineer Questions]

Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?

ARead-only access

BLeast privilege

CSegregation of duties

DData minimization

Show Suggested Answer

Suggested Answer: B

The principle of least privilege is the most important principle to apply when granting access to an ERP system that contains a significant amount of personal dat

a. The principle of least privilege states that users should only have the minimum level of access and permissions necessary to perform their legitimate tasks and functions, and no more. Applying the principle of least privilege helps to protect the privacy and security of the personal data in the ERP system, as it reduces the risk of unauthorized or inappropriate access, disclosure, modification, or deletion of the data. It also helps to comply with the privacy laws and regulations, such as the GDPR, that require data controllers and processors to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

by Jess at Apr 11, 2024, 10:12 PM

Limited Time Offer

25%

Off

Get Premium CDPSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Stephanie

2 days ago

I think the most important principle is least privilege.

upvoted 0 times

...

Horace

24 days ago

You know what they say, 'with great power comes great responsibility.' That's why I'm leaning towards Least Privilege. Let's give people just enough access to get their jobs done, and no more.

upvoted 0 times

...

Sherell

26 days ago

Ooh, good point. Segregation of Duties is definitely up there. Can't have one person controlling everything, that's just asking for trouble. Although, I still think Least Privilege is the way to go.

upvoted 0 times

...

Armanda

27 days ago

Hmm, I don't know. Segregation of Duties seems pretty important too. We gotta make sure no one person has too much power over the system, you know? Checks and balances and all that.

upvoted 0 times

...

Inocencia

28 days ago

Data Minimization, huh? I like the way you think. Less data to worry about means less risk of a breach. Plus, it's just good privacy practice. I'm going with that one.

upvoted 0 times

Carla

6 days ago

In the end, it's important to consider all these principles when granting access to sensitive data.

upvoted 0 times

...

Stephaine

7 days ago

You're right, separating duties can help maintain accountability and prevent misuse of data.

upvoted 0 times

...

Brett

8 days ago

But segregation of duties is also important to prevent conflicts of interest and fraud.

upvoted 0 times

...

Bette

9 days ago

True, giving users only the access they need reduces the risk of unauthorized actions.

upvoted 0 times

...

Louann

10 days ago

I think least privilege is also crucial in granting access to an ERP system.

upvoted 0 times

...

Myra

11 days ago

I agree, less data means less risk of a breach. It's a good practice for privacy.

upvoted 0 times

...

Thomasena

12 days ago

Data minimization is definitely important when it comes to personal data in an ERP system.

upvoted 0 times

...

Alpha

1 months ago

I agree, Least Privilege is key. But I also think Data Minimization is crucial. We should only be collecting and storing the personal data that's absolutely necessary. Anything else is just asking for trouble down the line.

upvoted 0 times

...

Portia

1 months ago

Hmm, this is a tough one. I'd say Least Privilege is the most important principle here. We need to make sure users only have access to the bare minimum they need to do their jobs. Anything more could be a security nightmare waiting to happen.

upvoted 0 times

...