ISACA CDPSE certification exam: Overview of domains
Today, about 22 billion internet-connected devices are active worldwide, a number expected to jump up to 50 billion by 2030. These devices can be easily accessed and used by their owners. Still, they are an opportunity for cybercriminals to find new ways to hack into corporate systems to obtain sensitive organizational and customer data.
Evolutions in technology like these, especially the "anywhere at any time" accessibility of applications and systems that enable businesses and organizations to achieve new productivity levels, require new techniques and trained professionals to properly secure them. However, with a long-standing cybersecurity skills gap, it is no surprise that many organizations are struggling to find the right professionals with the right mix of knowledge of privacy policies, security and access controls, and technical acumen.
While this is a risk for organizations, this is also a great opportunity for IT professionals, new and experienced, to obtain the skills and credentials needed to perform these vital tasks and accelerate their careers.
And this is exactly where one of ISACA's latest credentials, the Certified Data Privacy Solutions Engineer (CDPSE) certification fits. This certification stands alone in its ability to formally certify that a professional has the experience and technical skills needed to enable an organization to enhance their privacy posture with the necessary technology platforms and products, ultimately providing more protection to their customers' data.
The ISACA CDPSE certification acknowledges that privacy and security require the collaboration of business functions and systems that run across an enterprise. This enables CDPSE credential holders with the knowledge needed to work with legal teams, policy professionals, system and network engineers, developers, executives, and end-users to plan, develop and maintain privacy programs.
Therefore, they must demonstrate competency in the three CPSE knowledge domains for those interested in pursuing this certification. This article will introduce them, explain the specific features of each, and take you through the information you can expect to see in the CDPSE exam domains.
CDPSE domain overview
Whether you are early in your IT career or are an experienced professional looking to strengthen your understanding of the intersection of privacy with IT applications and systems, the ISACA CDPSE domains offer a natural progression for those looking to be leaders in this space. In other words, as ISACA notes, the CDPSE knowledge domains confirm that an IT professional knows how to implement and manage the technology that "stores, collects and transports PII, as well as ensuring that privacy is considered in the design."
In practice, the ISACA CDPSE domains require an IT professional to demonstrate experience in the three domains, each with their own respective emphasis:
- Privacy governance (34%)
- Privacy architecture (36%)
- Data lifecycle (30%)
Domain 1: Privacy governance
The first domain, which covers 34% of the material within the CDPSE knowledge domains, includes privacy governance. This domain touches on the concepts of governance and management of a privacy program and how to perform risk management.
According to the official description of the ISACA CDPSE domain, upon passing the exam, an IT professional will be skilled in how to:
- Identify the internal and external privacy requirements specific to the organization's governance and risk management programs and practices.
- Participate in evaluating privacy policies, programs, and policies to align with legal requirements, regulatory requirements or industry best practices.
- Coordinate or perform privacy impact assessments (PIA) and privacy-focused evaluations.
- Participate in the development of procedures that align with privacy policies and business needs.
- Implement procedures that align with privacy policies.
- Participate in managing and evaluating contracts, service levels and practices of vendors and other external parties.
- Participate in the privacy incident management process.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Develop or implement a prioritization process for privacy practices.
- Develop, monitor or report performance metrics and trends related to privacy practices.
- Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
- Participate in privacy training and promote awareness of privacy practices.
- Identify issues requiring remediation and opportunities for process improvement.
Domain 2: Privacy architecture
The second domain, which includes 36% of the material within the CDPSE knowledge domains, is privacy architecture. In particular, this domain touches on how software, hardware and other enterprise technologies, and the professionals that manage them, can work together to create a privacy architecture for an organization. This domain also includes the technical privacy controls that need to be in place to protect data privacy and evaluate how well they are applied.
According to the official description of the ISACA CDPSE domain, upon passing the exam, an IT professional will be skilled in how to:
- Coordinate or perform privacy impact assessment (PIA) and other privacy-focused assessments to identify appropriate tracking technologies and technical privacy controls.
- Participate in the development of privacy control procedures that align with privacy policies and business needs.
- Implement procedures related to privacy architecture that aligns with privacy policies.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and considerations.
- Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
- Identify, validate or implement appropriate privacy and security controls according to data classification procedures.
Domain 3: Data lifecycle (data purpose and data persistence)
The third domain, which covers the remaining 30% of the concepts of the required CDPSE knowledge domains, includes the components of the data lifecycle. This domain area applies data privacy controls and best practices to each phase of the data lifecycle, including when it is stored within an organization and how to evaluate how well data is protected.
According to the official description of the ISACA CDPSE domain, upon passing the exam, an IT professional will be skilled in how to:
- Identify the internal and external privacy requirements relating to the organization's data lifecycle practices.
- Coordinate or perform privacy impact assessments (PIA) and other privacy-focused assessments relating to the organization's data lifecycle practices.
- Participate in the development of data lifecycle procedures that align with privacy policies and business needs.
- Implement procedures related to the data lifecycle that aligns with privacy policies.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications, and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and data lifecycle considerations.
- Identify, validate or implement appropriate privacy and security controls according to data classification procedures.
- Design, implement or monitor processes and procedures to keep the inventory and data flow records current.
Take the next step pursuing the CDPSE
Whether you are just beginning your CDPSE journey or you are preparing to take the exam, you are taking an essential step toward helping organizations better protect their data and their users' privacy from rapidly growing cyberthreats. Achieving this ISACA privacy certification means you understand the multi-disciplinary way an organization must think about implementing data privacy and the nuances of secure software and hardware design to apply defense in depth.
If you are ready to learn more about the CDPSE certification and how best to prepare for the exam, you should check out the Infosec Institute's CDPSE Boot Camp and get started.
Sources
- Certified Data Privacy Solutions Engineer (CDPSE) Boot Camp, InfoSec Institute
- Certified Data Privacy Solutions Engineer Overview, ISACA
- Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development, ThreatPost
- Number of internet of things (IoT) connected devices worldwide in 2018, 2025 and 2030, Statista