IAPP — TechExams Community https://community.infosecinstitute.com/ Thu, 21 Mar 2019 08:17:24 +0000 en IAPP — TechExams Community CIPP/E Advice https://community.infosecinstitute.com/discussion/129585/cipp-e-advice Mon, 16 Oct 2017 06:23:28 +0000 IAPP senwar 129585@/discussions
Unfortunately, I failed a resit of the above on Friday. My scores across the 3 Domain's were 83/59/83 and a score of 274.

I'm trying to find out how close I was, 1, 2, more questions? Obviously domain 2 is what has done me. But I'm a bit stumped.

There were a few ambiguous questions that threw me as well but to be that close is sickening.

Any thoughts/help appreciated? I passed the CIPM back in July and am desperate to get through the CIPP/E but the thought of paying out for a second resit (work sponsored the first one) due to the cost is holding me back - but I keep thinking I must have been so close to passing?]]>
IAPP CIPP/E GDPR Online Training- FWIW my opinion https://community.infosecinstitute.com/discussion/135106/iapp-cipp-e-gdpr-online-training-fwiw-my-opinion Mon, 18 Mar 2019 16:23:44 +0000 IAPP PTnomad 135106@/discussions I am a US Privacy Manager and work with GLBA Reg P notices and I failed this test with a 281. I spent way too much time studying all the European institutions and not enough time on the GDPR mistakenly thinking I'd be able to ascertain an answer based on my Privacy conceptual working experience. The test is all about small details in the GDPR and slight differentiators in the concepts of the law. Not sure if going into the weeds as much as is done is a worthwhile approach.

For anyone reading this:
This test is granular minutia, I scored 100% on the IAPP practice test and all the Quizzes contained in the IAPP's GDPR Online training about $1,000. I cannot recommend purchasing these items from the IAPP, in my opinion, there is very little correlation between the CIPP/E test, the online "training", and practice test sold by the IAPP. 

I am using these resources because the IAPP book which contends it's laid out by test domains but seems to be a compilation by various authors each with conceptual approaches that are different so it was not much help to me. My spouse, Graduate degree editor for online and other media medical procedures, for an international publisher also shares this opinion.

I downloaded this book and also ordered the paperback from them it took about 5 weeks to arrive. 
fra.europa.eu/en/publication/2018/handbook-european-data-protection-law

Alston Bird - alstongdprtracker.com/resources-webinars/ also has a lot of handy material like this "Pocket Guide" it's in Flash
files.alston.com/files/docs/GDPRPocketEditionFB/HTML/60-61/index.html

The European Data Protection Supervisor seems to be a good resource - edps.europa.eu/

Best regards to all.

]]>
IAPP CIPM exam Advice? https://community.infosecinstitute.com/discussion/131304/iapp-cipm-exam-advice Sat, 24 Feb 2018 11:23:05 +0000 IAPP slandry 131304@/discussions
Thanks.]]>
CIPP/E -Passed https://community.infosecinstitute.com/discussion/134996/cipp-e-passed Wed, 27 Feb 2019 08:14:46 +0000 IAPP AlwaysStudying 134996@/discussions Passed CIPP/E with 364 yesterday.

Treat this certification seriously, it is the hardest exam, out of the 30-odd
certifications I've taken.

Used:
Official IAAP Textbook (E. Ustaran)
Sample Questions - good for the mindset, but nowhere a reflection of exam difficulty
European Privacy Law Practice Exam (Jasper Jacobs) - 90 sample questions- good for the mindset,but nowhere a reflection of exam difficulty
Official IAPP Coursebook (Managed to source a couple of these)
WP29 Notes
Browsed IAPP notices

I used the Course book & official textbook to make notes to align to each section of the IAPP Blueprint for
the exam, this way I was confident that I had covered everything, but from past experience, this will not be enough,
you should also be aware of the WP29 notices and general data protection news and current affairs.
Don't skimp on the EU institutions or Legistative Framework.

Memorising, will not be enough, you will need to know how to apply the GDPR to scenarios. ;)

Even though I really prepared seriously this time, still there were 2-3 questions
that I had not come across.

If you are embarking on this journey and want study materials at a great price, PM me,
Ive got a new and unused IAPP Official Textbook (E. Ustaran) & Official IAPP Coursebook (Participant Guide)
together for a great price.

Good Luck!!! B)

]]>
New CIPP/E Study Material! https://community.infosecinstitute.com/discussion/132702/new-cipp-e-study-material Fri, 22 Jun 2018 16:59:33 +0000 IAPP Gawyn210 132702@/discussions
Text taken directly from Information Commissioner's Office Linkedin posting (Changed to direct link):

The European Union Agency for Fundamental Human Rights have released a free Handbook on European data protection law 2018. It has been designed to familiarise legal practitioners not specialised in data protection with this emerging area of the law. You can download it here:
Handbook on European data protection law - 2018 edition | European Union Agency for Fundamental Rights

https://www.linkedin.com/feed/update/urn:li:activity:6415884690602881024]]>
IAPP CIPP/US Review https://community.infosecinstitute.com/discussion/121597/iapp-cipp-us-review Fri, 05 Aug 2016 13:13:28 +0000 IAPP 636-555-3226 121597@/discussions

My background - 15+ years of infosec (and other job descriptions), mostly acting as a CISO without the $$ or title. Lots of GRC. The C in this case stands for privaCy since the only reasons companies protect your personal data is because laws or contracts require them to and those laws & contracts need to be Complied with. It's important I point this out because I am already very well versed in the material.




Why I took the test - I've been tinkering with taking either the CISSP-ISSMP or this CIPM. CIPM is asked for a bit more in job boards (barely...) and had the potential of teaching me more in my studies. Also I'm convinced privacy is the next big wave running along infosec, and IAPP's exams are the only name in the business, so this could be a good strategic move looking 3-5 years down the line. So, I chose the CIPM and coincidentally the training bundle I selected also included the CIPP/US, so I figured why the heck not.




Who is this test for - People who want to memorize US laws regarding privacy. Having taken the test and looking through the directory of already-certified people, it's mostly privacy attorneys, privacy consultants, and infosec managers.




What did I use to study for it - Official live training, official course book, official training guide, official practice exam (~30 questions). Live training was eh, mostly instructor reading verbatim off of the instructors notes to the training guide. Official coursebook (ISBN-13: 978-0979590184) was basically two lawyers who took all of the US laws touching on privacy, created a bulletpoint list of the requirements of each, and wrote them down in narrative form over 180 pages. Extraordinarily dry material. WAY worse than a law school textbook since those at least have cases to put things into context. This was literally just someone writing down legal requirements in paragraph form. I ended up making an outline of the book since you need to just straight up memorize the exact same things from each of up to 75+ similar, but each slightly different, laws (who enforces each law, whether consent to share info is needed, if consent is needed then what kind of consent [phone, email, signature, etc], the requirements of each law, the basis for each law, the fines levied for violations of each law, the security requirements of each law, the data breach notification requirements of each law, etc, etc, etc). This was WAY worse than an ISACA textbook in case you've ever lived through one of those. Official training guide was basically a 100+ page set of bulletpoints summing up the official coursebook with extra material thrown in for some reason. Mostly worthless, IMO. Practice exam was good test of the book and relatively representative of exam questions.




How was the exam - Probably the hardest test I've ever taken, and I've taken ISC2, ISACA, SANS, CompTIA, EC-Council, etc. Not hard in terms of confusingly worded or challenging your skill level, just hard in that many, many questions covered topics I'm fairly sure weren't in the actual textbook or training materials. Many other questions were extraordinarily poorly worded and had answers that didn't seem to relate to the question at all. That'd be fine if it was one or two easily-eliminated multiple choice distractor answers, but oftentimes all of the answers just didn't match the question. Example - Which of these parts is NOT found on a car: A) flagpole, B) litter box, C) stamina, D) August. Seriously, I had a few questions where I thought the answer bank must have gotten switched around. I've been an auditor on a few cert exams and felt that many of the questions needed to be reworded. I'd love to see their back-end breakdown of how well some of the questions test. There were also scenario-based questions on the exam, and those weren't represented in the practice tests (caveat - I like scenario questions since you usually get more info to ponder). I was fairly certain I had failed the exam and was flabbergasted (don't get to use that word much) when I found out I passed (you're notified at the very end). I honestly have no idea how.....




Would I recommend this to others - As a strategic move, definitely; already mentioned I think privacy is in its infancy and is going to be big in the coming years. As a learning exam, yes, if you aren't already familiar with the material, but be warned that the material and test are essentially a factual brain **** that I don't believe anybody can actually retain after taking the test. To be fair, that isn't all IAPP's fault - the state of privacy law in the US (as of the day I write this) is a mess, and the material does test the law as it currently exists (with the exception of many horribly worded answers). Ultimately I'd recommend this as an educational piece about how messed up US privacy laws are, but you'll never hope to retain the info from here, esp. since there's no context given to any of the learning topics. If you feel this will be a resume-booster, then go for it, just be prepared to sit down and commit a lot of nearly-identical pieces of information to short-term memory for instant regurgitation over 2.5 hours.




What did I take away from this exam - Mmmmm..... I decided to have a drink when I got home even though it's only lunch time. I also decided to write this. Now let me go get that drink]]>
CIPP/E Practice Tests https://community.infosecinstitute.com/discussion/134061/cipp-e-practice-tests Sun, 04 Nov 2018 19:34:47 +0000 IAPP CertHorder 134061@/discussions Does anyone actually fail the IAPP Exams? IE CIPP CIPT CIPM? https://community.infosecinstitute.com/discussion/120607/does-anyone-actually-fail-the-iapp-exams-ie-cipp-cipt-cipm Mon, 20 Jun 2016 11:00:54 +0000 IAPP thexfactor 120607@/discussions
Does anyone actually fail these exams?

A little nervous, I am actually taking one soon.]]>
Anyone taken an IAPP course? https://community.infosecinstitute.com/discussion/132331/anyone-taken-an-iapp-course Wed, 16 May 2018 08:04:23 +0000 IAPP Jeff_Peters 132331@/discussions Considering taking the CIPP G/T certifications in the near future https://community.infosecinstitute.com/discussion/125057/considering-taking-the-cipp-g-t-certifications-in-the-near-future Mon, 06 Feb 2017 10:32:41 +0000 IAPP Gorby 125057@/discussions Cipp/us https://community.infosecinstitute.com/discussion/132965/cipp-us Sun, 15 Jul 2018 01:24:29 +0000 IAPP caveatemptor 132965@/discussions To CIPP or Not https://community.infosecinstitute.com/discussion/133379/to-cipp-or-not Mon, 20 Aug 2018 09:33:23 +0000 IAPP Ashenwelt 133379@/discussions
So I have been an identity and security IT guy for most of the last 20 years. General IT the previous ten. I have through that done HIPAA, SOX, JSOX, etc. audits and the like as well as policy design etc. Now in reality, over 50% of my job is validation, policy writting or implementation to keep sensitive information private.

Now with GDPR and all the new impacts for CaCPA, I looked into and passed the CIPT. A middling score but a pass.

So two questions.

1. How much harder is the CIPP (US and E) than the CIPT or are they very similar.
2. Do you think they would give a fellow to an IT person? It oddly fits what I have done for a very long time.

I would do this after CISM or CISSP... But would be book or book and CIPPGuide based for training.

Thoughts?]]>
CIPP/T experience https://community.infosecinstitute.com/discussion/132748/cipp-t-experience Tue, 26 Jun 2018 07:44:54 +0000 IAPP Gorby 132748@/discussions
* Mistake in post title I meant CIPT]]>
CIPP/E Self-Study https://community.infosecinstitute.com/discussion/131808/cipp-e-self-study Wed, 04 Apr 2018 10:10:09 +0000 IAPP Phalanx 131808@/discussions ]]> CIPT Exam Review https://community.infosecinstitute.com/discussion/127797/cipt-exam-review Thu, 29 Jun 2017 11:21:59 +0000 IAPP Privacy 127797@/discussions
Firstly there were a lot of questions that covered areas that were not mentioned at all in the book I expect one or two but there was a lot. I also expected to see questions where two answers both look correct which I did but some questions it appeared all four were the correct answer.

Also had quite a few scenario questions which involved reading a large text then answering a few questions on that text only compliant was a few questions could be answered without even reading the scenario so not sure of the point of that.

I did think the book was short and now I have done the exam I see it did not completely cover the exam.]]>
IAPP CIPM Certification https://community.infosecinstitute.com/discussion/87269/iapp-cipm-certification Wed, 13 Mar 2013 19:07:34 +0000 IAPP GoodBishop 87269@/discussions
https://www.privacyassociation.org/certification/cipm_certification_program

More details to come in April...]]>
New IAPP Privacy Courses https://community.infosecinstitute.com/discussion/132330/new-iapp-privacy-courses Wed, 16 May 2018 08:00:12 +0000 IAPP Jeff_Peters 132330@/discussions
You can take 2-day courses ranging from management (CIPM) to technical (CIPT) to regional (CIPP/E), or you can combine them to create a longer multi-cert privacy training course.

https://www.infosecinstitute.com/topics/privacy/]]>
IAPP - CIPT - Text https://community.infosecinstitute.com/discussion/122005/iapp-cipt-text Wed, 24 Aug 2016 23:46:10 +0000 IAPP trooper1414 122005@/discussions IAPP - CIPP/IT Certification Renamed... https://community.infosecinstitute.com/discussion/99996/iapp-cipp-it-certification-renamed Mon, 28 Apr 2014 13:57:16 +0000 IAPP GoodBishop 99996@/discussions
"This spring we will be announcing the Certified Information Privacy Technologist (CIPT) credential, which will replace CIPP/IT. More and more we have come to realize the significance of technology driving a culture of privacy within organizations. This name change represents the elevation of the CIPP/IT from a concentration within the CIPP program to its own recognized and respected credential.

Later this year we will be seeking ISO accreditation for the program, which means that the CIPT credential will have even greater value and recognition in the privacy field and beyond.

This name modification does not, in any way, change the designation you've earned. Even better, you will automatically become a CIPT; you don't need to re-test! Your CIPT credential will continue to serve as a demonstration of your understanding of privacy and data protection practices in the development, engineering, deployment and auditing of IT products and services, and will continue to be a significant distinguisher in the field."

The ISO accreditation is good as well. And admittedly, technology shouldn't be driving a culture of privacy - privacy should be driving technology.

Also, if you look at the CIPP/IT webpage - https://www.privacyassociation.org/certification/cipp_certification_programs/cipp_it - there is a blurb in the middle about a new textbook coming out in July, and the exams in June using the new body of knowledge.

How do I feel about there being a rename of this? Meh. It's OK. I've got the CIPM, CIPP/US, and CIPP/IT, so now that last would be CIPT. I don't have a strong opinion on it, other than it being a bit of a better distinguisher from the CIPP.]]>
Has anyone appealed an IAPP exam https://community.infosecinstitute.com/discussion/125958/has-anyone-appealed-an-iapp-exam Sat, 25 Mar 2017 00:50:24 +0000 IAPP Jestina 125958@/discussions IAPP CIPM Mini-Review https://community.infosecinstitute.com/discussion/121067/iapp-cipm-mini-review Mon, 11 Jul 2016 13:10:27 +0000 IAPP 636-555-3226 121067@/discussions
My background - 15+ years of infosec (and other job descriptions), mostly acting as a CISO without the $$ or title. Lots of GRC. The C in this case stands for privaCy since the only reasons companies protect your personal data is because laws or contracts require them to and those laws & contracts need to be Complied with. It's important I point this out because I am already very well versed in the material and when I say something is easy below keep in mind it's easy to me - it may not be easy for you if you're new to this area.


Why I took the test - I've been tinkering with taking either the CISSP-ISSMP or this CIPM ISSMP didn't really hold much ROI for me - no job benefits either here or elsewhere and probably not a lot of knowledge gained during studies since I'm already well versed in the material. CIPM is asked for a bit more in job boards (barely...) and had the potential of teaching me more in my studies. Also I'm convinced privacy is the next big wave running along infosec, and IAPP's exams are the only name in the business, so this could be a good strategic move looking 3-5 years down the line.


Who is this test for - People who want to learn how to create & manage an privacy program at a very high level. Looking through the directory of certified people, it's mostly privacy attorneys, privacy consultants, and infosec managers.


What did I use to study for it - Official live training, official course book, official training guide, official practice exam (~25 questions). Live training was eh, mostly instructor reading verbatim off of the instructors notes to the training guide. Official coursebook was short & to the point but could have been organized a bit better with some unification of concepts scattered throughout. Official training guide was basically a 100+ page set of bulletpoints summing up the official coursebook with extra material thrown in for some reason. Practice exam was good test of the book and relatively representative of the actual exam.


How was the exam - Fairly easy. If you're used to ISC2 or ISACA exams then this won't give you much of a cranium challenge. Closest approximation is a closed-book non-technical SANS exam. I have a feeling as if the exam writers flipped to random pages in the book or training guide and took questions verbatim from the text (yes, you need to study both the official book as well as the training guide). It's closed book, so you'll need to remember the exact word or phrase in the book. It's not as tough as it sounds, most of the distractors are obvious. Out of A, B, C, D you could easily & instantly cross C & D off and B usually was not as "right" as A. 90 questions, I finished in maybe 80 minutes with an 85% score. Didn't mark any questions for further review and I didn't have the feeling going through the exam that I needed to fix any wrong answers to pass.


Would I recommend this to others - As a strategic move, definitely, already mentioned I think privacy is in its infancy and is going to be big in the coming years. As a learning exam, yes, if you aren't already familiar with the material. If you've been running an infosec or GRC shop for a few years you won't be challenged. Everything here is essentially infosec GRC with the word "privacy" switched whereever you'd expect "information security." In other words, if you're already architecting/running an infosec shop, you'll qualified to run a privacy shop, too.


What did I take away from this exam - Mostly reinforcement of existing concepts. New- to mid-experienced people will probably get more out of learning the material. ]]>