InterviewStack.io LogoInterviewStack.io
🛡️

Security Governance, Risk & Privacy Topics

Governance, compliance frameworks, regulatory requirements, compliance implementation, and compliance-driven risk management. Covers compliance frameworks (SOX, GDPR, HIPAA, FCPA, etc.), regulatory interpretation, compliance control design, audit and control effectiveness evaluation, and compliance process management. For operational security implementation and technical threat mitigation, see Security Engineering & Operations.

Data Classification and Sensitivity Handling

Classifying data by sensitivity and applying controls proportionate to that classification: identifying personal, sensitive, and special-category data and tagging it through its lifecycle. Covers classification schemes, labeling, and how classification drives access, encryption, and retention decisions. Includes assessing the impact of a given data type on privacy and security risk.

3 questions

Privacy-Preserving Analytics and Experimentation

Doing measurement and data science without over-collecting or exposing individuals: privacy-preserving experiment design, aggregate and on-device measurement, and privacy-respecting attribution. Covers techniques for analytics and A/B testing that limit personal-data use and honor consent. Includes reconciling measurement quality with privacy constraints.

9 questions

Privacy-Enhancing Technologies and Anonymization

Technical safeguards that reduce identifiability: anonymization, pseudonymization, tokenization, differential privacy, and related privacy-enhancing technologies. Covers the difference between anonymized and pseudonymized data, re-identification risk, and when each technique is appropriate. Includes evaluating the privacy-utility tradeoff of a given technical control.

3 questions

Global Privacy Regulations and Data Protection Frameworks

The landscape of privacy and data protection law and how core frameworks fit together: controllers vs processors, personal vs sensitive data, lawful processing, and cross-framework concepts. Covers foundational privacy terminology and how to reason about which regimes apply to a given data flow. Serves as the orientation layer beneath the regulation-specific topics.

40 questions

GDPR Principles and Compliance

The General Data Protection Regulation in depth: the six lawful bases, data subject rights, accountability and records obligations, DPO requirements, and enforcement and fines. Covers how GDPR principles translate into concrete engineering and product controls. Includes controller and processor obligations and demonstrating compliance.

1 questions

Compliance and Privacy Metrics, Monitoring and Reporting

Measuring, monitoring, and reporting the health and effectiveness of security, compliance, and privacy programs. Covers defining KPIs and KRIs and privacy metrics, building dashboards, continuous control and posture monitoring in production, tracking control coverage and maturity over time, gap analysis against requirements, and reporting outcomes to management and boards. Focuses on quantifying and evidencing program effectiveness rather than communicating individual risks.

0 questions

Data Inventory, Mapping and Records of Processing

Knowing what personal data exists and how it flows: data mapping, personal-data inventories, and records of processing activities (RoPA). Covers building and maintaining data flow diagrams, cataloging processing purposes and recipients, and keeping documentation current. Includes the processing concepts and recordkeeping that underpin most other compliance work.

0 questions

Data Minimization and Retention

Collecting and keeping only what is necessary: data minimization at collection, purpose limitation, and retention scheduling with automated deletion. Covers defining retention periods, enforcing them technically, and defensibly disposing of data. Includes balancing operational or analytics needs against minimization obligations.

0 questions

Privacy and Security Alignment

The relationship between privacy and security: how they overlap and differ, and how access control, least privilege, encryption, and other security controls serve privacy goals. Covers aligning privacy and security programs and reasoning about safeguards that protect personal data at scale. Includes distinguishing a privacy failure from a security failure.

0 questions
Page 1/2