https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47717#M1376 <P>IMHO this is correct.</P><P>&nbsp;</P><P>I think this is a case of foundational, best or most correct answer versus the simply correct.</P><P>&nbsp;</P><P>Rationale…</P><P>&nbsp;</P><P>RUM is pretty spooky and to do it in most jurisdictions you’ll need to have consent(specific) for the processing of this personal data. You’ll need to capture everything you do with it to ensure accountability, considering why and how you process the data and why. Moreover, in regards to harm you’d only start to really consider what the false negative/positive metrics meant to the individual in terms of harm, their interests etc. Often a detection will just alert a person that they should take a look.</P><P>&nbsp;</P><P>So while I think you totally consider false positives, I think that they are downstream of the privacy considerations and their impact will depend on many factors.</P><P>&nbsp;</P><P>Unless of course the system doing the RUM ‘releases the hounds’ or similar on a false positive with no human in the loop to countermand this.</P> Sun, 03 Oct 2021 06:04:32 GMT Early_Adopter 2021-10-03T06:04:32Z https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47708#M1375 <P>The question c05.087 of CCSP Official Practice Tests asks which you need to take into account when using real-user monitoring (RUM). And it says like the followings.</P><P>&nbsp;</P><OL><LI>You need to take privacy concerns into account.</LI><LI>Though false positives are typical for RUM systems, they are incorrect as the answer.</LI></OL><P>I think you need to take privacy concerns into account not only when using RUM but also when implementing application logging. So I think privacy concerns are important concerns without RUM.</P><P>&nbsp;</P><P>While false positives are typical for RUM but are not relevant to application logging.</P><P>&nbsp;</P><P>So I cannot understand clearly why option C, "privacy concerns", is correct and option A, "false positive" is incorrect.</P><P>&nbsp;</P><P>What do you think?</P> Mon, 09 Oct 2023 09:59:42 GMT https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47708#M1375 Masahiro 2023-10-09T09:59:42Z https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47717#M1376 <P>IMHO this is correct.</P><P>&nbsp;</P><P>I think this is a case of foundational, best or most correct answer versus the simply correct.</P><P>&nbsp;</P><P>Rationale…</P><P>&nbsp;</P><P>RUM is pretty spooky and to do it in most jurisdictions you’ll need to have consent(specific) for the processing of this personal data. You’ll need to capture everything you do with it to ensure accountability, considering why and how you process the data and why. Moreover, in regards to harm you’d only start to really consider what the false negative/positive metrics meant to the individual in terms of harm, their interests etc. Often a detection will just alert a person that they should take a look.</P><P>&nbsp;</P><P>So while I think you totally consider false positives, I think that they are downstream of the privacy considerations and their impact will depend on many factors.</P><P>&nbsp;</P><P>Unless of course the system doing the RUM ‘releases the hounds’ or similar on a false positive with no human in the loop to countermand this.</P> Sun, 03 Oct 2021 06:04:32 GMT https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47717#M1376 Early_Adopter 2021-10-03T06:04:32Z https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47721#M1377 <P>Thank you,&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;.</P><P>Your reply has made me clear.</P><P>&nbsp;</P> Sun, 03 Oct 2021 09:18:40 GMT https://community.isc2.org/t5/Privacy/When-using-RUM-what-do-you-need-to-take-into-account/m-p/47721#M1377 Masahiro 2021-10-03T09:18:40Z