Page 190 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 190
Information Security and Privacy
Notes (b) the organization is necessary by law to gather the information;
(c) the individual is physically or lawfully unable of giving consent to the compilation;
or physically not capable to converse his or her consent to the collection and gathering
the information is essential to prevent or lessen a serious and looming threat to the
life or health of the individual or another individual;
(d) gathering the information is necessary to establish, exercise or defend a legal or
equitable claim. Though, an agency may collect sensitive information regarding an
individual if:
(i) the compilation is essential for research, or the compilation or examination
of statistics, relevant to government funded targeted welfare or instructive
services; or is of information connecting to an individual’s racial or ethnic
origin and is for the reason of offering government funded targeted welfare
or educational services
(e) there is no other sensibly practicable alternative to gathering the information for
that reason, and
(f) it is unfeasible for the association to seek the individual’s approval to the
collection.
Self Assessment
Fill in the blanks
15. Access and correction is typically managed under the provisions of the ......................... .
16. A unique ......................... is typically a number allocated to an individual in order to identify
the person for the reasons of an agency’ operations.
12.10 Summary
Good metrics are those that are elegant, i.e. specific, quantifiable, attainable, repeatable,
and time reliant.
Metrics are tools intended to facilitate decision making and recover performance and
accountability during collection, analysis, and reporting of pertinent performance-
associated data.
Metrics can be an effectual tool for security executives to discern the efficiency of various
components of their protection programs, the security of a particular system, product or
process, and the aptitude of staff or departments inside an organization to address security
concerns for which they are accountable.
Metrics can also help recognize the level of risk in not taking a given action, and in that
way supply guidance in prioritizing counteractive actions.
Security matrix is used to concentrate measures where they are required, and to be aware
of what measures are being (purposely) abandoned.
Privacy can be explained as exercising power over what access others have to private
extent of us, like information privacy.
Privacy as a business concern or issue is tremendously sensitive to changes in the
surrounding context. Changes in people’s expectations or in authoritarian governance can
noticeably alter business issues and potentials.
184 LOVELY PROFESSIONAL UNIVERSITY
