Certified Information Privacy Technologist (CIPT) — Question 246

One difference between privacy threat modeling and information security threat modeling is?

Answer options

• A. Privacy threat modeling looks at threats to the individual while security threat modeling looks at threats to the organization.
• B. Security threat modeling is required by regulations such as the HIPAA Privacy Rule, but privacy threat modeling is not.
• C. Privacy threat modeling does not consider technical defects such as software vulnerabilities.
• D. Privacy threat modeling must consider insider threats, but security threat modeling does not.

Correct answer: A

Explanation

The correct answer is A because privacy threat modeling is centered on the risks faced by individuals, while security threat modeling deals with organizational threats. Option B is incorrect as privacy threat modeling may also be influenced by regulations. Option C misrepresents the scope of privacy threat modeling, which can consider technical issues. Option D is misleading since both models can consider insider threats depending on the context.